It's so you can later add related VLANs together in similar numerical range. If you have VLAN 1 for Accounting and VLAN2 for Engineering, VLAN 3 for Sales but then later on your Finance department wants a Accounting_Secure VLAN where are you going to put it? VLAN 4?
Well if you would have done VLAN 10, 20, 30 you can insert the new Accounting_Secure VLAN as VLAN 11.
There is no particular reason, it's just nice to leave yourself room to squeeze stuff in between. Personally, I name VLANs based on the network. If it's 172.16.32.x (VLAN 32). Lot less confusion this way.
It really doesn't matter. It depends on how the VLANs will be used. I think it's they way it's done in a lot of Cisco textbooks ;) people tend to stick with what they know.
I do it differently and block them out in 100s <100 routing backhaul, 100-199 data, 200-299 voice, 300-399 IPTV, 400+ guest/tenant 500+ SANs. <1000 locally unique >1000 globally unique.
Though now we've grown significantly and have 100s of VLANs the locally significant ones i don't really care what they are as no one can remember them all and have to look them up anyway.
If it gets to the point where we have 1000 VLANs per site then something went wrong and it needs overhauling anyway!
Like people are saying it is mostly done for flexibility to try to group VLANs together. Of course if you are doing the vlan design yourself. Then that is your opportunity to make things the way you want them.
For example I do VLANs by floor number so I reflect that in my access vlan scheme.
For me: production wired VLAN 200, production wireless VLAN 100, guest wired/wireless VLAN 2, voice VLAN 3, IP camera system VLAN 5, then VLANs 10-80 in increments of 10 for different areas of the building. Makes it easy, for me, to tell where someone is and add anything that's needed in between (like a locked down network in a VLAN 10 section of building, I could assign it VLAN 11 and have room to do more stuff with). Logically, to me, it makes more sense to have that separation.
The only rule you need/should follow is using vlan1 for management. Large university network here. We break out the vlan numbers by purpose. vlan1 is always management, we have reserve a couple hundred for building/user networks, couple hundred for pt-pt links, some for backbone links, some for off-site wan links, some for the data center networks, some for non-routable private networks, etc...
If you have a large network I wouldn't try attempting to map vlan numbers to IP blocks. It might work day one it's unlikely you'll be able to maintain it in the long run.
I prefer to separate everything by powers of two - 4, 8 or 16.
Makes splitting things down a whole lot easier - you can continually divide in half down to 1.
Same reason as older Basic coding practices, it leaves room to add VLANS in between if you decide to split the subnet into smaller blocks of IP addresses otherwise you'd have part of the subnet on VLAN 10 and the rest on VLAN 65 or so vs VLAN 10 and 11
FWIW, we don't. We have 11, 12, 14, 15, 16, 17, 18, 20, 21, 42.
I like using 10 - 99 because it's easy to assign a matching /24 and IPv6 /64
For example, VLAN 11 is 192.168.11.0/24 and 2001:db8:aaaa:aa11::/64, VLAN 42 is VLAN 11 is 192.168.42.0/24 and 2001:db8:aaaa:aa42::/64
This; gotta leave yourself some room to grow.
More replies
unwritten rule: vlan1 should never have end-user equip in it
More replies
I only use prime numbers for vlans
I only use Fibonacci sequence numbers.
But that has the ill effect of having two VLAN 1's.
More replies
It's so you can later add related VLANs together in similar numerical range. If you have VLAN 1 for Accounting and VLAN2 for Engineering, VLAN 3 for Sales but then later on your Finance department wants a Accounting_Secure VLAN where are you going to put it? VLAN 4?
Well if you would have done VLAN 10, 20, 30 you can insert the new Accounting_Secure VLAN as VLAN 11.
More replies
There is no particular reason, it's just nice to leave yourself room to squeeze stuff in between. Personally, I name VLANs based on the network. If it's 172.16.32.x (VLAN 32). Lot less confusion this way.
More replies
It really doesn't matter. It depends on how the VLANs will be used. I think it's they way it's done in a lot of Cisco textbooks ;) people tend to stick with what they know.
I do it differently and block them out in 100s <100 routing backhaul, 100-199 data, 200-299 voice, 300-399 IPTV, 400+ guest/tenant 500+ SANs. <1000 locally unique >1000 globally unique.
Though now we've grown significantly and have 100s of VLANs the locally significant ones i don't really care what they are as no one can remember them all and have to look them up anyway.
If it gets to the point where we have 1000 VLANs per site then something went wrong and it needs overhauling anyway!
More replies
Like people are saying it is mostly done for flexibility to try to group VLANs together. Of course if you are doing the vlan design yourself. Then that is your opportunity to make things the way you want them.
For example I do VLANs by floor number so I reflect that in my access vlan scheme.
For me: production wired VLAN 200, production wireless VLAN 100, guest wired/wireless VLAN 2, voice VLAN 3, IP camera system VLAN 5, then VLANs 10-80 in increments of 10 for different areas of the building. Makes it easy, for me, to tell where someone is and add anything that's needed in between (like a locked down network in a VLAN 10 section of building, I could assign it VLAN 11 and have room to do more stuff with). Logically, to me, it makes more sense to have that separation.
The only rule you need/should follow is using vlan1 for management. Large university network here. We break out the vlan numbers by purpose. vlan1 is always management, we have reserve a couple hundred for building/user networks, couple hundred for pt-pt links, some for backbone links, some for off-site wan links, some for the data center networks, some for non-routable private networks, etc...
If you have a large network I wouldn't try attempting to map vlan numbers to IP blocks. It might work day one it's unlikely you'll be able to maintain it in the long run.
I prefer to separate everything by powers of two - 4, 8 or 16.
Makes splitting things down a whole lot easier - you can continually divide in half down to 1.
Same reason as older Basic coding practices, it leaves room to add VLANS in between if you decide to split the subnet into smaller blocks of IP addresses otherwise you'd have part of the subnet on VLAN 10 and the rest on VLAN 65 or so vs VLAN 10 and 11
FWIW, we don't. We have 11, 12, 14, 15, 16, 17, 18, 20, 21, 42.
I like using 10 - 99 because it's easy to assign a matching /24 and IPv6 /64
For example, VLAN 11 is 192.168.11.0/24 and 2001:db8:aaaa:aa11::/64, VLAN 42 is VLAN 11 is 192.168.42.0/24 and 2001:db8:aaaa:aa42::/64