I'm the new network manager for a school. I've inherited an environment made up of several Windows servers, about 100 Windows clients, 10 printers, 1 Cisco router, 6 Cisco switches, and 1 HP switch. Also, we're using VoIP.
There are four floors in our building. The hosts on each floor are assigned to a separate VLAN. An office on the first floor has its own VLAN. All the switches are on their own VLAN. The IP phones are on their own VLAN. And the servers are on their own VLAN.
For the number of hosts on the network, are all these VLANs really buying me anything? I'm new to the VLAN concept but it seems overly complicated for this environment. Or it's genius and I just don't get it?
Most of those VLANs make sense to me. It's good to split by function so a VLAN for servers, one for phones, and another for workstations makes good sense. You can then get fine control over the traffic flowing between workstations and servers.
What I don't see much point in is having VLANs for workstations on each floor. A single VLAN for all workstations would keep things nice and simple. Spanning VLANs across multiple switches/trunks probably won't be an issue for a network that small.
It's also pretty pointless to maintain a seperate VLAN for switch management. They can sit happily on the server VLAN.
Nothing magical about VLANs BTW... just separate broadcast network segments with each requiring a default gateway and the appropriate ACL configuration on network ports.
Well, could be useful to have separate VLANs for data (computers) and VoIP, so you can apply some sort of traffic prioritization. Separate VLANs for management of switches it's also useful. Separate VLANs per floor seems maybe too much for 100 Pcs, unless you plan to expand in the future.
VLANs let you divide your network in smaller logical segments; this helps both in improving manageability and in limiting unnecessary broadcast traffic.
For such a small network it might actually be overkill: you could easily handle ~100 network objects with a single VLAN and IP subnet. But I think you should stick to this configuration, for two main reasons:
1) It improves manageability; if you know f.e. that servers are in 192.168.1.X and clients are in 192.168.100.Y, it's easier to manage them. If all your addresses were in the 192.168.42.Z subnet, how could you (easily) distinguish between them?
2) It scales a lot better. If you ever move from ~100 to > 200 network objects, a single /24 IP subnet will suddenly seem a lot smaller, and a single bigger one will very easily become a mess.
For the purists: yes, I know very well that VLANs and IP subnets don't necessarily have a strict 1:1 mapping; this is only the most common use for them, which seems to be what the OP is referring to.
The other advantage of this design is that you can enforce Access Control Lists on the router, so that communications between VLANs are limited, and you can protect the Windows servers from enthusiastic students.
IME you are in the ball park where segregation of traffic across networks will improve performance. However the division of the VLANs seems to have been decided on the basis of the function of the member nodes rather than any effort for managing bandwidth. Certainly with this number of nodes you could get the same aggregate bandwidth by intelligently planning where you put switches rather than using vlans.
Without seeing a detailled diagram and getting some real measurements its hard to say for sure, but I suspect that the setup you describe is giving you no performance benefits and lots of admin headaches.
Not a good reason for using vlans - use subnets, firewalls and switches.
I'd agree with the answers you have already.
Do you need VLANs? In other words are they "necessary" if we want to stick pedantically to what you ask in the title of your question? Probably not. Is it a good idea given the variety of traffic you have? Probably, yes.
There isn't a right or wrong answer, it's a question of different designs and what the designer was hoping to achieve...
Based on what you've said I agree with the comments about not needing a VLAN "per floor", but without knowing more about your setup (though I am a college network manager so I have some general idea) its possible for all we know that you have programming classes all on one floor, admin office on another, etc. and the current workstation VLANs are not about separating floors but rather about separating functions, so the programming classes can't possibly disrupt use of the LAN for word processing in other lessons, students can't easily connect to administrative workstations, maybe you have a requirement for dedicated PCs for electronic exams, and so on. If something like that is going on then maybe the extra workstation VLANs start to make more sense.
I don't suppose any documentation exists explaining the design choices made by the person who initially set this all up?
VLANs segerate broadcast traffic. You don't have enough computers to worry about that. VLANs often but not always align with subnets. VLANs also let you apply some limited ACLs Switch ACLs can be a lot of upkeep with little benefit. Firewalls separate traffic better, ACLs on switch ports that can get messy.
The only argument I see for adding VLANs is if you also change your IP addressing scheme. Now, I think with only 4 floors which may be overkill.
In a company I use to work for we had a dozen buildings at our main campus and a few satellite campuses, so we had a IP addressing scheme, that allowed us to tell by an IP address what building a device was was in. That's my 2 cents, for what it's worth.