Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VLan based on IPs 2

Status
Not open for further replies.

destinyml

ISP
Apr 27, 2004
27
DK
Hi

I'm looking to omplement a VLAN solution. I have multible subnets and I would like to add VLANs within these subnets based on IP addresses. e.g. 192.168.1.20 and 192.168.1.25 is one VLAN and 192.168.1.23 and 192.168.1.58 is another etc. All VLANs must be able to exchange data with other VLANs within the same subnet (and other subnets as well).

I currently have Dell 3024 switches, and I am only able to assign ports to VLANs (not by IP) and the VLANs are not able to communicate with each other.

I asume that the Dell switch is not able to perform this task. What kind of equipment will I need and is my senario posible at all?

Thank you
 
To make a VLAN map onto an IP subnet you need either a router or a layer 3 switch. I will deal with the specifics at the end.

The router solution would work by having the router with multiple ports either each physically connected to the VLAN with one physical port per VLAN or one port with a secondary interface for each VLAN.

The basic principle is the same, the router has an interface set up for each subnet, with the interface IP address being the default gateway for each subnet. Routing is then set up on the router to route between the subnets. All the clients on each subnet have the IP interface of the router as their default gateway, this ensures that any data whose destination IP address is not in the source devices own subnet is sent to the router, routed to the correct subnet and forwarded. That is the basic principle.

The actual implementation would depend upon having either an individual port for each subnet and patching that to a switch port sitting in the relevant VLAN or more likely having one port on the switch and sitting in all VLANs and supporting 802.1q VLAN tagging. this connected to a port on the router itself configured with the same VLAN tags for each VLAN configured to forward all packets destined for a particular VLAN to be taggeed correctly. The main downside of this approach is that the router becomes a bottleneck and not all routers support 802.1Q VLAN tagging.

The layer 3 switch approach is better. This is a switch that routes packets to VLANs depending upon the IP Subnet. The basic principle is the same as with the router, but the interfaces in each case are not physical ports but internal VLAN interfaces. So apply IP address to each VLAN interface (and in some cases add the IP subnet address details) set up routing between interfaces and set the layer 3 switches default gateway to point at any WAN router so unknown IP address destination packets are forwarded accordingly.

That covers the basic premise, but what you want is slightly more complex. You want groups of IPs withing each subnet to be allocated to a VLAN, some switch technology may be able to do this but the admin on this would probably be a nightmare. My suggestion would be break down your class C subnet into smaller subnets and allocate to seperate VLANs. IT would mean changing IP configs on all devices and you would have to renumber devices using subnet and broadcast addresses. Since you are using a 192.168 schema if you have lots of unused subnets and there is no reason not to, why not use a class C for each subnet, administratively it would be easier to work out which IP subnet is which group of machines.

So I would look at a Layer 3 switch and study and well plan your IP subnet addressing and in particular subnet masking. There are various subnet calculators around to help you here.

 
well, the fact is that we are not using a 192.168 schema, but public IPs on each server. Also most the VLANs will only include 1, 2 or 3 ip adresses... so different subnets for each vlan is not really an option... with the current setup anyway
 
Tim,
I think you may be able to shed some light on this. Our network monkey created what we have now, but I think it incorrect. Can you read this over and let me know if what i'm seeing is correct?

What we have for the main network is this. Two class B networks using the same subnet mask of /16. We have the servers in the 10.100. network and we break out the vlans in the 10.101. sub network, in my honest opinion, incorrectly. Vlans are all using the /16. All of the Vlans are using the same broadcast address with host ip addresses for gateways. I would believe that this would not help broadcast traffic and arp traffic but actually create more of it. Please see next output below for our network IP addressing scheme:
------------------------------------------------------------------------------------------
IP Address : 10.100.0.0
Address Class : A
Network Address : 10.0.0.0

Subnet Address : 10.100.0.0
Subnet Mask : 255.255.0.0
Subnet bit mask : 0nnnnnnn.ssssssss.hhhhhhhh.hhhhhhhh
Subnet Bits : 16
Host Bits : 16
Possible Number of Subnets : 256
Hosts per Subnet : 65534

Selected Subnet : 10.100.0.0/255.255.0.0
Usable Addresses : 65534
Host range : 10.100.0.1 to 10.100.255.254
Broadcast : 10.100.255.255


Subnet Mask Subnet Size Host Range Broadcast
10.100.0.0 255.255.0.0 65534 10.100.0.1 to 10.100.255.254 10.100.255.255
10.101.0.0 255.255.0.0 65534 10.101.0.1 to 10.101.255.254 10.101.255.255
=============================================


=============================================
If we used a classful C Subnet Mask for the outlying area switches, this would allow for each switch to reside on it's own network with it's own REAL gateway and it's own REAL broadcast. If I'm not mistaken, the way we have it set up, we use host IP addresses for gateways on each vlan and they don’t have a real broadcast address except 10.101.255.255. This next diagram is what a full class C subnet mask would give us on the 10.101. sub network. It would allow us to have each switch on it's own network with it's own gateway and it's own broadcast. It would allow for each switch to have 254 Hosts per subnet. -----------------------------------------------------------------------------------------
IP Address : 10.100.0.0
Address Class : A
Network Address : 10.0.0.0

Subnet Address : 10.100.0.0
Subnet Mask : 255.255.255.0
Subnet bit mask : 0nnnnnnn.ssssssss.ssssssss.hhhhhhhh
Subnet Bits : 24
Host Bits : 8
Possible Number of Subnets : 65536
Hosts per Subnet : 254

Selected Subnet : 10.101.102.0/255.255.255.0
Usable Addresses : 254
Host range : 10.101.102.1 to 10.101.102.254
Broadcast : 10.101.102.255

===============================================

Is what I'm saying correct? Since the VLans are only designated by a Host Ip address and the same /16 mask as the 10.101 network, aren't they all using the same broadcast of 10.101.255.255? We do have issues with broadcasts and arp'ing ...

Let me know what you think.

Thanks,
TT



 
You have what two what are called flat networks, one for the 10.100.0.0/16 Subnet and one for 10.101.0.0/16 subnet.

Broadcast and arp would indeed be an issue in this network and your experience seems to confirm this. every arp is broadcast throughout the flat network.

You can happily subnet your network using class C subnet masks but you will need a layer 3 device to ensure that the IP traffic can route between subnets.

So if I may be so bold here is a tried and tested formula for doing this.
1) Work out how many VLANs you need, this is done on whichever criteria you wish, geographic (ie, all PCs in the same area of the office and maybe off the same switch have their own VLAN) or along business lines (Seperating Finance from Sales from HR) It is entirely up to you, but do it before you start.

2)Make the base subnet 10.100.1.0/24 your management VLAN thus the IP addresses of all switches sit in here and any network management server or workstation make this VLAN 1
3)Make one subnet contain all your servers and internet gateway say 10.100.2.0/24. Make the gateway address either 10.100.2.1. or 10.100.2.254. The other VLANs are allocated as you see fit.
4) On the layer 3 device make sure each subnet has a routable IP address to be used as the default gateway for each client and server. Ultimately your networks default gateway is going to be the exit point of your network either your firewall or WAN port etc.
5) Make sure the layer 3 device routes between subnets and ensure it does not broadcast the routing tables to any other subnets than that with your network default gateway device on. Try not to use RIP version 1 if possible, RIP v2 is ok.
6) configure your clients, the time consuming bit you will have to change every PC and printer and any other such device on the network to have an IP address in the correct subnet and with the correct default gateway. Depending on the number of devices involved this could be a long and arduous manual process, but the subnet mask at least in every case must change. DHCP may help here, the layer 3 device should be able to forward DHCP requests from clients to the DHCP server.
7) Active directory will complicate matters in ways too complex to go through here.
8) IPX/SPX will really complicate matters, if you have servers and applications using IPX/SPX you may have fun finding a layer 3 switch that will successfully route or broadcast the IPX traffic between VLANs, support for IPX/SPX is becoming less and less common. If this is a major issue it could easily explain the flat network architecture.

The success of this will in almost all ways depend on the planning you undertake before you start.
 
TimRegester is absolutely correct.
Using class b subnets and you're just asking for problems due to broadcasts.
The only way to effectively eliminate the problem is to use smaller subnets as suggested.
I would strongly caution you to take your time and carefully plan your new IP scheme. Maybe post back here with your new plan before you implement it, hopefully save some headaches.


MCSE CCNA CCDA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top