Cisco Campus Network Design Basics

In this lesson we’ll take a look at some of the basics of Cisco Campus network design.

What is a “campus” network anyway?

A campus network is an enterprise network (hundreds or thousands of users) where we have one or more LANs in one or multiple buildings. Everything is geographically close to each other so we typically use Ethernet (and Wireless) for connectivity. Typically the company owns everything on the campus…hardware, cabling, etc.

To support this many users we require a lot of switchports which means a lot of switches. We need a physical design to connect these switches to each other and also a good logical design to make it work.

Let’s take a look at some networks to see how they “grow” and some design issues that we will face. Let’s start with a simple example:

Computers connected to hubBack in the old days we used to have hubs so we had half-duplex networks. When one host would transmit something, the others had to wait. When two hosts would send at the same time we’d get a collision and we used the CSMA/CD algorithm to deal with these collisions. Everything that is connected to the hub is a single collision domain. Also, whenever a host sends a broadcast everyone will receive it. There’s only one broadcast domain.

In this example there are only 5 hosts so it’s no problem but when you have hundreds of hosts the collisions and broadcasts will have a serious impact on the available bandwidth. To reduce the size of the collision domain we started using bridges and then switches. The broadcast domains can be reduced by using VLANs. Here’s an example:

computers vlan 10 20 switch
Now we have a single switch and some hosts that are in different VLANs. Each port on the switch is a collision domain and each VLAN is a separate broadcast domain. If we use a multilayer switch, the VLANs will be able to communicate with each other.

Once this network grows we might not have enough switchports anymore on a single switch. You could add a second switch and connect it to the first one but what if we add a third of fourth switch? How are we going to connect them to each other?

If you don’t think about your design beforehand, you might end up with something like this:

Bad switch network design

Switches, hosts, cables and VLANs everywhere. Before we know it, the network is one big spaghetti.

We need a network that is easy to maintain, offers high availability, scalability and is able to quickly respond to changes in the topology. To achieve all of this, Cisco has a hierarchical approach to network design where we have multiple layers in the network. Here’s an example:

hierarchical switch network design

In this design we have an access layer and distribution layer. The access layer is close to the end users, these are switches that we use to connect computers, laptops, access points and more. The distribution layer is used to aggregate all the different access layer switches.

The advantage of this hierarchical network design is that it’s scalable. When the campus grows and we get more users, building and floors then we can add multiple distribution layers. When this happens, we’ll add another layer:

Core Distribution Access Layers

The core layer aggregates all the different distribution layer switches. This design also makes our traffic paths predictable and easy to visualize. Basically there are three different traffic flows:

Traffic on Access Layer

All traffic starts at the access layer and if needed it will move up the distribution and core layer. In this example the traffic is local; it doesn’t leave the access layer switch. This could be traffic between two hosts within the same VLAN. Here’s another example:

Traffic access distribution layer

Traffic between hosts that are on different access layer switches has to cross the distribution layer switch. Finally, sometimes we have to cross the core layer:

Traffic Access Distribution Core Layer

Each of the layers has a different function and requirements. Let’s discuss each layer:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

536 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Michael,

    Glad to hear you like it :slight_smile: Security will depend on which access layer we are dealing with. For example, we could have a “switch block” with a distribution + access layer that is only used for end devices like computers / laptops. You probably don’t want to use any firewalls there…not because there are no risks but it will be very expensive.

    You can configure your switches for some of the security risks on the access layer here:

    - Port Security: against MAC spoofing / setting a limit to number of MAC addresses per port.
    - DHCP Snooping: so nobody can

    ... Continue reading in our forum

  2. Hello Brian

    It really sounds like you’re a hard core networking guy. That’s great! You know, I’d say that Cisco engineers in general share a unique camaraderie that’s unlike anything else. Others can’t understand why we like networking so much! It’s just cool! I understand you completely.

    As for the opposition you face when suggesting best practices in networking, it’s usually the case where you’d have the administration opposing changes “since everything already seems to work.” It’s when things fail because of lack of redundancy, or voice and data on the

    ... Continue reading in our forum

  3. Hi Sriguruprassad,

    Let’s look at just one example why you might want to use L2 between the distribution layer switches. Consider this design:

    In this design, we have VLAN 10 on both access layer switches. All links on the distribution and access layer are layer two links.

    Think for a minute about spanning-tree…let’s say that the left distribution switch is the root bridge. What will be the root port on all of our switches? Something like this:


    ... Continue reading in our forum

  4. I believe he is talking about this chart.


    There are layer 3 switches in the chart but this is because those are the “lower end models” that Cisco has to offer. They can run as layer 2 switches and not utilize the layer 3 functionality. As switches have gotten more powerful layer 3 functionality has been easier to put into a switch. A big consideration of what switches you might use in a network is the size of said network. A tiny network might only need 296

    ... Continue reading in our forum

  5. Hello AZM

    I order to achieve such redundancy, you will need to use BGP in a dual or multi-homed configuration. Specifically, this means that the IP addresses of your web servers must be advertised via all three ISP connections, with varying attributes to indicate which is the primary, secondary, and so on, route to get to your servers.

    Now there are several “administrative” issues involved here. If your public IP addresses are provided by your ISP, and you have different ISPs at each site, you may not be able to route IP addresses of one ISP via another ISP.

    ... Continue reading in our forum

89 more replies! Ask a question or join the discussion by visiting our Community Forum