07-06-2006 07:34 AM - edited 03-03-2019 03:56 AM
We have a campus of several groups and sub-groups and distributed accross an expanssive campus. We want to enable improved mobility (not just wireless) of users while retaining user authorizations and entitlements.
We consider implementing a named vlan structure with the groups defined at every access/distribution layer.
Does anyone know what problems this implementation might cause?
07-12-2006 09:42 AM
In a large campus design the traditional Cisco recommendations are for at least two VLAN's per access layer switch, which is then dual-homed to a distribution L3 switch where the VLAN's are terminated. We also recommend that the VLAN's do not extend beyond a single closet. This enables us to scale the wired switched networks very well, support fast STP convergence, and provide predictable behaviour under failure conditions. In this scenario it is advised against any end to end VLAN's, not even VLAN 1 for management.
07-12-2006 11:41 AM
So defining each usergroup (say 10 in all) in each access layer switch as a mechanism for access containment is not inherently againts best practices recommendations?
The goal is user modbility and management flexibility, while preserving group and data seperation when possible. Ofcourse the network is just a part of the picture, but we believe its critical enough to justify it being well architected.
Thanks again for your response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide