I am wondering about VLANs. I don't know that much about them and have a few questions.
- Will a VLAN break apart a network to secure the pc's connected? (I.E. Will someone be able to see another computer on a different VLAN?)
- How easily can a VLAN be setup to support DHCP? My instance will have a number of computers in and out of the building often. Many times a new pc will only be there once. (Will explain in scenario)
- Is VLAN the best idea for my site? What are alternatives?
- Which product that supports VLAN would be best for my application?
A four story hotel wants to move into the tech age by offering an Internet connection in each of their 125 guest rooms. The hotel owner does not want any of their guests PC to be susceptible to another guest in the hotel. I was told VLAN was the answer. I have done some looking around and a Cisco 2900 24 Port switch is running about $3k. I will need two per floor. Eight times $3000 = $24,000 - wow! I have done some other research for non Cisco products that supports VLAN. I have found a Netgear FSM750SNA and a FSM726S. Both are 48 port and run about $1000 each.
Clearly I would rather buy four of the Netgear as opposed to eight of the Cisco product. But I am wondering if the VLAN is the same between the two products and if it will suit the purpose for my application. I plan to have all the rooms running DHCP through the router provided by the service provider. I have read that Dynamic VLAN isn't a very good idea but need advice from someone who knows what they are talking about. We do have a Cisco 1900 in another location using VLAN but the person who set it up either set it up wrong or VLAN won't do what we need. (The same guy that set that one up told me to use Cisco with VLAN in the hotel application too, hence my questions)
Any info would be greatly appreciated!
VLANS are staring to become one of my favorite subjects lately, so I love receiving questions in regards to them!
Let's take a look at the answers to your questions one by one:
1) When implementing a VLAN into a network, it will break the network into two or more separate networks. Hosts on one VLAN network are not able to access hosts on another, even though they might be using the same switch. If you need to have the two VLANS communicating between each other, you need to install some kind of router that will route packets from one VLAN to another.
You should also know that if a broadcast is sent on a VLAN, it will not be propagated onto the other VLANS, even if they exist on the same switch. I am noting this because most people know that a switch will send a broadcast out of all its ports, but this is not the case when you configure VLANS on the switch.
2) Just think of each VLAN as a separate network. If you wish to support DHCP, all you need is a DHCP server that will exist in each VLAN (Network). The easiest way would be to install a DHCP server and have multiple network cards installed, where each network is connected to a specific VLAN. We will look further into your scenario question soon.
3 & 4) I'm sure your referring to the scenario question that follows, we will answer these all together!
Coming now to the scenario you described, I must say it's an extremely interesting one and I would personally like to know what the outcome will be.
Cisco equipment are always more expensive than equivalent third party vendor products, simply because your paying the brand and the fact that over 75-80% of the equipment used by large companies, are of course, Cisco products!
This though doesn't mean that Netgear, D-link, HP, Trendnet or other vendors have products which can't be compared with Cisco's. In most cases, you will find that you can buy a similar non-Cisco product at 1/3 of the price!
If you're after a switch that supports VLANS, then any such switch will do the job. If your requirements are specific and you need to support specific configurations and protocols between these 2nd layer devices, then Cisco might even be your only choice.
Now because you explained what exactly your trying to do and I do understand the importance of getting correct information to make sure your job can be done, I did some research myself to see if the VLAN solution will resolve your problem. To an extent it will, and implementing it is by far the easiest step.
The big problem which I haven't been able to resolve is how you are going to stop the guest in room 100 with IP 192.168.0.100 from getting access to his neighbor with IP Address 192.168.0.101!
My set up consisted of a Cisco 1900 switch and a few hosts (routers and pc's) connected to the switch ports. Naturally configuring all hosts within the same network and VLAN allowed them to communicate between each other, but configuring each port to be part of a separate VLAN meant that no host could communicate with each other (which is what you want), but at the same time, they couldn't get and Internet access cause they couldn't get to the gateway.
The bottom line is that by configuring each port to one VLAN - thus isolating it, will result in loss of communications with every other host, including your gateway. With this in mind, I doubt that this solution will work for you.
I really haven't been faced with a similar configuration and I haven't been able to find a better solution yet.
For now, my suggestion would be four VLANS (one per floor) or eight VLANS (one per floor), each one with a gateway/router that will work also as a DHCP server. You security problem with eight VLANS will definitely be minimized as the hosts per VLAN will be much less, but it is not completely resolved.
I hope this information will help you implement the solution your looking for. Let me know the outcome.
Dig Deeper on Network Infrastructure
Related Q&A from Chris Partsenidis
A half-duplex transmission could be considered a one-way street between sender and receiver. Full-duplex, on the other hand, enables two-way traffic ... Continue Reading
SFP ports enable Gigabit switches to connect to a wide variety of fiber and Ethernet cables in order to extend switching functionality throughout the... Continue Reading
A MAC address and an IP address each identify network devices, but they do the job at different levels. Explore the differences between the two and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.