vlan1 broadcast problems

[MMIMadness]

hi all,

i recently joined a large organisation who have lots of cisco switches (190+) and serveral remotes sites. some of these remote sites are connected via wireless links (54meg). when the network was put together it was done bit by bit and so all devices on every site are using the same vlan, vlan1, the problem we are starting to see more and more is that as systems are moving onto the network the links are getting flooded with broadcast traffic.

to try and solve this i set one of our remote sites to use there own vlan, Vlan5. the problem i've now got is that as they also have ip Phones (vlan6), i have to use dot1q trunking over the link. but as i can't stop vlan1 traffic from being trunked this hasn't solved my problem.

Can anyone come to my aid with an idea on how to stop vlan1 being trunked or something.

the wireless devices i'm using are basic access points limited configs, would using the latest cisco AP's be any use in sorting the problem??

Many Thanks,

MMIMadness

 

[ADB100]

Clear the unwanted VLANs from the trunk as a quick-fix solution but this needs to be addressed. 190 switches in the same VLAN is VERY BAD.

You need to get a proper design put together - flat VLANs do not scale beyond a few switches. For IP traffic the rule of thumb is to have a maximum of a /23 subnet (508 hosts). For multi-protocol networks take this down a bit and use /24 subnets (254 hosts).

If you can't do this yourself then you MUST get someone in because a flat network of 190+ switches isn't going anywhere and is probably on it's knees already.

Good luck

Andy

 

[MMIMadness]

thanks for that,

i've tried removing the unwanted vlans out of the trunk, but as the unwanted vlan is vlan1 it is not shifting.

thank fully i can't take credit for the design, i just got lumped with it when i joined six months ago. it's taken me that long to work out how it's all put together and sort out a network diagrams for it. i am now working on how to keep it running properly 24/7 layer2 and smoothly with regard to layer3. if that makes sense.

 

[ADB100]

I assume you are using older switches (3500XL/2900XL's) and/or older code. You have been able to remove VLAN on trunks since CatOS 6.x and in IOS-based switches since 12.1.

I would move away from a Layer-2 design as soon as possible. If you post the switch types I can possibly give you guidelines as to what is feasible without buying more hardware.

Andy

 

[baddos]

You would have to make another VLAN as your management VLAN, and make your switches use that as the management VLAN.... Then you could do a switchport trunk allowed to specifically set which vlans to communicate.

Also turn on vtp pruning if you are using vtp.

 

[lui3]

you can also use broadcast suppression on the links to specifically limit the total percentage of broadcasts seen on a link. multicast suppression is available as well.

With the APs you can use protocol filtering to stop certain types of traffic from leaving the wireless network and getting on the wired backbone, IE IPX, NetBios etc.

Just some ideas.


I would try broadcast/multicast suppression as well as moving to a routed layer 3 design.


Good luck. I am surprised the phones are working well with this setup. Where is the L3 QOS for the phones being handled, all the way up at the headend?



Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization