Anyone play with VLANs?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by corbywan, Jan 12, 2009.

  1. macrumors regular

    I'm used to working/consulting with small/home business people but I might have a change to stretch a little and work for a friend on a bigger network install. His building is going to have three or four different entities in it that are all his but need to be protected from one another from a networking perspective. Instead of installing separate physical networks (because the spaces may be repurposed in the future) I was considering one physical network, then dividing things up with VLANs. I know how they work in theory but I've never actually built them.

    Anyone have any experiences with them they would like to share? Always use/avoid (vendor), make sure you always/never (insert advice here), they make life a breeze/nightmare, stuff like that?

    Thanks in advance.
  2. macrumors 68030

    Les Kern

    I see pain in your future.

    Think about it... would you hire a friend that knows the "theory" behind automotive repair and then trust him with your new Mustang? No, you wouldn't.
    So lets say we assume you are some kind of genius that reads fast with 100% retention... do you know the real-world implications, trouble-spots and error correction?

    You need to give your experience up front so you don't have the chance of losing a friend.

    But if you decide to take this job, start reading yesterday, make some calls, do some site visits if possible, Google till the letters on the keyboard wear off.
    I hire people all the time to do the things I cannot. If they sell me a false bill of goods their body will never be found.
  3. macrumors regular

    Les, there are details about my experience, my relationship with this person, and the nature of the situation that are too long and involved to spell out here. Perhaps it would have been better for me to leave that part out and ask for people's experiences with VLANs. While I appreciate what you are tying to communicate, it isn't relevant to this situation. To get into why would turn this thread into more of a blog than a technical forum. And I know no one wants that! ;-)

    So, back to the original question. VLAN's anyone?
  4. macrumors regular

    I don't play

    If you want a simple port based VLAN setup, then HP are quite easy, but you haven't said how many ports, whether you're after 10/100 or 10/100/1000, if PoE is needed etc.

    if you want to segrgate for security, then a port based VLAN is the way to go, and if you want to extend this across multiple switches, you'll either need to use a port per VLAN to connect with, or learn about tagged VLANs.

    untill you've got at least the basics, you're going to find it rather hard to ask any relevant questions, so like the previous poster, time to hit google
  5. macrumors regular

    I am not sure I can give you much advise generally, but if you have any specific questions I will respond to them. VLANs are quite simple and should not cause you any issues at all.

    About the biggest mistake I see from rookies is not creating the inter-switch VLANs correctly - resulting in you losing connectivity to your remote switches. Not a problem if you are talking about a single building but a pain if the remote sites require you to drive to them.

    Just about any vendor's equipment will work. HP is particularly easy (syntax-wise) to configure but VLANs are such a basic feature that nearly all vendors work well. About the biggest thing to get you brain around is the concept of tagged/untagged ports in a VLAN. Good luck!
  6. macrumors 6502

    Several people here have mentioned HP and they make some great products, but you haven't said if you're using more than one switch and devices on different switches, but within the same VLAN have to communicate with each other. Because you left that detail out I'm assuming 'no' and it's a single switch install. If that's the case it's pretty easy and HP, Cisco or the like will all have either CLI or WEB based configuration.

    If you call for multiple switches, then the complexity and working knowledge increases quite a bit. With the lower end switches, I personally know this from a mistake of buying 8 of them, the lower end HP switches do not properly handle Q in Q trunking even though the specs indicate 802.1q. The feature set isn't fully implemented. You will not be able to trunk the VLANs so devices across different switches but within the same VLAN would communicate. Only devices within the same physical switch will communicate.

    Personally, I prefer Cisco 2960's as a rule of thumb and if you can stretch the budget up to around $2500 the new Juniper EX series are amazing for the money. You get a full blown JUNOS router (LAN or WAN) for the price of a decent switch including 8 ports of POE (if needed). While you may just need a switch now there's an incredible amount of flexibility with having routing capabilities if you foresee needs ever changing.

    If you need cheap and gigabit isn't important you can practically steal Cisco 2950's off ebay these days.

    Good luck -

  7. macrumors regular

    Thank you. This is the kid of stuff I'm looking for. Preliminary "before you jump in the pool" kind of stuff. Keep it coming.
  8. macrumors regular

    Not to get side-tracked here but QinQ and 802.1q trunking are different things. All of the HP switches I have used support 802.1q trunking just fine. I suppose there might be a lower-end model that has issues but I've used everything from the 2510 series on up. QinQ is generally a service provider function for allowing VLAN tags from a customer to be nested within a VLAN tag the SP has created for the customer allowing for the customer's tags to be transported transparently across an SP network. Anyway...

    As Wayne suggests though, it is important to know if you are using more than a single switch (an assumption that I made). Either way, I would not dwell on the manufacturer that much as most reputable brands are interchangeable for this level of networking and pretty much all do the same thing.

    If you are just creating two virtual switches from a single physical switch then VLANs could not be easier. Just create two vlans and assign appropriate ports as untagged ports to each vlan. Done.
  9. macrumors 6502

    Thank you for the correction. That's totally right now that I'm seeing it again. I thought Q-in-Q was the correct term, but you're correct. We do that on WAN metro-ethernet links connecting our facilities. I work along side our main network admin who handles the major stuff. I'm good enough to establish VLANs, IP interfaces, basic OSPF, etc. I'm trying to remember the more specific terminology... maybe it's simply VLAN trunking and leave it at that?

    I do stand by the fact that the lower end HP's ($500 range 24 port gig switches) do not allow proper VLAN trunking or at least we (our primary network admin) has not been able to make it work. We bought 8 of these for use as low end rack colo switches (bakers rack type stuff) and they simply will not do it nor will similarly priced Dells. We had to bite the bullet and go ahead using Cisco 2960's throughout which was the better decision all the way around.

    I have nothing against HP at all. In fact, it's my understanding that underlying code on them was all from RiverStone (now Lucent). We used RiverStone RS3000's and a couple 8000's for many years which absolutely kicked ass especially as cheap as you could get them on the used market, but they were only 10/100 with option gig fiber uplinks.


  10. macrumors 68030

    Les Kern

    10-4... just trying to stave off a little grief.
    Good luck with all that...
  11. macrumors regular

    FTR, I am not really a huge fan of HP. I think they are cost effective and fairly reliable though. I would have to know the model you purchased to make any statement about what features they offered or not. But, a 2510-24 is about a $300.00 switch and definitely supports .q tagging. I have a customer that has about 15 or so of them (among other switches) in a network and I have created a "trunk" that passes multiple tagged vlans across it. I am not arguing the point, though. It is possible that some HP switches don't support tagging.

    I know that HP bought some Riverstone IP 4-5 years ago when Riverstone exited the Enterprise market. I believe it was used to create their Adaptive Edge line. Riverstone made some interesting switches - I still kinda miss the old Cabletron (and Bay Networks/Wellfleet while I am at it). I still have an old Alantec switch in my basement somewhere. It was one bad-ass switch in its day. The early 90's were some fun times in the network hardware biz.

Share This Page