I gather that setting up different VLAN's on a rack (for individual client's servers) is a function that's built into some switches - if so, does anyone know which switches do this relatively easily - and which ones to stay away from?
Many affordable switches are Layer 2. You need a Layer 3 device that configures the VLANs whether that be a router or a Layer 3 switch such as a Cisco 3500 EMI. If going the router route which isn't really necessary if you're not using a VPN/WAN setup, then you need a Layer 2 switch to assign VLAN's to certain ports.
In either case you need to have a little knowledge of CIDR subnetting, trunking and whatever device you get needs to support 802.11q which is the routing VLANs use.
If you are interested in a really super-duper affordable all-in-one solution and you're a little new to all this, I would suggest you give m0n0wall (http://m0n0.ch/wall) a whirl. It provides you with a highly-configurable firewall and a nice router without the cost of expensive interface cards and a massivley active mailing list. Many who use m0n0 have switched from Cisco altogether because insert a CD (or hdd or floppy) and the system will boot into the router/firewall. Few changes and you're done! Simple eh? Best yet it's based on FreeBSD 4.10 kernel and is completely configurable through your browser.
Well, that and it's free.
Get a decent Layer 2 switch (not ALL that expensive) to go with it and you're ready to rock and roll.
Last edited by AQORN-Adam; 07-25-2005 at 11:37 PM.
Thanks for that info/link on monowall - it looks very good. When you say get a decent Layer 2 switch - could you (please) give me some ideas of model numbers - just to set me on the right path? - I know very little about the differences between switches - but I'm a fast learner - thanks.
Me again - I see plenty of Cisco 3500 EMI routers on the market - am I right in thinking it's an all-in-one solution for everything including setting up VLAN's? If so, I'd probably go for the simplicity of using just the one box as opposed to a cheaper switch and a monowall. I guess the Cisco is an industry standard too - so getting support help would be easier if needed. Am I on the right track? Thanks.
Originally posted by saxroots I gather that setting up different VLAN's on a rack (for individual client's servers) is a function that's built into some switches - if so, does anyone know which switches do this relatively easily - and which ones to stay away from?
We use either Cisco 2924XL's or 2950's for customer distribution switches in each rack. One switch for each rack, and each port has a different VLAN assigned to it (one port = one customer). The last port is trunked to a more capable switch that can do the layer 3 stuff that is needed.
Reason you don't want the layer 3 stuff in each rack is simply b/c it can get expensive. Each rack only needs to do layer 2, and then trunk the VLAN info back to a larger switch/router that can take care of the layer 3. So if you have a 32 port layer 3 switch, you can support about 32 racks with just one layer 3 device. Much less costly that way.
██ Garry Dolley @ ARP Networks | gdolley _at_ arpnetworks . com | #arpnetworks on Freenode | @arpnetworks, @bsdvps
██ State of the art services, strong community and friendly support
██ FreeBSD, OpenBSD, Linux VPS ARP Metal Dedicated Servers Colocation IP Transit
██ Native IPv6 VNC Console Tunnel VNC over SSH Serial Console over SSH DNS Manager
You don't need a Layer3 switch to make vlan's. All you need is a layer2 managed switch with the ability to support 802.1Q trunking back to your router. Layer3 switches enable you to route traffic easier.
Originally posted by krypttim You don't need a Layer3 switch to make vlan's. All you need is a layer2 managed switch with the ability to support 802.1Q trunking back to your router. Layer3 switches enable you to route traffic easier.
And in the most common colo situation, routers are completely unnecessary. Layer 3 switches will do the trick. Layer 2 switch use assumes you have another Layer 3 device upstream such as a 3500 EMI switch or a router of some flavor.
IP waste? Well, we went with one subnet (4 IPs per VLAN) and that was alright I guess, but we moved to 8 IPs per VLAN since most folks need more than one IP. In cases of IRC use, I know form experience that some providers set you up with one IP then assign others as needed.
Individual subnets prevents the stealing of IPs and isolates customers for more precise monitoring.
That didn't sound right, but I'm sure you get the point.
Plus, adding and removing IPs for customers gets to be a real headache when you have tons of servers and everyone needs specific numbers of IPs. And when it comes time to justify and your spreadsheets are off - ho mama - good luck in your true-up when you have to go through 1000+ ip route statements in your Cisco box trying to find where the duplicates are.
One massive subnet is the most IP space-saving route, but you pay the price with a ton of extra work so we tried the other option and THAT road, my friend, has made all the difference.
Last edited by AQORN-Adam; 07-30-2005 at 12:38 PM.
Originally posted by MrManager And in the most common colo situation, routers are completely unnecessary. Layer 3 switches will do the trick. Layer 2 switch use assumes you have another Layer 3 device upstream such as a 3500 EMI switch or a router of some flavor.
3550s, which are being suggested in this thread, have serious issues with tcam exhaustion (it's small). if you've got a small setup, use it and save money, but for antything non-trivially sized you're going to want to look at a 3750 or better.
<discliamer> i'm not a network engineer. </disclaimer>