Jump to content



Photo

Subnetting to limit broadcast traffic


  • Please log in to reply
36 replies to this topic

#1 Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 18:48

I have a question about sub netting...

I am close to running out of address's on our network. I run 3-4 VM's, 2 48-port switches, router, printers, workstations, and now VOIP phones.

I have never had to break apart a network and I am somewhat familiar with subnetting. I was going to change my netmask from 255.255.255.0 to 255.255.248.0. However I am sorta confused, because even if I change my subnet to 248, and I break apart sections of the network say... workstations are 192.168.1.* and VOIP are 192.168.2.* they would still be apart of the same subnet correct? Which is not solving my broadcasting issues? Need some advice... kinda confused.

Don


#2 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 01 April 2013 - 18:54

Ok, leave the mask alone. Have a vlan for your pc's and another for your phones. That would accomplish what you want. You could even seperate it even more, another vlan for your servers and higher network devices like routers and have a seperate for your printers. If you go in the direction you are taking you are creating a supernet, and if you are trying to create less broadcast on the one network, you are not.

You would need a layer 3 switch to accomplish this. Not sure what you have.

#3 OP Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 18:58

I have a layer 3 switch, I have considered a VLan, however the old Admin setup/wired the building to where the computers are piggy backed on the phones. So CAT6--->VOIPPhone--->PC. So that is why I figured subnet would make it easier. I think the phone can be on a different subnet and still allow the PC to communicate off a different subnet. I thought VLans are dependent on the actual line itself?

#4 Daedroth

Daedroth

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 15-June 11
  • Location: UK

Posted 01 April 2013 - 19:01

You're only running out of addresses on one subnet, correct?

The way I would have it is using VLANs and splitting up the networks:

192.168.1.* = servers and networking equipment (VLAN 1)
192.168.2.* = workstations (VLAN 2)
192.168.3.* = network printers (VLAN 3)
192.168.4.* VOIP phones (VLAN 4)

Ensure that there are routes to each VLAN on the router.

This way you are leaving your subnet mask alone, but creating 4 separate broadcast domains. You could VLAN more, such as creating a VLAN per room of computers (providing you have a small amount of computers and not many rooms), but it gives you an idea.


I have a layer 3 switch, I have considered a VLan, however the old Admin setup/wired the building to where the computers are piggy backed on the phones. So CAT6--->VOIPPhone--->PC. So that is why I figured subnet would make it easier. I think the phone can be on a different subnet and still allow the PC to communicate off a different subnet. I thought VLans are dependent on the actual line itself?

This would make it difficult as VLAN is line dependant, or at least port dependant coming from the switch. You might be better off ripping the old infrastructure and separating the phones and PCs, making one line per device.

#5 OP Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 19:05

yes, that is what I figured I'd do basically... I would break up the office into sections like you described. However, the only thing in question with the VLan is that isn't it dependent on the Cat6 wire? Such as port1, port2, etc. So with the phones being piggy backed with the PC's that would be a problem would it not?

#6 Daedroth

Daedroth

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 15-June 11
  • Location: UK

Posted 01 April 2013 - 19:06

yes, that is what I figured I'd do basically... I would break up the office into sections like you described. However, the only thing in question with the VLan is that isn't it dependent on the Cat6 wire? Such as port1, port2, etc. So with the phones being piggy backed with the PC's that would be a problem would it not?

This would make it difficult as VLAN is line dependant, or at least port dependant coming from the switch. You might be better off ripping the old infrastructure and separating the phones and PCs, making one line per device.

#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 01 April 2013 - 19:06

If they are piggybacked on the phones you really need to understand vlaning. if you don't you will have no control what gets what address. From what I remember, the ports need to be in a tagged and untagged state as they will need to have an address assigned to them and they will also be acting as a mini switch to provide the pc's a network. It has been a while since I had to do something like this....it was always easier to seperate the network, from a logistical standpoint, between phones and other devices. It was possible to do this on a old hp procurve switch, don't remember the model.

#8 OP Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 19:12

ya I was not happy with the other Admin's decision on the "piggybacking" but he insisted he was right, and now this issue is a problem. I think the VLan can be tagged like you were stating but I am looking now to see if there is that option. I know we tagg for QOS, but I am not sure if I can do it on this switch otherwise... so that is why I figured subnetting would be easiest without running new lines.

#9 Daedroth

Daedroth

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 15-June 11
  • Location: UK

Posted 01 April 2013 - 19:13

ya I was not happy with the other Admin's decision on the "piggybacking" but he insisted he was right, and now this issue is a problem. I think the VLan can be tagged like you were stating but I am looking now to see if there is that option. I know we tagg for QOS, but I am not sure if I can do it on this switch otherwise... so that is why I figured subnetting would be easiest without running new lines.

You can only tag individual ports. Meaning tagging port 1 will also tag the phone and computer connected to that port.

You would be better disconnecting the phone and running a new Ethernet cable to the switch from the phone. It may take more ports, but then allows you more freedom to VLAN.

#10 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 01 April 2013 - 19:15

Your phones will be on vlan 100 and pcs will be on vlan 200

The phone is plugged into port 5, port 5 will be tagged in vlan 100 but untagged in vlan 200.

The phone will always communicate on the tagged vlan 100, and the pc will communicate on the untagged 200. port 5 will not be part of the default vlan. This is possible on certain hardware.

It is also documented here
http://www.alexwilli...ork-with-vlans/
and here
http://wiki.siemens-...overy_over_DHCP

I can do more google searching and could probably find a cisco example doc.

#11 netsysllc

netsysllc

    Neowinian

  • Joined: 01-April 13

Posted 01 April 2013 - 19:15

First off what is your real issue? is it just the need for more addresses? If so do a 255.255.254.0 subnet for 512 addresses, unless you really need 2048 addresses the 255.255.248.0 would give you. Creating vLans that are connected would not always cut down on broadcast traffic, not to mention the fact that your switch is doing more work now processing the vLans. You are adding a lot of complexity that kind bite you in the behind with the vLans if not done correctly. What kind of switches are they? I have seen lower end switches not be able to keep up on busy networks.

#12 Daedroth

Daedroth

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 15-June 11
  • Location: UK

Posted 01 April 2013 - 19:19

First off what is your real issue? is it just the need for more addresses? If so do a 255.255.254.0 subnet for 512 addresses, unless you really need 2048 addresses the 255.255.248.0 would give you. Creating vLans that are connected would not always cut down on broadcast traffic, not to mention the fact that your switch is doing more work now processing the vLans. You are adding a lot of complexity that kind bite you in the behind with the vLans if not done correctly. What kind of switches are they? I have seen lower end switches not be able to keep up on busy networks.

I think the OP is only on the 192.168.1.1-254 address range, and they have exhausted all those addresses. If that is correct, it doesn't sound like the network is very large. I think VLANs and moving to address ranges 192.168.2.*, etc, would be the more simplistic idea.

#13 OP Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 19:21

Here is a screen shot of the previous statement on "Tagging" Macs to a VLan... I think this is the screen that I am looking for below? I am close to being out of addresses... yes! I am also getting a lot of broadcast floods/errors and from what I am reading by (subnetting or VLAN) I can cut down on the broadcast traffic. So kind of both.

Here is what I was looking at.. if I understand the screen right. These are 2 Netgear GS748TPS switches linked with HDMI.

Attached Images

  • Screen Shot 2013-04-01 at 3.17.05 PM (2).png


#14 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 93
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 01 April 2013 - 19:22

What switches are you using? It is possible to create an access vlan and then a voice vlan on the one connection to the phone (what phones btw) and then your phone would normally talk on the access vlan to start up and then switch over to the voice vlan. Which would then leave your PC just using the access vlan.

But a better more robust solution would be to run your pcs on their own physical connection other than the phones connection.

#15 OP Unrealism2k

Unrealism2k

    Neowinian

  • Joined: 22-January 04

Posted 01 April 2013 - 19:25

Sorry phones are Polycoms Soundpoint IP550's