ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    VLAN confusion

    Scheduled Pinned Locked Moved IT Discussion
    184 Posts 8 Posters 26.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @dave247
      last edited by

      @dave247 said in VLAN confusion:

      ... and my current understanding is that I would want a separate VLAN to use with that separate subnet.

      Also incorrect. VLANs basically require subnetting (or overlaps) but you never use a VLAN for subnetting. Subnets are simple and effective, VLANs are complex. You only use a VLAN for management and security purposes, never performance, subnetting or any other purpose.

      dave247D 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @dave247
        last edited by

        @dave247 said in VLAN confusion:

        Also, in freeing up IP addresses on our company LAN, I've given myself more IP space for my fail over DHCP server should I ever need it.

        I don't understand this bit.

        1 Reply Last reply Reply Quote 0
        • dave247D
          dave247 @scottalanmiller
          last edited by

          @scottalanmiller said in VLAN confusion:

          @dave247 said in VLAN confusion:

          Well, actually, here's one thing I just thought of. We currently have a /23 network where I work, and our current phone system exists on the same network as our computers and servers. We have a lot of addresses taken up by phones right now, so it would be nice to have the phones on their own separate subnet, ......

          No, it would not. You identified the mistake, but made a bad leap in how to fix it. Let's read that again...

          1. We have a /23 network.
          2. The /23 is too small for our needs.
          3. We should....

          Logically the answer is "make a network of the right size for our needs." But instead, you jumped to subnetting.

          Yes, I have considered widening our network, but then I would have to make so many changes to devices and I wanted to avoid that. Plus, wouldn't making a /22 subnet be over-kill? This is where I don't have real-world knowledge and experience yet. Is it ok to have a company LAN with a huge address range? What if that range hypothetically got filled up? Would that be too much traffic? 1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?

          scottalanmillerS coliverC 6 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @dave247
            last edited by

            @dave247 said in VLAN confusion:

            Yes, I have considered widening our network, but then I would have to make so many changes to devices and I wanted to avoid that.

            Actually GROWING a network is trivially easy, and DHCP does it automatically for all DHCP managed devices. There's really no good reason not to grow. There is nothing hard about it and it is the real fix, rather than a bandaid.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @dave247
              last edited by

              @dave247 said in VLAN confusion:

              Plus, wouldn't making a /22 subnet be over-kill?

              How could it be overkill when /23 has been identified as inadequate for the needs?

              VLAN is the overkill - lots of complexity without benefit. /23 is the proper solution, VLAN is the overkill without all of the benefits of the proper way.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @dave247
                last edited by

                @dave247 said in VLAN confusion:

                Is it ok to have a company LAN with a huge address range?

                Not just okay, it's the enterprise standard. /22 is not huge, /22 is "normal" for large networks. The entire concept of the /24 network being some kind of standard is a mixture of ancient 30 year old class based network identification and SMBs repeating misunderstood myths since that time.

                The use of /24 was practical in the pre-switch era. But that specific factor went away around 2000. And class based networking was most of a decade prior to that.

                It's not that /22 is huge, it's that /24 is absurdly small.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @dave247
                  last edited by

                  @dave247 said in VLAN confusion:

                  What if that range hypothetically got filled up? Would that be too much traffic?

                  Networks (subnets in the 1990s terminology) aren't affected by traffic. That's not a thing. If you had "too much traffic" you'd be impacted with VLANs before you were impacted without them because VLANs add extra overhead and bottlenecks. You never segment switched networks due to traffic load, that was a bus-based networking problem when all traffic traveled on a single bus for the entire network. If the bus filled up, the network would slow down.

                  The thing you are worried about here is saturating your switch backplane, if you do that, VLANs will hurt, not help. And you need bigger, faster switches. It's not related to your address schema.

                  dave247D 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @dave247
                    last edited by

                    @dave247 said in VLAN confusion:

                    1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?

                    No. Picture your network. What is congestion? Other than the places where VLANs need to talk to each other, there is no congestion point. Congestion is a 1990s term from hubs, it doesn't exist (outside of the switch backplans or the router connection points between VLANs) in the modern world of the last two decades. Switches make each device talk directly to any other device. There is no spot for congestion to exist until you add VLANs, and then only where the VLANs talk to each other.

                    1 Reply Last reply Reply Quote 0
                    • coliverC
                      coliver @dave247
                      last edited by coliver

                      @dave247 said in VLAN confusion:

                      1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?

                      Isn't this specifically what switches were designed to fix? @scottalanmiller beat me too it.

                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                      • JaredBuschJ
                        JaredBusch
                        last edited by

                        Expanding your subnet is simple.

                        You change your router first.
                        Then you change your DHCP scope to hand out the /22
                        But you also add a block in the DHCP assignment to not give out addresses in the new section.
                        Then you change your few static devices (if you do not have only a few static systems, you have other issues).
                        Once your static devices are changed, you remove the block in your DHCP assignment.
                        Process complete.

                        DashrenderD scottalanmillerS dave247D 3 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @coliver
                          last edited by

                          @coliver said in VLAN confusion:

                          @dave247 said in VLAN confusion:

                          1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?

                          Isn't this specifically what switches were designed to fix? @scottalanmiller beat me too it.

                          Indeed they were 🙂

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @JaredBusch
                            last edited by

                            @jaredbusch said in VLAN confusion:

                            Then you change your few static devices (if you do not have only a few static systems, you have other issues).

                            What JB means by this is - he uses static assignments in DHCP for things like printers. This allows you to reboot a printer to get the new settings when things like this change.

                            Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                            coliverC dave247D black3dynamiteB 3 Replies Last reply Reply Quote 1
                            • coliverC
                              coliver @Dashrender
                              last edited by

                              @dashrender said in VLAN confusion:

                              Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                              I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                              DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @JaredBusch
                                last edited by

                                @jaredbusch said in VLAN confusion:

                                Expanding your subnet is simple.

                                You change your router first.
                                Then you change your DHCP scope to hand out the /22
                                But you also add a block in the DHCP assignment to not give out addresses in the new section.
                                Then you change your few static devices (if you do not have only a few static systems, you have other issues).
                                Once your static devices are changed, you remove the block in your DHCP assignment.
                                Process complete.

                                And, worth noting for those that have not done it, devices in the new space cannot talk to devices with the /23 in their config until that gets changed to /22. But as long as the devices being added to the new expanded space don't need to talk to those resources, it doesn't matter. So old devices are not affected in any way by the expansion, and new devices can be added selectively until the old ones are fixed.

                                So, for example, if you fix your PBX to see /22 and the gateway, then all phones could be added to the expanded space (outside of the /23 bounds) and they would work for calls just fine, but other servers could not talk to them until they were adjusted to /22. Typically, zero impact and very low effort.

                                JaredBuschJ 1 Reply Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @coliver
                                  last edited by

                                  @coliver said in VLAN confusion:

                                  @dashrender said in VLAN confusion:

                                  Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                                  I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                                  Yeah, some, maybe even most servers could be served up this way.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @coliver
                                    last edited by

                                    @coliver said in VLAN confusion:

                                    @dashrender said in VLAN confusion:

                                    Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                                    I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                                    Because you want servers to keep working even if DHCP and all other functions totally fail.

                                    DashrenderD coliverC 2 Replies Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @dashrender said in VLAN confusion:

                                      @coliver said in VLAN confusion:

                                      @dashrender said in VLAN confusion:

                                      Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                                      I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                                      Yeah, some, maybe even most servers could be served up this way.

                                      CAN BE, yes, absolutely. How many "should be" is the bigger question.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 1
                                      • JaredBuschJ
                                        JaredBusch @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in VLAN confusion:

                                        @jaredbusch said in VLAN confusion:

                                        Expanding your subnet is simple.

                                        You change your router first.
                                        Then you change your DHCP scope to hand out the /22
                                        But you also add a block in the DHCP assignment to not give out addresses in the new section.
                                        Then you change your few static devices (if you do not have only a few static systems, you have other issues).
                                        Once your static devices are changed, you remove the block in your DHCP assignment.
                                        Process complete.

                                        And, worth noting for those that have not done it, devices in the new space cannot talk to devices with the /23 in their config until that gets changed to /22. But as long as the devices being added to the new expanded space don't need to talk to those resources, it doesn't matter. So old devices are not affected in any way by the expansion, and new devices can be added selectively until the old ones are fixed.

                                        So, for example, if you fix your PBX to see /22 and the gateway, then all phones could be added to the expanded space (outside of the /23 bounds) and they would work for calls just fine, but other servers could not talk to them until they were adjusted to /22. Typically, zero impact and very low effort.

                                        Yes, that is why i said to block the DHCP scope from giving out addresses until the existing static devices are updated.

                                        1 Reply Last reply Reply Quote 2
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in VLAN confusion:

                                          @coliver said in VLAN confusion:

                                          @dashrender said in VLAN confusion:

                                          Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                                          I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                                          Because you want servers to keep working even if DHCP and all other functions totally fail.

                                          yeah, this is my thinking as well. Depending on how long your leases are, this may or may not be an issue in typical considerations.

                                          coliverC 1 Reply Last reply Reply Quote 0
                                          • coliverC
                                            coliver @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in VLAN confusion:

                                            @coliver said in VLAN confusion:

                                            @dashrender said in VLAN confusion:

                                            Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

                                            I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.

                                            Because you want servers to keep working even if DHCP and all other functions totally fail.

                                            That's one of the ones I was thinking. But DHCP is such a basic service and there are ways to do DHCP failover even on Windows, the risk of DHCP being down and not having a bigger more "global" problem seems very small.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 7 / 10
                                            • First post
                                              Last post