Compare cert salaries and plan your next career move
Forsaken_GA wrote: » You configure them on the trunk link that's leading to the switches that you're doing RoAS for, which looking at your diagram, looks to be on router3. If you needed to talk to a machine that's hanging off a different router, that's taken care of just through normal routing.
e24ohm wrote: » Ok - I understand what you are saying about Router3, since that router will be providing Routing on a Stick; however, what happens if I need to add a machine on floor 5 into a VLAN that has been created/established on floor 3? thanks.
Forsaken_GA wrote: » Then your switches better be interconnected with trunk lines. If that machine on the 5th floor doesn't have any layer 2 adjacency to the other machines in it's vlan, you should provision a new subnet for that floor. Otherwise, you're going to have configure bridging, in which case the answer is still the same - it goes on the router that's going to have the gateway for that subnet. It's difficult to advise you any further without seeing a full topology, what you've diagrammed above only seems like a portion of it. It sounds like you're heading into the land of bad network design, however. It would be a MUCH better idea to drop a line from the 5th floor to whatever floor the gateway router is on and bring up a trunk link between the floors as opposed to trying to configure bridging across three routers (and I honestly don't even know if that's possible. Edit, actually, it probably is now that I think about it, but you might need to do some tunneling to make it work) What you should have is wiring closets on each floor with switches in those wiring closets that connect your desktops, and then have wires from the wire closet running to a centralized location for transport. This would allow you to put any machine in any vlan regardless of where it is in the building. Either that, or each floor should have it's own subnet and let your routers route
e24ohm wrote: » Understand. I was trying to understand the Campus LAN concepts, in addition, to the method I noticed in the new ICND1 book, which discribes a model of breaking floors or 100+ computers into sections, behind multipule routers to control broadcast domains; however, this got me thinking. If I do the latter, then how would I deploy multipule VLANs that span floors. The only other solution I could find, would be to create another VLAN on a different floor, and create an access-lists which would allow or deny traffic from other sources. Thanks for the help!!!
Forsaken_GA wrote: » Ok, this is theoretical. That's easier to work with. Generally speaking these days, you want one vlan to equate to one subnet, end to end vlans are considered bad form. So if you're using a router on each floor, and each floor is it's own subnet, then each floor would be it's own vlan. So a machine on the 5th floor would never be in the same vlan as a machine on the 2nd floor, if they needed to communicate, the only thing involved would be layer 3 routing. By designing your network to basically just be a bunch of subnets, you're containing broadcasts, and you're generally also removing STP from the picture. This is good, as STP is a royal pain in the rear sometimes, but it's also not as flexible, as subnets don't span multiple routers as easily as a vlan can span multiple switches. This also conflicts with the virtualization trend, where folks are currently campaigning for a big flat layer 2 domain
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
