New network design from a noob. VLANS, IP's, hardware, etc. Any comments please

I have a couple of concerns, the first is the size of your VLANs - do you really want 4k machines per VLAN in a student environment? imagine how much harder it'll be to narrow down problem machines/users in that environment, plus the number of users potentially impacted by these problem machines? I'd be tempted to go for much more smaller VLANs myself.

Secondly I'm more worried about someone who considers themselves to be a beginner designing and implementing such a comparatively large and complex network - I'd consider getting in some professionals.


  1. In my opinion, you can put them all in one vlan ( better for vlan management ), but you can also view the alternative, leaving them as you innitially designed them ( beeter for geographical management )

  2. I always split the printers in the vlans they are assigned to ( ex: the marketing dept. printer is in the marketing dept. vlan )

  3. Although it is easier to do the inter-vlan routing with a "router-on-a-stick", if you could it with you're L3 switch it will be better from a performance point of view. ( but a little harder to set up )

  4. How are you managing you're wireless vlans ? one access point per vlan ?

PS: For a begginer in networking you sure got yourself some nice equipment :)


I notice you haven't distinguished any networks/computer types by risk or by quality of service.

I would have a think about what machines on any of your networks may contain sensitive data (medical/personal/financial) and create separate VLANs for them so you can manage and audit access. Universities tend to have a culture of open and free access, but you need to look at locking down access where necessary to prevent fraud, blackmail, data destruction etc.

Also look at where your VOIP kit sits - if it is all on purely logical VLANs then make sure the QoS is set for it, otherwise when the networks are busy you will find VOIP unusable.

Update on VOIP : VOIP is much more sensitive to latency, jitter and other issues which TCP/IP is mostly immune to. Data packets can arrive at odd times, or even out of order and the TCP/IP stack rebuild the information stream pretty well. With voice traffic you notice jitter or missing packets very easily, and above a really low threshold voice traffic becomes unsuable. You can improve the quality by adding latency (to allow buffering of more packets) but this also annoys users. What QoS (Quality of Service) lets you do at the router level is prioritise time sensitive traffic at the expense of data traffic. Your data will still get through, but as it is more immune to time issues it doesn't tend to matter.

But my main comments would be - seriously, get a professional in; that is not a small network, and good luck with it, hope it goes well.