LAN headroom: Designing for expansion
Robert McIntire
Published: 15 Apr 2002 14:30 BST
On the LAN side, the router has only two Ethernet 10/100 interfaces. You'll need more than that for your VLAN configuration, which consists of five VLANs or subnets. Or will you? Trunking will allow all VLANs to travel down one link to the router, rather than requiring a dedicated Ethernet port for each subnet. You'll establish a VLAN for servers, two for users, one for printers, and one for management. Later, as the network expands, you can perform some level of traffic control. Users will have access directly to servers but not to the management of servers or printers. Servers, with associated print queues, will have access to printers, and printers really don't need access to anything. The management VLAN will have access to all others. Keep in mind that this is only one design approach among many, and it may not be applicable in some environments. That said, you must first set up VTP by running the following commands:
Switch1(config)# vlan database
Switch1(vlan)# vtp server
Switch1(vlan)# vtp domain dis-domain
Next, set up trunking on the router. The first step is to enable Interswitch Link encapsulation with:
Router1(config)# int fastEthernet 0/0.1
Router1(config-subif)# encapsulation isl 1
You want to create five subinterfaces, one for each VLAN. To set up switch trunking, execute the following commands:
Switch1 (config)# int fastEthernet 0/1
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation isl
You can name the VLANs as you create them. The second VLAN will be used as the server VLAN. Log in to the switch and name the VLANS with the following commands:
Switch1(vlan)# vlan 2 server1
Switch1(vlan)# vlan 3 user1
Switch1(vlan)# vlan 4 user2
Switch1(vlan)# vlan 5 printers
You've already created the subinterfaces on the router that represent VLANs for routing, but you need to address them. Assigning addresses to the subinterfaces is as simple as running the following commands:
Router1(config)# int fastethernet 0/0.1
Router1(config-subif)# ip address 192.168.1.1 255.255.255.0
VLANs and redundancy
Remember, you also need to designate which ports on the switch belong to which VLAN. VLANs not only give you room for an expansion in network capacity but also growth in the area of security. As a network grows larger, tighter security becomes more of an issue. With different types of traffic and users segregated into separate VLANs, you can restrict or allow traffic to/from users, the Internet, internal servers, etc. This level of control is employed at the router using access control lists (ACLs). Again, this aspect falls a little outside of your core issue of expansion, but it is worth a mention.
Keep in mind the effects of such a design. It may enable you to separate and further control network traffic, but it will require more routing overhead. Consider this carefully when selecting the core routing solution. Otherwise, you could overwhelm a low-end router with traffic from several high-speed LAN interfaces. Here, you're betting that by the time traffic has reached that volume, you'll be upgrading your router.
Previous
Did you find this article useful?
25 out of 43 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
