Content Overview This module defines the purpose of VLANS and describes how VLAN implementation can simplify network management and troubleshooting and can improve network performance. When VLANs are created, their names and descriptions are stored in a VLAN database that can be shared between switches. You will see how design considerations determine which VLANs span all the switches in a network and which VLANs remain local to a switch block. The configuration components of this module describe how individual switch ports may carry traffic for one or more VLANs, depending on their configuration as access or trunk ports. This module explains both why and how VLAN implementation occurs in an enterprise network.

Content 2.1 Implementing Best Practices for VLAN Topologies 2.1.1 Describing Issues in a Poorly Designed Network A poorly designed network has increased support costs, reduced service availability, and limited support for new applications and solutions. Less than optimal performance affects end users and access to central resources. Here are some of the issues that stem from a poorly designed network.

Failure domains: One of the most important reasons to implement an effective design is to minimize the extent of a network problem when it occurs. When Layer 2 and Layer 3 boundaries are not clearly defined, failure in one network area can have a far-reaching effect.
Broadcast domains: Broadcasts exist in every network. Many applications and many network operations require broadcasts to function properly. To minimize the negative impact of broadcasts, broadcast domains should have clearly defined boundaries and include an optimal number of devices.
Large amount of unknown MAC unicast traffic: Cisco Catalyst switches limit unicast frame forwarding to ports associated with the specific unicast address. However, frames arriving for a destination MAC address not recorded in the MAC table are subsequently flooded out all switch ports, which is referred to as an “unknown MAC unicast flooding.” Because this causes excessive traffic on switch ports, network interface cards (NICs) have to attend to a larger number of frames on the wire, and security can be compromised as data is propagated on a wire for which it was not intended.
Multicast traffic on ports where not intended: IP multicast is a technique that allows IP traffic to be propagated from one source to a multicast group identified by a single IP and MAC destination group address pair. Similar to unicast flooding and broadcasting, multicast frames are flooded out on all switch ports. A proper design contains multicast frames.
Difficulty in management and support: Because a poorly designed network may be disorganized, poorly documented, and lacking easily identifiable traffic flows, support, maintenance, and problem resolution become time-consuming and arduous tasks.
Possible security vulnerabilities: A poorly designed switched network with little attention to security requirements at the access layer can compromise the integrity of the entire network.

A poorly designed network always has a negative impact and becomes a burden for any organization in terms of support and related costs.

Content 2.1 Implementing Best Practices for VLAN Topologies 2.1.2 Grouping Business Functions into VLANs Hierarchical network addressing means that IP network numbers are applied to the network segments or VLANs in an orderly fashion that takes the network as a whole into consideration. Blocks of contiguous network addresses are reserved for, and configured on, devices in a specific area of the network. Here are some benefits of hierarchical addressing.

Ease of management and troubleshooting: Hierarchical addressing groups network addresses contiguously. Network management and troubleshooting are more efficient, because a hierarchical IP addressing scheme makes problem components easier to locate.
Minimized errors: Orderly network address assignment can minimize errors and duplicate address assignments.
Reduced number of routing table entries: In a hierarchical addressing plan, routing protocols are able to perform route summarization, which allows a single routing table entry to represent a collection of IP network numbers. Route summarization makes routing table entries more manageable and provides the following benefits:
- Reduced number of CPU cycles when recalculating a routing table or sorting through the routing table entries to find a match
- Reduced router memory requirements
- Faster convergence after a change in the network
- Easier troubleshooting

The Enterprise Composite Network Model (ECNM) provides a modular framework for designing and deploying networks. It also provides the ideal structure for overlaying a hierarchical IP addressing scheme. Here are some guidelines to follow.

Design the IP addressing scheme so that blocks of 4, 8, 16, 32, or 64 contiguous network numbers can be assigned to the subnets in a given building distribution and access switch block. This approach allows each switch block to be summarized into one large address block.
At the Building Distribution layer, continue to assign network numbers contiguously out toward to the access layer devices.
Have a single IP subnet correspond with a single VLAN. Each VLAN is a separate broadcast domain.
Subnet at the same binary value on all network numbers, avoiding variable length subnet masks when possible to minimize errors and confusion when troubleshooting or configuring new devices and segments.

For example, a business with approximately 250 employees is looking to move to the enterprise composite network model. Figure shows the number of users in each department. Six VLANs are required to accommodate one VLAN per user community. Therefore, in following the guidelines of the ECNM, six IP subnets are required. The business has decided to use network 10.0.0.0 as its base address. The Sales Department is the largest department, which requires a minimum of 102 addresses for its users. Therefore, a subnet mask of 255.255.255.0 (/24) is chosen, giving a maximum number of 254 hosts per subnet. It has been decided, for future growth, to have one switch block per building as follows:

Building A is allocated 10.1.0.0/16.
Building B is allocated 10.2.0.0/16.
Building C is allocated 10.3.0.0/16.

Building A VLANs and IP Subnets Figure shows the allocation of VLANs and IP subnets within building A. Building B VLANs and IP Subnets Figure shows the allocation of VLANs and IP subnets within building B. Building C VLANs and IP Subnets Figure shows the allocation of VLANs and IP subnets within building C. Some of the currently unused VLANs and IP subnets would be used to manage the network devices. If the company decides to implement additional technologies, such as IP telephony, some of the unused VLANs and IP subnets would be allocated to the voice VLANs.

Content 2.1 Implementing Best Practices for VLAN Topologies 2.1.3 Describing Interconnection Technologies A number of technologies are available to interconnect devices in the campus network. Some of the more common technologies are listed here. The interconnection technology selected depends on the amount of traffic the link must carry. A mixture of copper and fiber-optic cabling will likely be used, based on distances, noise immunity requirements, security, and other business requirements.

Fast Ethernet (100 Mbps Ethernet): This LAN specification (IEEE 802.3u) operates at 100 Mbps over twisted-pair cable. The Fast Ethernet standard raises the speed of Ethernet from 10 Mbps to 100 Mbps with only minimal changes to the existing cable structure. A switch with port functioning at both 10 and 100 Mbps can move frames