1. Home
  2. Cisco Systems
  3. Network newb - VLAN's subnets (long)

Network newb - VLAN's subnets (long)

Not sure this is the best group to post in, so if not, please direct me to the correct one.

I've taken the job of a network admin for a regional library system. I'm new to network admin but am trying best to learn quickly. I was previously in a web admin position when I was (in)voluntarily moved into this job.

The current network is in a working state but needs to be upgraded in many ways. The network sits behind a firewall with 100 or so users, but many more network attached devices. The network is a very simple, flat network NAT'ed inside the firewall with a 192.168.1.x scheme that I foresee running out of addresses in the future. There is one main library headquarters that has the majority of servers, users & devices, then 2 other branches that have 4 or 5 computers, and one more branch that has about 30 network devices. All are connected via fiber by Cisco 3508 & 2950 switches and 2 newer Alcatel switches.

Currently a Windows NT box does DHCP, and authentication for filesharing etc. I will probably replace that box. No real network based applications like Exchange or SQL server. There is a large file server - Snap 4200 that uses the Windows domain for file permissions. There are a few other servers - an AS/400, a SuSE box, and a Win2K server that does A/V and tape backups. No internal DNS, only IP addresses, - WINS? An ISP provides email service.

Not sure the best place to start reconfiguring this network. I know I need the ability to add more addresses. Would I do this with multiple subnets? Should this be done with VLAN's on the Cisco switches? Do I need to implement internal DNS to make this work? All branches need to be able to access the servers at HQ but not necessarily to each other. Would just expanding to a larger, flat address space be better? I have read some notes from the previous admin regarding cutting down on broadcast traffic, but I don't think the network has congestion problems.

I guess I'm looking for general plan of attack as well as implementation ideas. Any advice and guidance on where to start in re'doing this network?

Thanks, Tanya

Reply to
Tanya L.
Loading thread data ...

You should certainly investigate the implications of moving to a subnetted environment.

Key to this is that Windows NETBIOS broadcast traffic will not traverse VLAN boundaries and thus you will have a need for WINS or DNS

Are the access switches all homed to a core layer 2 switch (3508G ?) ?

If so then this could be changed out with a solid layer 2/3 switch that would allow you to subnet if and when required. Suggest you familiarize yourself with the Cisco 3750G-12S layer 3 switch. This would provided an adiitonal 4 fibre GE ports along with the ability of stacking another 3750G to it thus providing a nice growth path.

Reply to
Merv

Thanks for your quick reply! I think the 3508 was the main switch before an Alcatel 6124 was installed. The 3508 is still installed, but I thinkt he

6124 is what all are connected to now, and that, as I understand it, is Cisco IOS compatible?

You're recommending installing DNS first, then getting the subnets working? I guess I'm lost as to what to do first. If I implement DNS first, I guess I wouldn't do the subnets at the same time?... Sorry for being so dense!

Thanks, Tanya

Reply to
Tanya L.

First thing is to get a coffee !!!

What I would do:

  1. Determine all the things that would have to be done to expanded the existing IP address space. Today I understand that it is 192.168.1.0/24 (i.e it can support 256 - 2 = 254 hosts) Inventory how much of that IP address space is used today. There are a couple of good address scanners available. One really good one is Address Wizard that will inventroy using ARP which is very useful for machine like Windows XP that block ICMP Once you have an accurate invnetory you know how much headroom you have before you must implement an expanded 192.168.1.0 address space or move to a subnetted setup. If all of the PC use DHCP then expanding the scope for the the 192.168.1.0 should be fairly straight forward.

  1. Get a handle on the current network traffic volumes - especially broadcast traffic. Take a look at some of the tools available from SolarWinds at
    formatting link
    If most of your traffic is passing thru a central switch that has monioring port capability this will be fairly easy to do.

  2. I am NOT a fan of mixed network vendor environmenst - too many headaches. So suggest you figure out what vendor network equipement you are going to use. Then make a plan to replace and sell off the other stuff.

  1. Figure out all the technical aspects of moving to a subnetted environment and once you have the approriate layer 3 switch in place perform thorugh testing of same.

Reply to
Merv

Do you know of another utility besides this one? I'd like to find something a little lower cost.

Thanks again! Tanya

Reply to
Tanya L.

Angry IP scanner -

formatting link
Ipswitch's Ping Pro eval version -
formatting link
The other thing to do that is essential is to create an accurate and detailed network topology diagram that details how all of the layer 2 swtches are connected with port numbers MAC address of the switch etc. This information is essentail for planning any network changes or duirn troubleshooting network problems

You should find out how to displayed the switches forwarding table for each of the switches you have - for Cisco you can use the commands "show bridge" and "show mac-address-table". When you see numerous MAC address being shown against a specific port this will probably mean that this is the link to another switch.

Reply to
Merv

Merv wrote:

Solarwinds has a demo "IP Network Browser" that I like. Visio will become your best friend for documenting and creating drawings of your current network layout. 1 Find out what you have and how it is connected Cisco switches and routers also work using the command "sho cdp neighbour detail" if CDP is enabled on the switch. 2 Use a icmp or arp sweeping utility like stated in previous hosts to find out how many computers and domains you currently have. As previously stated unless you see yourself going over 254 computers and servers then there is no need to subnet unless you are having congestion issues. 3 DNS is necessary for all windows computers to talk to each other unless you are modifying the host file on each pc or running netbeui. If you are turn it off after you have DNS running it wicked chatty and not routable over layer 3 links. 4 Definitely take merv's advise on sticking to one vendor. If you ever decide to go layer 3 routing versus a flat network in the future then routing protocols like igr and eigrp are proprietery to Cisco so Juniper and all the rest of the vendors that make layer 3 devices may not work. 5 Prioritize a plan. You are probably going to want to make a desicion on your IP scheme before you do DNS because if you build DNS first may or may not have to rebuild DNS after you change your ip scheme depending on What server platform your DNS server is running and how you have setup dns registration with your clients.

If ya need help once you get started then feel free to email me snipped-for-privacy@brookshospital.org

Steve Johnson Network Admin

Reply to
Newbie72

I'll check the Solarwinds demo you suggested- thanks! I'm inventorying exactly what is out there right now. So far it looks like there may now be as many addresses being used as I previously thought, but they are scattered about the entire 255 range rather willy nilly. I'd prefer them to be organized in some fashion.

I don't know that I can get rid of the Alcatel stuff right now as it was purchased just last year. I'll have to work with what I have unless it really really becomes a problem.

Thanks again, Tanya

Reply to
Tanya L.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.