VLAN confusion
-
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete. -
@coliver said in VLAN confusion:
@dave247 said in VLAN confusion:
1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?
Isn't this specifically what switches were designed to fix? @scottalanmiller beat me too it.
Indeed they were
-
@jaredbusch said in VLAN confusion:
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
What JB means by this is - he uses static assignments in DHCP for things like printers. This allows you to reboot a printer to get the new settings when things like this change.
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
-
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
-
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.And, worth noting for those that have not done it, devices in the new space cannot talk to devices with the /23 in their config until that gets changed to /22. But as long as the devices being added to the new expanded space don't need to talk to those resources, it doesn't matter. So old devices are not affected in any way by the expansion, and new devices can be added selectively until the old ones are fixed.
So, for example, if you fix your PBX to see /22 and the gateway, then all phones could be added to the expanded space (outside of the /23 bounds) and they would work for calls just fine, but other servers could not talk to them until they were adjusted to /22. Typically, zero impact and very low effort.
-
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Yeah, some, maybe even most servers could be served up this way.
-
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Because you want servers to keep working even if DHCP and all other functions totally fail.
-
@dashrender said in VLAN confusion:
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Yeah, some, maybe even most servers could be served up this way.
CAN BE, yes, absolutely. How many "should be" is the bigger question.
-
@scottalanmiller said in VLAN confusion:
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.And, worth noting for those that have not done it, devices in the new space cannot talk to devices with the /23 in their config until that gets changed to /22. But as long as the devices being added to the new expanded space don't need to talk to those resources, it doesn't matter. So old devices are not affected in any way by the expansion, and new devices can be added selectively until the old ones are fixed.
So, for example, if you fix your PBX to see /22 and the gateway, then all phones could be added to the expanded space (outside of the /23 bounds) and they would work for calls just fine, but other servers could not talk to them until they were adjusted to /22. Typically, zero impact and very low effort.
Yes, that is why i said to block the DHCP scope from giving out addresses until the existing static devices are updated.
-
@scottalanmiller said in VLAN confusion:
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Because you want servers to keep working even if DHCP and all other functions totally fail.
yeah, this is my thinking as well. Depending on how long your leases are, this may or may not be an issue in typical considerations.
-
@scottalanmiller said in VLAN confusion:
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Because you want servers to keep working even if DHCP and all other functions totally fail.
That's one of the ones I was thinking. But DHCP is such a basic service and there are ways to do DHCP failover even on Windows, the risk of DHCP being down and not having a bigger more "global" problem seems very small.
-
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.Well I have about 35 or so servers and appliances that have static addresses. It will be a bit of a pain to manually go through an update all the network settings, but I'd do it. Good thing is that I just changed all of our workstations back to DHCP as the previous sysadmin had put EVERYTHING on static as a band-aid fix for DHCP issues he couldn't solve.
-
@dashrender said in VLAN confusion:
@scottalanmiller said in VLAN confusion:
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Because you want servers to keep working even if DHCP and all other functions totally fail.
yeah, this is my thinking as well. Depending on how long your leases are, this may or may not be an issue in typical considerations.
My other thought was rogue DHCP servers. A user plugging in a router or something similar.
-
@scottalanmiller said in VLAN confusion:
@dashrender said in VLAN confusion:
@coliver said in VLAN confusion:
@dashrender said in VLAN confusion:
Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.
I'm not convinced by this. Why would servers not be assigned the same way other infrastructure is? I see some potential issues but they exist whether a server is static or not.
Yeah, some, maybe even most servers could be served up this way.
CAN BE, yes, absolutely. How many "should be" is the bigger question.
Honestly, most could be. Because if the DHCP server is dead, most of the rest of your infrastructure will cease functioning anyway as soon as they all try to renew. so those servers are useless.
In Windows land, the DC(s) are static as well as Exchange and MSSQL. pretty much that's it.
-
@dave247 said in VLAN confusion:
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.Well I have about 35 or so servers and appliances that have static addresses. It will be a bit of a pain to manually go through an update all the network settings, but I'd do it. Good thing is that I just changed all of our workstations back to DHCP as the previous sysadmin had put EVERYTHING on static as a band-aid fix for DHCP issues he couldn't solve.
All of my servers are DHCP except as I just posted.
-
@dave247 said in VLAN confusion:
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.Well I have about 35 or so servers and appliances that have static addresses. It will be a bit of a pain to manually go through an update all the network settings, but I'd do it. Good thing is that I just changed all of our workstations back to DHCP as the previous sysadmin had put EVERYTHING on static as a band-aid fix for DHCP issues he couldn't solve.
That's not a pain, that's two minutes. Quick script, done. Way less effort than putting in a VLAN, that's for sure.
-
In Powershell I think it would look something like this.
Set-NetIPAddress -PrefixLength 22Of course you'd need wrap it in a foreach script that goes over the list of your servers. I'll work on it a bit later today and see what I can come up with.
-
@scottalanmiller said in VLAN confusion:
@dave247 said in VLAN confusion:
What if that range hypothetically got filled up? Would that be too much traffic?
Networks (subnets in the 1990s terminology) aren't affected by traffic. That's not a thing. If you had "too much traffic" you'd be impacted with VLANs before you were impacted without them because VLANs add extra overhead and bottlenecks. You never segment switched networks due to traffic load, that was a bus-based networking problem when all traffic traveled on a single bus for the entire network. If the bus filled up, the network would slow down.
The thing you are worried about here is saturating your switch backplane, if you do that, VLANs will hurt, not help. And you need bigger, faster switches. It's not related to your address schema.
Ok, I hear you Scott. You make sense and I'm on-board with this thinking. I think I would be up for increasing our IP range at my company to facilitate more addresses.
On another related subject: my company is in the process of finding another phone system (I actually talked with you on the phone about this, remember?). My CIO wants to go with a Cisco VoIP system and we are going through a IT business management/consultant company for this, as they are re-sellers and are going to do the install for/with us. They've mentioned setting up a VLAN for the phone system and setting up a voice router for it. Also, my CIO is adamant about keeping the voice traffic segregated for "security reasons" as it will satisfy an item on one of our various IT audits (we are a financial institution that has a lot of audits).
How can I convince my boss and Cisco that we can keep the the phones and the computers/servers on the same network and VLAN? I may end up just having to follow orders and let my company "waste" a lot of money on this stuff, but I would be willing to make the case for a smarter setup.
-
@dave247 said in VLAN confusion:
@My CIO wants to go with a Cisco VoIP system and we are going through a IT business management/consultant company for this, as they are re-sellers and are going to do the install for/with us.
No matter what your CIO misues, don't repeat false terms. It's not an IT company, it's not a consultant, it's a reseller. Never use any other term. A salesman is a salesman. He's a Cisco salesman, that's all he is. He's not on your team, he's not a consultant, he's not looking out for your interest. He's the enemy your CIO is paid to protect the company against. He's the seller's agent.
-
@dave247 Sounds like your company has made a decision already.
The CIO has failed at one of the most basic life skills...
"Never take advice from a sales person."
