Hi, I am a systems admin in a company and i have been assigned a new project to network the new office. I dont have any previous experience in setting up a VLAN,so would like to get help and inputs from you. let me explain the setup. There are around 30 rooms, and in each room the LAN points are patched to a rack .. so 30 racks..the back bone is a fiber channel from each rack to the server room.. I have to start from scratch .. The prerequisites are.. Different departments with different access controls,Voip phones on POE.. bandwidth management. Now the first thing is to setup the VLAN. which am a bit confused about.. Hardware-- Can i use a combination of Layer -3 and Layer 2 Managed switches How will the ip addressing be , can i use a single range in whole networks or should it be 30 different subnets? what about access lists.. if any one has time to explain this :) i would be great full.. Thanks

Whew! You don't ask for much.......LOL Ok. Let's start at the begining. If you have a router, or router's, in your environment then you likely won't need layer 3 switches. As long as the switches you're using are managed and VLAN capable that's about all you need. I would recommend, if at all possible, to have a structure as follows: Subnet = xxx.xxx.1.xxx = VLAN 1 Subnet = xxx.xxx.2.xxx = VLAN 2 etc Keeping the tags the same as the subnet as you can see will make life easier. Your management VLAN will encompass all network appliances. Which is to say, switches, routers etc. You want this separated from the rest of your environment and you most definately don't want regular users on the management VLAN as it's sole purpose is to allow you to manage your equipment. It's very handy to be able to remotely manage switches and such. It saves a lot of running around. Then you have to decide on how you're going to separate things. Do all 30 rooms need to be on their own subnet? Personally, I don't think so and I feel this would cause a lot of extra headaches. Typically separation is more along the lines of: VLAN 1 = management VLAN VLAN 2 = servers VLAN 3 = printers VLAN 4 = clients Keeping in mind, a VLAN is a subnet. You can also segment off more sensitive areas to reduce access. Accounting is a prime example. You might want all finance and accounting people to have their own subnet so that other members of the business have no access to their data. With technologies like VoIP and/or video conferencing, you will want to employ QoS (quality of service) so as to ensure they get the highest priority. If you don't have a separate QoS device, you can purchase switches that do QoS. Personally, I like using both. The QoS device on the main access point for your external connection and then QoS capable switches so you have more granular control at the user level.

It would depend on how many pcs/phones in each room. If you have 30 pcs/phones in 30 rooms you have 1800 devices. Unless you are familiar with how to map out and configure the switches I would highly recommend you bring in a 3rd party to contract the work. There is too much to consider if you don't have the experience. For example in CurtR's example you would need to route between the printer vlan and the pc vlan. Would you do this at each rack or at the main backbone? You mention VoIP. Are you familiar with the VoIP phone system/PBX? What are its configuration limits/requirements? Do you do multiple vlans to it or will it support all being on one? You have to know how all the pieces are going to work best together and then you determine your topology design. You should also consider redundancy and failover. This is not a project you want to "learn" on. You want it setup and then learn how to maintain and manage it. Then you can understand the design requirements which will prepare you for the next project.

I agree with wanderer. If you don't have experience with any of this. Learn it this time from someone with experience, ask questions to them, in person so they can explain it to you. This is way too big of a job to try to get an explanation over a forum. Once you maintain the new setup you may feel comfortable for an addition to your network or building another. I like long walks, especially when they are taken by people who annoy me.

What wanderer and buckethead said! Get help! I should have brought that up when I posted. I assumed (a mistake I frequently make *sigh*) that you already had knowledge/experience in enterprise level networking. If you don't, you'll want to hire someone who does to help you out. I live in western Canada. If you do too, PM me if you'd like to talk contract.

Thanks for all the replies, I am not much experienced in setting up VLAN , But i think im gonna do this, as initially only around 5 rooms needs to be connected for internet and voip. Presently im working on a plan for how to do the vlan setup. as of voip is considered presently we are using AVAYA ip office, But i have designed a Asterisk based ip telephony system. Can any one give me a idea about port mapping in VLAN. say if i have theese 30 fiber connections terminated in a core switch, how can i route a particular line to a particular port in lan

Your Switches must support Voip Vlan's and they should be layer 3 switch's, the ones we use are Cisco 3750, 48ports POE - the 3750 code supports enterprise software, which supports EIGRP and the support of VOIP VLANS