Named VLANs and Campus Topology

Unanswered Question
Jul 6th, 2006
User Badges:

We have a campus of several groups and sub-groups and distributed accross an expanssive campus. We want to enable improved mobility (not just wireless) of users while retaining user authorizations and entitlements.


We consider implementing a named vlan structure with the groups defined at every access/distribution layer.


Does anyone know what problems this implementation might cause?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

In a large campus design the traditional Cisco recommendations are for at least two VLAN's per access layer switch, which is then dual-homed to a distribution L3 switch where the VLAN's are terminated. We also recommend that the VLAN's do not extend beyond a single closet. This enables us to scale the wired switched networks very well, support fast STP convergence, and provide predictable behaviour under failure conditions. In this scenario it is advised against any end to end VLAN's, not even VLAN 1 for management.

woleakpose Wed, 07/12/2006 - 11:41
User Badges:

So defining each usergroup (say 10 in all) in each access layer switch as a mechanism for access containment is not inherently againts best practices recommendations?


The goal is user modbility and management flexibility, while preserving group and data seperation when possible. Ofcourse the network is just a part of the picture, but we believe its critical enough to justify it being well architected.


Thanks again for your response.

Actions

This Discussion