VLAN design help!

[puddingboy]

I need to design a VLAN for a small business. This business has 6 separate departments, each with between 15 and 30 people. They are all in one building, with each of the 6 departments on a separate floor. They use AT&T as their ISP as of right now.

My questions are: what hardware will this require? What is a proper switch and router for this?
and
what method should I use to assign IP addresses?
and
what would the network topology look like?

 

[mv2devnull]

First step is to know what you do need.
Second step is to choose appropriate implementation.

VLAN's are merely separate LAN's implemented with shared hardware. A LAN is a LAN, V or not.

Why do I have a feeling that you have some homework to do?

 

[PliotronX]

Typically you will need a router in order for VLANs to share an internet connection as the gateway and a switch that can encapsulate VLANs (tagging). What is your budget?

Your basic router on a stick topo:

 

[puddingboy]

The budget is unlimited, within reason.

 

[dave_the_nerd]

Are you implementing fixed cubicles and VOIP? WiFi? BYOD?

If not, or if you don't know, then for <200 clients:

DHCP (run from the router is fine.)
Spoke-Hub
48 port switches (1 per department) with VLAN support, trunked to a midrange Cisco SMB router.
You don't really need VLANs unless somebody is stupid-paranoid.

 

[JackMDS]

Hmm... Is this is a real Multi-thousands $$ Bushiness project or an Educational Homework project???

 

[puddingboy]

Are you implementing fixed cubicles and VOIP? WiFi? BYOD?

If not, or if you don't know, then for <200 clients:

DHCP (run from the router is fine.)
Spoke-Hub
48 port switches (1 per department) with VLAN support, trunked to a midrange Cisco SMB router.
You don't really need VLANs unless somebody is stupid-paranoid.

So if there is one department per floor, I would need six 48 port switches?
By spoke-hub are you referring to the topology?
Will each switch need to be trunked to the router?

I know, I am a novice and I sound like I am asking questions for a homework assignment. I am just trying to understand how to implement a VLAN for a small business.

 

[dave_the_nerd]

So if there is one department per floor, I would need six 48 port switches?

Probably. If you've got up to 30 people per department and on department per floor, that keeps it pretty simple. Also, they don't make 30 port switches afaik.

By spoke-hub are you referring to the topology?

Yup. Router in the middle. Although that's the conceptual principle - in "real life" you'll probably mix it up a bit, depending on how many ports your router has. You can and probably will daisychain the switches. (1st floor connects to 2nd floor, 2nd to 3rd, etc.) It also depends on the number and location of your network closets.

Will each switch need to be trunked to the router?

Again, ideally, yes. But you can trunk them to each other too.

Your trunk lines, whether they're shared or not, would form the "spine" of the network, and be permitted to allow traffic on any VLAN. The access ports on each switch would be assigned to a specific VLAN.

I know, I am a novice and I sound like I am asking questions for a homework assignment. I am just trying to understand how to implement a VLAN for a small business.

So assuming you're not actually asking a homework question, are you an "office computer guy" who got shanghai'd into building a new network, and are now way out of your depth? There are people who do this - you should hire one.

 

[puddingboy]

Probably. If you've got up to 30 people per department and on department per floor, that keeps it pretty simple. Also, they don't make 30 port switches afaik.

Do you have a particular switch in mind? If not, can you recommend one?

Yup. Router in the middle. Although that's the conceptual principle - in "real life" you'll probably mix it up a bit, depending on how many ports your router has. You can and probably will daisychain the switches. (1st floor connects to 2nd floor, 2nd to 3rd, etc.) It also depends on the number and location of your network closets.

Again, ideally, yes. But you can trunk them to each other too.

Your trunk lines, whether they're shared or not, would form the "spine" of the network, and be permitted to allow traffic on any VLAN. The access ports on each switch would be assigned to a specific VLAN.

Like this?

Does trunking require a specific type of cabling?

So assuming you're not actually asking a homework question, are you an "office computer guy" who got shanghai'd into building a new network, and are now way out of your depth? There are people who do this - you should hire one.

Yes, something like that. I am being asked to configure a VLAN and I am definitely out of my depth! Thanks for all your help!

 

[dave_the_nerd]

Do you have a particular switch in mind? If not, can you recommend one?

Nah. Enterprise grade switches all work about the same. Your primary concern will be price-per-port and how it's configured.

Like this?

Does trunking require a specific type of cabling?

Sure, basically, yeah.

You do not require specialized cables - trunking is a switch port configuration thing, not anything to do with the wiring.

If you want to get fancy, there are two improvements to the basic model you'd do:

1) Use 10Gb interconnects (most newer enterprise switches have a couple 10Gb uplink ports, either using fiber or cat6. Some are modular and can be upgraded with same.) This is actually a really good idea if you anticipate heavy traffic between floors. (Like, it should be in the requirements list you send to to potential contractors when you RFI/RFP/RFQ.)
2) To avoid a single point of failure, run two wires between each switch and create LAGs. https://en.wikipedia.org/wiki/Link_aggregation

Yes, something like that. I am being asked to configure a VLAN and I am definitely out of my depth! Thanks for all your help!

 

[Pheran]

I'm not trying to be offensive, but it sounds like you are attempting to design a network but have absolutely no idea what you are doing. You should seriously consider hiring professional help for this project.

An important question that no one seems to have asked is what is the topology of the wiring closets in this building? Is there one per floor, or does everything come back to a central location? If there are multiple closets, what type of cabling do you have available between them? The beginning of this discussion needs to be a site diagram/survey; you can't design a network topology in a vacuum.

Also, that topology diagram you posted is a terrible idea from an availability perspective; it makes every switch a single point of failure for all the floors above it.

 

[puddingboy]

Nah. Enterprise grade switches all work about the same. Your primary concern will be price-per-port and how it's configured.



Sure, basically, yeah.

You do not require specialized cables - trunking is a switch port configuration thing, not anything to do with the wiring.

If you want to get fancy, there are two improvements to the basic model you'd do:

1) Use 10Gb interconnects (most newer enterprise switches have a couple 10Gb uplink ports, either using fiber or cat6. Some are modular and can be upgraded with same.) This is actually a really good idea if you anticipate heavy traffic between floors. (Like, it should be in the requirements list you send to to potential contractors when you RFI/RFP/RFQ.)
2) To avoid a single point of failure, run two wires between each switch and create LAGs. https://en.wikipedia.org/wiki/Link_aggregation

So, the router can/will act as my DHCP server, right?

Do you have any recommendations as to how to assign/configure IP addresses among the switches and workstations? Will the router just take care of that automatically?


Thanks so much for your help!

 

[dave_the_nerd]

So, the router can/will act as my DHCP server, right?

Most can, yes. That said, some people like to have a separate server doing network services like DNS and DHCP. Windows Server is certainly easier to administrate than most routers.

Do you have any recommendations as to how to assign/configure IP addresses among the switches and workstations? Will the router just take care of that automatically?

Haha no. Use static IPs for infrastructure.

And @Pheran is absolutely correct about the failure points thing. I don't generally worry about switch failure as much as I do bad wires, but I have led a charmed life. If you can, you should have each switch wired back to the router separately. You may need to pay a contractor to run more wires.

Realistically, if this is for work, you should send out RFPs to a couple local network consultancy firms. We can answer questions if there's stuff in there you don't understand, but you're asking how to do things that would be covered in a Proposal Response (network topology, etc.) and not giving us information we would really need to make proper recommendations (which would really require a set of building blueprints and a site survey.)

 

[mv2devnull]

I am being asked to configure a VLAN

a VLAN. 'a' means 'one', does it not? However, there is no "one VLAN". There is no need for one. One LAN is LAN. Sure, you can tag the one and only LAN of yours with VLAN id, but gives you nothing.

Is there perhaps a desire for each department to be a separate LAN? If you follow the "have each switch wired back to the router separately" recommendation, there is still no need for VLANs because routing between seven LAN's is standard routing.

Only if you have to connect switch of LAN-A to router via switch of LAN-B, you have to trunk traffic of both LAN-A and LAN-B as two VLANs between switch of LAN-B and the router.


Static and DHCP are not mutually exclusive. DHCP can hand out both dynamic and static addresses.


Will the company have both IPv4 and IPv6 addressing? Does it have public addresses, or does it have to resort to masquerade on the IPv4?

 

[puddingboy]

I'm not trying to be offensive, but it sounds like you are attempting to design a network but have absolutely no idea what you are doing. You should seriously consider hiring professional help for this project.

No offense taken! I am absolutely a novice to all of this and a professional will absolutely be brought in. However, I am curious to learn more about networking so I am trying to understand VLANs and how they are implemented and configured. I really appreciate your time and patience with me!

Use static IPs for infrastructure.

Static and DHCP are not mutually exclusive. DHCP can hand out both dynamic and static addresses.

Would it make sense to use static IP for the networks used by the employees who are there every day and dynamic IP addressing for the guest network?

Will the company have both IPv4 and IPv6 addressing? Does it have public addresses, or does it have to resort to masquerade on the IPv4?

IPv4, I think. What does it mean to "resort to masquerade on the IPv4"?

 

[JackMDS]

When I asked if this is an Educational task, you answer was rather questionable.

If this is a True Business with over 100 People it is obvious that you risk the Jobs of these people and might compromise the whole Business.

Thread is closed.