General discussion

Locked

VLAN and Subnets

By mikeseaton ·
I have 1100 users on 20 vlan's. This causes acl issues. Is it a good Idea to go to 1 vlan /subnet for all users they use the same resources? The IT network person says he needs all these vlans because of the number of users. We have cisco routerws/switches so management is easy.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VLAN and Subnets

by Maelgwyn In reply to VLAN and Subnets

Yes, that could be a better management issue - ie. Accounting and Engineering are on completely (and unkowing) VLANs. Best Idea (ive seen) is:


---------------------------
Each GROUP gets their own space
-----------------------------
Good ole router here: note DHCP can be managed b
y each group, and same with DNS, but it is bossible to go down the tree
____________________________
Common Devices stay here
------------------------------

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

Poster rated this answer

Collapse -

VLAN and Subnets

by mshavrov In reply to VLAN and Subnets

We have about the same number of users and VLANs. Since you stated that you use ACLs, I assume you are using Layer3 Switching between VLANs. And it's only way to operate in so big environment. What may I advice in this situation - try to use something like Cisco Secure to manage your ACLs. And another "gold tip" - "keep it simple".

1. Analyze your traffic pattern and decide, where it's easier to cut unwanted traffic.

2. Decide which traffic do you want to block, and which you want to permit. Sometimes it's easily to permit one-two protocols and deny the rest, sometines you should block only one protocol.

3. Try to group interfaces by "permissions", like create one ACL for all "user" interfaces and apply it. Then create more advanced ACL for "servers" VLAN.

Good luck.

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

Poster rated this answer

Collapse -

VLAN and Subnets

by Jose Mir In reply to VLAN and Subnets

Without the proper known of your LAN topology, number of servers, concentrators models, and access methods, but listening your words about ALL USERS USING THE SAME RESOURCES, I see no reason to not implement only one VLAN, if security is not an issue.
If your corporate LAN is in some way isolated from the internet (firewall) and Server-Centric, you should have no reason to using more than one VLAN.

Like other answer to this question states: KEEP IT SIMPLE! Even if for doing this you need toreview older decisions and implement some changes at any level. The simpler the better.


Jose P Mir
jpm@jpmir.net

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

Poster rated this answer

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

I have only 6 servers win2000 with active directory/DDNS/DHCP an intranet and internet.

Servicing only 26 buildings most with no computers.

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

Poster rated this answer

Collapse -

VLAN and Subnets

by Jose Mir In reply to VLAN and Subnets

Like I?ve said in my first answer, I see no reason for you to have more than 1 VLAN.
26 buildings is a lot of infrastructure. Do you have a campus backbone? Or do the users access the resources via internet? Have you a server farm or the servers are spread across the network?
The issue of security is important if you want to have under control the access external users grant when accessing your web server @ internet. In this matter, having different VLANs, one for internal access and other for external access could add some benefit.
Again, LAN topology plays a primary role. Send me a diagram and I will analyze it for you.
Regards,

Jose P Mir
jpm@jpmir.net

Collapse -

VLAN and Subnets

by mikeseaton In reply to VLAN and Subnets

Poster rated this answer

Back to Networks Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums