VLan question

tdeantdean Member Posts: 520
in Off-Topic
Hi guys.... I am thinking about segregating our resources with vlans. Do you think it would be wise to put pc's, thin clients and printers on their own vlans? Also, we have 3 sites, one connected via vpn (ASA's) and another by evpl (routers). all different subnets.... can i start "vlanning" at the main site as long as i keep the servers etc on the current default vlan without disrupting access for the other 2 sites?
· Share on FacebookShare on Twitter

Comments

  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    Just make sure you're using router on a stick and you'll be fine.
    2017 Certification Goals:
    CCNP R/S
    · Share on FacebookShare on Twitter
  • tdeantdean Member Posts: 520
    MAC_Addy wrote: »
    Just make sure you're using router on a stick and you'll be fine.


    Yes, thats how i'll be doing it. And then just add the DHCP pools in windows with a helper ip pointing to it and i'm good?
    · Share on FacebookShare on Twitter
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    Not too sure about the Windows side of things since I'm not really a Windows person, but in theory, that should work, yes. Or, you could have your DHCP setup via your Cisco router.
    2017 Certification Goals:
    CCNP R/S
    · Share on FacebookShare on Twitter
  • tdeantdean Member Posts: 520
    MAC_Addy wrote: »
    Not too sure about the Windows side of things since I'm not really a Windows person, but in theory, that should work, yes. Or, you could have your DHCP setup via your Cisco router.


    Adtran router icon_sad.gif hehe... i would like to do the pools on the router but we have so many static ip's for the SSL vpn, it would be a huge pain i think.

    thanks for your help.
    · Share on FacebookShare on Twitter
  • tdeantdean Member Posts: 520
    Oh, do you think its a good idea to put them on their own vlans? the pc's, Thin clients and printers?
    · Share on FacebookShare on Twitter
  • higherhohigherho Member Posts: 882
    tdean wrote: »
    Hi guys.... I am thinking about segregating our resources with vlans. Do you think it would be wise to put pc's, thin clients and printers on their own vlans?

    Printers should be on their own VLAN. I currently have one VLAN per domain and a VLAN for printers. All my laptops, DHCP server, file server, etc are all in one VLAN. Then my printers are in another and my other domains are in their own vlan too. Now you wouldn't need a DHCP helper address unless you have users in different VLANS. I have 5 VLANS and in 4 of them I use static IP's for the devices in them (since their servers anyways). In the one VLAN I have all my users in and the DHCP server so I do not need a helper address.


    and like MAC_Addy said, Router on a stick and you will be fine.
    · Share on FacebookShare on Twitter
  • tdeantdean Member Posts: 520
    higherho wrote: »
    Printers should be on their own VLAN. I currently have one VLAN per domain and a VLAN for printers. All my laptops, DHCP server, file server, etc are all in one VLAN. Then my printers are in another and my other domains are in their own vlan too. Now you wouldn't need a DHCP helper address unless you have users in different VLANS. I have 5 VLANS and in 4 of them I use static IP's for the devices in them (since their servers anyways). In the one VLAN I have all my users in and the DHCP server so I do not need a helper address.


    and like MAC_Addy said, Router on a stick and you will be fine.

    So the static vlans you just config a subnet but no dhcp?
    · Share on FacebookShare on Twitter
  • PuffyPuffy Member Posts: 54 ■■□□□□□□□□
    Shouldn't be a problem. I did a lab setup before, where I had 3 VLANs, one of which housed a Server 2008 DHCP server configured with 3 dhcp scopes. I used ip helper on the sub interfaces for the other 2 VLANs to point to the dhcp server and I was getting the ip leases without a problem.
    · Share on FacebookShare on Twitter
  • higherhohigherho Member Posts: 882
    tdean wrote: »
    So the static vlans you just config a subnet but no dhcp?

    If you want to be real secure you would create a User vlan , printer vlan, sever vlan, etc but that goes into VLAN filtering and private vlans which is (from what I was told and researched) CCNP level stuff.

    As to your question I'm a little confused. You will want DHCP for your users / workstations. For your servers you should be using static IP's.

    Vlan 20 - user vlan
    Vlan 30 - printer vlan


    go on the port that a user is connected to;

    switchport mode access
    switchport access vlan 20
    switchport port-security mac sticky
    switchport port-security violation shutdown

    you will need to configure router on a stick (or have some type of routing) so that the vlans could talk to each other.

    at least that's how I would do it on the basic level. The IP helper command is used if your DHCP server is on a different subnet than your users, etc. Basically its a relay and "helps" that device contact the DHCP box.
    · Share on FacebookShare on Twitter
  • tdeantdean Member Posts: 520
    Great responses guys. Answers my questions exactly. I think i'll start with our wireless network.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.