VLAN design

Hi everyone Im back and preparing for the Switch exam

I am currently reading on End to End VLANs and Local VLANs and cant quite understand why Cisco recommends Local VLANs as a design methodology. I come from a background where VLANs are assigned based on roles such as HR, Security etc.. and ACLs are then defined. The idea of Local VLANs restricted to a given wiring closet seems to contradict most design principles I have learnt over the years, Can someone please shed some light or am I missing something hear.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

The idea behind localized VLANs is to keep the L2 domain as small and manageable as possible. It is much easier and efficient to manage a routed distribution/core than a large STP mess. If you only have a few switches its not really that big of a concern though.

Is there really anything gained from having a VLAN span across your network? Unless there are protocols that need direct L2 connectivity its more trouble than its worth!

MrXpert

Localized VLANs? is this where you have certain VLANs belong to a certain block(logical thing?) and that block is in a certain physical location?
for example accounts and admin are in Building A, so they are local to that.
If however you have other admin/accounts staff in a location other than building A then you create a new VLAN for them?

And by doing this kinda design VLAN traffic is minimized? but isn't that what vlan pruning is for?

sorry not looked at Switch related stuff at ccnp so i am kinda surmising and based on stuff i may have learnt/read elsewhere.

networker050184

Localized VLANs as in localized to a single access switch or set of access switches based on how far down you bring your routing. Commonly referred to as 'routing to the access layer'. You don't build an Accounting VLAN, HR VLAN etc that spans anywhere in your network you need.

As I said above there really is nothing gained from having a VLAN span across the core or even distribution level unless there are specific protocol needs.

spd3432

networker050184 wrote: »

As I said above there really is nothing gained from having a VLAN span across the core or even distribution level unless there are specific protocol needs.

Would this be where cluster vm's would reside that span multiple buildings / campuses? I think they use L2 communication vice L3.

networker050184

Yeah VMware is one of the only things I've seen that needs this. Some phone solutions as well. I've seen some places go VPLS in house to overcome the spanning VLAN needs, but that isn't feasible to a lot of places.

xXErebuS

It also helps keep broadcast traffic off your site to site solution whether it be VPN, MPLS, ETC. I typically design by closet location, so if building A has 5 closets; each closet with have vlan 1, vlan 2, vlan 3 that relate to specific subnet standards. It makes it simple to determine the exact site; building; closet that a host belongs to just by looking at their IP Address.

Danielh22185

You would want to seperate the departmental operations into different VLANs as well but the physical orentiation of how the work enviornment is layed out pretty much already dictates that. VLAN (virtual local area network) should only ever be indicitive of the local network. If people in HR from Dallas need to communicate with people in HR in New York its as simple as doing IP routing. You simply won't have a hand in the entire routing process. At some point you are going to hand off to an ISP to finish the job.

It surely also depends on the size and orientation of your company. Depends on what you are working with but VLANS should most always stick around as layer 2 and local to their own LAN. There may be exceptions but that is more rare than common.