cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN philosophy - are VLANs necessary?

VLAN philosophy - are VLANs necessary?

Michael_Savage
New Contributor
Hi everyone. I am just wondering what people think about the use of VLANs in a 100% Extreme network (B5 for wired and 5210 wireless)? I've heard things like VLANs are "old school" and there are better ways of doing things now with policy, NetSight, and NAC. I do believe policies are powerful tools for configuring and securing the network, but there is still that old idea of isolating traffic into separate broadcast domains for performance reasons. And dividing your network into subnets (VLANs) makes it easy to create policy and shape traffic on the firewall.

Are there any opinions out there? Should we be looking at a mix of both VLANs and policies? Are VLANS passé? I am new to Extreme Networks and policy-driven equipment so would very much welcome the feedback.
7 REPLIES 7

Michael_Savage
New Contributor
Thanks! This is great feedback, everyone - it helps a lot. Your response has lent assurance to the idea that both policy and VLANs are required in good network design.

André_Herkenrat
Extreme Employee
I would even like to introduce another aspect to this topic: errors in the network.
In most cases these errors are caused by an individual system and affect a broadcast domain. If you make broadcast domains smaller (In several environments I have one subnet per switch and traffic group) you have two effects:
1. The misbehaving systems are easier to locate
2. The impact to your network is less.

So having several VLANs gives you a lot of advantages and only a little more work.

EtherMAN
Contributor III
We look at vlans as the basic conduit between groups that need either 100 % isolation or need to be in a separate group (broadcast domain) with specific connections or interactions to other groups. You can also apply rates and priorities to the whole vlan vs specific individuals or services in a broader scope. Not experienced on the B5 switches so can't help you there but a good rule is when will your broadcast chirps form nic cards and users start affecting the other users. Most switches handle this traffic much better than the individual nic cards. A single vlan with 2000 users each one sending our arps, ipv6 chirps, UPNP mcast hellos can get a bit chatty if you have cheaper p/c's or if there is a finicky application being used.... We like to see it broken up 500 or less as a rule if they are running dual stack IPV4 and IPV6... Good luck

Michael_Savage
New Contributor
In regards to the limited number of participants, what would you say is a realistic limit on B5 switches (with APs attached) before you start subnetting for performance reasons? 1,000 hosts? 2,000? How would you determine when such limits had been reached?
GTM-P2G8KFN