VLAN Design for Campus Networks: From Access to Core
A good VLAN design scales cleanly, keeps STP domains small, and makes troubleshooting obvious. Here is how to plan VLANs for a multi-building campus network.
Go Deeper on Enterprise Networking
In-depth tutorials on OSPF, BGP, 802.1X, and more- for engineers who want to understand the why, not just the how.
OSPF
Open Shortest Path First tutorials covering LSA types, area design, neighbor states, route summarization, authentication, and OSPF tuning for enterprise and service provider networks.
31 posts
BGP
Border Gateway Protocol tutorials covering eBGP, iBGP, path selection, route filtering, communities, and BGP design for enterprise and service provider networks.
30 posts
802.1x
802.1X port-based network access control tutorials covering EAP methods, RADIUS integration, MAB, dynamic VLAN assignment, and Cisco ISE deployment for wired and wireless environments.
30 posts
Latest posts
VLAN Security Hardening: Protecting Your Layer 2 Network
VLANs provide segmentation, not security. Without explicit hardening — disabling DTP, fixing the native VLAN, enabling DHCP snooping and DAI — your Layer 2 network is wide open to attack.
Troubleshooting Inter-VLAN Routing: SVIs, Router-on-a-Stick, and ARP Issues
Inter-VLAN routing failures are usually caused by SVIs in down state, missing routes, DHCP misconfiguration, or ARP timeouts. Learn to diagnose and fix them systematically.
Troubleshooting VLAN and Trunk Problems on Cisco Switches
Most VLAN outages stem from ports in the wrong VLAN, trunks not allowing required VLAN, or native VLAN mismatches. Here's how to diagnose and fix them systematically.
Private VLANs on Cisco Catalyst Switches: Isolated and Community Ports
Private VLANs let you enforce micro-segmentation within a single VLAN—isolating hosts completely or grouping them into communities while keeping them behind a single gateway IP.
Configuring Voice VLANs on Cisco Switches for IP Phones
Voice VLANs let a single access port carry both data traffic from a PC and voice traffic from an IP phone — each in its own VLAN with its own QoS treatment.
Inter-VLAN Routing on a Layer 3 Switch: SVI-Based Routing on Catalyst 9000
Layer 3 switches route between VLANs in hardware at wire speed — no external router bottleneck. Here is how to configure SVI-based inter-VLAN routing on a Catalyst 9300.
Inter-VLAN Routing with Router-on-a-Stick on Cisco IOS XE
When you don't have a Layer 3 switch, router-on-a-stick provides inter-VLAN routing via a single physical link split into subinterfaces. Learn when this design is appropriate, how to configure subinterfaces, and why it's a bandwidth bottleneck.
DTP (Dynamic Trunking Protocol): How It Works and Why You Should Disable It
DTP lets switches negotiate trunk formation automatically—but this convenience comes with security risks that make disabling it a best practice in production networks.
VLAN Access Ports and Switchport Modes: Access, Trunk, and Dynamic
Learn the differences between access mode, trunk mode, and dynamic trunking protocol negotiation on Cisco Catalyst switches, and why static configuration is the production standard.
How VLANs Work: Tagging, Broadcast Domains, and Frame Forwarding
VLANs are more than a configuration checkbox — they change how every frame is tagged, forwarded, and filtered inside the switch. Here's the mechanics.
What Is a VLAN? Virtual LANs Explained for Network Engineers
VLANs let you carve one physical switch into multiple isolated broadcast domains — without buying more hardware. Here's how they work and why every network uses them.