Network newb - VLAN's subnets (long)

Discussion in 'Cisco' started by Tanya L., Mar 30, 2006.

  1. Tanya L.

    Tanya L. Guest

    Not sure this is the best group to post in, so if not, please direct me to
    the correct one.

    I've taken the job of a network admin for a regional library system. I'm
    new to network admin but am trying best to learn quickly. I was previously
    in a web admin position when I was (in)voluntarily moved into this job.

    The current network is in a working state but needs to be upgraded in many
    ways. The network sits behind a firewall with 100 or so users, but many
    more network attached devices. The network is a very simple, flat network
    NAT'ed inside the firewall with a 192.168.1.x scheme that I foresee running
    out of addresses in the future. There is one main library headquarters that
    has the majority of servers, users & devices, then 2 other branches that
    have 4 or 5 computers, and one more branch that has about 30 network
    devices. All are connected via fiber by Cisco 3508 & 2950 switches and 2
    newer Alcatel switches.

    Currently a Windows NT box does DHCP, and authentication for filesharing
    etc. I will probably replace that box. No real network based applications
    like Exchange or SQL server. There is a large file server - Snap 4200 that
    uses the Windows domain for file permissions. There are a few other
    servers - an AS/400, a SuSE box, and a Win2K server that does A/V and tape
    backups. No internal DNS, only IP addresses, - WINS? An ISP provides email
    service.

    Not sure the best place to start reconfiguring this network. I know I need
    the ability to add more addresses. Would I do this with multiple subnets?
    Should this be done with VLAN's on the Cisco switches? Do I need to
    implement internal DNS to make this work? All branches need to be able to
    access the servers at HQ but not necessarily to each other. Would just
    expanding to a larger, flat address space be better? I have read some notes
    from the previous admin regarding cutting down on broadcast traffic, but I
    don't think the network has congestion problems.

    I guess I'm looking for general plan of attack as well as implementation
    ideas. Any advice and guidance on where to start in re'doing this network?

    Thanks,
    Tanya
     
    Tanya L., Mar 30, 2006
    #1
    1. Advertising

  2. Tanya L.

    Merv Guest

    You should certainly investigate the implications of moving to a
    subnetted environment.

    Key to this is that Windows NETBIOS broadcast traffic will not traverse
    VLAN boundaries and thus you will have a need for WINS or DNS

    Are the access switches all homed to a core layer 2 switch (3508G ?) ?

    If so then this could be changed out with a solid layer 2/3 switch that
    would allow you to subnet if and when required. Suggest you familiarize
    yourself with the Cisco 3750G-12S layer 3 switch. This would provided
    an adiitonal 4 fibre GE ports along with the ability of stacking
    another 3750G to it thus providing a nice growth path.
     
    Merv, Mar 30, 2006
    #2
    1. Advertising

  3. Tanya L.

    Tanya L. Guest

    "Merv" <> wrote in message
    news:...
    > You should certainly investigate the implications of moving to a
    > subnetted environment.
    >
    > Key to this is that Windows NETBIOS broadcast traffic will not traverse
    > VLAN boundaries and thus you will have a need for WINS or DNS
    >
    > Are the access switches all homed to a core layer 2 switch (3508G ?) ?
    >
    > If so then this could be changed out with a solid layer 2/3 switch that
    > would allow you to subnet if and when required. Suggest you familiarize
    > yourself with the Cisco 3750G-12S layer 3 switch. This would provided
    > an adiitonal 4 fibre GE ports along with the ability of stacking
    > another 3750G to it thus providing a nice growth path.


    Thanks for your quick reply! I think the 3508 was the main switch before an
    Alcatel 6124 was installed. The 3508 is still installed, but I thinkt he
    6124 is what all are connected to now, and that, as I understand it, is
    Cisco IOS compatible?

    You're recommending installing DNS first, then getting the subnets working?
    I guess I'm lost as to what to do first. If I implement DNS first, I guess
    I wouldn't do the subnets at the same time?... Sorry for being so dense!

    Thanks,
    Tanya
     
    Tanya L., Mar 30, 2006
    #3
  4. Tanya L.

    Merv Guest

    First thing is to get a coffee !!!

    What I would do:

    1. Determine all the things that would have to be done to expanded the
    existing IP address space. Today I understand that it is 192.168.1.0/24
    (i.e it can support 256 - 2 = 254 hosts)
    Inventory how much of that IP address space is used today. There are a
    couple of good address scanners available. One really good one is
    Address Wizard that will inventroy using ARP which is very useful for
    machine like Windows XP that block ICMP
    Once you have an accurate invnetory you know how much headroom you have
    before you must implement an expanded 192.168.1.0 address space or move
    to a subnetted setup. If all of the PC use DHCP then expanding the
    scope for the the 192.168.1.0 should be fairly straight forward.


    2. Get a handle on the current network traffic volumes - especially
    broadcast traffic.
    Take a look at some of the tools available from SolarWinds at
    www.solarwinds.net
    If most of your traffic is passing thru a central switch that has
    monioring port
    capability this will be fairly easy to do.


    3. I am NOT a fan of mixed network vendor environmenst - too many
    headaches. So suggest you figure out what vendor network equipement you
    are going to use. Then make a plan to replace and sell off the other
    stuff.

    4. Figure out all the technical aspects of moving to a subnetted
    environment and once you have the approriate layer 3 switch in place
    perform thorugh testing of same.
     
    Merv, Mar 30, 2006
    #4
  5. Tanya L.

    Tanya L. Guest

    "Merv" <> wrote in message
    news:...
    > First thing is to get a coffee !!!
    >
    > What I would do:
    >
    > 1. Determine all the things that would have to be done to expanded the
    > existing IP address space. Today I understand that it is 192.168.1.0/24
    > (i.e it can support 256 - 2 = 254 hosts)
    > Inventory how much of that IP address space is used today. There are a
    > couple of good address scanners available. One really good one is
    > Address Wizard that will inventroy using ARP which is very useful for
    > machine like Windows XP that block ICMP


    Do you know of another utility besides this one? I'd like to find something
    a little lower cost.

    Thanks again!
    Tanya
     
    Tanya L., Mar 30, 2006
    #5
  6. Tanya L.

    Merv Guest

    Angry IP scanner - http://www.angryziber.com/ipscan/

    Ipswitch's Ping Pro eval version -
    http://www.ipswitch.com/downloads/index.asp

    The other thing to do that is essential is to create an accurate and
    detailed network topology diagram that details how all of the layer 2
    swtches are connected with port numbers MAC address of the switch etc.
    This information is essentail for planning any network changes or duirn
    troubleshooting network problems

    You should find out how to displayed the switches forwarding table for
    each of the switches you have - for Cisco you can use the commands
    "show bridge" and "show mac-address-table". When you see numerous MAC
    address being shown against a specific port this will probably mean
    that this is the link to another switch.
     
    Merv, Mar 30, 2006
    #6
  7. Tanya L.

    Newbie72 Guest

    Merv wrote:
    > Angry IP scanner - http://www.angryziber.com/ipscan/
    >
    > Ipswitch's Ping Pro eval version -
    > http://www.ipswitch.com/downloads/index.asp
    >
    > The other thing to do that is essential is to create an accurate and
    > detailed network topology diagram that details how all of the layer 2
    > swtches are connected with port numbers MAC address of the switch etc.
    > This information is essentail for planning any network changes or duirn
    > troubleshooting network problems
    >
    > You should find out how to displayed the switches forwarding table for
    > each of the switches you have - for Cisco you can use the commands
    > "show bridge" and "show mac-address-table". When you see numerous MAC
    > address being shown against a specific port this will probably mean
    > that this is the link to another switch.


    Solarwinds has a demo "IP Network Browser" that I like. Visio will
    become your best friend for documenting and creating drawings of your
    current network layout.
    1 Find out what you have and how it is connected
    Cisco switches and routers also work using the
    command "sho cdp neighbour detail" if CDP is enabled on the switch.
    2 Use a icmp or arp sweeping utility like stated in
    previous hosts to find out how many computers and domains you currently
    have. As previously stated unless you see yourself going over 254
    computers and servers then there is no need to subnet unless you are
    having congestion issues.
    3 DNS is necessary for all windows computers to talk
    to each other unless you are modifying the host file on each pc or
    running netbeui. If you are turn it off after you have DNS running it
    wicked chatty and not routable over layer 3 links.
    4 Definitely take merv's advise on sticking to one
    vendor. If you ever decide to go layer 3 routing versus a flat network
    in the future then routing protocols like igr and eigrp are proprietery
    to Cisco so Juniper and all the rest of the vendors that make layer 3
    devices may not work.
    5 Prioritize a plan. You are probably going to want
    to make a desicion on your IP scheme before you do DNS because if you
    build DNS first may or may not have to rebuild DNS after you change
    your ip scheme depending on What server platform your DNS server is
    running and how you have setup dns registration with your clients.

    If ya need help once you get started then feel free to email me


    Steve Johnson
    Network Admin
     
    Newbie72, Mar 31, 2006
    #7
  8. Tanya L.

    Tanya L. Guest

    "Newbie72" <> wrote in message
    news:...
    >
    > Solarwinds has a demo "IP Network Browser" that I like. Visio will
    > become your best friend for documenting and creating drawings of your
    > current network layout.
    > 1 Find out what you have and how it is connected
    > Cisco switches and routers also work using the
    > command "sho cdp neighbour detail" if CDP is enabled on the switch.
    > 2 Use a icmp or arp sweeping utility like stated in
    > previous hosts to find out how many computers and domains you currently
    > have. As previously stated unless you see yourself going over 254
    > computers and servers then there is no need to subnet unless you are
    > having congestion issues.
    > 3 DNS is necessary for all windows computers to talk
    > to each other unless you are modifying the host file on each pc or
    > running netbeui. If you are turn it off after you have DNS running it
    > wicked chatty and not routable over layer 3 links.
    > 4 Definitely take merv's advise on sticking to one
    > vendor. If you ever decide to go layer 3 routing versus a flat network
    > in the future then routing protocols like igr and eigrp are proprietery
    > to Cisco so Juniper and all the rest of the vendors that make layer 3
    > devices may not work.
    > 5 Prioritize a plan. You are probably going to want
    > to make a desicion on your IP scheme before you do DNS because if you
    > build DNS first may or may not have to rebuild DNS after you change
    > your ip scheme depending on What server platform your DNS server is
    > running and how you have setup dns registration with your clients.
    >
    > If ya need help once you get started then feel free to email me
    >
    >
    > Steve Johnson
    > Network Admin


    I'll check the Solarwinds demo you suggested- thanks! I'm inventorying
    exactly what is out there right now. So far it looks like there may now be
    as many addresses being used as I previously thought, but they are scattered
    about the entire 255 range rather willy nilly. I'd prefer them to be
    organized in some fashion.

    I don't know that I can get rid of the Alcatel stuff right now as it was
    purchased just last year. I'll have to work with what I have unless it
    really really becomes a problem.

    Thanks again,
    Tanya
     
    Tanya L., Apr 3, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Smith

    Vlan Subnets

    John Smith, Aug 23, 2004, in forum: Cisco
    Replies:
    3
    Views:
    1,104
    Christoph Weber-Fahr
    Aug 24, 2004
  2. indo

    Cisco Newb Question- sorry

    indo, May 16, 2005, in forum: Cisco
    Replies:
    7
    Views:
    2,440
    Walter Roberson
    May 19, 2005
  3. Chuck
    Replies:
    2
    Views:
    10,416
    Chuck
    Oct 7, 2005
  4. joseph
    Replies:
    4
    Views:
    592
    Ken Gallagher
    Jan 3, 2007
  5. Replies:
    4
    Views:
    1,438
    Trendkill
    Aug 29, 2008
Loading...

Share This Page