VLAN Design

End-to-End VLAN

In this model, VLANs are trunked across the entire organization, campus, or building – regardless of where end hosts are physically located. The VLANs are strictly based on function with little or no regard for where they may be at any given time. That means all switches contain all VLANs. Obviously this becomes difficult to maintain at scale, which is why VTP is often used in conjunction with the end-to-end VLAN model. Simply add or modify a VLAN on a VTP server switch and the changes are automatically propagated. Of course VTP adds more risk to the mix, but that’s another topic

Perhaps the biggest benefit to an end-to-end architecture is that any user can get access to their resources from any switch. If a VMPS server is deployed, a user can plug into any switch port and will automatically be assigned to their correct “home” VLAN. Sounds good right?

Drawbacks

There are some serious drawbacks though. First, end-to-end VLANs are very difficult to maintain across large networks. If you are not running VTP server or client mode on all of your switches, then every switch must be configured with the correct VLAN assignments manually. And what happens when it comes time to troubleshoot an issue when you have hundreds of switches. Managing this type of environment is difficult, but just as concerning is the performance trade-off. If every VLAN is stretched across every switch, that means they must also cross the distribution and core of your network. All of the broadcast traffic on all VLANs then must also traverse the core, which can lead to serious performance problems. The main reason I see end-to-end VLANs still used in some organizations is for application requirements. Some apps require all hosts to be on the same segment – regardless of physical location. If this is the case, some VLANs may have to be stretched in an end-to-end fashion

Local VLAN

The local VLAN model is more based around geographical proximity than it is around universal accessibility. In this approach, VLANs are local to a block of switches and never extend all of the way to the core. Instead, they rely on a hierarchical switch structure to terminate the layer two boundaries. For example, you may have VLAN 100 used for “first floor workstation connectivity”. There may be more than one switch that supports the first floor, but they will all be somewhat close. More importantly, all of them will connect to the same pair of distribution layer switches which will act as the default gateway for the local VLAN segments. From there packets are routed to the core using layer three protocols, not layer two VLANs. Therefore, switching of local VLANs happens at the access layer and routing at the distribution and core layer.

Benefits

A local VLAN configuration means simplified VLAN troubleshooting and fewer spanning tree design considerations. Performance is also improved with SVIs on the distribution switches – creating smaller broadcast domains.