TOPIC: network re-design...by a newb, looking for help

Hello everyone, this is my first post here and I just found this site yesterday..I have to say I'm LOVING this site and all the knowledge here. Looking forward to learning much more as time goes by.

So, my situation is as follows:

Network with 5 locations, using 3640 routers between them and before I inherited the network, the IT director decided that VLANS weren't needed. Here's what I'm re-designing to include VLANS.

4 3640 routers at remote sites
1 3745 router at main location
30+ catalyst switches (mostly catalyst 2950, 3524 & 3550 series my core switch is a 3750 layer 3 switch that will be the VTP server)
200+ Cisco IP phones (mostly 7940-7960s but a few 7910s and 12s running around and quite a few ATAs).
pix 515 firewall with memory max'd out for internet access.
lots more junk that I can't think of off the top of my head, but stuff like netgear switches for smaller stuff


So, with all that being said...I'm just looking for some more solid confirmation about my plan with the config of the network.

At the headquarters location, we have LOTS of computers and a bunch of switches so my plan was to use 12 vlans to segment organizational groups and equipment as follows:

VLAN1 = management vlan
VLAN10 = data vlan (servers in NOC)
VLAN11 = data vlan (admin/director building)
VLAN12 = data vlan (seasonal groups)
VLAN13 = data vlan (sub organization)
VLAN14 = data vlan (sub organization)
VLAN20 = voice vlan (admin/director building)
VLAN21 = voice vlan (seasonal groups)
VLAN22 = voice vlan (sub organization)
VLAN23 = voice vlan (sub organization)
VLAN30 = restricted vlan (for inet access in the coffee shops, etc.)
VLAN40 = printers vlan

I have so far decided that at each of the remote sites, I want to setup 5 VLANs. Being:

VLAN1 = management vlan
VLAN10 = data vlan
VLAN20 = voice vlan
VLAN30 = restricted vlan
VLAN40 = printers vlan

Hopefully it makes sense what I'm trying to do here. I'm trying to make network segments match vlan ID's and making all this as standardized as possible. I think I have a pretty large network for being ONE guy to deal with all of it. I think we have around 30 servers at the moment and close to 250-260 workstations and at LEAST that many ip phones on the network, hence the redesign.

We're getting broadcast storms and all, it's not really effecting application performance on a large scale but I can personally tell that it's starting to and we're about to add another 8 switches on the main LAN because of another office building coming online in the June. That's not to mention the new warehouse building that's being built that will house at least 1 more switch.

So, any other words of wisdom in planning all of this? I'm a total newb to vlans and this will be my first real go at it. Look forward to hearing back from you all!

no one has anything to add here?

Welcome to Firewall.cx Ricker
If you're starting to see excessive amounts of broadcasts then there is clearly a case for splitting the network into separate broadcast domains, and VLANs will certainly do this. Do you see this problem on all/most sites or just on your central big site? Broadcasts shouldn't propogate over your WAN so you already effectively have several broadcast domains by virtue of that. Even so, if you have the problem on your central site and need to implement VLANs to reduce it, then as you've planned you'll need to carry these over to your smaller sites also. Your split of the various services/applications across the VLANs you've chosen seems sensible to me. Just a couple more things to consider; are your servers base dmainly at the centre or distributed across the sites? If they are distributed, consider who accesses them and from where. Try to plan the arrangement so you don't have traffic flowing between sites unnecessarily. Also consider where your routing between the VLANs will be provided. If it's at the centre, then all inter-VLAN traffic from your smaller sites will be flowing back and forth across your WAN

Thanks for the reply and the thoughts.. yes all of the servers on the network are at the central location, which is where we're seeing most of the broadcast traffic. At the remote sites, which are seasonal, 2 of them have quite a bit of broadcast traffic, and yes the routers are blocking the broadcast from affecting the other networks. I was planning on having the 3640 at each location be the vlan routing machine, and then at the central location I was going to have the 3750 layer 3 switch be the vlan routing main... and using eigrp on all of the stuff at the central and remote locations to help propogate vlan info as well as the VTP on all switches using client mode except for the 3750 using server mode.

So, having said all of that, am I on the right track then?

Thanks again for the help!

I think you've covered all the angles and it sounds okay to me. Anybody else out there want to give us some reassurance before Ricker goes shopping?

no shopping here... we have all the equipment already, just trying to reconfigure everything for the best performance and security possible with what we have. VLAN implementation is the starting point to me.

Anyone else want to give some advice, that's great.