CCM3415 Lecture 3.pdf - Advanced Network Design Security...

This preview shows page 1 - 9 out of 65 pages.

Advanced Network Design & Security CCM3415 Clifford Sule
Image of page 1
Implementing VLANs in Campus Networks
Image of page 2
Chapter 2 Objectives Design and plan VLANs, trunks, and addressing to meet business requirements, technical requirements, and constraints. Configure VLANs and VLAN trunks in the campus network to support business and technical requirements. Configure VTP in the campus network to support business and technical requirements. Describe private VLANs and configure private VLANs in the campus network to support business and technical requirements. Configure and verify an EtherChannel in a Layer 2 topology that contains bridging loops.
Image of page 3
Virtual Local Area Network (VLAN) A VLAN is a logical group of end devices. Broadcasts are contained within VLANs. Modern design has 1 VLAN = 1 IP subnet. Trunks connect switches so as to transport multiple VLANs. Layer 3 devices interconnect VLANs.
Image of page 4
End-to-End VLANs Each VLAN is distributed geographically throughout the network. Users are grouped into each VLAN regardless of the physical location, theoretically easing network management. As a user moves throughout a campus, the VLAN membership for that user remains the same. Switches are configured for VTP server or client mode.
Image of page 5
Local VLANs Create local VLANs with physical boundaries in mind rather than job functions of the users. Local VLANs exist between the access and distribution layers. Traffic from a local VLAN is routed at the distribution and core levels. Switches are configured in VTP transparent mode. Spanning tree is used only to prevent inadvertent loops in the wiring closet. One to three VLANs per access layer switch recommended.
Image of page 6
VLANs in Enterprise Campus Design VLANs used at the access layer should extend no further than their associated distribution switch. Traffic is routed from the local VLAN as it is passed from the distribution layer into the core. Blocks can contain one to three VLANs each. STP is limited to access and distribution switches. DHCP is used to assign IP addresses to users.
Image of page 7
Best Practices for VLAN Design One to three VLANs per access module and limit those VLANs to a couple of access switches and the distribution switches. Avoid using VLAN 1 as the "blackhole" for all unused ports. Use a dedicated VLAN separate from VLAN 1 to assign all the unused ports. Separate the voice VLANs, data VLANs, the management VLAN, the native VLAN, blackhole VLANs, and the default VLAN (VLAN 1). Avoid VTP when using local VLANs; use manually allowed VLANs on trunks. For trunk ports, turn off Dynamic Trunking Protocol (DTP) and configure trunking. Use IEEE 802.1Q rather than ISL because it has better support for QoS and is a standard protocol. Manually configure access ports that are not specifically intended for a trunk link.
Image of page 8
Image of page 9

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture