Subnetting to limit broadcast traffic


Recommended Posts

I have a question about sub netting...

I am close to running out of address's on our network. I run 3-4 VM's, 2 48-port switches, router, printers, workstations, and now VOIP phones.

I have never had to break apart a network and I am somewhat familiar with subnetting. I was going to change my netmask from 255.255.255.0 to 255.255.248.0. However I am sorta confused, because even if I change my subnet to 248, and I break apart sections of the network say... workstations are 192.168.1.* and VOIP are 192.168.2.* they would still be apart of the same subnet correct? Which is not solving my broadcasting issues? Need some advice... kinda confused.

Don

Link to comment
Share on other sites

Ok, leave the mask alone. Have a vlan for your pc's and another for your phones. That would accomplish what you want. You could even seperate it even more, another vlan for your servers and higher network devices like routers and have a seperate for your printers. If you go in the direction you are taking you are creating a supernet, and if you are trying to create less broadcast on the one network, you are not.

You would need a layer 3 switch to accomplish this. Not sure what you have.

Link to comment
Share on other sites

I have a layer 3 switch, I have considered a VLan, however the old Admin setup/wired the building to where the computers are piggy backed on the phones. So CAT6--->VOIPPhone--->PC. So that is why I figured subnet would make it easier. I think the phone can be on a different subnet and still allow the PC to communicate off a different subnet. I thought VLans are dependent on the actual line itself?

Link to comment
Share on other sites

You're only running out of addresses on one subnet, correct?

The way I would have it is using VLANs and splitting up the networks:

192.168.1.* = servers and networking equipment (VLAN 1)

192.168.2.* = workstations (VLAN 2)

192.168.3.* = network printers (VLAN 3)

192.168.4.* VOIP phones (VLAN 4)

Ensure that there are routes to each VLAN on the router.

This way you are leaving your subnet mask alone, but creating 4 separate broadcast domains. You could VLAN more, such as creating a VLAN per room of computers (providing you have a small amount of computers and not many rooms), but it gives you an idea.

I have a layer 3 switch, I have considered a VLan, however the old Admin setup/wired the building to where the computers are piggy backed on the phones. So CAT6--->VOIPPhone--->PC. So that is why I figured subnet would make it easier. I think the phone can be on a different subnet and still allow the PC to communicate off a different subnet. I thought VLans are dependent on the actual line itself?

This would make it difficult as VLAN is line dependant, or at least port dependant coming from the switch. You might be better off ripping the old infrastructure and separating the phones and PCs, making one line per device.

Link to comment
Share on other sites

yes, that is what I figured I'd do basically... I would break up the office into sections like you described. However, the only thing in question with the VLan is that isn't it dependent on the Cat6 wire? Such as port1, port2, etc. So with the phones being piggy backed with the PC's that would be a problem would it not?

Link to comment
Share on other sites

yes, that is what I figured I'd do basically... I would break up the office into sections like you described. However, the only thing in question with the VLan is that isn't it dependent on the Cat6 wire? Such as port1, port2, etc. So with the phones being piggy backed with the PC's that would be a problem would it not?

This would make it difficult as VLAN is line dependant, or at least port dependant coming from the switch. You might be better off ripping the old infrastructure and separating the phones and PCs, making one line per device.

Link to comment
Share on other sites

If they are piggybacked on the phones you really need to understand vlaning. if you don't you will have no control what gets what address. From what I remember, the ports need to be in a tagged and untagged state as they will need to have an address assigned to them and they will also be acting as a mini switch to provide the pc's a network. It has been a while since I had to do something like this....it was always easier to seperate the network, from a logistical standpoint, between phones and other devices. It was possible to do this on a old hp procurve switch, don't remember the model.

Link to comment
Share on other sites

ya I was not happy with the other Admin's decision on the "piggybacking" but he insisted he was right, and now this issue is a problem. I think the VLan can be tagged like you were stating but I am looking now to see if there is that option. I know we tagg for QOS, but I am not sure if I can do it on this switch otherwise... so that is why I figured subnetting would be easiest without running new lines.

Link to comment
Share on other sites

ya I was not happy with the other Admin's decision on the "piggybacking" but he insisted he was right, and now this issue is a problem. I think the VLan can be tagged like you were stating but I am looking now to see if there is that option. I know we tagg for QOS, but I am not sure if I can do it on this switch otherwise... so that is why I figured subnetting would be easiest without running new lines.

You can only tag individual ports. Meaning tagging port 1 will also tag the phone and computer connected to that port.

You would be better disconnecting the phone and running a new Ethernet cable to the switch from the phone. It may take more ports, but then allows you more freedom to VLAN.

Link to comment
Share on other sites

Your phones will be on vlan 100 and pcs will be on vlan 200

The phone is plugged into port 5, port 5 will be tagged in vlan 100 but untagged in vlan 200.

The phone will always communicate on the tagged vlan 100, and the pc will communicate on the untagged 200. port 5 will not be part of the default vlan. This is possible on certain hardware.

It is also documented here

http://www.alexwilli...ork-with-vlans/

and here

http://wiki.siemens-...overy_over_DHCP

I can do more google searching and could probably find a cisco example doc.

Link to comment
Share on other sites

First off what is your real issue? is it just the need for more addresses? If so do a 255.255.254.0 subnet for 512 addresses, unless you really need 2048 addresses the 255.255.248.0 would give you. Creating vLans that are connected would not always cut down on broadcast traffic, not to mention the fact that your switch is doing more work now processing the vLans. You are adding a lot of complexity that kind bite you in the behind with the vLans if not done correctly. What kind of switches are they? I have seen lower end switches not be able to keep up on busy networks.

Link to comment
Share on other sites

First off what is your real issue? is it just the need for more addresses? If so do a 255.255.254.0 subnet for 512 addresses, unless you really need 2048 addresses the 255.255.248.0 would give you. Creating vLans that are connected would not always cut down on broadcast traffic, not to mention the fact that your switch is doing more work now processing the vLans. You are adding a lot of complexity that kind bite you in the behind with the vLans if not done correctly. What kind of switches are they? I have seen lower end switches not be able to keep up on busy networks.

I think the OP is only on the 192.168.1.1-254 address range, and they have exhausted all those addresses. If that is correct, it doesn't sound like the network is very large. I think VLANs and moving to address ranges 192.168.2.*, etc, would be the more simplistic idea.

Link to comment
Share on other sites

Here is a screen shot of the previous statement on "Tagging" Macs to a VLan... I think this is the screen that I am looking for below? I am close to being out of addresses... yes! I am also getting a lot of broadcast floods/errors and from what I am reading by (subnetting or VLAN) I can cut down on the broadcast traffic. So kind of both.

Here is what I was looking at.. if I understand the screen right. These are 2 Netgear GS748TPS switches linked with HDMI.

post-45793-0-59034900-1364844109.png

Link to comment
Share on other sites

What switches are you using? It is possible to create an access vlan and then a voice vlan on the one connection to the phone (what phones btw) and then your phone would normally talk on the access vlan to start up and then switch over to the voice vlan. Which would then leave your PC just using the access vlan.

But a better more robust solution would be to run your pcs on their own physical connection other than the phones connection.

Link to comment
Share on other sites

Here is a screen shot of the previous statement on "Tagging" Macs to a VLan... I think this is the screen that I am looking for below? I am close to being out of addresses... yes! I am also getting a lot of broadcast floods/errors and from what I am reading by (subnetting or VLAN) I can cut down on the broadcast traffic. So kind of both.

Here is what I was looking at.. if I understand the screen right. These are 2 Netgear GS748TPS switches linked with HDMI.

You don't want to be adding MAC addresses, that will get messy. Also you might want to rethink how your switches are connected, as I somehow doubt its via HDMI!

Link to comment
Share on other sites

connected via HDMI?? I find that unlikely as well ;)

do you mean fiber?

See on your screen there where it says voice vlan, that should be how you can setup your phones to be on their own vlan while pc connected to them on some other vlan.

But I really would suggest you use different connections for your phones and your other devices - it gives you way more control and options going forward then running connection over the same wire.

Link to comment
Share on other sites

the switches are chained in the back with a HDMI cable to talk to each other. Seriously! I am looking at it, and if I pull it I lose contact with the other switch. lol. It's weird I know!

I went to the VoiceLAN area, and we do have it enabled (as far as I know) to basically tag the MAC's of Polycom phones. And we have it on VLan 2. However, all ports are listed as "Untagged" so I don't even know if the VLan is in affect exactly.

Link to comment
Share on other sites

How are your phones powered? Mains or PoE? If mains invest in enough PoE switches for your needs and separate the traffic. Not sure what the quality of your calls are like but call quality can be an issue if you have a busy LAN.

Link to comment
Share on other sites

I thought the HDMI stacking was odd as well. Well here is where I am at... I can't run any cables anytime soon to seperate the phones (Which would be nice). I am almost out of address's so I need to change the subnet accordingly, and what do we think we can do about the broadcast traffic breakdown? I assume that is also why our internet (20/20 speed) is hit and miss lately as well because of all the traffic on the same subnet? Because it seems fine late at night after 5 when there is nothing in use.

Link to comment
Share on other sites

How are your phones powered? Mains or PoE? If mains invest in enough PoE switches for your needs and separate the traffic. Not sure what the quality of your calls are like but call quality can be an issue if you have a busy LAN.

The switch, if you looked up the model based on the screen shot he provided on page one, is poe.

I thought the HDMI stacking was odd as well. Well here is where I am at... I can't run any cables anytime soon to seperate the phones (Which would be nice). I am almost out of address's so I need to change the subnet accordingly, and what do we think we can do about the broadcast traffic breakdown? I assume that is also why our internet (20/20 speed) is hit and miss lately as well because of all the traffic on the same subnet? Because it seems fine late at night after 5 when there is nothing in use.

your internet traffic has little to nothing to do with the broadcast, and everything to do with what your computers are requesting. You would have to do some qos to prioritize traffic to the voice side vs the data side.

Link to comment
Share on other sites

How are your phones powered? Mains or PoE? If mains invest in enough PoE switches for your needs and separate the traffic. Not sure what the quality of your calls are like but call quality can be an issue if you have a busy LAN.

They are running POE, quality seems good. We had some intermittent issues here and there. Sometimes still we get random call drops, etc. But it also could be 8x8's service. It will go days just fine and some days it is a mess.

Would also suggest you read up on the manual

http://www.downloads..._UM_15Jun09.pdf

I've been trying to make heads and tails of it. Just trying to figure out the best option.

your internet traffic has little to nothing to do with the broadcast, and everything to do with what your computers are requesting. You would have to do some qos to prioritize traffic to the voice side vs the data side.

As far as I can tell we are using QOS for the Voice. Thats where I am unsure if it is actually "Working" or not. We have it setup to tag the Macs of Polycom phones and send it to VLan 2 with the same subnet 255.255.255.0. However there is a section in the netgear config where you can "Tag" the ports. and they all have a U for "Untagged" so I am not sure if it is even monitoring the Mac's of those phones.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.