To help nip network expansion woes in the bud, here's a blueprint for designing LANs with plenty of room for future expansion.

I've been involved in networking projects where the pace moved so quickly that one very important aspect of implementing a LAN was shelved for later or ignored altogether: the planning phase. There isn't always time to consider the big picture, but a sound planning and design phase can position your network implementation for growth and flexibility.

If the initial network implementation is small enough, it may be difficult to resist the urge to just toss in a switch and be done with it. But then what happens when it's time to grow? You'll most likely be forced to add other subnets and a router to handle internal and external routing to the Internet and other potential network partners. To help you nip network expansion woes in the bud, I'm going to provide a blueprint for designing LANs with plenty of headroom for future expansion.

Thinking ahead

As your small network quickly grows into a much larger entity, will it become a multitentacled monster or will you be able to accommodate growth in an orderly manner? The answer lies in addressing the need for expansion up front. By applying a little sound planning in this area, you can position the new network implementation to withstand even rapid growth.

As you develop your plan, you'll need to address a number of considerations, such as the number of workstations you must initially support and how many you will support after expansion. Be sure to take location into account--it can seriously affect the necessary cabling. For instance, if your network clients are located on multiple floors, how will you handle connectivity between floors? In this area, it's almost a given to follow standard design practices. This suggests a flexible cable plant, where connections on each floor are aggregated to a punch-down block in the distribution frame for that respective floor. Then, you mount switches at the distribution frame for each floor and run interfloor cabling to connect these directly to the core switch. When doing so, recommend fiber connections between switches to accommodate future traffic generated by many 100-MB workstation connections.

That's enough about cabling--but it does illustrate the complexity of some of the issues you'll need to tackle. For the purposes of this article, we'll consider a simple scenario with all PCs located on the same floor within maximum cable-length distance.

The scenario

Let's say you're starting off with a small network configuration that has a single Cisco switch and router. The switch has a fixed number of ports, but the router has basic capacity for expansion. You chose basic models for your initial small-scale LAN, for cost reasons. If your client or employer doesn't budget for extra infrastructure before implementation, that's okay. Look at it from a pay-as-you-grow approach. This detail, in itself, would normally mean little or no expansion room, but you can set it up to overcome the aspect of a fixed form-factor. Integrate VLANs into your design to prepare for the inevitable. Use such features as VLAN Trunking Protocol (VTP) and trunking. This will allow for easy expansion because when you add the next switch, setup will be minimal; it will inherit VLAN information from the original switch when you make it a client member of the VTP domain.

VLAN information

For more information on VLANs, take a look at Robert McIntire's article "VLANs and switching technology: A nuts-and-bolts approach to Cisco VLAN design."

First, assume that the basic setup has already been performed on both a Cat 3500 series switch and a 2600 series router. Then, look at the connections between devices. Naturally, the router will connect to both the Internet and the local LAN(s). The Internet connection is provided through an external To Switch Unit (TSU) connected to the serial interface in the router. Normally, at this point, I'd say something about security (perimeter networks, DMZ, firewalls, etc.), but that's a bit outside the scope for setting up a basic network with expansion in mind.

VLAN configuration

On the LAN side, the router has only two Ethernet 10/100 interfaces. You'll need more than that for your VLAN configuration, which consists of five VLANs or subnets. Or will you? Trunking will allow all VLANs to travel down one link to the router, rather than requiring a dedicated Ethernet port for each subnet. You'll establish a VLAN for servers, two for users, one for printers, and one for management. Later, as the network expands, you can perform some level of traffic control. Users will have access directly to servers but not to the management of servers or printers. Servers, with associated print queues, will have access to printers, and printers really don't need access to anything. The management VLAN will have access to all others. Keep in mind that this is only one design approach among many, and it may not be applicable in some environments. That said, you must first set up VTP by running the following commands:

Switch1(config)# vlan database

Switch1(vlan)# vtp server

Switch1(vlan)# vtp domain dis-domain

Next, set up trunking on the router. The first step is to enable Interswitch Link encapsulation with:

Router1(config)# int fastEthernet 0/0.1

Router1(config-subif)# encapsulation isl 1

You want to create five subinterfaces, one for each VLAN. To set up switch trunking, execute the following commands:

Switch1 (config)# int fastEthernet 0/1

Switch1(config-if)# switchport mode trunk

Switch1(config-if)# switchport trunk encapsulation isl

You can name the VLANs as you create them. The second VLAN will be used as the server VLAN. Log in to the switch and name the VLANS with the following commands:

Switch1(vlan)# vlan 2 server1

Switch1(vlan)# vlan 3 user1

Switch1(vlan)# vlan 4 user2

Switch1(vlan)# vlan 5 printers

You've already created the subinterfaces on the router that represent VLANs for routing, but you need to address them. Assigning addresses to the subinterfaces is as simple as running the following commands:

Router1(config)# int fastethernet 0/0.1

Router1(config-subif)# ip address 192.168.1.1 255.255.255.0

VLANs and redundancy

Remember, you also need to designate which ports on the switch belong to which VLAN. VLANs not only give you room for an expansion in network capacity but also growth in the area of security. As a network grows larger, tighter security becomes more of an issue. With different types of traffic and users segregated into separate VLANs, you can restrict or allow traffic to/from users, the Internet, internal servers, etc. This level of control is employed at the router using access control lists (ACLs). Again, this aspect falls a little outside of your core issue of expansion, but it is worth a mention.

Keep in mind the effects of such a design. It may enable you to separate and further control network traffic, but it will require more routing overhead. Consider this carefully when selecting the core routing solution. Otherwise, you could overwhelm a low-end router with traffic from several high-speed LAN interfaces. Here, you're betting that by the time traffic has reached that volume, you'll be upgrading your router.

Redundancy

At this point, you can create a level of redundancy by grouping both of the router's Ethernet interfaces into a single ether-channel between the router and the switch. What better way to design for expansion than by building in redundancy from the start? Not to mention that using wide-pipe bandwidth between the switch and router allows for plenty of network traffic growth. Many Cisco devices can automatically detect potential ether-channels and configure them, but if you need to explicitly declare them, try this command from within the Switch Config mode:

Switch1(config)# interface fastethernet0/1

Switch1(config-if)# port group 1

Switch1(config)# interface fastethernet0/2

Switch1(config-if)# port group 1

Remember that the ports you use on the switch will have to be in the same VLAN.

Managing the expanding network

Another issue concerns managing the rapid expansion of a network. You'll soon be adding more switches, possibly some routers, and most likely a few servers. How do you go about managing all of these devices effectively? Simple Network Management Protocol (SNMP) is definitely an option. Cisco provides a suite of management software called CiscoWorks, and other manufacturers offer software from the simplistic to the most sophisticated products you've ever seen.

The idea is to have one single interface to view your network as a whole. If you have the budget, I'd implement it at the start. Regardless of whether you delve into sophisticated management suites right away, you'll most likely end up using one of the more cost-effective products in the beginning. Either way, you'll need to set up your network devices for SNMP management. You can do so at the command prompt, or you can use the Cisco Web-based configuration utility to set up SNMP parameters. Another thing to consider for management, aside from SNMP, is the Cisco clustering capability. It allows you to assign an IP address to one switch and then group all switches as a cluster for ease of management. It's Java-based, runs from a browser, and provides a simple, intuitive graphical interface.

Summary

Although expansion can be a painful process, you can take the edge off by following some of the methods and guidelines mentioned here. Remember to consider the basics first, such as number of workstations and subnets. Then, plan your cabling needs accordingly. From there, set up your infrastructure and devices to be flexible and allow for future growth. In this way, you might actually make it possible for the IT department to go home on time.