|
|
This chapter provides guidance on how to set up VLAN configurations in your existing switched network, discusses considerations that affect how you configure your VLANs, and provides a sample VLAN configuration based on these considerations.
The information in this chapter is intended to help you with the planning process. Detailed information on performing VLAN configurations using VlanDirector is provided in later chapters.
Before you can use VlanDirector, you need to determine how you want to structure your VLANs. You need to consider issues such as how to group users into VLANs, the existing subnet assignments, and inter-VLAN communications requirements. You should also note any VLANs that you have configured by using the command line interface (CLI) on the switch. Before configuring VLANs, consider the following:
When planning a VLAN, you first need to determine how you want to group ports into VLANs. Based on access, security, and bandwidth requirements, determine which users need to be part of the same VLAN.
Media Type
All ports in a VLAN need to be of the same media type, for example Ethernet ports. VlanDirector supports Ethernet and FDDI VLANs.
Access
You might want to assign VLAN membership based on product team membership or department groupings.
If a group of users share the same file server, you might want to assign them to the same VLAN.
Security
For security reasons, you might want to group one set of users, such as accounting employees, in a single VLAN. You might want to exclude a group of users from a VLAN, for example, to prevent them from accessing sensitive information.
Traffic
If a particular server interface is a bottleneck because of heavy traffic, you might want to add a second interface to the server and divide the users into two VLANs.
As a guideline, when determining VLAN assignments, Cisco recommends that approximately 80 percent of the traffic flow should be among the users within the VLAN (intra-VLAN) and that not more than 20 percent of the traffic flow should be between VLANs (inter-VLAN).
Number of VLANs and Users
The maximum number of users that you can define per known network is 1000.
Cisco recommends that a VLAN contain no more than 150 to 200 users.
Management VLAN
You need to ensure that you have Simple Network Management Protocol (SNMP) management access from the VlanDirector management station so that you can manage all switches using SNMP.
Your network management station on which you are running VlanDirector must be accessible to the default VLAN in one of the following ways:
If one or more users on one VLAN need to access resources on another VLAN, you will need to configure the router between the VLANs for inter-VLAN communication.
VLAN-to-VLAN communication can be achieved by adding a router between two VLANs or by performing translational bridging between a FDDI and an Ethernet VLAN. You can specify this when you create VLANs using VlanDirector.
Cisco recommends that you maintain a one-to-one relationship between subnets and VLANs. This means that all stations residing in or ports configured on the same VLAN are assigned network addresses with the same subnet.
If you wish to configure your VLAN differently from the existing subnets, you must reassign the IP addresses on the subnets to match your intended VLAN configuration.
VlanDirector supports VTP and non-VTP networks. Some switch software versions include VTP support, so your network might include switches that support VTP software and switches that do not include VTP software. A network is considered to be a VTP network if at least one switch with VTP support in the known network (management domain) is configured as a VTP server.A non VTP-supported network exists if no switch on the known network is configured as a VTP server
If your network includes only VTP-supported switches or a combination of VTP and non- VTP-supported switches, verify or do the following:
Make sure that at least one of the Catalyst switches is configured as a VTP server. All Catalyst 5000 switches are configured by default as VTP servers. To configure a Catalyst 5000 as a VTP server, use the CLI on the switch.
If your network has no switches running VTP software, you do not need to do this.
If your network supports VTP, configure the management domains using the CLI on any switch that is running VTP software such as a Catalyst 5000 running software version 2.1 or later. The management domain should correspond approximately to the known network that VlanDirector will discover. Known network names need to match the names of the management domains.
To specify the management domain on a Catalyst 5000, use the following CLI command on the switch:
set vtp domain <name>
Refer to the Catalyst 5000 documentation for more information on setting the management domain name.
If your network does not support VTP, you can use any meaningful name that adheres to the file naming conventions on the network management station that you are using.
VlanDirector automatically configures links when you assign ports to your VLAN. You can also change and modify links using VlanDirector drag-and-drop functionality.
VlanDirector automatically configures trunks between switches so that they can be used to carry multiple VLANs.
As you plan VLAN membership, you might find it helpful to record the planned VLAN assignments in a table as shown in Table 2-1 . You can then implement the plan from that information using the blank table template in Table 2-2 .
The table should contain the following information:
You should also record the names of existing management domains and VLANs configured using the CLI on the switch.
Table 2-1 is a sample table that records VLAN configurations for a switched network that includes Catalyst 5000 and 3000 switches, routers, file servers and end stations. In this example, the switches and port assignments have already been made, but no VLAN configuration has been made.
The sample network includes Engineering, Documentation, and Marketing users. Users from each of these groups are intermixed on each floor. The network manager wants to assign all Engineering users to one VLAN, all Marketing users to one VLAN, and all Documentation users to one VLAN.
Table 2-1 shows how to plan the configuration. For example, the table shows that the users on Ports 3 and 6 on Switch 1 should be part of the EngVLAN. In this way, you determine and record the VLAN assignments for each port.
The columns User Name and User Location provide information that associates physical location with VLAN identity.
Table 2-2 is a template or blank table that you can use to record your own VLAN plan and to help you plan VLAN assignments.
| VLAN Name | Switch Type | Switch Name | Slot | Port/ Type | IP Subnet | User | User Location |
|---|---|---|---|---|---|---|---|
| EngVLAN | Catalyst 3000 | Floor 1, Switch 1 | n/a | 3, 6/user | .21 | johnb
joex | A-1, Cube 101
A-1, Cube 102 |
| Catalyst 5000 | Floor 2, Switch 2 | 3 | 1, 3/user | .21 | johnc
joey | A-2, Cube 201
A-2, Cube 202 | |
| Catalyst 5000 | Floor 2, Switch 4 | 3 | 3/server | .21 | engserver | A-2, Cube 207 | |
| Catalyst 5000 | Floor 3, Switch 3 | 2 | 4/user | .21 | johne | A-3, Cube 301 | |
| Catalyst 5000 | Floor 3, Switch 3 | 3 | 1/user | .21 | johnf | A-3, Cube 309 | |
| DocVLAN | Catalyst 3000 | Floor 1, Switch 1 | n/a | 2, 4, 5/user | .22 | johng
johnh joez | A-1, Cube 105
A-1, Cube 106 A-1, Cube 107 |
| Catalyst 5000 | Floor 2, Switch 2 | 2 | 2, 3/user | .22 | janea
janeb | A-2, Cube 211
A-2, Cube 213 | |
| Catalyst 5000 | Floor 2, Switch 4 | 3 | 6/server | .22 | docserver | A-2, Cube 212 | |
| Catalyst 5000 | Floor 3, Switch 3 | 2 | 1, 3/user | .22 | mikeb
mikec | A-3, Cube 311 | |
| MarVLAN | Catalyst 3000 | Floor 1, Switch 1 | n/a | 1/user | .23 | annh | A-1, Cube 110 |
| Catalyst 5000 | Floor 2, Switch 2 | 3 | 4, 5/user | .23 | anni
annj | A-2, Cube 216
A-2, Cube 217 | |
| Catalyst 5000 | Floor 2, Switch 2 | 4 | 1, 2/user | .23 | annk
annl | A-2, Cube 220
A-2, Cube 221 | |
| Catalyst 5000 | Floor 2, Switch 4 | 3 | 8/server | .23 | marserver | A-2, Cube230, | |
| Catalyst 5000 | Floor 3, Switch 3 | 3 | 2, 3, 4/user | .23 | eda
edb edc | A-3, Cube 320
A-3, Cube 321 A-3, Cube 322 | |
| Catalyst 5000 | Floor 3, Switch 3 | 5 | 2/user | .23 | jayb | A-3, Cube 332 |
| VLAN Name | Switch Type | Switch Name | Slot | Port/ Type | IP Subnet | User Name | User Loc. |
|---|---|---|---|---|---|---|---|
After you have completed the planning process, you are ready to implement the configuration. Figure 2-1 shows how the plan in Table 2-1 would be implemented using VlanDirector. Chapters 4 and 5 provide detailed instructions on performing VLAN and link configurations using VlanDirector. After you set up VLANs using VlanDirector, VlanDirector maintains information and generates reports providing information on VLANs and switch membership.
|
|