1

we have a series of old switches that have been failing at the company for sonme time.. i've since purchased 6 hp2920's which are layer 3 (the old ones are layer 2).. we previously didnt use vlans... we have about 150 workstation drops, maybe 20-40 server drops.. and about 48 voip ip office avaya drops (poe)..

I've configured two stacks, one 4 stack (for servers, workstations), the other 2 switch stack is for the phones and misc (like wifi access point, gateway/router which is sonicwall and vpn device).

Our old setup has windows dhcp spitting out addresses on the 172.16 subnet (255.255.248.0) to all devices.. so one single subnet, no vlans again.

With the new switches i have to get wiring migrated fast, so i was going to migrate the wiring and consider vlans later.

I had thought of going with: Management Servers Workstations Wireless Voip

In all cases each vlan does need to talk to each other, so wouldnt this defeat the purpose of vlans? I could potentially create subnets unique to each vlan (which i think is the ideal way of doing it?) but since they all need to talk to each other, i'm not sure the advantage here.

The main thing i thought was the vlans would be useful for voip traffic.. but i guess qos could be used to prioritize without vlans.

At this point i've just trunked (LACP) the two stacks together using 2 sets of dac cables for 20 mbps throughput and set STP on both stacks with one a higher priority than the other.

Any suggestions or thoughts on this? Thanks in advance

Improve this question
1
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer.
    – Ron Maupin
    Commented Feb 21, 2018 at 16:26

3 Answers 3

Reset to default
1

You pretty much have to have subnet per VLAN, as inter-VLAN traffic has to go through L3 routing, either at your switches or a router.

Just curious: why do the VLANs have to communicate with each other?

Improve this answer
4
  • Well the ip office phone system needs to talk to the server where the voicemail box is located. I would think too, that maybe i'd join the servers and workstations into one (like they are as of now).. i could later create a subnet for test machines and or wifi.. so just two vlans i guess, one for phones, one for everything else.. would i use windows dhcp to set a scope for the second one, but how would phones talk to the servers (some sort of route command)?
    – markm75
    Commented Nov 30, 2017 at 19:45
  • The simplest organisation is consider one of the switch-stacks as the central router; all default routes point to it. It has a virtual interface on each VLAN and routes between. One of those VLANs is the route to the internet.
    – jonathanjo
    Commented Nov 30, 2017 at 20:00
  • By this do you mean the switch rather than the sonicwall becomes the router? Would each vlan then have its own subnet (voip, everything else), then somehow the two can still talk to each other and access the internet?
    – markm75
    Commented Nov 30, 2017 at 21:21
  • Yes, that's the standard routing feature of an L3 switch. If you're not accustomed to routing in your internal network, you'll find there are surprises ahead. My suggestion would be make the VLANs, but leaveeverything in workstation VLAN, gradually migrate severs/phones/whatevers into proper VLANs after testing.
    – jonathanjo
    Commented Dec 1, 2017 at 10:13
1

There are two good reasons for using VLANs:

  • To allow you to apply security policies (ACL) or QoS policies at a layer 3 boundary.

  • To reduce the scope of LAN failures such as loops or broadcast storms.

In your case, it would make sense to put your phones on a separate VLAN, so you can easily apply QoS policies.

In all but a very few special cases, you should create one subnet per VLAN, and vice versa.

Improve this answer
1

As what jonathanjo said, you would have one subnet per VLAN. Without knowing the nature of the business you're in, I would recommend maybe two different subnets for servers? We have production and test servers, and they're both on different VLANs. The developers for our company are on a VLAN that is able to communicate with both the TEST and DEV VLANs, but the two server VLANs cannot talk to each other.

Would there be an instance where a phone would need to communicate with a server on the server VLAN? We have phones which communicate with a TFTP server for their configurations.

Improve this answer
2
  • Mentioned, above, but, the voip equipment needs to be able to send an email via the voicemail virtual server, that lives in the server area.. so they both need to talk to each other. How do you have things, one subnet for servers and workstations combined, then another for phones and another for test machines? Curious
    – markm75
    Commented Nov 30, 2017 at 21:58
  • We have over 50 different VLANs, with ACLs to permit/deny communication where need be. You can always put an ACL on the server/workstation VLAN that only allows the phones to contact that specific server.
    – Duffman
    Commented Dec 1, 2017 at 10:32

Not the answer you're looking for? Browse other questions tagged or ask your own question.