Network Design

This week I have been tasked with completely redesigning our network. We currently have a flat network that I want to redesign to include subnets. I have done this on a small scale before, and in a lab but this is the first time in a corporate environment. My questions are:

1) Should printers get their own subnet (we have alot of them)?

2) Aside from VLANs, and STP configuration is there any big design issues that I should be aware of?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Pash

NightShade03 wrote: »

This week I have been tasked with completely redesigning our network. We currently have a flat network that I want to redesign to include subnets. I have done this on a small scale before, and in a lab but this is the first time in a corporate environment. My questions are:

1) Should printers get their own subnet (we have alot of them)?

2) Aside from VLANs, and STP configuration is there any big design issues that I should be aware of?

Hey,

First off, this is a good experience for you, use it well

1) It depends, can you see advantages in doing so? It means smaller broadcast domains right.....so yeh it can help if you have a lot of printing going on.

2) Have you considered High Availability, what sorta network uptime SLA's do you have, etc? How are you patching your vlan'ed equipment, have you considered redundancy at this point. Alot of network guys patch their equipment vertically, as their vlans are created vertically in regards to port assignment as well, how does this help?....switch go's down plug all equipment from dead switch into spare ports in switch below. So many things to consider but try and keep it as simple as possible, do not get carried away in making stupidly fancy systems that are a pain in the arse to amdinister, people will not thank you for that. Use velcro cable ties (not the plastic types for network cabling, they are a pain if you have to remove just a few cables some time), use labels on important cables, which tell you where they are plugged into, what they are used for, ie primary ISP link, backup ISP link. If you have to send out some hands in pockets spotty tool late in the evening to make some manual action in an emergency at least you can say stuff is labeled. Use different coloured cables depending on the vlans, i think this is ideal for your scenario right?

Draw out a very clean network digram in visio, of the current network (if you dont have one yet) and then your proposed network, managers love diagrams but it is more for your engineering benefit, you can then print it out in A3 and scribble down as you go along, you might then update the digram with info that needs to be on there that you forgot about. Ohh don't go leaving the diagrams on random desks or down the pub (yup weve had people lose their bags in pubs in which they have printed network diagrams in them), trust me ISO & IMS standards get riddculed by the auditers in these cases, do not be a bad engineer when it comes to information security!

Thats all i can throw your way for now, but i hope you enjoy this expereince and learn much from it.

Please let us know how you get on.

Cheers,

Pash

nel

you would probably get a better response by posting this in the cisco forums.

Here's a few though..

1. personally i wouldnt use a single vlan for printers. i would use local vlans throughout the network and place the printers in a reserved IP range of their local vlan.

2. redundancy - use something like hsrp for your DG redundancy. Also use multiple links for redundancy between your core and access switches if possible. The traffic can then be load balanced with your stp configuration. make sure you configure rpvst correctly throughout the network with your core switches as the root/secondary bridges. configure the root/secondary bridge priority for each vlan. i would also marry up the active hsrp device to the root bridge. I.e. a core switch 1 who is the root bridge for vlan 1 will also be the active hsrp device for vlan 1, then core switch 2 will be the standby hsrp device and secondary root bridge for vlan 1. Then do the same for Vlan 2 on core switch 2 and so on. Therefore it will balance the load between core switches.

3. By using local vlans i tend not to use VTP - so if you dont use VTP move all devices into transparent mode. If you are going to use VTP then at least give it a domain name / password.

4. im not sure what you network traffic is like but ensure you have the correct bandwidth capacity. i.e. gigabit links between switches and an etherchannel between the 2 core switches.

5. also consider any security policies if required. Any access lists etc?

6. Also identify if you have to deploy voip too!

Hope it makes some sense

and just a few things to think about.

Panzer919

Dont forget about planning ahead as well. Do you see the company growing in the next 5 years? how much and in what areas? Planning this now will help you tons later.