Named VLANs and Campus Topology

woleakpose · ‎07-06-2006

We have a campus of several groups and sub-groups and distributed accross an expanssive campus. We want to enable improved mobility (not just wireless) of users while retaining user authorizations and entitlements.

We consider implementing a named vlan structure with the groups defined at every access/distribution layer.

Does anyone know what problems this implementation might cause?

wong34539 · ‎07-12-2006

In a large campus design the traditional Cisco recommendations are for at least two VLAN's per access layer switch, which is then dual-homed to a distribution L3 switch where the VLAN's are terminated. We also recommend that the VLAN's do not extend beyond a single closet. This enables us to scale the wired switched networks very well, support fast STP convergence, and provide predictable behaviour under failure conditions. In this scenario it is advised against any end to end VLAN's, not even VLAN 1 for management.

woleakpose · ‎07-12-2006

So defining each usergroup (say 10 in all) in each access layer switch as a mechanism for access containment is not inherently againts best practices recommendations?

The goal is user modbility and management flexibility, while preserving group and data seperation when possible. Ofcourse the network is just a part of the picture, but we believe its critical enough to justify it being well architected.

Thanks again for your response.