Results 1 to 14 of 14
  1. #1
    Join Date
    Aug 2003
    Posts
    69

    VLAN Setup question...

    I gather that setting up different VLAN's on a rack (for individual client's servers) is a function that's built into some switches - if so, does anyone know which switches do this relatively easily - and which ones to stay away from?

    Thanks.

  2. #2
    Many affordable switches are Layer 2. You need a Layer 3 device that configures the VLANs whether that be a router or a Layer 3 switch such as a Cisco 3500 EMI. If going the router route which isn't really necessary if you're not using a VPN/WAN setup, then you need a Layer 2 switch to assign VLAN's to certain ports.

    In either case you need to have a little knowledge of CIDR subnetting, trunking and whatever device you get needs to support 802.11q which is the routing VLANs use.

    If you are interested in a really super-duper affordable all-in-one solution and you're a little new to all this, I would suggest you give m0n0wall (http://m0n0.ch/wall) a whirl. It provides you with a highly-configurable firewall and a nice router without the cost of expensive interface cards and a massivley active mailing list. Many who use m0n0 have switched from Cisco altogether because insert a CD (or hdd or floppy) and the system will boot into the router/firewall. Few changes and you're done! Simple eh? Best yet it's based on FreeBSD 4.10 kernel and is completely configurable through your browser.

    Well, that and it's free.

    Get a decent Layer 2 switch (not ALL that expensive) to go with it and you're ready to rock and roll.
    Last edited by AQORN-Adam; 07-25-2005 at 11:37 PM.
    Adam Lawson - AQORN
    OpenStack Professional Services. Commercial Support. Open-Source Cloud Management
    Official OpenStack Foundation Member & Corporate Sponsor
    Our Clients: AT&T | Cisco | Juniper | SAP | Autodesk | SUSE | Ubuntu

  3. #3
    Join Date
    Aug 2003
    Posts
    69
    Thanks for that info/link on monowall - it looks very good. When you say get a decent Layer 2 switch - could you (please) give me some ideas of model numbers - just to set me on the right path? - I know very little about the differences between switches - but I'm a fast learner - thanks.

  4. #4
    Join Date
    Aug 2003
    Posts
    69
    Me again - I see plenty of Cisco 3500 EMI routers on the market - am I right in thinking it's an all-in-one solution for everything including setting up VLAN's? If so, I'd probably go for the simplicity of using just the one box as opposed to a cheaper switch and a monowall. I guess the Cisco is an industry standard too - so getting support help would be easier if needed. Am I on the right track? Thanks.

  5. #5

    Re: VLAN Setup question...

    Originally posted by saxroots
    I gather that setting up different VLAN's on a rack (for individual client's servers) is a function that's built into some switches - if so, does anyone know which switches do this relatively easily - and which ones to stay away from?

    Thanks.
    We use either Cisco 2924XL's or 2950's for customer distribution switches in each rack. One switch for each rack, and each port has a different VLAN assigned to it (one port = one customer). The last port is trunked to a more capable switch that can do the layer 3 stuff that is needed.

    Reason you don't want the layer 3 stuff in each rack is simply b/c it can get expensive. Each rack only needs to do layer 2, and then trunk the VLAN info back to a larger switch/router that can take care of the layer 3. So if you have a 32 port layer 3 switch, you can support about 32 racks with just one layer 3 device. Much less costly that way.
    Garry Dolley @ ARP Networks | gdolley _at_ arpnetworks . com | #arpnetworks on Freenode | @arpnetworks, @bsdvps
    State of the art services, strong community and friendly support
    FreeBSD, OpenBSD, Linux VPS • ARP Metal™ Dedicated Servers • Colocation • IP Transit
    Native IPv6 • VNC Console • Tunnel VNC over SSH • Serial Console over SSH • DNS Manager

  6. #6
    Join Date
    Aug 2003
    Posts
    69
    Thanks Gary - that's a great idea.

  7. #7
    You don't need a Layer3 switch to make vlan's. All you need is a layer2 managed switch with the ability to support 802.1Q trunking back to your router. Layer3 switches enable you to route traffic easier.

  8. #8
    Join Date
    Aug 2003
    Posts
    69
    thanks Krypttim

  9. #9
    A good practice is to use a Layer 3 switch as your Core Switch then cascade Layer 2 switches beyond it as garycc alluded to.
    Adam Lawson - AQORN
    OpenStack Professional Services. Commercial Support. Open-Source Cloud Management
    Official OpenStack Foundation Member & Corporate Sponsor
    Our Clients: AT&T | Cisco | Juniper | SAP | Autodesk | SUSE | Ubuntu

  10. #10
    Originally posted by krypttim
    You don't need a Layer3 switch to make vlan's. All you need is a layer2 managed switch with the ability to support 802.1Q trunking back to your router. Layer3 switches enable you to route traffic easier.
    And in the most common colo situation, routers are completely unnecessary. Layer 3 switches will do the trick. Layer 2 switch use assumes you have another Layer 3 device upstream such as a 3500 EMI switch or a router of some flavor.
    Adam Lawson - AQORN
    OpenStack Professional Services. Commercial Support. Open-Source Cloud Management
    Official OpenStack Foundation Member & Corporate Sponsor
    Our Clients: AT&T | Cisco | Juniper | SAP | Autodesk | SUSE | Ubuntu

  11. #11
    Join Date
    Nov 2003
    Location
    Toronto, Ontario
    Posts
    641
    so you guys subnet every customer? a subnet for each vlan? isnt that a huge waste of ip space?
    Kevin

  12. #12
    Originally posted by HP-Kevin
    so you guys subnet every customer? a subnet for each vlan? isnt that a huge waste of ip space?
    It does waste some IP space, but it really is the best practice to maximize security.

  13. #13
    IP waste? Well, we went with one subnet (4 IPs per VLAN) and that was alright I guess, but we moved to 8 IPs per VLAN since most folks need more than one IP. In cases of IRC use, I know form experience that some providers set you up with one IP then assign others as needed.

    Individual subnets prevents the stealing of IPs and isolates customers for more precise monitoring.

    That didn't sound right, but I'm sure you get the point.

    Plus, adding and removing IPs for customers gets to be a real headache when you have tons of servers and everyone needs specific numbers of IPs. And when it comes time to justify and your spreadsheets are off - ho mama - good luck in your true-up when you have to go through 1000+ ip route statements in your Cisco box trying to find where the duplicates are.

    One massive subnet is the most IP space-saving route, but you pay the price with a ton of extra work so we tried the other option and THAT road, my friend, has made all the difference.
    Last edited by AQORN-Adam; 07-30-2005 at 12:38 PM.
    Adam Lawson - AQORN
    OpenStack Professional Services. Commercial Support. Open-Source Cloud Management
    Official OpenStack Foundation Member & Corporate Sponsor
    Our Clients: AT&T | Cisco | Juniper | SAP | Autodesk | SUSE | Ubuntu

  14. #14
    Originally posted by MrManager
    And in the most common colo situation, routers are completely unnecessary. Layer 3 switches will do the trick. Layer 2 switch use assumes you have another Layer 3 device upstream such as a 3500 EMI switch or a router of some flavor.
    3550s, which are being suggested in this thread, have serious issues with tcam exhaustion (it's small). if you've got a small setup, use it and save money, but for antything non-trivially sized you're going to want to look at a 3750 or better.

    <discliamer> i'm not a network engineer. </disclaimer>
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •