SkarpSkarp

Chapter 6 of 27

Campus Topologies and Switching Basics

See how two-tier, three-tier, and spine-leaf designs shape modern campus networks and where Layer 2 switching fits into the bigger picture.

27 min readen

Big Picture: Where Campus Switching Fits

Campus Networks in Context

A campus network is the local network for a site like a university, office building, or factory. It connects user devices to switches, routers, the WAN, and the internet.

From IP to Frames

Routers use IP addresses at the Network layer, while switches use MAC addresses at the Data Link layer. Ethernet frames carry IP packets across the campus.

Why This Matters for CCNA

The CCNA expects you to recognize campus topologies, understand basic switch behavior, and perform initial switch configuration in Cisco IOS.

Common Campus Topologies: Two-Tier, Three-Tier, Spine-Leaf

Two-Tier (Collapsed Core)

Two-tier has access switches for users and a distribution/core pair that aggregates them and does routing. It is common in small to medium campuses.

Three-Tier Design

Three-tier adds a separate core layer. Access connects to distribution, distribution connects to core, and core provides a fast campus backbone.

Spine-Leaf Fabric

In spine-leaf, every leaf switch connects to every spine switch. Leaves connect to users or servers, and spines form a fast, predictable core.

WAN, SOHO, On-Prem, and Cloud in the Topology Picture

WAN in the Picture

A WAN connects distant sites like HQ, branches, and data centers. It typically attaches to the campus at a router or firewall at the network edge.

SOHO and Remote Work

SOHO networks are small setups, often a single wireless router doing switching, routing, NAT, and DHCP for remote or small offices.

On-Prem vs Cloud-Connected

On-prem gear lives in your building; cloud-connected designs send campus traffic through a WAN edge to public cloud services.

Layer 2 Switching Fundamentals and CAM Tables

What a Switch Does

A switch is a multi-port Layer 2 device that forwards Ethernet frames based on MAC addresses, creating separate collision domains per port.

CAM (MAC Address) Table

The CAM table stores mappings of MAC address, VLAN, and outgoing port. It is used to decide where to send frames.

Learning and Aging

When a frame arrives, the switch learns the source MAC on that port. Entries age out after a timeout to keep the table accurate.

Forwarding vs Flooding: How Switches Treat Frames

Forwarding Known Unicasts

If the destination MAC is in the CAM table, the switch forwards the frame only out that specific port in the same VLAN.

Why Switches Flood

Unknown unicast and broadcast frames are flooded out all ports in the same VLAN except the incoming port, so the destination can be reached.

When Frames Are Dropped

Frames may be filtered if they would go back out the incoming port or if security features like port security or ACLs block them.

Walkthrough: CAM Learning and Flooding on a Small Switch

Initial Broadcast from PC1

PC1 sends an ARP broadcast. The switch learns PC1’s MAC on F0/1 and floods the broadcast out all other VLAN 10 ports.

ARP Reply from PC2

PC2 replies unicast. The switch learns PC2’s MAC on F0/2 and forwards the frame only to F0/1 where PC1 lives.

After Learning Completes

With both MACs in the CAM table, future unicast traffic between PC1 and PC2 is forwarded directly, without flooding.

Basic Cisco Switch Setup: Access, Console, and Management IP

Accessing the Switch CLI

Connect via console, enter user EXEC mode, then use `enable` and `configure terminal` to reach global configuration mode.

Identity and Security

Set a hostname, configure console and VTY passwords, and protect privileged access with an enable secret password.

Management IP and Default Gateway

Create an SVI with an IP address and configure a default gateway so you can manage the switch from remote networks.

Hands-On: Initial Switch Configuration and Verification

Use this configuration as a template for a lab switch. Adjust IPs and VLANs to match your topology.

Quiz: Topologies and Switch Behavior

Answer this question to check your understanding of campus designs and switching behavior.

A user PC on an access switch sends a frame to a destination MAC address that is not yet in the switch's CAM table. All ports are in VLAN 20. What does the switch do with this frame?

  1. Drops the frame and sends an ICMP error back to the source
  2. Floods the frame out all ports in VLAN 20 except the incoming port
  3. Sends the frame only to the uplink port toward the distribution switch
  4. Broadcasts the frame out every port on the switch, regardless of VLAN
Show Answer

Answer: B) Floods the frame out all ports in VLAN 20 except the incoming port

When a switch receives a frame with an unknown unicast destination MAC, it floods the frame out all ports in the same VLAN except the incoming port. It does not send ICMP errors, and flooding is limited by VLAN boundaries.

Quiz: Basic Switch Configuration

Test your understanding of initial Cisco switch setup.

You configure an SVI on a Cisco switch with IP 10.0.5.2/24 in VLAN 5. You can ping it from a PC in VLAN 5 on the same switch, but not from a remote subnet. Which additional configuration is MOST important so the switch can be managed from remote networks?

  1. Configure `ip default-gateway` with the router's IP in VLAN 5
  2. Enable routing on the switch with `ip routing`
  3. Configure a static route on the PC pointing to the switch
  4. Change the SVI IP address to use the router's IP
Show Answer

Answer: A) Configure `ip default-gateway` with the router's IP in VLAN 5

For a Layer 2 switch, you must set an `ip default-gateway` so the switch's management IP can send replies to remote subnets via the router. Enabling `ip routing` is for multilayer switches and is not required for basic management reachability.

Thought Exercise: Map Devices to a Campus Topology

Imagine a mid‑size university campus:

  • Three classroom buildings
  • One data center building
  • About 1,000 wired users and many wireless clients
  • Internet and WAN connections to a remote learning site and to cloud services

Mentally design a simple topology and answer these questions (you can jot notes on paper):

  1. Which campus architecture would you choose and why?
  • Two‑tier, three‑tier, or spine‑leaf?
  • Consider scalability and redundancy.
  1. Where would you place these devices?
  • Access switches for classrooms and offices
  • Distribution switches
  • Core switches (if any)
  • Routers or firewalls connecting to the WAN/internet
  1. How does switching behavior matter?
  • In which parts of your design do switches mainly forward frames within a single VLAN and building?
  • Where do routers or multilayer switches route between VLANs and out to the WAN?
  1. Cloud and SOHO integration
  • Some professors work from home over VPN from SOHO routers. Where in your design does their traffic enter the campus?
  • How does this relate back to your WAN edge and campus core?

After sketching, compare your mental design to the patterns in this module. Could you explain your choices to a non‑technical manager in 2–3 sentences?

Key Term Review: Switching and Topologies

Flip these cards mentally or out loud. Try to recall the definition before reading the back.

Two-tier (collapsed core) campus design
A campus architecture with access switches connected directly to a pair of distribution/core switches that provide aggregation and routing, suitable for small to medium sites.
Three-tier campus design
A scalable architecture with distinct access, distribution, and core layers, where access connects to distribution, distribution enforces policies and routing, and core provides a fast backbone.
Spine-leaf architecture
A fabric design where every leaf switch connects to every spine switch, providing predictable latency and high bandwidth; common in data centers and large campus cores.
CAM (MAC address) table
A hardware-based table on a switch that stores MAC address, VLAN, and port mappings, used to decide which port to use when forwarding Ethernet frames.
Forwarding vs flooding
Forwarding sends frames with known unicast destination MACs out a single port; flooding sends unknown unicast, broadcast, or some multicast frames out all ports in the same VLAN except the incoming port.
SOHO network
A Small Office/Home Office network, often built around a single wireless router that performs switching, routing, NAT, and DHCP for a small number of devices.
Management SVI on a switch
A switched virtual interface (for example, interface vlan 10) with an IP address used to manage the switch itself via ping, SSH, or telnet.
ip default-gateway on a Layer 2 switch
The command that sets the next-hop IP address a Layer 2 switch uses to reach remote networks for its own management traffic.

Key Terms

SVI
Switched Virtual Interface; a virtual Layer 3 interface on a switch, usually tied to a VLAN, used for management or inter-VLAN routing on multilayer switches.
WAN
A Wide Area Network that connects geographically separated sites, such as branches, data centers, and cloud on-ramps.
SOHO
Small Office/Home Office; a small-scale network typically using a single wireless router for switching, routing, NAT, and DHCP.
Flooding
The action a switch takes for unknown unicast, broadcast, or some multicast frames, sending them out all ports in the same VLAN except the incoming port.
CAM table
A hardware-based table on a switch that stores MAC address, VLAN, and port mappings, used to decide which port to use when forwarding Ethernet frames.
Forwarding
The action a switch takes when it has a CAM table entry for the destination MAC, sending the frame out a specific port.
Spine-leaf
A fabric design where every leaf switch connects to every spine switch, providing predictable latency and high bandwidth; common in data centers and large campus cores.
Three-tier
A campus architecture with separate access, distribution, and core layers to improve scalability and performance in large environments.
Two-tier (collapsed core)
A campus architecture with access switches connected directly to a pair of distribution/core switches that provide aggregation and routing for small to medium sites.
Default gateway (device management context)
For a Layer 2 switch, the configured next-hop IP address used by the switch's own management IP to reach remote networks.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself