|
Posted by on October 1, 2007, 12:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> tech.suppor...@gmail.com wrote in part:
>
> > I am limited with certain constraints here. Because of the
> > physical dimensions of the building, we are concentrating
> > the cables into 4 different points. so lets say around 6
> > switches. each switch serves different applications. Like,
> > VOIP, IPTV and data only applications. , thats why i want to
> > create Seperate VLANS, so that I could isolate the traffic
> > each app needs.
>
> This is excellent practice, but why the mention of VLANs?
> The hardware switches will isolate traffic at a lower level.
> VLANs are more for situations where a cluster of distant
> machines has to get inside into one of these switches.
>
Robert,
well, for 5-6 machines of single type originating from one point, i
cant put a switch for each type. instead i am using 48port or 24 port
switches. u get my address, right. ? its difficult to put switch for
each type of application, as there are multiple concentration points.
> > second thing. our ISP, in each site, configures for us a
> > class C network.
>
> A real [externally routable] class C or just the 10.*.*.*
> private IPs you mentioned earlier? If real, are the 254
> enough for your machines? You may need some NAT.
>
It is private IP's, 172.x.x.x, however, they should also be
externally routable, completely throughout our WAN, meaning, all
other remote sites. 254 ips are more than sufficient for me. each pc
of this site 172.x.A.x, should talk to every other pc in every other
location 172.x.B.x., 172.x.C.x, 172.x.D.x There is no internet
connectivity. its purely data./voice
Thanks
Techs
|
|
Posted by on October 1, 2007, 12:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> tech.suppor...@gmail.com wrote in part:
>
> > I am limited with certain constraints here. Because of the
> > physical dimensions of the building, we are concentrating
> > the cables into 4 different points. so lets say around 6
> > switches. each switch serves different applications. Like,
> > VOIP, IPTV and data only applications. , thats why i want to
> > create Seperate VLANS, so that I could isolate the traffic
> > each app needs.
>
> This is excellent practice, but why the mention of VLANs?
> The hardware switches will isolate traffic at a lower level.
> VLANs are more for situations where a cluster of distant
> machines has to get inside into one of these switches.
Robert,
well, for 5-6 machines of single type originating from one point, i
cant put a switch for each type. instead i am using 48port or 24 port
switches. u get my address, right. ? its difficult to put switch for
each type of application, as there are multiple concentration points.
> > second thing. our ISP, in each site, configures for us a
> > class C network.
>
> A real [externally routable] class C or just the 10.*.*.*
> private IPs you mentioned earlier? If real, are the 254
> enough for your machines? You may need some NAT.
>
It is private IP's, 172.x.x.x, however, they should also be
externally routable, completely throughout our WAN, meaning, all
other remote sites. 254 ips are more than sufficient for me. each pc
of this site 172.x.A.x, should talk to every other pc in every other
location 172.x.B.x., 172.x.C.x, 172.x.D.x There is no internet
connectivity. its purely data./voice
|
|
Posted by Robert Redelmeier on October 1, 2007, 1:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> well, for 5-6 machines of single type originating from
> one point, i cant put a switch for each type. instead i
> am using 48port or 24 port switches. u get my address,
> right. ? its difficult to put switch for each type of
> application, as there are multiple concentration points.
That's fine, but the general idea is to try to keep most
traffic local to the switch and minimize the "uplink".
Servers and apps/users should be on the same switch. Multiple
servers/apps on the same switch are fine. Try to avoid putting
the servers all on one switch and the apps/users on others
(although this is often done and can explain poor performance).
> It is private IP's, 172.x.x.x, however, they should also
> be externally routable, completely throughout our WAN,
> meaning, all other remote sites.
Yes, that is done with VLANs. Again, try to keep sources and
sinks close. At least for the majority of traffic. VLAN is
only a Virtual LAN, it is not a real one. Bandwidth may be
a problem, and latency almost certainly is.
-- Robert
|
|
Posted by Albert Manfredi on October 1, 2007, 6:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I am limited with certain constraints here. Because of the physical
> dimensions of the building, we are concentrating the cables into 4
> different points. so lets say around 6 switches. each switch serves
> different applications. Like, VOIP, IPTV and data only applications. ,
> thats why i want to create Seperate VLANS, so that I could isolate the
> traffic each app needs.
Okay so far. Hosts are not typically VLAN-aware, So assuming that each
switch can be configured to assign its end host ports to a particular
VLAN, and the router/NAT port configured to be the VLAN-aware "trunk
link," you can partition the internal network traffic as you describe,
and assign priorities differently for each VLAN.
However, to make this short, if you're saying that each PC may have to
belong to multiple VLANs (e.g. a given PC may need to use VoIP and
IPTV, along with text or file transfers), then I'd probably scrap the
VLAN idea entirely.
> second thing. our ISP, in each site, configures for us a class C
> network. So if I were to use multiple VLANS, that means multiple
> subnets. So only one VLAN, that comes from the ISP would be able to
> communicate to outside world.
Sure, if you get one /24 net and you must create multiple /26 or /28
nets, or what have you, you'll need physically separate Ethernets or
VLANs. And since you mentioned the private IP addresses used inside,
you'll need a NAT before these internal hosts can communicate with the
outside. The NAT will have to be VLAN-aware, or the NAT can be
connected to a VLAN-aware router behind the NAT.
> May be I could make the other VLAN's
> communicate to outside world using the gateway of the ISP's VLAN,
> however, i need other Remote networks also talk to my PC's inside,
> which fall in to multiple subnets.
If each PC might need to belong to, say, the text, VoIP, and IPTV
VLANs, then it makes more sense to just use one LAN inside. At most,
you might use the priority options of 802.1Q, to differentiate between
traffic categories, assuming these hosts can decode the extended
Ethernet header. So that would sort of provide some idea of QoS
differentiation for the different types of traffic within the office.
Personally, I'd just over-provision the internal network. I have to
believe the WAN link is the bottleneck, not the internal LAN. These
VLANs will only segregate the traffic internally.
The only case where VLANs would make sense is if you're trying too
keep the individual PCs on separate IP subnets. As in, IPTV PCs must
be separate from VoIP PCs. Or accounting PCs must be kept separate
from engineering PCs. If this isn't your goal, then simplify by not
creating separate VLANs, or separate IP subnets, inside. That would be
my approach.
Bert
|
|
Posted by Albert Manfredi on October 1, 2007, 8:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> second thing. our ISP, in each site, configures for us a class C
> network. So if I were to use multiple VLANS, that means multiple
> subnets.
By the way, I also am not sure I understand this part. If the ISP
configures you as a single /24 IP subnet, it must mean that he assigns
you 254 public IP addresses, right?
If that's the case, then there is no need to use private IP addresses
inside your premises. In principle, you can subnet that ISP /24 net in
any way you like, use an internal router, and perhaps use DHCP
internally to assign public IP addresses to each PC.
So whether you do want to use separate VLANs and separate IP subnets,
or just make the internal network a single /24 subnet, you would never
need to bother with a NAT. Just take the ISP's addresses and subnet
them. You'll lose a few host IDs, but it sounds like 254 is plenty
anyway. Or just use the addresses as is, in a single subnet. Not sure
I understand why not.
Bert
|
| Similar Threads | Posted | | 802.1q vlans trunking | June 13, 2005, 2:09 am |
| An interface on many VLANs | November 24, 2005, 3:05 pm |
| Two different VLANs on the same port | December 15, 2006, 8:02 am |
| Mac address and VLAns | June 17, 2008, 1:27 am |
| 3Com untagged vs. 802.1Q VLANs | February 22, 2005, 10:44 am |
| Multiple VLANs on Single NIC | January 19, 2006, 8:06 am |
| VLANs and VoIP phones | July 27, 2006, 8:07 am |
| Port Based VLANs | September 10, 2006, 2:28 pm |
| VPC or VMWare and Vlans an intersting one. | May 31, 2007, 2:29 pm |
| Use VLANs to limit Multicasting | March 14, 2008, 12:22 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map