Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

help layout 219 vlans with separate subnets

Go to solution
Brian Stidsen
Occasional Contributor

help layout 219 vlans with separate subnets

Hi all,

New here, but could use some help and/or insights.

219 rooms in a student dorm, each with one inhabitant and her random devices requiring internet access.
Each room must be identifiable, preferably through ip address. I'm thinking separate subnets. The reason is that legislation here demands logging of packages and these must be traceable.
A single dhcp server should serve adresses to all vlans.

1 x 3500yl, located in server room
5 x 2650, one on each floor, ~44 rooms on each floor.

Im thinking setting up 44 vlans on each 2650. Enabling gvrp on 3500yl and route each vlan to the gateway. ip helper-address in each vlan should fix dhcp?

Does this sound feasible or does anyone have ideas that might be better? Do I need ACL's?

Any and all input and hints on where to look are very welcome! The more detail, the better - I am noobish..
cenk sasmaztin
Honored Contributor

Re: help layout 219 vlans with separate subnets

hi Brian
you make cerate staticaly each 2650 switch on 44 piece vlan each room must be different vlan
each vlan sperate 219 room one main routing device on network this device 3500 switch all other switch running only L2

if you want sperate between vlan's you can use acl's

please copy and paste on each switch my config and install dchp server and internet router(like me config)and test

good luck

all switch config folder in attach

Marco Wessel
Valued Contributor

Re: help layout 219 vlans with separate subnets

I'm not sure I'd do this with a separate VLAN for each room. Muchos wasting of IP space, and a bitch to set up and maintain.

I'd look into dynamic ARP protection and DHCP snooping. This will allow you to set up a DHCP server with static leases, while any static assignments set by users themselves won't work because the switch will block the ARPs, having not seen a DHCP request. So they can only DHCP, which will always provide them with their own address. Requires only that you register MACs.
Brian Stidsen
Occasional Contributor

Re: help layout 219 vlans with separate subnets


Thanks for the quick and very detailed reply! Extremely useful! I have run into problems with the firewall and connection, so I have not been able to test it fully with the 2650's (They are in use to support the old connection).
It seems to work fine from just the 3500yl with a port untagged as belonging to vlan 2 for testing (config attached - only change is that gateway and dhcp server is the same machine, which will also be the case with final setup). As soon as I am able to confirm the setup works with the 2650's I will assign the points! Thanks for your time cenk, it is much appreciated!

I would also like to configure dhcp-snooping and arp-protection (vs rogue dhcp servers and to ensure that residents are unable to set ip's manually), virus throttling (it is a student dorm but not sure about ressource usage) and multiple spanning tree (mstp). I am mainly unsure about the last one but have made another thread here: http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1292573

@ Marco: I thought about it and it might work. But the separation that follows from running in different vlans with separate subnets is lost (at this point most residents use windows) and the work required for collecting mac adresses for 219 rooms with changing residents and network equipment seems neverending. But thanks for the input anyway!