Utilizing Layer-3 Switches within an Enterprise LAN – Part I

As many small branch office/head office LANs are deployed, IT departments make the decision to build a pure Layer-2 LAN network. This is often done for many reasons such as reducing network complexity, reducing equipment cost, as a result of limited in house skills to deploy Layer-3 devices, etc. This design tends to scale quite nicely until the IT department is faced with certain challenges including, wanting to segment the LAN into various broadcast domains as broadcast traffic has begun to affect network performance, the ability to filter Inter-VLAN traffic without having access to the networks Layer-3 devices and the desire to add and remove new VLANs and facilitate Inter-VLAN routing without the involvement of their ISP (who typically controls the sites CE routers in the majority of MPLS VPN deployments).

In this post I would like to introduce the following scenario and in later posts we can discuss the proposed network design and migration strategy.


  • The ACME Corp Head office in Johannesburg South Africa originally started off as a small 30 host LAN.
  • Over the two years their LAN has grown to well over 400 hosts, including servers, printers, end-user workstations and more.
  • Broadcast Packets, particularly from their server farm have started to affect overall LAN performance.
  • The ACME IT Department require the ability to easily filter Inter-VLAN and Intra-VLAN traffic without involving their ISP.
  • A large Amount of Inter-VLAN traffic is expected.
  • The ACME IT Department require a clear demarcation point between their LAN and their ISP, so that faults can be quickly isolated to either the ISP CE device and/or WAN or the ACME LAN.
  • The ACME IT Department require the ability to migrate hosts to new VLANs within their own timeframe with minimal involvement from their ISP.
  • The site currently has two ISP managed CE devices, a 2801 terminating a 1984k leased line and a Cisco 877 terminating a 4096k ADSL backup link.
  • Any proposed solution should allow for full redundancy between the two WAN links
  • Currently the network is utilizing Cisco 3560 switches used in and Collapsed Core and Cisco 2960 Switches used in the access layer.


In part I of this post we have established the clients requirements, in the next post we will explore the current configuration on the clients equipment and propose a new design and migration strategy….


~ by networkingza on December 20, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: