Have had some great responses here - all good info, so thanks everyone who took the time to reply.
Lou - we do have offices all over the world, and connected to a global WAN, but we only manage the UK & EIRE networks, so only 8 sites. Other than ensuring our subnets are unique across the world therefore, locally we manage the LAN ourselves - for now. It's obvious that it's horses for courses as they say, but it's also evident that many of you re-use VLAN id's with no problems. The point about layer 2 tunnels between offices is valid - we have had to do that once, but I don't forsee having to do it again and even if we did, the fact one could be untagged means it's still do-able even if we re-use VLAN id's. So - I think we'll continue with our plan as-is. If you're interested, we have a class B allocated to each site (e.g 10.51.0.0/16), which is huge overkill, but we subnet that down as follows: VLAN 1000 - subnet 10.51.0.0/23 (so 10.51.0.1-10.51.1.254 / 255.255.254.0) VLAN 1002 - subnet 10.51.2.0/23 (so 10.51.2.1-10.51.3.254 / 255.255.254.0) VLAN 1004 - subnet 10.51.4.0/23 (so 10.51.4.1-10.51.5.254 / 255.255.254.0) VLAN 1006 - subnet 10.51.6.0/23 (so 10.51.6.1-10.51.7.254 / 255.255.254.0) VLAN 1008 - subnet 10.51.8.0/23 (so 10.51.8.1-10.51.9.254 / 255.255.254.0) etc etc... in theory this go up to: VLAN 1254 - subnet 10.51.254.0/23 <http://10.51.8.0/23> (so 10.51.254.1-10.51.255.254 / 255.255.254.0) So the 1st and 2nd octet is unique to each site: 1) 10.51 for site 1 2) 10.52 for site 2 3) 10.53 for site 3 4) 10.54 for site 4 The start of the 3rd octet corresponds to the VLAN ID. So a value of 2 corresponds to VLAN 1002 etc. Each site uses the same scheme, so the same VLAN ID for the same function - just the subnet differs by the 2nd octet. We chose a /23 subnet as follows: - We only ever stack a maximum of 5 switches in a stack - Assuming they're 48 port switches which most of them are, then 48 * 5 = 240 (uplink ports excepted) - we may subdivide a stack it into more Data VLAN's, but in terms of Voice VLAN, we'd only have 1 per stack and therefore we may have 240 phones on the same switch and all in the same subnet - For DHCP server resilience, we would need each of 2 servers to be capable of issuing 240 addresses, so 2 x 240 = 480 IP addresses - which fits best into a /23 Since in some of our sites, we host kit for other group companies, this number of subnets/vlans also allows us to provide for multi-tenancy pretty easily. We also grouped vlan's contiguously to make ACL's easier too - ie. one big subnet definition rather than a number of smaller ones. Lastly, we reckon that from a DR point of view, if we have to bring up a VM on a different site than the one it's usually based on - e.g. our virtual Hi-Path controller - then having the same VLAN ID's for the same purpose, means there would be less reconfig needed to get things working again. Thanks again for the replies. Nick. On Sat, Sep 1, 2012 at 6:54 PM, Erik Auerswald <[email protected]>wrote: > Hi, > > that sounds good, but it does not scale well (1 <= VLAN ID <= 4094). > > Many useful VLAN numbering schemes exist. Biggest problem is > future-proofing them. There may be new functional VLANs, more sites, > merging or carving out companies, for example. So I'd advise against using > all the available number space for the initial scheme. > > In my experience, re-using VLAN IDs on different sites works well. It is a > lot easier than creating a simple numbering scheme that scales to hundreds > or thousands of VLANs (as needed for global enterprises). > > > Regards, > Erik > -- > Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ > E:[email protected] P:+49-631-4149988-0 M:+49-176-64228513 > > Gesellschaft für Fundamental Generic Networking mbH > Geschäftsführung: Volker Bauer, Jörg Mayer > Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 > > On 09/01/2012 07:39 PM, Shuttlesworth, James wrote: > >> We use a VLAN numbering scheme that maintains some similarity between >> ranges to make it easier to remember, but still unique - all vlans are 4 >> digits the first digit indicates its general function e.g. 1 for users 2 >> for VOIP 3 for management then the second number indicates it's site (site >> 1 site 2 site 3 etc. - we have 6 sites) the last two digits then are for >> specific locations/buildings etc. >> >> We put use before site so it's more apparent by glancing at it what the >> VLAN is for which is more frequently something you need to know than what >> site you are at. >> >> -----Original Message----- >> From: Erik Auerswald >> [mailto:auerswald@fg-**networking.de<[email protected]> >> ] >> Sent: Saturday, September 01, 2012 1:12 PM >> To: Enterasys Customer Mailing List >> Subject: Re: [enterasys] VLANs >> >> Hi, >> >> this works fine and helps in troubleshooting (is the server's MAC address >> seen in the server VLAN?). >> >> Regards, >> Erik >> > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
