Posts made by dave247

@jaredbusch said in VLAN confusion:

@dave247 said in VLAN confusion:

@black3dynamite said in VLAN confusion:

@dashrender said in VLAN confusion:

@jaredbusch said in VLAN confusion:

Then you change your few static devices (if you do not have only a few static systems, you have other issues).

What JB means by this is - he uses static assignments in DHCP for things like printers. This allows you to reboot a printer to get the new settings when things like this change.

Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

Domain Controller would pretty much be the only server that needs to be manually set to static.

Yeah but if DNS and/or DHCP went down, you will probably have trouble getting to your servers. Static IP's on all system critical servers seems like a better decision since they will function in almost any environment state.

Not unless you have a stupidly short lease time. I use 8 hour leases on most LAN stuff. Yeah it tries to renew every 4, but it will not require a DHCP server until 8 hours.

I set mine to three days.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

They've mentioned setting up a VLAN for the phone system and setting up a voice router for it.

Of course he has, your CIO decided on this path when he brought in a Cisco networking salesman to screw the company. That decision was made ahead of time. Cisco uses their phones as a leader to get companies to buy inappropriate networking equipment. This is a completely "by the book" unscrupulous sales tactic for VoIP sales people.

Well we are probably going to go with them and I might not have much of a say... so it's going to be difficult for me to try to pressure these people to install a system in a way different than how they usually do it. Is there any material I can reference to "prove" that VLAN's are not needed and that voice and data are fine on the same network? Actually, now that i think of it, our current voice and data are on the same network and we have no issues.

Also, regarding QoS, didn't you mention something about having the QoS set up on the VoIP RTP service rather than the voice VLAN?

Things to take to your CEO (I'd honestly share this thread with him and tell him that I'm local, have an SEC background, have worked with Ray Dalio, have been in the biggest banks and hedges in the world, and will happily stop by to discuss financial ethics and rogue actors issues with him to explain the problem being perceived) would include...

https://www.smbitjournal.com/2011/07/never-get-advice-from-a-reseller-or-vendor/
https://www.smbitjournal.com/2016/06/buyers-and-sellers-agents-in-it/
https://www.smbitjournal.com/2017/07/the-social-contract-of-sales/

And...

Youtube Video

Scott, I watched/listened to your video. That puts it very very well. Do you have that in text format at all (it looked like you were reading from something). If so, I could probably use that as an informational source to submit to my boss.

@black3dynamite said in VLAN confusion:

@dashrender said in VLAN confusion:

@jaredbusch said in VLAN confusion:

Then you change your few static devices (if you do not have only a few static systems, you have other issues).

What JB means by this is - he uses static assignments in DHCP for things like printers. This allows you to reboot a printer to get the new settings when things like this change.

Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

Domain Controller would pretty much be the only server that needs to be manually set to static.

Yeah but if DNS and/or DHCP went down, you will probably have trouble getting to your servers. Static IP's on all system critical servers seems like a better decision since they will function in almost any environment state.

@scottalanmiller said in VLAN confusion:

So in that diagram, the bottlenecks would remain even if you segmented by network addressing. As long as the data needs to get from the core to the edge over the same LAG group, the bottleneck remains identical, regardless of the number or segmentation of the switches out at the edge.

Yeah, I get that. At this point, I'm all for having our phones and computers on the same network (as our current system is)... I just need to convince my boss now. I've only recently persuaded him to not have us use actual separate switches (not sure if you remember that conversation).

I should also try to figure out another possible voice solution, otherwise we are likely going with Cisco through that company... slams head down on desk

@scottalanmiller said in VLAN confusion:

For your own learning, try working backwards. Where in a switch do you perceive bottlenecks or performances issues? See if you can figure out what you are picturing, maybe there is a misconception that we can address.

Well at this point, I see the potential bottlenecks being at the points where our switches connect to each other. We currently have six layer 3 Dell PowerConnect switches that all connect to each other via Link Aggregation/portshield groups. At the "center", we have all our servers and computers in our main building that connect to a stack of switches (stacked with mini-SAS) and then on that stack, there are a couple of LAG groups consisting of 3 ports each that run off to four different closets. Actually, one of them is our basement, which ... you know, screw it. I'm uploading a diagram I just did in MS Paint so you can see our layout. I'm aware that there are issues with the design:

@scottalanmiller said in VLAN confusion:

Think of a switch like a big open parking lot. You can enter from dozesn or different locations and exit at any of dozens of locations. You are a packet, obviously. The parking lot is huge and there is enough room for everyone to get to where they need to go. Each connection is unique, from point to point, the only points of congestion come at the driveway, if a single driveway wants to send out too many cars at once or take too many in.

A simple switch, like a 24 port GigE switch, will often have a 40Gb/s backplane. That means that even if every port on the switch is at full capacity, it can't saturate the backplane. There is no capacity advantage by splitting up the traffic further, the switch is already handling it all at full speed. The ports are the bottlenecks, not the switch.

Good analogy, and I think I've gotten this concept more fully as of late. One of the terms I hadn't heard of before starting my job was the "backplane" word. I'm still not 100% certain on what it means, but I assume it's just the connecting board that all circuits pass through.. like a backbone or something.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Sorry, let me change the term "VLAN" to "switch". Is it best practice to avoid having multiple networks running on a single switch? I just said VLAN because of the default VLAN..

The entire concepts of subnetting and VLANing are to run multiple networks on a single switch Nothing wrong with that in the least. Switches are expected to run multiple networks, that's just normal and exactly what they are meant to do.

So if I had 20 different /24 networks running on the same switch stack (for whatever reason), and all of them are on VLAN 0 (I'm just saying VLAN here because everything will at least be on the default VLAN), then there will be no traffic issues whatsoever?

No, no issues, not from traffic. Things like DHCP wouldn't work, obviously.

MY MIND IS BLOWN

LOL, I get the impression that somewhere in your thinking on switches, you are associating them with hubs or something. The concerns that you have sound like something we'd have worried about in the 1990s. But you aren't that old to have learned networking prior to 2000, are you?

I'm 34. I started college in 2002, probably around the time hubs were almost completely dead. I did order a few on ebay and then I got a free "smart hub" that I didn't really do too much with aside.. I had a few classes on networking but nothing too deep and my ability to study and learn used to be pretty terrible, so yes, I probably started building my understanding around hubs and classful networking.

At least I do fully understand classless subnetting now though.. I just need to iron out the rest of the kinks in how I understand this stuff.

@scottalanmiller said in VLAN confusion:

Let's step back and work on this concept of "traffic issues." What is a "traffic issue" to you and where do you think that it comes from?

Not to keep back-peddling.. but maybe I should have just said "issues". Maybe not even that. I'm just asking about best practice here. Simply: is it supposed to be one network per switch? But you answered no. I'm not sure where I got my assumptions, but at least I'm trying to work out my understanding of these concepts here..

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Sorry, let me change the term "VLAN" to "switch". Is it best practice to avoid having multiple networks running on a single switch? I just said VLAN because of the default VLAN..

The entire concepts of subnetting and VLANing are to run multiple networks on a single switch Nothing wrong with that in the least. Switches are expected to run multiple networks, that's just normal and exactly what they are meant to do.

So if I had 20 different /24 networks running on the same switch stack (for whatever reason), and all of them are on VLAN 0 (I'm just saying VLAN here because everything will at least be on the default VLAN), then there will be no traffic issues whatsoever?

No, no issues, not from traffic. Things like DHCP wouldn't work, obviously.

MY MIND IS BLOWN

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Sorry, let me change the term "VLAN" to "switch". Is it best practice to avoid having multiple networks running on a single switch? I just said VLAN because of the default VLAN..

The entire concepts of subnetting and VLANing are to run multiple networks on a single switch Nothing wrong with that in the least. Switches are expected to run multiple networks, that's just normal and exactly what they are meant to do.

So if I had 20 different /24 networks running on the same switch stack (for whatever reason), and all of them are on VLAN 0 (I'm just saying VLAN here because everything will at least be on the default VLAN), then there will be no traffic issues whatsoever?

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Stepping back in the discussion a bit.. I didn't understand your reply here. Isn't it best-practice to have a single network on a VLAN?

Absolutely not. VLANs are for security and management, only. Period. No other purpose for them. No best practice adds VLANs to other concerns. VLANs are widely used, because security and management needs create cause for them. But those are the singular reasons for which VLANs are sensible.

Sorry, let me change the term "VLAN" to "switch". Is it best practice to avoid having multiple networks running on a single switch? I just said VLAN because of the default VLAN..

@dashrender said in VLAN confusion:

@jaredbusch said in VLAN confusion:

Then you change your few static devices (if you do not have only a few static systems, you have other issues).

What JB means by this is - he uses static assignments in DHCP for things like printers. This allows you to reboot a printer to get the new settings when things like this change.

Servers are about the only thing that should be set statically, the rest can rely on Static DHCP assignment.

oh man.. the printers.. I forgot about all the statically assigned printers we have. My company has about 30 statically assigned printers. That will be a huge pain in the butt to change..

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

... and my current understanding is that I would want a separate VLAN to use with that separate subnet.

Also incorrect. VLANs basically require subnetting (or overlaps) but you never use a VLAN for subnetting. Subnets are simple and effective, VLANs are complex. You only use a VLAN for management and security purposes, never performance, subnetting or any other purpose.

Stepping back in the discussion a bit.. I didn't understand your reply here. Isn't it best-practice to have a single network on a VLAN? Like, if I had a company network of 200 systems on one network and a LAB network of 20 systems, I wouldn't want them sharing the same switch/VLAN, would I?

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

... and I'm bad at weeding out things that aren't what they seem.

In any of the cases that have come up, as anything been different than it seems?

Walk through it carefully. Maybe there is something you can fix, like misusing terms that people use to mislead you, or emotionally reacting and wanting to defend people that have no reasonable defense or such.

Your Dell VAR... the title alone is enough to tell us that they'd be bad for you. The Cisco VAR, same thing. The CIO bringing in sales people instead of consultants, people calling sales people consultants. Having an ISP for the phones.

All of those things should be obviously bad based on what they are, and I would assume, were all transparently those things from the onset. Did any of them lie or hide their true nature?

hmm... I'll have to think about this. I'm heading to my lunch now so I'll continue this discussion when I get back. Thanks for your input, Scott.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion @scottalanmiller said in VLAN confusion:

We did have a Dell VAR who I've cut ties with because he was terrible. Then we started up a relationship with that IT business management consultant company (who also are the Cisco partners/resellers we are going through)

They are NOT a business management consultant company. They are sales people. Please stick to the correct terms. Calling sales people consultants empowers the very behaviour the CIO is using here. It legitimizes what he's done, where the is no possible excuse for it, in reality.

Well I don't know what else to do or who to go through for help. I don't know how to find the right people and I'm bad at weeding out things that aren't what they seem.

But it's not your job. It's the CIO's job. Are you saying that he's business incompetent now and can't or simply won't do his job?

He's the one who chose that company I mentioned.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion @scottalanmiller said in VLAN confusion:

We did have a Dell VAR who I've cut ties with because he was terrible. Then we started up a relationship with that IT business management consultant company (who also are the Cisco partners/resellers we are going through)

They are NOT a business management consultant company. They are sales people. Please stick to the correct terms. Calling sales people consultants empowers the very behaviour the CIO is using here. It legitimizes what he's done, where the is no possible excuse for it, in reality.

Well I don't know what else to do or who to go through for help. I don't know how to find the right people and I'm bad at weeding out things that aren't what they seem.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Well we do have the FIS who helps us with all the products and services we use in our company, but not so much with our IT infrastructure like we are talking about.

I'm not familiar with this term. What is a FIS?

https://www.fisglobal.com/

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Also, I don't really know how to find phone consultants.

You have two non-reseller consultants in this thread alone. You should have an ITSP that aids you all the time, it should not be something you go looking for like this at all. Where is the company that helps you with finding the right people? It seems like there is a big gap in your support portfolio. That would be the CIO's job to have at the ready.

Well we do have the FIS who helps us with all the products and services we use in our company, but not so much with our IT infrastructure like we are talking about.

We did have a Dell VAR who I've cut ties with because he was terrible. Then we started up a relationship with that IT business management consultant company (who also are the Cisco partners/resellers we are going through)

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

So my say does count, but I don't want to make another bad case about Cisco and avoid going with them -- a setup that we know we can get installed correctly and supported well, vs going with some exotic and obscure cheaper voip solution..

Again, not related to the discussion. You are stuck on the decision when we are talking about a business process.

Sorry, I suck at properly following along in discussions...

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

ok. I could make a big stink about this, claiming that Cisco and the Cisco partner are just taking our money when we could be getting something for a lot cheaper, and it would probably work and I could probably convince them to not go with Cisco at all and instead let me find something that would be cheaper.

1. The core claim is around fundamentally bad business practices. Not the Cisco situation.
2. Then that leads to the Cisco SALES people being the wrong people to engage.
3. Then it leads to why there has been NO evaluation of needs AT ALL. Zero. No IT done, whatsoever.
4. Then it should lead to hiring a phone consultant, the word you misused about the salesman

What do you mean about number 3?

Also, I don't really know how to find phone consultants. Googling that seems to yield more full voice solution companies, so more of the wrong people I assume. Plus, we are in a small rural city with not a lot of diverse consultant type companies around. Maybe I could call Jared as someone suggested..