Thanks Ben. jlc -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Friday, August 07, 2009 3:17 PM To: NT System Admin Issues Subject: Re: VLAN Best Practise
On Fri, Aug 7, 2009 at 12:41 PM, Joseph L. Casale <[email protected]> wrote: > What's the general layout you guys use for setting up network topology? I don't think there's anything that applies universally, other than "make sure you document everything" and "change the password from the factory default". We have a handful of company-wide VLANs. One for computers, one for visitors, one for VoIP. We have several device-specific VLANs that do things like link one piece of factory automation to another. VLANs are created because something benefits from a separate network. We don't want untrusted visitors on our main network. We want phones to be as separate from the data stuff as we can make them -- they even have their own DHCP server -- so a computer problem can't cause a phone outage. We don't want factory machinery talking to anything else at all. We keep them all documented in an Excel spreadsheet, with columns for VLAN ID name, and remarks. The names just reflect whatever they're doing, "MAIN", "VOIP", "VISITOR", "AUTOCLAVE", "ENTEK", etc. You could call them "Fred" and "Barney" if you wanted; the name is purely for human benefit. It's sometimes recommended that one avoid VLAN ID 1, because it's the default for many things. I haven't had any real trouble with it, but I went ahead with the recommendation anyway. With the ProCurve stuff, VLANs don't exist unless they're defined, so having no VLAN 1 doesn't cost you any switch resources. Putting the switch management interfaces on a separate VLAN is often recommended, and is a good idea on general principles. I'm planning on doing that one of these days/months/years. With the ProCurve, it's just a matter of which VLAN you assign an IP address to. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
