VTP, Portfast, Spanning Tree and all the other switch related stuff.
I think Jon is saying that you allocate a /24 block to the floor, then cut it in half and assign the /25 mask to the users So if he decided to use 192.168.1.x then it would look 192.168.1.0 network192.168.1.1 - 192.168.1.126 hosts192.168.1.27 broadcaset 192.168.1.28 network192.168.1.29 - 192.168.1.254 hosts192.168.1.255 broadcast I have a question, and sorry to hijack a little Jamie! I thought a vlan to ip subnet was always a 1-1 correlation? I guess I never thought about it as being anythign else but you obviously mention having 19 ip subnets per vlan?
colinkiely1 wrote: I have a question, and sorry to hijack a little Jamie! I thought a vlan to ip subnet was always a 1-1 correlation? I guess I never thought about it as being anythign else but you obviously mention having 19 ip subnets per vlan? Colin The recommendation is to have one subnet per vlan but there is nothing to stop you having multiple subnets per vlan and using secondary IP addresses on the vlan interface. Secondary IP addresses were more common before L3 switches came along and before 802.1q trunking because with routers there was a physical limit to the amount of interfaces available. So with a L3 switch there really is very little reason to use secondary IP addressing these days. Just for completeness you can also have one IP subnet with 2 vlans. You would see this when you use devices such as the FWSM (Firewall Service Module) and ACE (Application Control Engine - load-balancer basically) in transparent mode. With transparent mode the device acts as a L2 device so you need to the same subnet on both sides. But you can use the same vlan on both sides as you would get an STP loop so you use 2 vlans and effectively "join" the vlans together with the transparent device. Jon
jhancockuwic wrote: I guess you have your DHCP servers in the server farm and use IP HELPER on thevlan interface to get over the broadcast boundary? Jamie Jamie Yes you do. You really only need 2 DHCP servers for redundancy and then on each L3 vlan interface you would configure an ip helper-address. Key to doing this well is to get the planning correct. Take your time planning it and look for any gotchas. Key things to be aware of 1) do any of the devices in your vlan at present need L2 adjacency ie. they need to be able to broadcast to each other for an application to work. This is rare these days and it can be worked around but something to check. 2) Hardcoded IP addresses. Hopefully you haven got them but it needs checking ie. some device has a hardcoded IP so it knows which server etc. to talk to. Again, rare these days but still needs checking. Having said that if you stick with the current addressing but just split it up most of the IP addresses could stay the same on the devices. The only issues you may get is where the IP address of an existing device suddenly becomes the broadcast address for example of your new smaller subnet. If you make sure when you get these that it is a PC rather than a device with a hardcoded address you should avoid problem 2 above. Jon