The L3/L2 Time Machine

“We are consolidating VLANs to simplify the network.” – So said a CIO in a request for me to come in to consult on a LAN “upgrade” project. 

This was such funny timing, coming right after my post about network complexity.

Anyway, they wanted to convert this:

VLAN ID
Description
10
Reserved
20
General Data
30
Accounting & Administraton
40
Bank
50
Servers
90
Guest WiFi
999
Network Mgmt

Into something like this:

A flat LAN with daisy-chained switches and guest WiFi via a 2nd router.

Like going back in time

Now, for a little context as to why I engineered the original network (which itself was a redesign of essentially the same flat network they wanted to convert back to) the way I did:

This is a 23,000 sq. ft. building housing sales, marketing, and accounting departments, as well as a mortgage lender that operates as a 2nd entity. When I redesigned the network about 9 years ago, it was primarily because we needed to increase backbone bandwidth and to solve DHCP address starvation. With about 135 devices on the network, and the surge of BYOD devices nobody was really expecting, it wasn’t long before I’d reduced the DHCP leases down to 4 hours. I had to do something. 

Also, I had a sense that federal and state security and privacy regulations on financial entities would start going crazy. So I figured I’d beat them to the punch and isolate the mortgage bank from the rest of the network. And it just made sense to me as the right thing to do. I reserved VLAN 10 for a future VoIP phone system, and decided to segment a few more things. I don’t think I went overboard with 6 VLANs in production, especially considering the transient nature of the users, most of which were not employees, but independent contractors in a highly competitive industry.

I think the reason for the over-simplification (in my opinion) of the network is due in large part to the dilution of the IT staff’s skill set within the company following an acquisition. Such is business. I just hope I don’t read about a data breach in the near future concerning that mortgage lender. 

If I had my way, I’d overhaul that network by adding a second core/distribution switch for redundancy. The budget wasn’t there the last time.    

Leave a Comment

5 × three =