cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3768
Views
0
Helpful
3
Replies

End-to-End & Local Vlans

vincent.rs
Level 1
Level 1

Hello, Guys..

Can someone explain me the difference between End-to-end Vlans and Local Vlans.

I have read a previous post but i'm not getting it.

Is it something to do about vlans being assigned statically or dynamically???

And also can u tell me about 80/20 and 20/80 rule?

2 Accepted Solutions

Accepted Solutions

Edwin Summers
Level 3
Level 3

A network that uses "end-to-end" VLANs spans the VLANs across the network using trunks.  One example frequenly cited would be to split users by function (engineering, finance, HR, etc.).  In this case, "engineering" terminals would reside in the same VLAN regardless of the access swich to which they connect.  So if "engineering VLAN" were number 20, VLAN 20 would be trunked across access switches.

Local VLANs are local to the access switch.  In this case, the ports coming into the access switch are assigned to VLANs simply to keep the number of devices per VLAN to a feasible number.  The VLANs may be trunked to the distribution layer for routing, or routing may occur in the access layer.  Either way, the VLANs do  not span "end-to-end" across the network.

Does that help?

Ed

Edit:

There is some good discussion and even a couple of diagrams in a previous post:

https://supportforums.cisco.com/thread/151427

View solution in original post

Andrew Cink
Level 1
Level 1

There is the 80/20 rule and the 20/80 rule. Basically, back in the day, the thinking was 80% of the traffic should be local and 20% of the traffic should go remote. So for example, most of the traffic would be between computers on the same vlan/subnet, and only 20% of the traffic would go to other subnets, like the server farm or internet.

These days the rule is the 20/80 rule, which is basically the opposite. Now only 20% of the traffic stays local to the subnet your host is on, and 80% of the traffic is destined to other networks. So for example, with cloud computing and so forth, most likely your computer does not do much talking to other workstations on the same subnet. Most likely it is connecting to other locations, like websites on the internet, cloud hosted applications and so forth.

Ultimately a vlan is only locally significant (to a switch) but you can trunk it to other switches. The way the networking world is going, basically you do not want to trunk vlans unless it is really necessary, especially between the distribution and core layers. The reason being, if there is an attack or virus outbreak on an access vlan, you do NOT want that issue to spread to the rest of the enterprise through your core and distribution networks.

By isolating the access vlans locally, you comparmentalize any network problems so it doesn't spread.

Hope this helps!

Andy

View solution in original post

3 Replies 3

Edwin Summers
Level 3
Level 3

A network that uses "end-to-end" VLANs spans the VLANs across the network using trunks.  One example frequenly cited would be to split users by function (engineering, finance, HR, etc.).  In this case, "engineering" terminals would reside in the same VLAN regardless of the access swich to which they connect.  So if "engineering VLAN" were number 20, VLAN 20 would be trunked across access switches.

Local VLANs are local to the access switch.  In this case, the ports coming into the access switch are assigned to VLANs simply to keep the number of devices per VLAN to a feasible number.  The VLANs may be trunked to the distribution layer for routing, or routing may occur in the access layer.  Either way, the VLANs do  not span "end-to-end" across the network.

Does that help?

Ed

Edit:

There is some good discussion and even a couple of diagrams in a previous post:

https://supportforums.cisco.com/thread/151427

Andrew Cink
Level 1
Level 1

There is the 80/20 rule and the 20/80 rule. Basically, back in the day, the thinking was 80% of the traffic should be local and 20% of the traffic should go remote. So for example, most of the traffic would be between computers on the same vlan/subnet, and only 20% of the traffic would go to other subnets, like the server farm or internet.

These days the rule is the 20/80 rule, which is basically the opposite. Now only 20% of the traffic stays local to the subnet your host is on, and 80% of the traffic is destined to other networks. So for example, with cloud computing and so forth, most likely your computer does not do much talking to other workstations on the same subnet. Most likely it is connecting to other locations, like websites on the internet, cloud hosted applications and so forth.

Ultimately a vlan is only locally significant (to a switch) but you can trunk it to other switches. The way the networking world is going, basically you do not want to trunk vlans unless it is really necessary, especially between the distribution and core layers. The reason being, if there is an attack or virus outbreak on an access vlan, you do NOT want that issue to spread to the rest of the enterprise through your core and distribution networks.

By isolating the access vlans locally, you comparmentalize any network problems so it doesn't spread.

Hope this helps!

Andy

vincent.rs
Level 1
Level 1

Hey Thanks Edwin and Andrew. I get it now completely