Hi Guys,

I am working on converged network project for large campus network.

I hope to get some advice from gurus out there.

This is the general setup of their network at the moment;

Core - 2x Nexus 7k

Distribution - Catalyst 4500X

Access - Catalyst 3650

We have 2x 10g fiber links going from each layer.

EIGRP / L3 routing from the core all the way to the access switch.

The access switch will then has its respective SVI and tied to physical port.

In my opinion, the routing seems to be perfect to be good.

L3 is pushed down to access layers which means we are using the full potential of all our links (EIGRP load balancing). As opposed to STP, which will put our redundant links in blocked state.

Anyway, the goal is to decommission few old legacy network and move it onto this new network.

There is legacy network for corporate, CCTV, and few others.

The question here is I want to segment the network to different areas.

eg. CCTV needs to be isolated from the rest of the network.

The best strategy I can come up with is to run BGP/MPLS and create separate routing instances for each network spanned over to distribution/access switches. Essentially, we are acting like a Service Provider. This way, I can effectively and easily isolate networks and even merge certain routes using VRF route targets.

The problem is the distribution/access switches don't support MPLS. :-(

Anyone have any good ideas to best way to segment campus network???

Or, am I stuck with just creating tons of access list across the network.

Thanksss!