Requesting suggestions for appropriate use of VLANs

Discussion in 'Cisco' started by Jamie, Sep 17, 2004.

  1. Jamie

    Jamie Guest

    Hello, I was hoping someone could provide suggestions on the most
    appropriate use of VLAN's on our network.

    If my understanding of VLAN's is correct, the primary benefits of
    using VLAN's are security and reduction of broadcast traffic.
    Security isn't a concern at this point since any VLAN's would just be
    routed from one VLAN to another. Broadcasts aren't a concern since we
    only 500 nodes in our largest office.

    We currently run our network in one VLAN.

    On one extreme, we could make every subnet a VLAN but there doesn't
    seem to be a real advantage in doing this and it would increase effort
    to manage.

    On the other extreme we could continue to use one VLAN throughout, but
    our larger office wouldn't have a class C subnet.

    I have been considering breaking up our central office into muliple
    VLAN's, for one reason...separate users and servers into nice class C

    Does this sound optimal?
    Jamie, Sep 17, 2004
    1. Advertisements

  2. In article <>,
    Jamie <> wrote:
    :Hello, I was hoping someone could provide suggestions on the most
    :appropriate use of VLAN's on our network.

    :I have been considering breaking up our central office into muliple
    :VLAN's, for one reason...separate users and servers into nice class C

    :Does this sound optimal?

    No, you should be forgetting about "class C" and thinking "CIDR"
    unless you are stuck with equipment that can only think in class boundaries
    (or you have fairly unusual IP numbering requirements that lead you to
    use non-consequative bits in your netmask).

    500 nodes in a single subnet in a single VLAN -could- generate a lot of
    broadcasts, if you happen to be using primarily PCs with NETBIOS enabled.

    If you do happen to be using PCs with NETBIOS then remember that you
    will need a master browser for every VLAN, and you will need to use WINS
    to allow the systems to resolve each other.

    What is your measured broadcast rate at present?

    If you have 500 nodes at the moment, then chances are that you have
    at least one server-like machine that is accessible to outside. Those
    machines should be in a DMZ, on a different IP range and a different VLAN.

    If you have 500 nodes and provide -no- service to the outside world
    at all (not even for employees to check email when they are travelling),
    then chances are that you have a finance system or two running on your
    net, and that that finance system should really be limited access
    [e.g., some functions only performable from certain consoles.] And in
    such a case, I would venture that you -probably- have sections of the
    company that are handling contract or personnel or personal data
    that is not supposed to be accessible to everyone. You are probably
    at at least 300 employees, and by the time a commercial company gets
    that big, the company may well be dealing with contracts that the
    other party specified as "Need To Know distribution only". And you
    probably have some NDAs (Non-Disclosure Agreements) signed by -individuals-
    within the company rather than applying to the entire company.

    All in all, though I do not know anything about your particular
    organization, I would -predict- from the size figures you gave, that
    you *should* be running VLANs in order to compartamentalize
    parts of the organization from other parts of the organization.

    Unless, that is, you've gone for full encryption over your LAN and
    you have a PKI infrastructure that integrates with all your applications
    to provide strict controls over who can access what. But that kind
    of PKI gets fairly pricey... and you'd probably have a vlan and firewall
    for the PKI server itself to reduce the risk of tapering or malware
    Would you buy a used bit from this man??
    Walter Roberson, Sep 17, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
  2. punisher
    Charles Deling
    Nov 17, 2005
  3. James E Kropp

    Re: Appropriate Use of Image Stabilization

    James E Kropp, Jul 31, 2003, in forum: Digital Photography
    John Navas
    Aug 2, 2003
  4. Replies:
    Aug 16, 2006
  5. Giuen
    Sep 12, 2008