Question : Problem: VLAN and VLSM

I have a network with 600 nodes. It is spread across 3 buildings on a single campus. There is a core switch and a number of edge switches, each of which has either a gigabit optical fibre connection (for linking areas where there is a high-density of PCs) or a copper gigabit line back to the core switch. We have approximately 10 - 12 edge switches all linking back to the core using this hub-and-spoke topology. All switches are various incarnations of managed HP ProCurve switching hardware, with a Layer 3 capable switch at the core.

We are looking at implementing VLANs (the network is currently a flat network, all of which is running on a default VLAN on the core and edge switches).

Prior to rolling out VLANs site-wide, we are going to do a controlled test; all PCs on one particular edge switch will be placed onto their own VLAN (and therefore their own broadcast domain) to separate them from the main network segment. At present, all the devices running from this edge switch are running on DHCP. I need some assistance in the steps to configure this.

The first step is clearly to designate a subnet of IP addresses which this new VLAN will run on. Due to the way in which the network is configured, we have a fixed range of addresses: 10.3.36.0/22 (255.255.252.0) which gives the range 10.3.36.1 through 10.3.39.254.

At this stage, we are unable to change the subnet mask of any other PCs on the network, since the VLANs are not going to be rolled out site-wide. I am therefore hoping I can designate a subnet for the new VLAN (say, 10.3.39.0/27) and have this work via VLSM to the rest of the network. Firstly, is this possible? Can the main network work on 10.3.36.0/22 in the interim, while my new VLAN operates on 10.3.39.0/27 for test purposes?

Second, I need to properly understand where I configure this. Since all devices on the edge switch are going to be members of the same VLAN, I guess I have 2 options? Either: ignore the config on the Edge Switch, and simply set its uplink port on the core switch to be part of the new VLAN. Alternatively, make each port on the Edge a member of the new VLAN, and then assign the port at the core to this VLAN also. Would this be a problem?

I will then re-arrange DHCP so there is a dedicated scope for the new subnet. The address range used will be excluded from the current scope of addresses for the purposes of testing. Where do I configure the IP Helper for DHCP. At the edge switch or the core?

Finally, I have been looking at this and note a requirement for an 802.11Q VLAN ID. What exactly is this? Is it the subnet ID?

Thanks!

Answer : Problem: VLAN and VLSM

I would suggest giving a completly seperate IP address range.

the ip address and mask tells the device/pc if the device it is trying to get to is on the same network as its self.

lets imagen this

PC A is on your origianl net work.

10.3.37.87/22 Default gate way 10.3.36.1

PC B on your subnet

10.3.39.10 255.255.255.224 Defualt gateway 10.3.39.1

ok now PC B sends a packet to pc A's ip address (lets say a ping)

PC B looks at its ip address and subnet mask and can work out that PC A is on a different network. so send the packet to the Default gateway (DFGW) this will be a router and if the routing is set up correctly send it to the PC A network.

now the reply packet.. PC A looks at its IP addres ITS SUBNET MASK and PC B ip address. It sees PC B as being on the same network as its self. so will try to contact it directly with out sending the packet to the DFGW! as PC B is on a seperate VLAN it will not be able to communicate with it and the packet has no way of getting ot its destination!!!

REmber when a PC is looking to send out a packet. it looks at its own IP and Subnet mask and ONLY the IP of the destination system. (it dosent know the destination system mask)

Now with a lot of fiddeling around you can get this set up to work. however much better would be to chose a second ip address range.

why not chose a 192.168.x.x/24 range for you test network/vlan.

you have exactly the same problem I have had in the past. splitting up a large network in to chunks. you need to add new address ranges rather than split the current range you have, it will be much simpler. and means that you can keep all the rest of the PC's on the old network exactly as they are now same subnet same DFGW, create new ip ranges and migrate PC's over as you go.

each vlan on you core router has an ipaddress assigend to it from its ip address range for the ddevices to use as there default gate way.

IF you want it a bit clearer let me know and I will pull out dsome digrams.

Also get hold of packet tracer from cisco to test it out on (its a nice network/router simulator)

Random Solutions

Problem: No video from the computer

Problem: logitech vx nano mouse not working on 1 particular machine

Problem: Compaq Prolinea 575e BIOS

Problem: IPHONE SETUP WITH EXCHANGE 2003

Problem: cannot connect my PPC to my sharepoint 3.0 site

Problem: Two HP printers on one computer via USB?

Problem: Recommendations - DLT vs VXA

Problem: What kind of rdram can I mix?

Problem: Computer powers off all the time, even when I choose restart.

Problem: Creating macro shortcut icons