VLAN = broadcast domain that exists within a defined set of switches.
A VLAN is a switched network that is logically segmented on an organization basis, by functions, project teams, or applications rather than on a physical or geographical basis.
If you are talking about many physical locations, how far apart are they?
Do you have a dedicated link? What are the physical characteristics of your link?
In the case of collocation, this is done with firewalls/VPNs
If you want to use VLAN you should take in consideration (1) human errors, (2) the accessibility of the switch, (3) who is responsible and who manages the switches.
(1) Let's say you have a development vlan and a production vlan on the same switch fabric.
If someone configure incorrectly the switch (or if the configuration is not correctly saved in the Flash and the switch reboot) then you can have PV variables that leak to other networks. In other words, you may think you are working with a development IOC when indeed you are using a production one.
To avoid this, we don't use VLAN but instead different switches and color-coded cables. (Blue = intranet, yellow= development, green= production, etc.)
(2) Function of your configuration (i.e. often ports are configured to belong to untagged VLANs), if a multi-vlan switch is accessible to end-users, that user may connect to the wrong vlan by plugging his cat5 to the wrong port.
(3) There is a logical separation between the IT infrastructure and accelerator's network. Those 2 may be managed by different groups. If that's the case you may consider separate infrastructure otherwise one group may blame the other whenever an issue arise. (The alternative is to be good at scanning log entries!)
Here we use VLANs to segregate beamlines and accelerator networks.
For me, the killer feature of VLANs is the possibility to change the network topology without touching a cable.
That's a must-have if the network equipment is spread throughout the building or at a remote location.
Finally if you are using advanced network features, you should prepare for the worst case scenario where you lose the entire configuration and connection to the switches. Obviously you should dump their respective configurations on disks and have a few memory sticks around, but better yet you may consider a clustering of console servers. (
http://www.perle.com/supportfiles/Secure_Clustering_Tech_Note.shtml ) I use IOLAN SCS console servers. The master has the optional V92 modem.
Good luck!
--
Emmanuel
> Date: Wed, 8 Jan 2014 13:28:15 +0800
> From:
[email protected]> To:
[email protected]> Subject: VLANS designing,Geographical vs functional?
>
> Hello all,
>
> We are designing VLANS for CSNS(China Spallation Neutron Source). I want to know which method do you choose in your site, geographical or functional? Any advice? Thanks in advance.
>
> Regards,
> Zhang Yuliang