What is the maximum number of nodes in a VLAN?

[mammador]

I'm planning a VLAN design for two separate uses (cameras, access control locks and servers for my friend's business).

She has a large warehouse, and I'm thinking of scalability needs in addition to actual needs. Cisco have sites saying 500 is the rule of thumb. However, these were posted almost 10 years ago, so has the limit risen since then?

if it's still 500, then no issue, she should still have enough private addressing space to include multiple subnets.

 

[jlazzaro]

there is no maximum, it is completely dependent on the nature of your network's traffic.

host hardware and operating systems (XP, W7, Linux), desktop protocols, traffic types (unicast, multicast, broadcast), bandwidth & delay needs all come into play.

generally speaking i keep things /23 or smaller. if i need larger, i probably need to plan better.

 

[Railgun]

The better questions are:

Do you need to seperate that traffic? Why? Are you going to lock it down via ACLs?

How many hosts need to live within that VLAN?

There's no reason you can't do something larger, but it's all about how you want to segregate traffic.

 

[Cooky]

I too try & keep my subnets to /23 or smaller.
This way broadcast domain is small.

Make sure your friend doesn't have any "peer to peer" apps that need to rely on all hosts being on same L2 network.
It's not a show stopper, but good to know up front.

 

[drebo]

As stated above, it's not so much about the number of nodes as it is about the size of the VLAN. A VLAN with 500 nodes that are all connected to the same 6500 switch, for instance, isn't that bad. Yeah, there'll be a lot of broadcast chatter, but if you properly utilize arp inspection and rogue DHCP detection, it's not so bad.

That topology as opposed to having 500 hosts on the same VLAN connected into 15 different switches that are daisy-chained together...that's a bad topology.

So, if you're smart with your IDF design and your physical layout and design, you should be OK with more than a /23. But, you may consider additional VLANs if the warehouse is super large. Maybe break it up by IDF with a L3 connection between the IDF and your "core." More info would be needed to know if this is really necessary.

 

[mammador]

As said, there are three uses intended for the VLANS, these being cameras, access control locks and servers. We want the VLANs to make things more manageable, and to have specified subnets for each system.

The warehouse is about 5,000 sq. ft. so not that small as such. There also are internal rooms that require door locks, and an area set aside for a small data centre (to house switches, routers, and servers).

I'm thinking that a /24 should be sufficient for cameras, as there are 80 placements identified, and so there is room for scalability. As for door locks, I'm thinking of a /26. There are only 15 doors or so, so a /24 seems like too much wasted addressing space.

Regarding configuration, we're looking to have a dynamic VLAN for the doors, and static VLANs for the cameras and servers.

 

[alkemyst]

General rule of thumb is 200 hosts...the real limit is how much CPU Utilization you fall under with the hosts. What are the devices that will be handling routing/switching?

/24's are nice because they are easy to deal with. Too many fear running out of address space when they will never grow to those limits.

 

[Railgun]

/24s are OK, but inefficient in a lot of cases. Most are too afraid of moving smaller. VLSM scares the hell out of some people. Too much work or something...

 

[cmetz]

mammador, if you ever touch a half-duplex segment, max is 1024 but you really should not exceed 512.

If you can be sure you're all switched, then the limit is set by either your switches' MAC address tables (real Cisco switches are all relatively large, but watch out for cheap switches!) and how much broadcast traffic (ARP & DHCP) all the stations can process without being unhappy. If you're using relatively low-power CPU devices (e.g., embedded devices), broadcast traffic processing is likely your real limiting factor.

It's a good design to put devices of a similar kind onto their own VLAN, makes it easy to apply ACLs.