Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
4
Replies

Cisco CVD/best practices for branch office design

Charlie Jones
Level 1
Level 1

‎06-22-2022 09:09 AM

We are going to be replacing the switches at multiple offices this year, and wanted to see if there are any best practices for branch office designs.

 

Today, we have a two-tier topology at every office with a pair of 3850's acting as the cores.  We then have two trunks connecting to each access layer stack from the cores.   

 

In the new design, we will have a pair of 9500's using virtual stackwise and stacked 9300's at the access layer.  Between the cores and the access layer, we will be using port-channels for connectivity.  These are some of the topics I am unsure about:

 

VTP - Is this even needed any longer?  I went through the forums and this has been a mixed topic.  Some posts suggest not to use it, and some suggest to keep it in transparent mode on every switch.  My thought is to eliminate since we rarely need to add a VLAN to the access layer.  

 

Trunk configurations - Today, we have a mix of configurations.  At some branches, we alllow all VLAN's between the core and access layer.   At others we restrict the allowed VLAN's between the two tiers.

 

The last concern I have is to know if there are any considerations to be made if we decide to migrate to SD-Access at a later date?  Is there anything I should be thinking about now to assist in that transition?

 

Thanks everyone,

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎06-22-2022 09:29 AM

 

     - FYI : https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Branch/BRBranch/BRBranch/BRB_CH1.html

  Now of course this is a very broad topic ,  in todays world as we say networks have become application-oriented , now I don't want to sound as i-am-here-guy , but meaning if you talk for instance about vlan-design, often we take into accounts apps that need security or specific requirements for certain Intranets, in that context there is no unique answer.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-22-2022 09:31 AM

You going right Direction Cat 9500 are Core and Access Layer is 9300

 

VTP - Is this even needed any longer?  I went through the forums and this has been a mixed topic.  Some posts suggest not to use it, and some suggest to keep it in transparent mode on every switch.  My thought is to eliminate since we rarely need to add a VLAN to the access layer.

personally i do not like VTP here, since technology moving to different level, so i will remove VTP to Transparent.

 

Trunk configurations - Today, we have a mix of configurations.  At some branches, we alllow all VLAN's between the core and access layer.   At others we restrict the allowed VLAN's between the two tiers.

you can consider still this using multi-home Etherchannel between Cat 9500 and Cat 9300

 

 

he last concern I have is to know if there are any considerations to be made if we decide to migrate to SD-Access at a later date?  Is there anything I should be thinking about now to assist in that transition?

Cat 9K platform ready to move to SD-Access, for now Cisco offer some DNAC free appliance, if you like to take advantage you can do

 

https://www.cisco.com/c/en_hk/solutions/enterprise-networks/promotions-free-trials/save-25-percent-cisco.html?oid=poden018388

 

 

check the CVD :

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎06-22-2022 12:19 PM

re: VTP

Personally, I like it, but careless usage of versions 1 or 2 can certainly muck up your network.  (BTW, version 3, which isn't often used, generally avoids the "pitfalls" of versions 1 and 2).

That said, unless you're dealing with a broad spread of VLANs, across multiple devices, VTP isn't much needed.  Your new design, using "stacked" switches should eliminate "broad spread", further, often good design limits VLANs to just one L2 edge device and it's upstream L3 device (assuming you're not doing L3 at the edge).

If you're not going to use VTP (which, again, is probably just fine for you), rather than using "transparent" mode, I suggest using the "off" mode.

re: trunk configuration

Again, using "stacked" switches (core and edge), and assuming edge is only L2, good design, I suggest, is VLANs are unique to one edge device and its support, upstream, L3 device, so trunks can exclude VLANs not on edge.

e.g.

(stacked) core VLANs (data) 101, 201, 301, etc., (VoIP) 102, 202, 203, etc., etc.

(trunk VLANs 101, 102) (stacked) edge 1

(trunk VLANs 201, 202) (stacked) edge 2

(trunk VLANs 301, 302) (stacked) edge 3

re: SD-Access

Sorry, cannot comment, not current on that technology.

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-22-2022 06:58 PM

@Charlie Jones wrote:

we will have a pair of 9500's using virtual stackwise 

Why?  What is the purpose of using 9500?  How many 25-, 40- or 100 Gbps links. 
(NOTE:  I am not asking about 1-, 10 Gbps for a reason).

@Charlie Jones wrote:

VTP - Is this even needed any longer?  

All of our switches have "vtp mode off".  

@Charlie Jones wrote:

The last concern I have is to know if there are any considerations to be made if we decide to migrate to SD-Access at a later date?  Is there anything I should be thinking about now to assist in that transition?

One word:  AFFORDABILITY

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card