Skip to content

How do you spell VLAN?

It happens that I know how to spell VLAN but I can’t really use it in a sentence (other than this one) so I have been thinking that it might be time to learn.  I am surrounded by Customers that use VLANs with my equipment and we even talk about this VLAN or that VLAN and I know that if the equipment is on the wrong VLAN it’s not going to work.

As it turns out I actually know what a VLAN is and I think that I know what it does but I definitely can’t give a demo on it and I’ve never knowingly used one.  At my day job I am the network administrator and I have since 2007 been growing my collection of managed switches as the complexity of the building’s network has increased.  The network is now in a state where if my understanding of a VLAN is correct, then we need some.

Background

I am a Netgear guy through and through and I have managed to populate several companies with Netgear hardware as their complexity has grown and I have been asked to assist.  I’ve had good luck with the equipment and they seem to fix their problems as they add features and well, I identify with them.  We have both grown up from a place where a four port hub would suffice to a place where we need the features that someone like a Cisco or a Juniper can provide and we need to be able to manage it and afford it without going to school or having an IT department.  But I digress…

The network in question has these components:

  • a closet where all of the wall jacks terminate
  • a wall jack for all of the workstations
  • a DHCP server for workstations
  • an isolated area where corporate servers live
  • Internet facing servers providing email and web services
  • two separate lab subnets, each with its own DHCP server
  • a wireless network that remains isolated from the corporate LAN

With the exception of the wiring closet all of these areas have grown without planning.  The building was designed with all of this growth in mind (pauses for a bow) but none of the detail was designed – its all ad-hoc.  Even my switch purchases were ad-hoc but at least I had an eye on the future.  We have a number of unmanaged switches on our network and even the managed switches operate in an unmanaged manner.

Equipment List

  1. Netgear GS724TP – 24 port gigE Managed Switch
  2. Netgear GS724TP – 24 port gigE Managed Switch
  3. Netgear GS728TPS – 28 port gigE Managed Switch with POE
  4. Netgear GSM7212 – L2 12 port Managed Switch
  5. Netgear SRX5208 – Dual WAN Firewall
  6. Netgear R7000 Wireless Access Point

The Problem to Solve

Did I mention that some of the corporate servers are virtual in nature?  How about that some of the services that are used on the lab networks are provided by the virtual machines?  What about giving LAN access to some WiFi users and not others?  Ah, there’s the rub.  How do I get those small, lab networks to appear in other areas of the building without stringing cables everywhere?  Or said differently, how do I get rid of all of these different cables strung all over the place?

I’m thinking that this is why I need to learn how to spell VLAN.

The Ah-Ha Moment

Best Practices suggests that one needs a management vlan in addition to a vlan for each subnet.  And most places that talk about this also remind you that shanking the setup of the management vlan is the best way to lock yourself out of a switch.  Now that I have the management vlan working I can reflect back on the number of times that I needed to factory default the switches with a smile on my face.  Let’s just say that I’m pretty dang good at it now.

One of the more difficult concepts that I needed to grasp was that of routing and the fact that vlans don’t want to route amoungst one another.  Another was the complexity of creating a vlan-network on top of a non-vlan network.  I was smart enough to create a drawing to design the new network and just making the drawing helped me learn quite a bit.  Once I simplified the routing issues then I really started making some progress.  The real kicker was when I realized that my existing network would not work in a vlan network and that once I redesigned the network as a vlan network things really started coming together.

How We Made it Work

We have a four-port VLAN capable firewall that doesn’t do any VLAN work, shares our two WAN interfaces and creates a DMZ subnet that we use for our WiFi network.  I remember when I put that in service struggling to make all that VLAN stuff work without making any VLANs.  Well, now all of that VLAN stuff has come in handy.  I realized that what better way to create a separate networking environment in which to build a VLAN segmented network than to create a separate VLAN network on this network and then build the entire new network in there.  A sandbox for VLANs.

Post a Comment

Your email is never published nor shared. Required fields are marked *