NETWOK ARCHITECTURE

1. Split the network functionally to develop the network infrastructure and hierarchy
requirements.
2. Design each structured element separately in relation to other elements
3. divide a network into areas
FOCUS ON LAN CAMPUS DESIGN
1. Inventory ports numbers, current and expected endpoint on the campus.
2. Select the routing protocol to be used in the campus network
3. Define data oversubscription :
a. 20:1 for access ports on the access-to-distribution uplink.
b. 4:1 for the distribution-tocore links.
4. How to perform load balancing on the campus?
a. EtherChannel Design Versus Equal-Cost Multipathing
5. Design access distribution blocks: number and type of blocks
a. For each block type, specify layer 2 and layer 3 features and tell why and how
each feature is going to be implemented.
b. Select and justify implementation of Cisco Catalyst Integrated Security
Features

DETAILS OF ACCES-DISTRIBUTION BLOCK DESIGN

1.
2. access layer:
a. layer two technologies
i. Spanning Tree Protocol (STP):
1. Rapid Per-VLAN Spanning-Tree Plus (RPVST+)
2. Cisco STP Toolkit
a. PortFast
b. UplinkFast
c. BackBoneFast
d. LooopGuard
e. BPDUGuard
f. RootGuard
g. UniDirectional Link Detection (UDLD):
h. Bridge Assurance
b. trunking (ISL/802.1Q),
c. Unidirectional Link Detection (UDLD),
d. EtherChannel
e. high availability
i. hardware
1. redundant supervisor engines
2. active and stand-by route processor
3. Redundant power supplies.
4. StackWise technology
5. StackPower Technology ( PoE)
ii. Software
1. redundant supervisor engines
a. SSO in a Layer 2 environment or
b. Cisco NSF with SSO in a Layer 3 environment.
2. first-hop routing protocols (FHRP),
a. GLBP
b. HSRP
f. Security
i. IEEE 802.1X,
ii. port security,
iii. DHCP snooping,
iv. dynamic ARP inspection (DAI),
v. IP source guard.
g. Quality of service (QoS):
h. IP multicast:
i. Power negotiation
3. Distribution Layer
a. High Availability,
i. dual paths from the distribution layer to the core.
ii. dual paths from the access layer to the distribution layer.

b. load balancing,
i. Layer 3 equal-cost load sharing allows both uplinks from the
distribution to the core layer to be used
c. QoS,

In the recommended campus design, the same VLAN should not appear in two access layer switches.

Recommended Practices for Trunk Configuration and VLAN Trunking

Protocol
-

The current recommended practice is to use IEEE 802.1Q trunks.

VTP Transparent mode is now a recommended practice because it decreases the potential for
operational error
set the VTP domain name.
when configuring switch-to-switch interconnections to carry multiple VLANs, set Dynamic
Trunking Protocol (DTP) to Desirable and Desirable with Encapsulation Negotiate to support
DTP negotiation.
manually prune unused VLANs from trunked interfaces to avoid broadcast propagation. You
should avoid automatic VLAN pruning

disable trunks on host ports,because host devices do not need to negotiate trunk status
A common practice is to configure both ends of the trunk to desirable

For fastest convergence, a third configuration turns DTP to On and On with Nonnegotiate to save a few
seconds of outage when restoring a failed link or node.

Recommended Practices for UDLD Configuration

A recommended practice is to enable UDLD Aggressive mode in all environments where fiber-optic
interconnections are used.

Recommended Practices for EtherChannel

EtherChannel Applications
-

EtherChannels are usually deployed between the distribution-to-core and core-to-core

interconnections where increased availability and scaled bandwidth are required.
EtherChannel link aggregation is used to provide link redundancy and prevent a single point of
failure, and
EtherChannel link aggregation is to reduce peering complexity because the single logical entity
reduces the number of Layer 3 neighbor relationships as compared to multiple parallel links.

Select Access-Distribution Block Design

-

Layer 2 loop free

o The access switches use Layer 2 switching.
o The links between the access and distribution layers are configured as Layer 2 trunks.
o The link between the distribution switches is configured as a Layer 3 routed link.
o An EtherChannel is typically used for this link to increase availability.
o In this design, there are no Layer 2 loops in the access-distribution block, which means
that the Spanning Tree Protocol is not involved in network convergence and load
balancing
o All the ports are in the spanning-tree Forwarding state.
o Load balancing of the traffic from the access to the distribution layer is based on the
First Hop Router Protocol (FHRP) that is used in this design.
o Reconvergence time in the case of failure is driven primarily by FHRP reconvergence.
o A limitation of this solution is that it is optimal for networks where each access layer
VLAN can be constrained to a single access switch.
o Stretching VLANs across multiple access switches is not recommended in this design
o The Layer 2 loop-free design is a current best-practice design; However, it is often not
feasible to use it because of the restriction that VLANs should not be stretched across
multiple access switches.
Layer 2 loop
o uses Layer 2 switching on the access layer, and
o the links between the access and distribution switches are configured as Layer 2
trunks.
o the link between the distribution switches is configured here as a Layer 2 trunk

o
o
o
o
o
-

Layer
o
o
o
o
o
o
o
o

This configuration introduces a Layer 2 loop between the distribution switches and the
access switches.
To eliminate this loop from the topology, the Spanning Tree Protocol blocks one of the
uplinks from the access switch to the distribution switches.
This design is recommended for networks that require an extension of VLANs across
multiple access switches.
A drawback is that network convergence in the case of failure is now dependent on
spanning-tree convergence that is combined with FHRP convergence.
Another downside is limited load balancing. PVST root election tuning can be used to
balance traffic on a VLAN-by-VLAN basis. However, within each VLAN, spanning tree
always blocks one of the access switch uplinks.
3 routed
The Layer 3 routed design uses Layer 3 routing on the access switches.
All links between switches are configured as Layer 3 routed links.
eliminates the Spanning Tree Protocol from the interswitch links.
Spanning Tree Protocol is still enabled on edge ports to protect against user-induced
loops, but it does not play a role in the network reconvergence in the accessdistribution block.
FHRPs are also eliminated from the design, because the default gateway for the end
hosts now resides on the access switch instead of on the distribution switch.
Network reconvergence behavior is determined solely by the routing protocol being
used.
constrains VLANs to a single access switch. (Like the Layer 2 loop-free design)
does not allow VLANs to be extended across multiple access switches,
requires more sophisticated hardware for the access switches.