I was browsing the Cisco support forum the other day and found the following question post which is about designing a Cisco switched network. Some useful answers are given, so I thought I would repost here for my blog readers. You will find useful tips about switch port dimensioning, redundancy etc. I Hope you find it useful.

Initial Post Question

Hello all,

I am relatively new to networking and am currently doing some theory work with network design to gain some knowledge. I’m sure you have all been there!!

I have a specification which details the needs for the network across a large campus, including number of users, their bandwidth usage, their locations, overall budget etc. I have chosen what servers are need and their locations, and the number of routers needed and their connectivity to each other to build in redundancy. My next step is to calculate how many switches will be needed for each building to get all the users onto the network and this is where I am getting quite confused.

My understanding is that a host connects to one port on the switch and a standard switch has generally around 24 ports. Therefore one switch can theoretically connect only 24 users to the network (perhaps 23 if one of those ports are used to connect to the router). My problem is that is some buildings I have over 400 users (Ive added a small percentage to allow for growth of the company). Does this mean that I need one switch to connect to the router and then another switch on each of the 24 ports to have enough ports to connect this many users? If this or something similar is true how is redundancy built in because if the switch that connects to the router goes down all the users in that building lose their connection. This seems a very expensive solution and probably quite an ugly one.

If anybody could guide me through a solution it would be very much appreciated. I have spent a long time reading articles and such on the internet but nowhere seems to go though this so if you know of a resource that walks you through design a medium/large network that would be great.

Many thanks in advance
Darren

Reply 1

Hi Darren,

To answer a couple of your points, you can get access switches with 48 ports (Cisco 2960 or 3560 for example).
If you have 400 users in a building, will all 400 user locations be cabled back to a single network cabinet (closet)?
If they are then you may be better off looking at a chassis based switch such as the 4500 series for example.
If not, you might want to to distribute the access switches in different cabinets around the building and link them back to a central distribution switch or router.
The final design will depend on the physical size of the building because don’t forget that you are restricted to 100 meters of UTP cabling between the user outlet port and the switch.

Hope that gives you some pointers.

Pete

Reply 2

Hi Darren,

To have redundancy in network you should have redundant pair of devices in your network to support redundancy and to support 400 users you can have chassis based switches with ethernet modules to support more number of users.

with you setup redundancy will be the main question as one router and local lan so the switch which is connected to router goes down then network outage.

The better way is to have dual router and dual switch in bundling mode and connect a cris cross cable between router and switch to have full redundancy in your network.In this fashion you can achive full redundancy and no network outage if any one of the device goes down.

Hope that helps out your query !!

Regards

Ganesh.H

Reply 3

Hello Darren,

IMHO the design is mainly dependent on how the connectivity and the requirements per floor( if any). If there is a per floor cabinet then may be you can use C3750 stack for access layer solution per floor.To increase any capacity needs you just keep adding to the stacks. Then if there is fiber wiring between floors available you can chose to interconnect access layer and distribution using that. Say one closet/cabinet on any floor as the collapsed distribution model, the choice is vast here c3750/4500/6503. The access layer c3750 do come with 48 ports and 4 SFP based uplink ports. so you can use the sfp based uplink ports to connected these back to your collapsed distribution layer, which becomes your default gateway and may be the STP root port too. Now for redundancy, IMHO the access layer needs to be dual connected to a redundant gateway model (each acccess stack connected to both gateways) as Ganesh suggested earlier. You can either use HSRP/VRRP to provide L3 gateway redundancy. You can also use etherchannel for uplinks to provide more redundancy. Of course if one switch fails in the stack then we loose those ports, but still the other switches on the stack will work. this is just my thoughts on you requirements.

Hope that helps.

Deesh

Cisco Catalysts switches equipped with the Enhanced Multilayer Image (EMI) can work as Layer 3 devices with full routing capabilities. Example switch models that support layer 3 routing are the 3550, 3750, 3560 etc.

On a Layer3-capable switch, the port interfaces work as Layer 2 access ports by default, but you can also configure them as “Routed Ports” which act as normal router interfaces. That is, you can assign an IP address directly on the routed port. Moreover, you can configure also a Switch Vlan Interface (SVI) with the “interface vlan” command which acts as a virtual layer 3 interface on the Layer3 switch.

On this post I will describe a scenario with a Layer3 switch acting as “Inter Vlan Routing” device together with two Layer2 switches acting as closet access switches. See the diagram below:

Interface Fa0/48 of the Layer3 switch is configured as a Routed Port with IP address 10.0.0.1. Two Vlans are configured on the L3 switch, Vlan10 and Vlan20. For Vlan10 we will create an SVI with IP address 10.10.10.10 and for Vlan20 an SVI with IP address 10.20.20.20. These two IP addresses will be the default gateway addresses for hosts belonging to Vlan10 and Vlan20 on the Layer2 switches respectively. That is, hosts connected on Vlan10 on the closet L2 switches will have as default gateway the IP address 10.10.10.10. Similarly, hosts connected on Vlan20 on the closet switches will have address 10.20.20.20 as their default gateway. Traffic between Vlan10 and Vlan20 will be routed by the L3 Switch (InterVlan Routing). Also, all interfaces connecting the three switches must be configured as Trunk Ports in order to allow Vlan10 and Vlan20 tagged frames to pass between switches. Let’s see a configuration snapshot for all switches below:

Cisco L2 Switch (same configuration for both switches)

!  Create VLANs 10 and 20 in the switch database
Layer2-Switch# configure terminal
Layer2-Switch(config)# vlan 10
Layer2-Switch(config-vlan)# end

Layer2-Switch(config)# vlan 20
Layer2-Switch(config-vlan)# end

!  Assign Port Fe0/1 in VLAN 10
Layer2-Switch(config)# interface fastethernet0/1
Layer2-Switch(config-if)# switchport mode access
Layer2-Switch(config-if)# switchport access vlan 10
Layer2-Switch(config-if)# end

!  Assign Port Fe0/2 in VLAN 20
Layer2-Switch(config)# interface fastethernet0/2
Layer2-Switch(config-if)# switchport mode access
Layer2-Switch(config-if)# switchport access vlan 20
Layer2-Switch(config-if)# end

!  Create Trunk Port Fe0/24
Layer2-Switch(config)# interface fastethernet0/24
Layer2-Switch(config-if)# switchport mode trunk
Layer2-Switch(config-if)# switchport trunk encapsulation dot1q
Layer2-Switch(config-if)# end

Cisco Layer 3 Switch

! Enable Layer 3 routing
Layer3-Switch(config) # ip routing

!  Create VLANs 10 and 20 in the switch database
Layer3-Switch# configure terminal
Layer3-Switch(config)# vlan 10
Layer3-Switch(config-vlan)# end

Layer3-Switch(config)# vlan 20
Layer3-Switch(config-vlan)# end

!  Configure a Routed Port for connecting to the ASA firewall
Layer3-Switch(config)# interface FastEthernet0/48
Layer3-Switch(config-if)# description To Internet Firewall
Layer3-Switch(config-if)# no switchport
Layer3-Switch(config-if)# ip address 10.0.0.1 255.255.255.252

!  Create Trunk Ports Fe0/47 Fe0/46
Layer3-Switch(config)# interface fastethernet0/47
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport trunk encapsulation dot1q
Layer3-Switch(config-if)# end

Layer3-Switch(config)# interface fastethernet0/46
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport trunk encapsulation dot1q
Layer3-Switch(config-if)# end

!  Configure Switch Vlan Interfaces (SVI)
Layer3-Switch(config)# interface vlan10
Layer3-Switch(config-if)# ip address 10.10.10.10 255.255.255.0
Layer3-Switch(config-if)# no shut

Layer3-Switch(config)# interface vlan20
Layer3-Switch(config-if)# ip address 10.20.20.20 255.255.255.0
Layer3-Switch(config-if)# no shut

!  Configure default route towards ASA firewall
Layer3-Switch(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.2

In a previous post I explained how to configure VLANs on Cisco Switches. That was a simple scenario with just two switches connected with a trunk port and having shared VLANs belonging to both switches. Now, imagine the situation where you need to manage a huge Layer 2 switched network with tens or hundreds of switches and with VLANs spread across all switches in the network. This would be a daunting task for any network administrator as he would have to connect on all switches and add or remove VLANs accordingly every time a new vlan is required in the network.

The Cisco Vlan Trunk Protocol (VTP) is a proprietary protocol available on all Cisco Catalyst switches and is designed to reduce the administration complexity and effort of managing many Layer 2 switches. Basically you select one switch in the network (usually a central switch) and configure it to be the VTP Server of the network. All other switches are configured as VTP Clients. Now, all VLAN administration is done on the VTP Server switch only. If you add a new VLAN on the VTP server switch, this configuration change is propagated on all VTP client switches which automatically add this VLAN to their database. Similarly, by deleting a VLAN on the server, all client switches delete that VLAN from their database.

A Cisco switch can be configured to operate in three VTP modes:

• VTP Server Mode – This is the default mode for switches. A VTP server switch can add, modify and delete VLANs for the whole VTP domain.
• VTP Transparent Mode – In this mode, the switch does not participate in the VTP domain. The switch passes VTP messages transparently to other switches but it does not synchronize its VLAN database according to these VTP messages.
• VTP Client Mode – This is the mode that you configure all switches that you need to have them synchronize their VLAN database according to the VTP server database.

 
Caution: Because VTP Server is the default mode, whenever you connect a new switch in the network, you need to make sure that you configure this switch as VTP Client BEFORE connecting it to the network. This is to avoid the situation where a new switch connected might take the role of the VTP Server for the whole domain and since its VLAN database is still empty, it will cause all other switches in the network to delete all their VLANs.

Another important precaution is to configure also a password for the VTP domain, so that any new switch connected must have the domain password configured by the administrator before participating in the domain.

Configuration:

VTP Server Switch:

! Configure first a name for the VTP domain
Vtp-server(config)# vtp domain mynetworkvtpname

! Configure the switch in server mode
Vtp-server(config)# vtp mode server

! Configure a password for the domain
Vtp-server(config)# vtp password vtp123

VTP Client Switch:

! Configure first a name for the VTP domain
Vtp-client(config)# vtp domain mynetworkvtpname

! Configure the switch in client mode
Vtp-client (config)# vtp mode client

! Configure the domain password in order to be able to participate
Vtp-client(config)# vtp password vtp123

This post will deal with configuring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco catalyst switches. By default, only VLAN 1 is configured on the switch, so if you connect hosts on an out-of-the-box switch they all belong to the same Layer 2 broadcast domain.

The need to configure several Layer 2 VLANs on a switch arises from the need to segment an internal Local Area Network (LAN) into different IP subnetworks. If you want for example to separate the different departments of your enterprise into different IP subnetworks, then each department should belong to its own Layer 2 VLAN. For example, let’s assume the following scenario:

• Accounting Department: IP Subnet 192.168.2.0/24 –> VLAN 2
• Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3
• Engineering Department: IP Subnet 192.168.4.0/24 –> VLAN 4

By separating the internal LAN into different IP subnets (and thus different VLANs) allows the network administrators to enforce traffic restrictions if needed between departments and have better control of internal hosts.

VLAN assignment on a switch is configured on a per-interface basis. That is, each switch port interface is assigned individually into a Layer 2 VLAN. If you have more than one switch connected and you want the same VLANs to belong across all switches, then a Trunk Port must be configured between the switches. The Trunk Port passes all VLANs between the switches. Let’s see the following network scenario to help us clarify some concepts.

On the LAN network above, we have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2, therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch 1 to be able to communicate with hosts in VLAN4 in Switch 2.

The ports of the two switches shall be configured as following:

SWITCH 1:
Fe0/1 – Fe0/2 –> VLAN 2 (Accounting)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port

SWITCH 2:
Fe0/1 – Fe0/2 –> VLAN 3 (Management)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port

Configuration:

Switch 1 Configuration:
!  Create VLANs 2 and 4 in the switch database
Switch1# configure terminal
Switch1(config)# vlan 2
Switch1(config-vlan)# name Accounting
Switch1(config-vlan)# end

Switch1(config)# vlan 4
Switch1(config-vlan)# name Engineering
Switch1(config-vlan)# end

!  Assign Ports Fe0/1 and Fe0/2 in VLAN 2
Switch1(config)# interface fastethernet0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end

!  Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch1(config)# interface fastethernet0/10
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/11
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end

!  Create Trunk Port Fe0/24
Switch1(config)# interface fastethernet0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# end

Switch 2 Configuration:
!  Create VLANs 3 and 4 in the switch database
Switch2# configure terminal
Switch2(config)# vlan 3
Switch2(config-vlan)# name Management
Switch2(config-vlan)# end

Switch2(config)# vlan 4
Switch2(config-vlan)# name Engineering
Switch2(config-vlan)# end

!  Assign Ports Fe0/1 and Fe0/2 in VLAN 3
Switch2(config)# interface fastethernet0/1
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/2
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end

!  Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch2(config)# interface fastethernet0/10
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/11
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end

!  Create Trunk Port Fe0/24
Switch2(config)# interface fastethernet0/24
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# end