300-420: Designing Cisco Enterprise Networks (ENSLD) certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

CCNP Enterprise ENSLD (300-420): Designing Enterprise Campus

1. Designing Enterprise Campus

Hello and welcome to designing the Enterprise campus. And the purpose of this video is to provide a brief overview of the topics covered in this section, which include architectural design discussions about local area networks on the enterprise campus.

The information is provided in various formats, such as case studies regarding particular business requirements as well as dumps to assist in an understanding of layer two and three designs. Then there are comparisons between the different solutions that are present. Now. All of this is done to assist the student in determining which solution or design to implement and understanding the benefits so that you can comfortably explain and support your decision. So let's look at the topics that will be covered.

The introduction will provide some basic fundamentals of what is meant by "segmentation" in the local area network. Watson, what does a switch provide in both layers two and three of the OSI model in an enterprise campus? This section does a very nice job of explaining and comparing the two design models that are available. They are the end-to-end vlan and the local vlan. These concepts being presented are not necessarily new concepts. However, we want to ensure that you understand the challenges associated with each of these two models. Layer 2 switch tiers perform at the datalink layer and are frequently installed in the entrance for high-speed connectivity between end stations.

Layer 2 switches were used to segment local area networks. At the layer 2 level, a multipotswitch learns about the media access control addresses on each of its ports and the transparently passive Mac frames destined to those ports. Layer 3 switches are routers with fast forwarding done via hot IP. Forwarding typically involves a route lookup, decreasing the time to lift the TTL count, and recalculating the checks of forwarding. The frame with the appropriate Mac header for the correct output port lookups can be done in hardware, as can the decrement, the TTL, and the recalculation of the checksum.

To communicate with other layer 3 switches or routers and build their routing tape, routers use routing protocols such as OpenShortest PathFirst or Routing Information Protocol (RIP). These tables are looked up to determine the route for an incoming packet. We have implicitly assumed that layer 3-switchers provide layer 2-switching functionality, but this assumption does not always hold true. Layer three switches can function similarly to traditional routers, relying on multiple layer two switches and proprietary interval A and connectivity. In such cases, these switches do not need layer-two functionality.

Consider placing a pure layer 3 switch between the layer 2 switch and the layer 3 switch to offload the router from interval and processing. One of the topics discussed was the running tree protocol, as well as the design considerations revolving around how VLAs and subnets are associated with types of traffic, physical location, and specific job functions.

You are shown a chart outlining the benefits and drawbacks of the various recommendations, as well as information on why you might prefer one design model over another. Another aspect that is addressed and included in the comparison discussion is the challenge in relation to troubling. Another important component to include in your design consideration is the alignment of your design model with the structure of reality. Is the campus large enough for a hierarchical, three-layer, three-tier model of code distribution? Therefore, will a collapsed layer be sufficient? Other considerations that are presented revolve around convergence, scalability, security, and manageability. This part of the topic provides an in-depth examination, including business objectives and requirements such as load balancing and the placement of multilayer switches.

Do you have layer two from the access layer to the distribution layer, or do you place layer three capability at the access layer? The terminology and key point here is where the demarcation points and details of specific features, such as StackWisevirtual's virtual switching system VSS, are presented. Certain bold notes sections embedded in the discussion detail provide relevant caveats such as making sure, when designing your architecture, which switch models work with specific iOS versions and ensure that the features you require are supported.

Vision concludes with a well-crafted case study that walks you through a suggested thought process and provides a road map to help you align the appropriate design model with the business needs. As I mentioned earlier, the information may appear basic. It is well presented with the objective of providing you the necessary concepts for designing a successful enterprise campus local network. That is our overview. Thank you.

2. End to End vs Local VLAN’s

Two major design models for your enterprise campus are end-to-end vlans or local VLANs. Each model has its own advantages and disadvantages. With an end-to-end layer 2 VLAN, designing the spanning tree protocol is necessary for loop avoidance. With an end-to-end layer 2 VLAN design, the spanning tree protocol is necessary for loop avoidance. End-to-End VLA groups users into VLA that is independent of physical location.

Items are moved within the campus, but their VLA and membership remain the same. The term "end-to-end VLA" refers to a single van that is associated with switch ports that are widely dispersed throughout an enterprise network on multiple switches. A less switched campus network carries traffic for this VLA and throughout the network. With an end-to-end VLAN model, each VLAN is geographically available throughout the network. Users are grouped into the same VALA. And regardless of physical location throughout a campus, the VLA and membership of that user remain the same regardless of the physical switch that this user attaches to all devices on a given VLA and typically has addresses on the same IP subnet.

So, with the elimination of ela and design, the two are grouped, say, by department. You might have the finance department of the executives or the human resources department, and if that individual is in that group, then they're going to be in that VLAN regardless of where they are physically located. So in that case, we group the corresponding VLANs independently of their physical location. If a user moves within your campus environment, their membership would stay the same, and this may be a requirement of a particular villain. If that's the case, these are known as Nto NVA lanes.

So the term "end" to Nvlan refers to a single VLAN associated with a particular switch port. Remember, a port can be an access port for one particular VLAN, and those VLANs are distributed throughout the entire enterprise network on multiple switches, which means that the spanning tree for that VLAN will span multiple switches. Because, as previously stated, Cisco performs both per VLA and spanning trees. So, let's say I'm hugers VLAN and VLA and ten. If I'm in building A and someone else is in building C, We are in the same spanning tree; we are both in the same VLAN; we are both in the same subnet. So layer two switch campus networks ensure that traffic for this VLAN goes all the way through the network, regardless of where you are physically located. This is what they call the NVLA model. It's geographically dispersed throughout your network. So all devices on a given VLAN will typically have the same IP address subnet as well.

That's typically the way it's designed. Now, Cisco does equate a subnet to a VLAN, and they route between VLANs, so that's typically the way it's done. Local VLANs are the solution that is recommended in the Cisco enterprise campus architecture. Users are grouped into VLANs depending on their physical location. If users are moved within the campus, their VLA and membership change. In the local an model, regardless of organisational function, all users of a set of geographically common switchers are grouped into a single VLAN. Local volts are generally confined to a wiring composite. If users move from one location to another on the campus, their connection is changed to the new VLA and at the new physical location.

In this case, switching is used at the access level, and routing is used at the distribution and core levels to allow users to maintain the resources that they need. You should create local VLA ends with physical boundaries in mind rather than the job functions. Users are traffic for the local VLA and are switched between layers 2 and 3 between the access and distribution levels on the end device. Traffic originates at a local VLA and is routed at the distribution and core levels to reach destinations on other networks. In other words, if I'm in building A, I'm in VLA and 10, and if I'm in building B, I'm in VLA and 20, so we don't have to geographically disperse the VLA and subnets spanning tree out through our entire network.

The issue with this in many designs and businesses is that many businesses want to isolate, say, human resource traffic to the human resource vn. And even though you might start out with a design that localizes, all those human resources people are going to be in VLA and Building 10. And then, if someone moves and your business cases that you need to keep that human resource person on a permanent resource VLAN, you've just gone from a localised VLAN design to an end-to-end if that person moves to something else on your campus? EndToEnd is not the same as local VLAN to end; they are two different models. Your network might be a mix of the two models because a VLAN represents a layer three segment at each end and allows a single layer three segment to be dispersed geographically throughout the network.

Implementation of this design is done for the following reasons: grouping users can be done on a common IP segment even though they are geographically dispersed. Security A VLAN may contain resources that should not be accessible to all users on the network, or there may be a reason to confine certain traffic to a particular VA. When applying QoS to traffic from a given VN, that traffic can be given a higher or lower access priority to network resources. Routing avoidance If much of a VLAN's traffic is destined for devices on that same VLAN and routing traffic to those devices is not desirable, users can access resources on their VLAN without their traffic being routed off the VLAN.

Routing will be avoided even if traffic requires multiple switches. Special Purpose VLAN Sometimes a VLAN is provisioned to carry a single type of traffic that must be dispersed throughout the campus. voice or visitor VLAN's poor design serves no purpose. Users are placed in VLANs that span the campus or even span vans. When implementing End-to-End VLAN, you should consider that switch ports are provisioned for each user and are associated with a given VLAN.

Because users on an end-to-end VLAN may be anywhere in the network, all switches must be aware of that VLAN. When End-to-End VL design is used, all switches carrying traffic for End-to-End VA Lans must have those specific VLA and define VLA and databases for each switch. Flooded traffic for the VLAN passes by default through every switch, even if it currently has no active ports in the particular End-to-End VLAN. Troubleshooting devices on a campus with end-to-end LANs can be challenging because the traffic for a single VLAN can traverse multiple switches in a large area of.The concept of end-to-end VLAN was very attractive when IP address configuration was a manually administered NIM process. Therefore, anything that reduced this burden as users moved between networks was an improvement. However, the ubiquitous nature of DHCP, the process of configuring an IP address at each desktop, is no longer significant. As a result, there are few benefits to extending a VLA throughout an enterprise.

Local Vlas are part of the Nascampus architecture, which states that Vlas used at the access layer should not extend beyond their associate. Distribution switch traffic is routed from the local VLA and passed from the distribution layer into the core. This design can alleviate layer-two troubleshooting issues that arise when a single VLA and traversesthe switches are used across an enterprise, according to campus.org. Implementing the enterprise campus architecture design using local VLA and providing these benefits deterministictraffic flow The simple layout provides a predictable layer two and layer three traffic path in the event of a failure, which is not mitigated by the redundancy features. The simplicity of the model facilitates expedient problem isolation and evolution within the switch block.

Active, redundant paths When implementing PVST, you can use all links to make use of the redundant paths. High availability and redundant paths exist at all infrastructure levels. Local traffic on access switches can be passed to the building distribution switches across an alternative layer two path in the event of Kpop failure, and router redundancy protocols can provide failover. The default gateway for the access VLAN in both the STP instance and the VLAN is confined to a specific access and distribution block. Then comes layer two and redundancy managers, as well as protocols that can be configured to failover in a coordinated fashion.

Failures at layer two affect only a small subset of users if the VLAN ends are local to a switch block and the number of devices on each VLAN is kept small. Scalable Design Following the enterprise campus architecture design, you can easily incorporate new access switches and add new submodules when necessary. Traditional Layer Two access Layer industrial hierarchical campus design distribution blocks use a combination of Layer 2, Layer 3, and Layer 4 protocols and services to provide for optimal convergence, scalability, security, and manageability in the most common distribution block configurations. The access switch is configured as a layer-two switch that forwards traffic on high-speed ports to the distribution switches.

Distribution switches are configured to support both layer-two switching on their downstream switch trunks and layer-three switching on their upstream ports toward the core of the network. In a traditional layer-two model, the LTTis three demarcation is at the distribution layer. The distribution layer switches act as default gateways. There is no way to achieve true load balancing, and the network is slow to converge. The function of the distribution switch in this design provides boundary functions between the bridge layer two portion of the campus and the routed layer. Layer three portions of these boundary functions include support for the default gateway. Layer three: policy control Although access switches forward data and voice packets as layer 2 switches, they also apply advanced layer 3 and 4 features supporting enhanced tubes and edge securities.

With traditional layer-two access layer design, there is no true load balancing because STP blocks redundant links. Load balancing can be achieved through manipulation of STP and first hop redundancy protocol settings for traffic from different VLAs on different links. However, manual STP and FHRP manipulation is not load balancing. Another way to achieve good load balancing is by limiting VLANs on a single switch and employing the gateway balancing protocol. But this design might get complex. Convergence can also be an issue.

A network with a version of STP will have convergence times just below a second, but subsecond convergence is only possible with graphical routing design and tuned FHRPC settings and timers. Updated layer two access layer VLA ends are still terminated at the distribution layer.

The difference is that in this case, half of uplinks are not blocked by an entry, and links are not blocked because uplifts are aggregated using Mic. AIC is only possible if you use virtual switch stacking technology to bundle distribution and layer switches into one virtual switch. MIT is a Cisco impression. The vendor-neutral term for this type of technology is MLAG. Two perliters are delineated in the updated traditional model L as Stipulate the distribution layer. The distribution layer switches act as default gateways. As a prerequisite, all access layer up rings are active bundling distribution switches into a virtual switch. The STP is only used to provide errors. The Ethernet channel gives decent results in load balancing.

There is no need for FHRP, and the conversion is much better than with a traditional layer-two access design. VSS support is platform-dependent. VSS is supported on phone 506 and 506 800 series switches. Cisco presented the new feature supported by the iOSXi Denali in the 3850 switch series and Lay in the new Cisco Catalyst 9500 family. Similarly, the old virtual switching system allowed the clustering of Tuxes together into a single logical entity to allow for high availability, illegality management, and maintenance. This schema enables a loopfree-layer-two network topology. Virtual switchers are now treated as a single logical switch for both access and cost switches. There are other chassis virtualizationologies besides VSS fixed configuration switches, such as Cisco Catalyst 3850, which supports stacking, which you can use to achieve the same topology as with VSS.

3. Layer 3 Access Layer

An alternative configuration to the traditional distribution block model is one in which the access switch acts as a full-layer fitting node. Layer 3 two-point routed links replace access to distribution layer 2 uplink trunks. This means that the layer two-thirds demarcation is moved from the distribution switch to the access switch, which is unnecessary. FHRP and ECH in the network participate in routing with a routed access model.

The access layer is defined by the L2P3 demarcation. The access layer switches act as default gateways, and every device participates in routing, which, if configured properly, gives the best results in load balancing. Each access switch in both the traditional layer-two design and the layer-three-routed axlene is configured with unique voice and data VLAS in the layer-three design. The distribution switch's default gate hood bridge for these VLANs was simply moved to the access switch, addressing all end stations.

The default gateway remains the same (VLA), and the unspecific port configuration remains unchanged on the access switch. Routerface configuration, access lists, IP helper, and any other configuration for each VLA must remain identical. They are now configured on the VLA and defined on the access switch instead of on the distribution switches. Several notable configuration changes are associated with the move of the layer three interface down onto the access switch. Because Vlasare is now locally routed or switched at the access layer, it is no longer necessary to configure an HSRP-aGLBP virtual gateway address as router interfaces. Which is better, having layers two or three in access? The optimal traditional layer two access design has much longer convergence times than layer three accessing.

Although the subsequent recovery times for the traditional layer-two access design are well within the bounds of tolerance for mobile prize networks, the ability to reduce convergence times to a sub-200 ms range is a significant advantage. Layer 3, routed access design If you currently have an access layer design, one drawback of moving to a routed accent is that changes are needed.

Your access layer switches might not have layer three functionalities that you need, for example, dynamic routing protocol support, so moving to a routed access layer design will bring cost considerations. But with each new generation of access layer switches, you will find more layer 3 support for hybrid access. You might end up choosing a layer-three design but also need to support legacy systems that require a contiguous layer-two network. Examples include traditional security devices and sensors. In Ace, you could provide a mix of layer two and layer three in the access layer, layer two where required, and layer three web where possible. Need to compromise?

A hybrid model is also possible but not recommended. In the example VLAN, layer two and layer three are terminated on spective. Access Switch Eight is the VLA, and you need to support Lebanon devices in your network that are a contiguous layer two. Domain eight is carried through trunklinks between the axe and distribution switches. Alan's 200 and 201 are two examples of point-to-point links that enable IPK connectivity between axe distribution switches. Each access layer switch will need two of these links to connect to both distribution switches. A downside of this topology is that you have obviously brought back what you tried to avoid in the first place. In practice, STP with a routed access layer is not always an option.

4. Common Access-Distribution Interconnection Designs

What design options are available? a solution for all networks. Each design option has its benefits and drawbacks; therefore, common access, distribution, and interconnection design options exist. Layer-two loop design uses layer-two switching at the layer and on the distribution switch interconnect.

This introduces a layer-two loop between distribution switches and access spanning tree blocks. One of the access switch-to-distribution switch uplinks whose reconvergence time is determined by the Stpn and FHRP convergence times. Layer 2 loop predesign uses layer 2 hedging at the access layer and layer 3 on the distribution switch interconnect.

There are no layer-two loops between the access switch and the distribution switches. Both uplinks from the access layer switch are forwarded. Reconvergence time is thus effectively removed from the access distribution blocked on access switch ports that connect to end devices to protect against enduser-created loops if one of the hills depends on the FHRP convergence time results and spanning tree recognising an etal link as a single logical link spanning tree is thus effectively removed from the access distribution If one of the links switching between access and distribution fails, traffic forwarding will continue without the need for reconversion. Layer 3 routing is used on the access switches and the distribution switch intake connect in a design. There are no loops between CS switches and distribution layer switches.

The need for STP was eliminated except for connections from the access layer switch to end devices to protect against end-user wiring errors. If one of the uplies fails, the reconvergence time is solely determined by routing protocol convergence times and load balancing between access and distribute switches. Layer-two loop design has only one link active per VLA and on a given access layer switch. As a result, the load bag is limited. Elections for spanning tree route bridges can be used to balance traffic on VLAN by VLA and bases. AOK Free design relies on FHRP for load balancing. The result is similar to that of a layer-two-loop design. For load balancing, the VSS design employs MacHashtag algorithms. Layer-three routed design relies on routing for loads. As long as links between access and distribution layer switches are equal in cost, all routing protocols will balance.

You should avoid non-qualifying links in their situation. However, if that is not possible, EIGRP is the only solution that can load balance across unequal-cost links. Extend VLA and across multiple access switches—which switch design supports extending VLA and across multiple access switches? The only two designs out of the four that support extending VLA and multiple access layer switches are the layer-two loop design and the VSS design. The layer-two loop and layer-three routed design models can be modified to support stretching the VLAN across access switches. However, switching VLA ends across Access is not recommended. The scalable redundant three-tier design for small and medium-sized campuses does not imply that all networks will follow this design. Usually, a three-tier design is not a financially feasible solution. A small campus or large branch network might have fewer than 200 N devices.

The network servers and workstations might be connected to the same wire. Enclosed switches and small network designs might not require high-end switching performance or much scaling capability. Often, the campus scoring distribution layers can be combined into a single layer. A low-cost multilayer switch provides routing services closer to the end user. When multiple VLANs exist for a very small office, one low-end multilayer switch can support the LAN wires for the entire office. A medium-sized campus usually has between 10 and 20 N devices. Network infrastructure typically consists of building access-layer switches with appliances attached to building distribution-layer switches that can support the performance requirements of a medium-sized campus network. If redundancy is required, redundant multilayer switches can attach to the building access switches.

Prepaway's 300-420: Designing Cisco Enterprise Networks (ENSLD) video training course for passing certification exams is the only solution which you need.