I’m currently planning a large network infrastructure for a University in Ethiopia and would like people’s comments on my planning. Please bear in mind I have never done networking before.
The campus covers 80 buildings including laboratories, administration, teaching and dormitories. All buildings will have wired, wireless, VoIP and printers. Each building has 3 floors and a combination of staff and student computers.
Data centre will provide SAN storage and software PBX. Deployment is Win2k8.
I am using Cisco equipment throughout the installation with include Cisco 6500 L3 core switches with 1Gbps or 10Gbps fibre connection (MM and SM) to 5 communication rooms. Each communications room also has a Cisco 6500 L3 switch. Each building is connected to the closest communications room using a 1Gbps fibre connection (MM). Each building will have a Cisco 2960 L2 switch with uplink to floor 1 and 2.
I am using vlan’s to separate the subnets as follows:
Building 1 -> VLAN 10 -> Wired computers -> 10.1.0.1 – 10.1.15.254 -> 255.255.240.0
Building 1 -> VLAN 11 -> Student computers -> 10.1.16.1 – 10.1.31.254 -> 255.255.240.0
Building 1 -> VLAN 12 -> Wireless computers -> 10.1.32.1 – 10.1.47.254 -> 255.255.240.0
Building 1 -> VLAN 13 -> VoIP Phones -> 10.1.48.1 – 10.1.63.254 -> 255.255.240.0
Building 1 -> VLAN 14 -> Printers & devices -> 10.1.64.1 – 10.1.79.254 -> 255.255.240.0
Building 2 -> VLAN 20 -> Wired computers -> 10.2.0.1 – 10.2.15.254 -> 255.255.240.0
Building 2 -> VLAN 21 -> Student computers -> 10.2.16.1 – 10.2.31.254 -> 255.255.240.0
Building 2 -> VLAN 22 -> Wireless computers -> 10.2.32.1 – 10.2.47.254 -> 255.255.240.0
Building 2 -> VLAN 23 -> VoIP Phones -> 10.2.48.1 – 10.2.63.254 -> 255.255.240.0
Building 2 -> VLAN 24 -> Printers & devices -> 10.2.64.1 – 10.2.79.254 -> 255.255.240.0
Building 80 -> VLAN 800 -> Wired computers -> 10.80.0.1 – 10.80.15.254 -> 255.255.240.0
Building 80 -> VLAN 801 -> Student computers -> 10.80.16.1 – 10.80.31.254 -> 255.255.240.0
Building 80 -> VLAN 802 -> Wireless computers -> 10.80.32.1 – 10.80.47.254 -> 255.255.240.0
Building 80 -> VLAN 803 -> VoIP Phones -> 10.80.48.1 – 10.80.63.254 -> 255.255.240.0
Building 80 -> VLAN 804 -> Printers & devices -> 10.80.64.1 – 10.80.79.254 -> 255.255.240.0
All buildings -> VLAN 199 -> Management&Native -> 10.199.0.1 – 10.199.15.255 -> 255.255.240.0
I have mapped the IP address to the vlan so it’s easy to trace IP addresses to physical locations.
Questions:
1, Should I have VoIP phones all on the same vlan or separate vlan for each building as I have done above?
2, Same questions as 1 but for the printers?
3, I was planning for the Cisco 6500 L3 switches to do inter-vlan routing between vlan’s. Would this be a good solution. Would I also need a router or hardware firewall if I use L3 switch routing? My broadband input from the ISP is RJ-45 Ethernet connection.
4, Any other comment about my implementation would be appreciated as I’m a total noob at this.
Thanks in advance
Best Answer
I have a couple of concerns, the first is the size of your VLANs - do you really want 4k machines per VLAN in a student environment? imagine how much harder it'll be to narrow down problem machines/users in that environment, plus the number of users potentially impacted by these problem machines? I'd be tempted to go for much more smaller VLANs myself.
Secondly I'm more worried about someone who considers themselves to be a beginner designing and implementing such a comparatively large and complex network - I'd consider getting in some professionals.