Hi I'm looking to omplement a VLAN solution. I have multible subnets and I would like to add VLANs within these subnets based on IP addresses. e.g. 192.168.1.20 and 192.168.1.25 is one VLAN and 192.168.1.23 and 192.168.1.58 is another etc. All VLANs must be able to exchange data with other VLANs within the same subnet (and other subnets as well). I currently have Dell 3024 switches, and I am only able to assign ports to VLANs (not by IP) and the VLANs are not able to communicate with each other. I asume that the Dell switch is not able to perform this task. What kind of equipment will I need and is my senario posible at all? Thank you

Reply

To make a VLAN map onto an IP subnet you need either a router or a layer 3 switch. I will deal with the specifics at the end.

The router solution would work by having the router with multiple ports either each physically connected to the VLAN with one physical port per VLAN or one port with a secondary interface for each VLAN.

The basic principle is the same, the router has an interface set up for each subnet, with the interface IP address being the default gateway for each subnet. Routing is then set up on the router to route between the subnets. All the clients on each subnet have the IP interface of the router as their default gateway, this ensures that any data whose destination IP address is not in the source devices own subnet is sent to the router, routed to the correct subnet and forwarded. That is the basic principle.

The actual implementation would depend upon having either an individual port for each subnet and patching that to a switch port sitting in the relevant VLAN or more likely having one port on the switch and sitting in all VLANs and supporting 802.1q VLAN tagging. this connected to a port on the router itself configured with the same VLAN tags for each VLAN configured to forward all packets destined for a particular VLAN to be taggeed correctly. The main downside of this approach is that the router becomes a bottleneck and not all routers support 802.1Q VLAN tagging.

The layer 3 switch approach is better. This is a switch that routes packets to VLANs depending upon the IP Subnet. The basic principle is the same as with the router, but the interfaces in each case are not physical ports but internal VLAN interfaces. So apply IP address to each VLAN interface (and in some cases add the IP subnet address details) set up routing between interfaces and set the layer 3 switches default gateway to point at any WAN router so unknown IP address destination packets are forwarded accordingly.

That covers the basic premise, but what you want is slightly more complex. You want groups of IPs withing each subnet to be allocated to a VLAN, some switch technology may be able to do this but the admin on this would probably be a nightmare. My suggestion would be break down your class C subnet into smaller subnets and allocate to seperate VLANs. IT would mean changing IP configs on all devices and you would have to renumber devices using subnet and broadcast addresses. Since you are using a 192.168 schema if you have lots of unused subnets and there is no reason not to, why not use a class C for each subnet, administratively it would be easier to work out which IP subnet is which group of machines.

So I would look at a Layer 3 switch and study and well plan your IP subnet addressing and in particular subnet masking. There are various subnet calculators around to help you here.

 

 

 

Reply