VLAN and Subnet – Relationship with 2 Offices Sharing a Switch

ipsubnetswitchvlan

I appreciate there is an answer here already. As well as reading this and seeing this video I am still slightly confused…

If a company has 2 offices (on the same floor in close proximity of each other)
Office one (Marketing) and office two (Finance) both have 5 computers and share 1 switch.

I understand I can set up a VLAN to separate traffic for the 2 departments so each dept only receives 'their' own packets.

What I still don't understand is subnetting –
If I setup a subnet of 255.255.255.0 on that switch does that mean the IP address for each dept is different? E.g. 192.168.1.x = Marketing Computers & 192.168.2.x = Finance Computers

OR as the subnet is set-up on the switch the 3rd octet of the IP address of both offices will be the same?

Will 2 separate switches be better?

Best Answer

You may be confusing things. With a switch, only the host for which a packet is destined will receive that packet. Switches know nothing about layer-3 (IP packets). The packets are encapsulated inside layer-2 frames when sent to a switch.

A switch is a layer-2 device, and it switches layer-2 frames based on the layer-2 (MAC address). The switch will learn the MAC address of each host, and to which port each host is connected. It will deliver a frame to the port on which the destination host is connected. The only frames which are delivered to all ports are the frames for which the switch doesn't know the port (it learns every time a host sends a frame), or broadcast frames (a switch, or multiple switches connected to each other, with a single VLAN is a single broadcast domain), which ARP uses to resolve the layer-3 (IP) address to a layer-2 (MAC) address.

VLANs allow you to break up the broadcast domain. Your small network shouldn't be suffering from excessive broadcasts unless there is a malfunctioning host. If a host on one VLAN needs to contact a host on a different VLAN is must go through a router. Routers switch at layer-3 (IP packets) between different networks.

As far as subnetting, you should read this answer, which has everything you need to know about that.

Related Solutions

Cisco – How to throttle speed for a particular computer with high activity

Expanding upon @javano's answer...

I would change one thing, instead of policing the email traffic (which will drop traffic exceeding that rate) I would recommend just setting aside a small amount of bandwidth for that traffic. Therefore, if nobody else is using the link the email can utilize the unused bandwidth

policy-map PM-Limit-Emails
 class CM-Match-Critical-Apps
  bandwidth percent 50
 class CM-Match-Scavenger
  bandwidth percent 1
 class class-default
  bandwidth percent 20
  fair-queue

I didn't get a sense of if the issue was the sending (outbound) or receiving (inbound) of large attachments so, since you are just connected to the internet, there will be the potential that this issue will continue as the ISP is not throttling the traffic (inbound) based on your classifications. If you have a business class internet service there may be the possibility for them to install a similar policy on their end of your link but you will need to talk with your ISP to determine what, if anything, they will support.

Routing – Review of network connectivity diagram

There are many ways to do this. Here are a few observations:

It's generally a good idea to push layer 3 as close to the end users as possible. Since you have layer 3 switches everywhere, this is easy for you to do.
You should consider creating a routing hierarchy, with the branch switch terminating the local VLANs, and the core switch terminating the branch links.
While it's fine to put each department on a separate VLAN, unless you plan to restrict access between departments, there's no real value.
It's more important to insure that there are no layer 2 links connecting your branch offices. Everything should be L3. I don't see a need to use trunking anywhere.
Place your servers on their own VLAN for design consistency and also since that's the most likely place to enforce policy.

Best Answer

Related Solutions

Cisco – How to throttle speed for a particular computer with high activity

Routing – Review of network connectivity diagram

Related Topic