02-28-2013 08:28 PM
At the present we have several VLANs, 1 for each building of the site. These are for student machines both wired and wireless,
the staff goes through another VLAN used for both wired and wireless clients and this VLAN is across all switches..
would there be any disadvantages if we where to separate the clients in the following way
VLAN A for Students Wired,
VLAN B for Students Wireless,
VLAN C for Staff WIred,
VLAN D for Staff Wireless
I understand that by doing that any broadcast traffic from clients in 1 building would go to clients in the other buildings but we already have this with the staff VLAN.
some of the reasons behind this is to simplify VLAN design, reduce amount of broadcast traffic on wireless network and to isolate between wired and wireless clients.
Also it means I can then use QOS and allow different priorities based on whether it's from.
03-01-2013 12:23 AM
I think it really comes down to what you are wanting to achieve. If setting up QoS based on wired/wireless profiling is priority no.1 then it would make sense to re-structure your VLANs.
By changing your VLAN design from per building to per device type you are increasing the amount of admin work needed to place all the ports in the corresct VLAN, I assume that wired devices can be located across the entire campus? In the current design this admin work is minimal due to the VLANing being dictated by the switches physical location. You may well have tools in place to automate this (NAC or similar) or are happy to accept the additional admin.
One thing to bare in mind, are you utilising any type of Dynamic VLAN routing? or are you just using static routes on a Default gateway? that's one thing to think about as a change of VLANs could have a knock on effect to your routing, especially if you have something like OSPF running - without knowing your complete setup I can only make assumptions.
Also do you have MSTP running with multiple regions? Changing the VLAN design could mean a rethink of your Spanning Tree structure. Another thing to bear in mind!!
Don't forget to mark a post resolved if your question was answered.
03-01-2013 02:59 PM
I think there are good reasons for separating wired and wireless VLANs; the traffic characteristics are different for each, and as you say being able to QoS them differently is an advantage. I also like being able to give them different firewall rules.