I’ve been involved in networking projects where the pace moved so quickly that one very important aspect of implementing a LAN was shelved for later or ignored altogether: the planning phase. When it comes down to crunch time, there isn’t much time to consider the bigger picture. But if you can take the time, a sound planning and design phase can posture your small network implementation for growth and flexibility.
In this Daily Drill Down, I will provide you with a blueprint for designing LANs with plenty of headroom for future expansion.
Expansion is the key here. As your small network quickly grows into a much larger entity, will it become a multitentacled monster, or can you accommodate expansion in an orderly manner? The answer to this lies in addressing the need for expansion up-front. By applying a little sound planning in this area, you can position the new network implementation to withstand even rapid growth.
Specifically, there are a few methods and considerations you should take into account. Among those is the number of workstations you must initially support and how many you will support after expansion. In so doing, take location into account. This can seriously affect the necessary cabling. For instance, if your network clients are located on multiple floors, how do you handle connectivity between floors? In this area, it’s almost a given to follow standard design practices. This suggests a flexible cable plant where connections on each floor are aggregated to a punch-down block in the distribution frame for that respective floor. Then, you mount switches at the distribution frame for each floor and run interfloor cabling to connect these directly to the core switch. When doing so, recommend fiber connections between switches to accommodate future traffic generated by many 100-MB workstation connections.
But, enough about cabling. For the purposes of this article, let’s use a simple scenario with all PCs located on the same floor within maximum cable-length distance.
Of course, if the initial network implementation is small enough, it may be difficult to resist the urge to just toss in a switch and be done with it. But then what happens when it’s time to grow? You’ll most likely be forced to add other subnets and a router to handle internal and external routing to the Internet and other potential network partners. Rather than waiting until these issues come tumbling down, here are some ways you can nip network expansion woes in the bud.
For example, start off with a small network configuration with a single Cisco switch and router. The switch has a fixed number of ports, but the router has basic capacity for expansion. You chose basic models for your initial small-scale LAN, for cost reasons. If your client or employer doesn’t budget for extra infrastructure before implementation, that’s okay. Look at it from a pay-as-you-grow approach. This detail, in itself, would normally mean little or no expansion room, but you can set it up in such a way as to overcome the aspect of a fixed form-factor. Integrate VLANs into your design to prepare for the inevitable. Use such features as VLAN Trunking Protocol (VTP) and trunking. This will allow for easy expansion because, when you add the next switch, setup will be minimal; it will inherit VLAN information from the original switch when you make it a client member of the VTP domain.
For more information on VLANs, take a look at Robert McIntire’s article: “VLANs and switching technology: A nuts-and-bolts approach to Cisco VLAN design.”
First, assume that the basic setup has already been performed on both a Cat 3500 series switch and a 2600 series router. Then, look at the connections between devices. Naturally, the router will connect to both the Internet and the local LAN(s). The Internet connection is provided through an external To Switch Unit (TSU) connected to the serial interface in the router. Normally, at this point, I’d say something about security (perimeter networks, DMZ, firewalls, etc.), but that’s a bit outside the scope for setting up a basic network with expansion in mind.
For security’s sake
Take a look at these articles for more information on routers, firewalls, and security:
- “Implementing Internet router security with Cisco routers”
- “Centralize your access control method with AAA”
- “Getting to know Cisco PIX: The rich man’s firewall”
- “Using Cisco access lists to increase network security”
- “Securing the Edge: Advanced networking with the Cisco IOS firewall”
- “Basic access security for Cisco network devices”
On the LAN side, the router has only two Ethernet 10/100 interfaces. You’ll need more than that for your VLAN configuration, which consists of five VLANs or subnets. Or do you? Trunking will allow all VLANs to travel down one link to the router, rather than buying a dedicated Ethernet port for each subnet. You’ll establish a VLAN for servers, two for users, one for printers, and one for management. Later, as the network expands, you can perform some level of traffic control. Users will have access directly to servers but not to the management of servers or printers. Servers, with associated print queues, will have access to printers, and printers really don’t need access to anything. The management VLAN will have access to all others. Keep in mind that this is only one design approach among many, and it may not be applicable in some environments. That said, you must first setup VTP by running the following commands:
Switch1(config)# vlan database
Switch1(vlan)# vtp server
Switch1(vlan)# vtp domain dis-domain
Next, set up trunking on the router. The first step in setting up trunking is to enable Interswitch Link encapsulation with:
Router1(config)# int fastEthernet 0/0.1
Router1(config-subif)# encapsulation isl 1
You want to create five subinterfaces, one for each VLAN. To set up switch trunking, execute the following commands:
Switch1 (config)# int fastEthernet 0/1
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation isl
You can name the VLANs as you create them. The second VLAN will be used as the server VLAN. Log in to the switch, and name the VLANS with the following commands:
Switch1(vlan)# vlan 2 server1
Switch1(vlan)# vlan 3 user1
Switch1(vlan)# vlan 4 user2
Switch1(vlan)# vlan 5 printers
You’ve already created the subinterfaces on the router that represent VLANs for routing, but you need to address them. Assigning addresses to the subinterfaces is as simple as running the following commands:
Router1(config)# int fastethernet 0/0.1
Router1(config-subif)# ip address 192.168.1.1 255.255.255.0
VLANs and redundancy
Remember, you also need to designate which ports on the switch belong to which VLAN. VLANs not only give you room for an expansion in network capacity but also growth in the area of security. As a network grows larger, tighter security becomes more of an issue. With different types of traffic and users segregated into separate VLANs, you have the ability to restrict or allow traffic to/from users, the Internet, internal servers, etc. This level of control is employed at the router using access control lists (ACLs). Again, this aspect falls a little outside of your core issue of expansion, but it is worth a mention. Keep in mind the effects of such a design. It may give you the ability to separate and further control network traffic, but it will require more routing overhead. Consider this carefully when selecting the core routing solution. Otherwise, you could overwhelm a low-end router with traffic from several high-speed LAN interfaces. Here, you’re betting that by the time traffic has reached that volume, you’ll be upgrading your router.
At this point you can create a level of redundancy by grouping both of the router’s Ethernet interfaces into a single ether-channel between the router and the switch. What better way to design for expansion than by building redundancy in from the start? Not to mention that using wide-pipe bandwidth between the switch and router allows for plenty of network traffic growth. Many Cisco devices have the ability to automatically detect potential ether-channels and configure them, but if you need to explicitly declare them, try this command from within the Switch Config mode: (Remember that the ports you use on the switch will have to be in the same VLAN.):
Switch1(config)# interface fastethernet0/1
Switch1(config-if)# port group 1
Switch1(config)# interface fastethernet0/2
Switch1(config-if)# port group 1
Managing the expanding network
Another issue relevant to expansion concerns managing the rapid expansion of a network. You’ll soon be adding more switches, possibly some routers, and most likely a few servers. How do you go about managing all of these devices effectively? Simple Network Management Protocol (SNMP) is definitely an option. Cisco provides their suite of management software called CiscoWorks, and other manufacturers provide software from the simplistic to the most sophisticated products you’ve ever seen. The idea is to have one single interface to view your network as a whole. If you have the budget, I’d implement it at the start. Regardless of whether you delve into sophisticated management suites right away, you’ll most likely end up using one of the more cost-effective products in the beginning. Either way, you’ll need to set up your network devices for SNMP management. You can do so at the command prompt, or you can use the Cisco Web-based configuration utility to setup SNMP parameters. Another thing to consider for management, aside from SNMP, is the Cisco clustering capability. It allows you to assign an IP address to one switch and then group all switches together as a cluster for ease of management. It’s Java-based, runs from a browser, and provides a simple, intuitive graphical interface.
Although expansion can be a painful process, you can take the edge off by following some of the methods and guidelines mentioned here. Remember to consider the basics first, such as number of workstations and subnets. Then, plan your cabling needs accordingly. From there, set up your infrastructure and devices to be flexible and allow for future growth. In this way, you might help make it possible for the IT department to go home on time.