LAN DESIGN

General Network Design Principles

For network design, there is no one "good network design," and
there is certainly no "one size fits all." A good network design is
based on many concepts, some of which are summarized by the
following key general principles:
There should be redundancy in your network, so that a single link
or hardware failure does not isolate any portion of the network
resulting in those users losing access to network resources.
High bandwidth: The more network bandwidth available to your
users, the faster they can work, or surf the Internet. Think of a four-
lane highway that enables more cars to travel than a two-lane road.
Quality of service (QoS) This is a traffic-prioritization scheme used
to ensure that delay-sensitive traffic such as voice and video is given
a higher priority on the network than other types of traffic that are
relatively immune to delay or changes in delay times (jitter)

Low cost. Don't spend more money than necessary.

Fast convergence.

Security
However, the cornerstone of any good network is the hierarchical
model, which is made up of three pieces, or layers, as illustrated in
Figure 1. It is important to keep in mind that the hierarchical model
refers to conceptual layers providing functionality in your network,
not an actual physical separation.

Figure 1
The hierarchical network design model serves to help you develop a
network topology in separate layers.
For example, in Figure 1, high-speed WAN routers carry traffic
across the enterprise backbone, (Core) medium-speed routers
connect buildings at each campus,(Distribution) and switches and
hubs connect user devices and servers within buildings. (Access)

Figure 1
It is important to keep in mind that the hierarchical model refers to
conceptual layers providing functionality in a network, NOT an
actual physical separation as shown below.
The core layer is a high-speed switching and routing backbone and
should be designed to pass network traffic as fast as possible. This layer
of the network should not perform any frame or packet manipulation,
such as access lists and filtering, which would slow down the switching
of traffic and in turn result in less than a "high-speed" environment.

The distribution layer of the network is the demarcation point between

the access and core layers and helps define and differentiate the core.
The purpose of the distribution layer is to define network boundaries
and is the point in the network at which packet manipulation can take
place. The distribution layer is where access lists and filtering (based on
Layer 2 MAC or Layer 3 network addresses) will take place, providing
network security. The distribution layer is also where broadcast
domains are defined and traffic between VLANs is routed. If there is
any media transition that needs to occur, such as between a 10-Mbps
Ethernet and 100-Mbps Fast Ethernet network segment, this transition
also happens at the distribution layer.
The access layer is the point at which local end users are allowed into
the network. The access layer might also use access lists or filters and
VLANS to further meet the needs of a particular set of users. The
access layer is where such functions as bandwidth sharing, filtering
on the MAC (Layer 2) address, micro- segmentation and wireless
access points connection can occur .
BENEFITS OF THE HIERARCHICAL NETWORK

In a large flat, (figure below) or switched, network, for example,

broadcast frames are burdensome. A broadcast frame interrupts the CPU
on each device within the broadcast domain, and demands processing
time on every device, including routers, workstations, and servers.
Using a hierarchical model helps you to minimize network costs
because you can buy the appropriate networking devices for each layer
of the hierarchy. This in turn avoids spending money on unnecessary
features for a layer, not unlike buying a home appliance with features
that you are not going to use, such as a microwave with a toothbrush
holder.

The modular nature of the hierarchical design model also enables you
to accurately plan network capacity within each layer of the hierarchy,
which means you can reduce wasted bandwidth in your network

That keeps your financial people happy because you are not paying for
something you're not using. Network management responsibility and
network management systems can also be applied to the different
layers of your network to control costs. Again, this is made possible
because of the modular architecture of your network.
Network modularity enables you to keep each design element simple
and easy to manage. Testing a network design is made easy because
there is clear functionality at each layer. Fault isolation is improved
because network transition points are easily identified.

A hierarchical design eases changes in the network environment. A

Layer 3 switch helps implement a hierarchical topology. As a network
requires changes, such as more users joining the network or a
technology refresh/upgrade, the cost of making an upgrade to the
network infrastructure is contained to a small section of the network.

In large, flat network architectures, changes impact a large number of

network devices and systems. Replacing one of the network devices in
this large network can affect numerous other networks because of the
interconnections between each network, as illustrated in the figure
below.
The hierarchical network design model serves to help you develop a
network topology in separate layers. Each layer focuses on specific
functions, enabling you to choose the right equipment and features for
the layer.

It was mentioned in the slide above that, the access layer is the point at
which local end users are allowed into the network, and that the access
layer might also use access lists or filters and VLANS to further meet the
needs of a particular set of users. Let us now discuss the benefits of
VLANS.
Definition: A virtual LAN, or VLAN, is a group of computers,
network printers, network servers, and other network devices that
behave as if they were connected to a single network.
In its basic form, a VLAN is a broadcast domain but the difference
between a traditional broadcast domain and one defined by a
VLAN is that a broadcast domain is seen as a distinct physical
entity while a VLAN is a logical topology, meaning that the
VLAN hosts are not grouped within the physical confines of a
traditional broadcast domain, such as an Ethernet LAN.
 VLANs

The Distribution Layer defines broadcast domains and

routes VLANs . It sums up(aggregates) Access traffic
The primary reason for VLAN implementation is the cost reduction of
handling user moves and changes. Any network device moved or
added can be dealt with from the network-management console rather
than the wiring closet. VLANs provide a flexible, easy, and less-costly
way to modify and manage logical groups of computers in changing
environments.

Benefits
There are benefits for using VLANs. Users might be spread throughout
different floors of a building, so a VLAN would enable you to make all
these users part of the same broadcast domain. This can also be a
security feature.

In addition, if one department's server were placed on the same VLAN,

the users would be able to access their server without the need for
traffic to cross routers and impact other parts of the network, possibly
resulting in network congestion and causing slowdowns.
 CONFIGURATION/IMPLEMENTATION
Basic Configuration:
Overview
Virtual LAN; a logical, not physical, group of devices, defined by
software. VLANs allow network administrators to re-segment their
networks without physically rearranging the devices or network
connections¹. A VLAN (Virtual LAN) is a network composed of
logical broadcast domains. Configuration VLANs allows network
traffic to be separated logically. Network devices on VLAN1 will not
be able to communicate (ping) devices on VLAN2. It is possible to
have devices on VLAN1 of a switch communication with VLAN1 on
another switch through a method called VLAN trunking. See the
image below:
This diagram gives you the basic idea of VLAN membership. You can
see how the floors of the building are separate and that each department
is represented by a different color. The switches lie below and the trunk
link is represented by the lightning bolt. Trunk links may also be referred
to as .1q or "dot one Q." This refers to the IEEE standard of 802.1q
which defines the method of vlan trunking.

Types of Membership
There are several different types of memberships associated with
VLANs:
•Static VLANs
•Dynamic VLANs
Static VLANs are specified by switch port. For example, a 12 port fast
ethernet switch is split for the creation of 2 VLANs. The first 6 ports are
associated with VLAN1 and the last 6 ports are associated with VLAN2.
If a machine is moved from port 3 to port 11, it will effectively change
VLANs.
Dynamic VLANs are specified by MAC address. Assuming the same
scenario, a system administrator will enter MAC addresses for all
machines connecting to the switch. These addresses will be stored in a
memory chip inside the switch that forms a database of local MAC
addresses. Each MAC address can then be associated with a certain
VLAN. This way, if a machine is moved, it will retain the original
VLAN membership reguardless of it's port number.
VLAN Tagging
Moving VLAN data over multiple switches uses a method called VLAN
tagging. The act of VLAN tagging simply adds extra information in the
packet header of ethernet frames so routers know how to pass along the
data.
VLAN Enabled Switches
Not all switches support VLANs. Most "managed" switches including
Dell, Netgear, HP, and others all support vlans. Remember that because
VLAN tagging is a universal standard, different brands of switches can
accomplish the same thing. Data centers are large enivronments should
standardize on a specific platform. Cisco has created proprietary
protocols to manage VLANs called VLAN Trunking Protocol or VTP
which enables Cisco switches to advertise VLAN routes to other VTP
enabled switches. This also allows a system administrator to manage all
VLANs from a central point and order all switches to update the VLAN
information along the entire network. Most orgainizations using VLANs
have figured out it is worth shelling out the extra cash to go with Cisco
equipment and get the extra features and fuctionality
VLAN Configuration
VLANs are broadcast domains defined within switches to allow control of broadcast,
multicast, unicast, and unknown unicast within a Layer 2 device.
VLANs are defined on a switch in an internal database known as the VLAN Trunking
Protocol (VTP) database. After a VLAN has been created, ports are assigned to the VLAN.
VLANs are assigned numbers for identification within and between switches. Cisco
switches have two ranges of VLANs, the normal range and extended range.
VLANs have a variety of configurable parameters, including name, type, and state.
Several VLANs are reserved, and some can be used for internal purposes within the
switch.
Creation of an Ethernet VLAN
VLANs are created on Layer 2 switches to control broadcasts and enforce the use of a
Layer 3 device for communications. Each VLAN is created in the local switch's database
for use. If a VLAN is not known to a switch, that switch cannot transfer traffic across
any of its ports for that VLAN. VLANs are created by number, and there are two ranges
of usable VLAN numbers (normal range 1–1000 and extended range 1025–4096). When a
VLAN is created, you can also give it certain attributes such as a VLAN name, VLAN
type, and its operational state. To create a VLAN, use the following steps.
Configure VTP.
VTP is a protocol used by Cisco switches to maintain a consistent database between
switches for trunking purposes. VTP is not required to create VLANs; however, Cisco
has set it up to act as a conduit for VLAN configuration between switches as a default to
make administration of VLANs easier. Because of this, you must first either configure
VTP with a domain name or disable VTP on the switch.
An example of the Catalyst OS configuration for Distribution 1 follows:

Distribution_1 (enable)>set vtp mode transparent

Distribution_1 (enable)>set vlan 5 name Cameron
Distribution_1 (enable)>set vlan 8 name Logan
Distribution_1 (enable)>set vlan 10 name Katie
Distribution_1 (enable)>set spantree macreduction enable
Distribution_1 (enable)>set vlan 2112 name Rush
Distribution_1 (enable)>
An example of the Supervisor IOS configuration for Distribution 1 follows:
Distribution_1#vlan database Distribution_1(vlan)#vtp transparent
Distribution_1(vlan)#exit Distribution_1#conf t Distribution_1(config)#vlan 5
Distribution_1(config-vlan)# name Cameron Distribution_1(config-vlan)#vlan 8
Distribution_1(config-vlan)# name Logan Distribution_1(config-vlan)# vlan 10
Distribution_1(config-vlan)# name Katie Distribution_1(config-vlan)# end
Distribution_1 #copy running-config startup-config

An example of the Layer 2 IOS configuration for Access 1 follows:

Access_1#vlan database Access_1 (vlan)#vtp transparent Access_1 (vlan)#vlan 5
name Cameron Access_1 (vlan)#vlan 8 name Logan Access_1 (vlan)#vlan 10 name
Katie Access_1 (vlan)#exit Access_1#copy running-config startup-config