Creating vlans at the core layer ?

CCIE_2011

Hi guys .....
What are the pros and cons of creating VLans at the core layer??
Keeping the in the distro layer isn't just better ?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

joshgibson82

Vlans will typically failover using STP which is much much slower (50 seconds by default for PVST+ I think!) than a routing protocol like EIGRP or OSPF which will converge within 1 second typically.

bighornsheep

joshgibson82 wrote:

Vlans will typically failover using STP which is much much slower (50 seconds by default for PVST+ I think!) than a routing protocol like EIGRP or OSPF which will converge within 1 second typically.

???

CCIE_2011 wrote:

What are the pros and cons of creating VLans at the core layer??
Keeping the in the distro layer isn't just better ?

What do you mean the core layer? In the Cisco hierarchy model? A design expert can probably better comment on this, but I think the basic concept/concern with regards to VLAN is that they should be created in a centralized location which should be distributed out to the network from that database, so that theoretically any device on the entire network can belong to any VLAN. The caveat is that you have to figure out how to control the scope of these VLANs and the traffic they generate by means of VTP pruning (only forwarding VLAN traffic if the VLAN exist in that path) and/or STP (and it's variants) to allow for failovers in your VLANs but prevent looping from occurring.

CCIE_2011

Yes i mean cisco hierarchy model.
Any why i'll ask the Question in the CCIE section .

Thnks alot guys

mikearama

This was a topic covered in detail in the BCMSN course.

Best practice is to not have VLAN's traverse the core, where ever possible. IE, if you had the choice, you'd limit vlan assignments to access switches, and then have them trunk no higher than the distribution switches.

In real world, with the 20/80 rule becoming the defacto standard, I believe it's virtually impossible to isolate vlans geographically so as to not leave a switch stack.

Case in point... our campus is 5 buildings, with users in every building belonging to our User, Static User, and Roaming User vlans. Each building's distribution switch connects to the core, enabling access between buildings. I wouldn't care to create the same vlans five times in an effort to isolate vlans to a building.

HTH,
Mike