There are no hard and fast rules on how VLANs should be numbered on a campus network. However it is important to choose numbers that mean something and assist the network administrator. For example, vlans will be allocated for normal PC access, IP Telephony, servers and special cases such as inter-switch links.
We recommend that numbers are allocated to a meaningful scheme, such as
- 100 – 199 allocated to PCs
- 200 – 299 allocated to IP Telephony voice use
- 300 – 399 allocated to servers
- 400 – 499 allocated to security vlans
- 900 – 999 allocated for special use
This worked design requires the following types of VLANs:
- Server access VLANs – this is the VLANs which servers will use
- Security VLANs – used where servers need to be put behind a firewall or IPS
- Service VLANs – used to attach ILO/console ports or managed power strips to the network
- “Special” VLANs – used for trunk native VLANs, and other uses that the designer may have. Not used for host attachment.
The previous diagram illustrates VLAN design diagram
| VLAN# | Description |
| 100-199 | Data Users |
| 200-299 | IP Phone user |
| 300-399 | Server VLANs |
| 400-499 | Server VLANs behind transparent firewall |
| 500-599 | Server VLANs behind IPS device |
| 600-699 | Service / management Private VLANs (e.g. ILO/Envmon) |
| 700-799 | Spare |
| 800-899 | Spare |
| 900-999 | 900 – used for trunk native VLAN, Others used for "system vlans" – e.g. dot1q L3 routed interfaces |
| 1000-1099 | Service / management SVI VLANs (e.g. ILO) |
The general rule of thumb is that the overall scheme should mean something and be a help rather than a burden to the network administrator.
If this network has to be integrated into an existing network where VLANs have been allocated in a haphazard manner, then it is recommended to follow the above scheme but use the 2000 to 2999 VLAN range (for example, Data Users would be on 2100-2199)
0 comments:
Post a Comment