Networking VLANs
The network I manage now has VLANs on multiple switches, This allows me to isolate specific ports to specific functions. For example VLAN 5 is only for wireless access points, so every Switch I want to have an Access point on must have VLAN 5 defined on it and added to the interface. This also allows me to set up a test switch so I can test equipment at my desk, with the IP address it will have out in the field. It's been running fine with this setup for years.
Now there's a push from corporate to isolate the VLANs, one VLAN per switch, or a couple, but they can't be defined on any other access switches on the network. This is going to require a major undertaking by me to define new VLANs add them to the switches, set up, reserves / DHCP scopes and re-Ipaddress static / reserve devices with the new VLANs, Does anyone know what the logic in this is? Is this a more secure networking design? My understanding if a loopback address is added, it can cause a VLAN spanning tree loop because the VLANs are located on so many switches.
I guess I'm not seeing the bigger picture here. What ever that looks like.
Comments
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□It sounds like they don’t want the VLANs spanning across the entire campus. If you have VLANs across multiple switches any broadcasts in that VLAN are going to go out any access ports that are configured for that VLAN and any trunk port that allows that VLAN. When you have VLANs on multiple switches this means that broadcast traffic will potentially go across any distribution and/or core layers to reach the other switches depending on how the network is setup.
-
clarson Member Posts: 903 ■■■■□□□□□□Which is why, with the cost of a layer 3 switch not being much more than a layer 2 switch, you are seeing a lot more layer 3 access switches.
that way you limit the broadcast domain to the switch with layer 3 trunks and limit it even further on the switch via vlans. Instead of expanding the broadcast domain to other switches with layer 2 trunks.
over the long term, maintainence for a network is a lot more expensive than the initial equipment cost. and a more complex network is harder to maintain then a simpler one.
So, buying more equipment and separating out the functionality, is going to be cheaper in the long run. And, easier to repair as one functionality isn't going to be interacting with another. Also, making changes have a more limited scope as only a single functionality get effected.
and wireless is a whole lot more traffic now then it was 4 years ago and is only getting bigger with the increase in mobile devices and the internet of things. Do you want to see this growth effecting only one area of functionality or the whole network?