Information Technology Reference
In-Depth Information
Access Layer Best Practices
When designing the building access layer, you must consider the number of users or ports
required to size up the LAN switch. Connectivity speed for each host should also be con-
sidered. Hosts might be connected using various technologies such as Fast Ethernet, Giga-
bit Ethernet, or port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should
be considered.
The following are recommended best practices for the building access layer:
Limit VLANs to a single closet when possible to provide the most deterministic and
highly available topology.
■
Use Rapid Per-VLAN Spanning Tree Plus (RPVST+) if STP is required. It provides the
faster convergence than traditional 802.1d default timers.
■
Set trunks to ON and ON with no-negotiate.
■
Manually prune unused VLANs to avoid broadcast propagation (commonly done on
the distribution switch).
■
Use VLAN Trunking Protocol (VTP) Transparent mode, because there is little need
for a common VL AN databas e in hierarchic al net work s.
■
Disable trunking on host ports, because it is not necessary. Doing so provides more
security and speeds up PortFast.
■
Consider implementing routing in the access layer to provide fast convergence and
Layer 3 load balancing.
■
Use the
switchport host
commands on server and end-user ports to enable PortFast
and disable channeling on these ports.
■
Use Cisco STP Toolkit, which provides
■
PortFast:
Bypass listening-learning phase for access ports
■
Loop Guard:
Prevents alternate or root port from becoming designated in
absence of bridge protocol data units (BPDU)
■
Root Guard:
Prevents external switches from becoming root
■
BPDU Guard:
Disables PortFast-enabled port if a BPDU is received
■
Distribution Layer Best Practices
As shown in Figure 3-6, the distribution layer aggregates all closet switches and connects
to the core layer. Design considerations for the distribution layer include providing wire-
speed performance on all ports, link redundancy, and infrastructure services.
The distribution layer should not be limited on performance. Links to the core must be
