Wired

last person joined: yesterday 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Network Vlan Design

  • 1.  Network Vlan Design

    Posted 15 days ago

    Hi,

    I have a customer with a HQ and many branches, they are working on VLAN1 now and we suggest them to separate the different network segment into different vlans, the suggest vlans are:

    1. Employees Vlan
    2. Guest Vlan
    3. Mgmt Vlan
    4. Servers Vlan
    5. Voice Vlan (Avaya IP Phones)
    6. CCTV Vlan

    My question is should we distribute the employee vlan for HQ and the branches or the best is to create a separate vlan for each branch, like HQ, Branch1, Branch2 ... etc.

    They have two links for each branch, one for internet and the other is Data link to connect the branch to the HQ network.



    ------------------------------
    DJ
    ------------------------------


  • 2.  RE: Network Vlan Design

    Posted 15 days ago
    Hi, when you wrote:

    "They have two links for each branch, one for internet and the other is Data link to connect the branch to the HQ network."

    what do you exactly mean?

    Each Internet Link at each Branch site could be used by your Customer to setup a Site-To-Site VPN between the Branch and the HQ (sort of hub and spoke configuration where the hub is the HQ and Branches are spokes). OTOH what you called "Data link" could be a sort of direct Layer 2 link or maybe not (we really can't say what do you mean).

    Topology and type of inter-connectivity are parts of the possible answer...I mean: if Site A is directly (layer 2) linked with Site B is quite easy (note that it could be not best thing to do) to extend a VLAN between Site A and Site B...but there are really many factors to consider to give you a valid answer.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 3.  RE: Network Vlan Design

    Posted 15 days ago

    Hi Davide,

    Yes the Data link is MPLS layer2 Link, the wan connectivity and the routing is under the ISP control and it is not in my scope i just will inform them what are the vlans and the subnets which i will use and they will do any needed wan/routing configuration on their routers.

    I need to know what is the best scenario for HQ and Branch network design?

    What are the common issues may i face during the configuration?

    Do we have in Aruba a suggested design for enterprise customer networks?



    ------------------------------
    DJ
    ------------------------------



  • 4.  RE: Network Vlan Design

    Posted 9 days ago
    Hi @Derar, I think two Aruba Validated Reference Design/Architecture guides would be interesting to read to familiarize with network architectures/deployments (I really tried to search both of them here - published on Airheads - but I failed and I was only able to find one by browsing this thread where I recall I have posted months ago,;there you can find the Aruba Mobile First Reference Architecture Validated Reference Design Guide Edition 1.1 24-09-2018) ​. I don't know if Aruba has updated that guide or not since its first release.

    The other Aruba document I suggest you to read is titled "Mobile First Campus for Large Networks - Design and Deployment Guide" (November 2019, second edition) and it is available here (personally I have also the first edition released on July 2018...but that edition hasn't any reference of the VSX architecture - related to ArubaOS-CX 10.1 and newer, if you are interested in understanding that one).

    Edit: forgot...there is also this one tailored for Midsize-Campus deployments.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 5.  RE: Network Vlan Design

    Posted 15 days ago
    I would not use VLAN 1 for anything.  Basic Networking 101 Cyber Security best practice.

    You would have the same VLAN structure at all sites but different IP addressing based on the location.

    Example.

    VLAN 101 - Data
    VLAN 102 - Voice
    VLAN 103 - Servers
    VLAN 104 - CCTV
    VLAN 200 - Network MGMT
    VLAN 254 - Guest 



    IP Addressing Site 1:
    VLAN 101 - 10.1.101.0/24
    VLAN 102 - 10.1.102.0/24
    VLAN 103 - 10.1.103.0/24
    etc.


    IP Addressing Site 2:
    VLAN 101 - 10.2.101.0/24
    VLAN 102 - 10.2.102.0/24
    VLAN 103 - 10.2.103.0/24
    etc.

    IP Addressing Site 1:
    VLAN 101 - 10.3.101.0/24
    VLAN 102 - 10.3.102.0/24
    VLAN 103 - 10.3.103.0/24
    etc.

    ------------------------------
    Del Bullion
    ------------------------------