1. Home
  2. Cisco Systems
  3. To VLAN or NOT!

To VLAN or NOT!

This is all just an idea.. I'd like to ask an opinion and see what the group think or if you guys can ask more relevant questions about the idea..

I can create about 4-5 vlans. 3-4 diff departments and 1 subnet for servers. i have an ASA 4 Gb ports, right now the setup is happy. there isnt an immediate need to segment anything, but it would be nice.

Since i have 4 interfaces (on the ASA); i have each subnet on its own interface. if use 1 switch to create these vlans im thinking about and trunk a port on each vlan can i plug the trunk ports into these 4 interfaces on the router and more or less save using less switches oppossed to router on a stick (sub-interfaces).

Would a router on a stick introduce throughput issues?

What would be the benefit here? Right now all my LAN/server/additiona depts are all on the same LAN. This isnt a big concern for security, but it might be a good idea just to VLAN the servers. 1 of the servers is the main APP server. Everyone will need access to it. Wouldnt this defeat the purpose of setting up the VLANs?

Then there is a chat/jabber server; again they all need access.

So whats the true purpose or time when a VLAN should be used?

Hope I didnt go to fast or posted an unclear idea. Please ask for more info if so and I will provide.

Thanks!

GNY

Reply to
GNY
Loading thread data ...

First and foremost, VLANs are used to break up broadcast domains. In today's higher speed networks, the probably more appropriate answer is they are used to logically group nodes in a way that makes the most sense for routing vs. switching. While the newer Cisco datacenter design model is distributed layer 3 where VLANs are never trunked, most of us still have many locations where trunking is used and/or makes sense. From a uses workstation perspective, there is nothing wrong with a /22 or /23 and a few hundred machines on a local subnet. If there is no reason to segment them for security reasons, then there is no need to VLAN them off. That being said, I VLAN stuff just to keep it nice and clean and manageable. For a lab I recently setup, we created VLANs for wintel server, aix servers, sun servers, linux, vmware instances, users, etc. If you have enough boxes to warrant assigning a /24 to each set, then this may make a lot of sense. But if you are talking about a few dozen servers, I would put them all in a 'server' vlan, and put the users in a vlan or two, perhaps by department or floor. But again, if we are only talking about a hundred users total, there is no technical need to divide them up....business or security reasons are up to you.

To answer your question on whether a router on a stick will impact performance, it depends on your design. If all servers/nodes are on the same vlan/switch, then everything will be switched and a router is not needed. But if you have one user who absolutely nails a server with lets say a FTP, then those two nodes will have poor performance for that period of time even in a switched environment. On the router side, if these two nodes are on separate VLANs, say server and user, then when that same transaction takes place, and presuming you have one uplink to the router, the session will eat up ALL traffic between the two networks, not just the two nodes. Sometimes this is good design, especially if you have other constraints or bottlenecks down the line. However, and presuming this is gig network speed, even a big FTP should not take an especially long time.

In short, it all depends A) what you are trying to accomplish, B) what makes sense to you, and C) you need a good understanding of what is going on in your network and why. With the answers to those three things, you should be able to create a design that works.

Reply to
Trendkill

Trendkill .. You're always a huge help! Wish I could buy you a beer just for your quick and unreserved help!

Your post is exactly how I thought about it assures me that I should continue to ask these questions and take in these considerations next time the conversation is raised..

Thanks again Trendkill ..

GNY

Reply to
GNY

Always a pleasure to help. Feel free to hit me up individually if you are ever in a bind. I'll be happy to answer what I can, and be honest if I can't. Take care.

Reply to
Trendkill

Also using Linksys VLAN capable switches to trunk to an ASA, This should be fine so long as the Linksys switches support 802.1Q yes?

Thanks..

GNY

Reply to
GNY

Yes, but don't assume that most Linksys switches are going to support management and VLAN trunking. Make sure to read the specs to find the models that do.

Reply to
Doug McIntyre

Doug,

I would never assume :-) You know the saying.. Yes I know they do management and VLAN .. Have to check on the trunking..

Thanks!

GNY

Reply to
GNY

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.