Explanation/Reference:
Section: Enterprise Network Design Explanation
Explanation:
When Virtual Switching System (VSS) is implemented on a distribution layer switch pair in a campus network, it eliminates the need to use a First Hop Redundancy Protocol (FHRP) for convergence and Loop Guard should be disabled throughout the VSS-enabled network. VSS is a Cisco device virtualization feature that can enable a pair of switches to function as a single logical switch. The switch pair is connected by an EtherChannel bundle known as a Virtual Switch Link (VSL). The trunk links in a VSL bundle should be configured as auto-desirable or desirable-desirable in order to ensure a consistent trunk state across the link.
With VSS, access layer devices can connect to the switch pair using several active, physical uplinks that are bundled together into a single logical link using Multi-chassis EtherChannel (MEC). Because all of the links in the bundle to the distribution switch pair are active, each access layer device is reduced to having a single logical link to the virtual distribution layer switch, therefore, Spanning Tree Protocol (STP) is no longer required to prevent loops. In addition, since there is only a single logical link to the virtual distribution layer switch, the access layer device can load balance traffic across all of its active links and the device does not need to rely on an FHRP for convergence if a link in the MEC bundle fails.
Cisco recommends disabling the Loop Guard feature in a VSS-enabled campus network to mitigate the possibility that active links in an EtherChannel bundle are incorrectly placed into a root-inconsistent state.
In addition, Cisco recommends configuring MEC trunk links as auto-desirable or desirable-desirable to mitigate the potential for configuration errors that might occur during cycles of change management.
In a Layer 2 switched hierarchical design, only the access layer of the enterprise campus module uses Layer 2 switching exclusively. The access layer of the enterprise campus module provides end users with physical access to the network. In addition to using VSS in place of FHRPs for redundancy, a Layer 2 switching design requires that inter-VLAN traffic be routed in the distribution layer of the hierarchy. Also, STP in the access layer will prevent more than one connection between an access layer switch and the distribution layer from becoming active at a given time.
In a Layer 3 switching design, the distribution and campus core layers of the enterprise campus module use Layer 3 switching exclusively. Thus a Layer 3 switching design relies on FHRPs for high availability. In addition, a Layer 3 switching design typically uses route filtering on links that face the access layer of the design.
Because access layer devices provide hosts and other devices with access to the network, the access layer is the ideal place to perform user authentication and to institute port security. High availability, broadcast suppression, and rate limiting are also characteristics of access layer devices.
Aggressive mode UniDirectional Link Detection (UDLD) should not be used to monitor MEC link integrity.
Aggressive mode UDLD can cause false positives when CPU utilization is particularly high or while a line card is initializing. These false positives could place MEC links into an error-disabled state, disrupting the link on both switches. Cisco recommends using normal mode UDLD to monitor MEC links because its default timer values are much less likely to produce false positives when checking link viability.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 3, Distribution Layer Best Practices, pp. 97-99 Cisco: Campus 3.0 Virtual Switching System Design Guide: VSS Enabled Campus Design