Design and validate a resilient enterprise-style campus LAN using multilayer switching, inter-VLAN routing with Switch Virtual Interfaces (SVIs), controlled Spanning Tree Protocol (STP), redundant trunk links, and HSRP-based first-hop redundancy.
This project builds on Project 01 by replacing Router-on-a-Stick with multilayer switching and introducing structured Layer 2 and Layer 3 redundancy concepts commonly used in campus networks.
A simplified campus design was implemented using a distribution and access layer model.
-
DSW1 – Multilayer Switch
- Primary STP root for VLAN 10 and VLAN 20
- HSRP active gateway for VLAN 10 and VLAN 20
-
DSW2 – Multilayer Switch
- Primary STP root for VLAN 30
- HSRP active gateway for VLAN 30
- ASW1 – Access Switch
- ASW2 – Access Switch
- VLAN 10 – IT_ADMIN
- VLAN 20 – ENGINEERING
- VLAN 30 – HR
- VLAN 99 – MANAGEMENT
- VLAN 999 – NATIVE_BLACKHOLE
| Project 01 | Project 02 |
|---|---|
| Router-on-a-Stick | Multilayer switching with SVIs |
| Single uplink path | Redundant distribution-layer uplinks |
| Limited redundancy | First-hop and Layer 2 redundancy |
| Default STP behavior | Explicit STP root placement |
| External router for inter-VLAN routing | On-switch hardware-based routing |
flowchart TB
subgraph Distribution
DSW1["DSW1 - Multilayer Switch"]
DSW2["DSW2 - Multilayer Switch"]
end
subgraph Access
ASW1["ASW1 - Access Switch"]
ASW2["ASW2 - Access Switch"]
end
DSW1 <--> DSW2
DSW1 --> ASW1
DSW2 --> ASW1
DSW1 --> ASW2
DSW2 --> ASW2
subgraph VLAN20["VLAN 20 - Engineering"]
PC1["PC1"]
end
subgraph VLAN30["VLAN 30 - HR"]
PC2["PC2"]
end
subgraph VLAN10["VLAN 10 - IT_ADMIN"]
PC3["PC3"]
SRV1["SRV1"]
end
ASW1 --> VLAN20
ASW1 --> VLAN30
ASW2 --> VLAN10
| VLAN | Name | Subnet | Virtual Gateway |
|---|---|---|---|
| 10 | IT_ADMIN | 192.168.10.0/24 | 192.168.10.254 |
| 20 | ENGINEERING | 192.168.20.0/24 | 192.168.20.254 |
| 30 | HR | 192.168.30.0/24 | 192.168.30.254 |
| 99 | MANAGEMENT | 192.168.99.0/24 | 192.168.99.254 |
| 999 | NATIVE_BLACKHOLE | No Hosts | N/A |
Inter-VLAN routing is performed using Switch Virtual Interfaces (SVIs).
ip routingenabled on both distribution switches- SVIs configured for user and management VLANs
- Inter-VLAN routing handled on the multilayer switches
- DSW1 configured as primary STP root for VLAN 10 and VLAN 20
- DSW2 configured as primary STP root for VLAN 30 This was done to:
- create predictable Layer 2 forwarding behavior
- prevent uncontrolled root bridge elections
- align Layer 2 forwarding with gateway design intent
- Distribution switches interconnected with trunk links
- Access switches dual-homed to both distribution switches
- Explicit VLAN allow-list configured on trunks
- Native VLAN set to VLAN 999
- DTP disabled using
switchport nonegotiate
HSRP was configured on the distribution-layer SVIs to provide default-gateway redundancy.
-
DSW1 active
- VLAN 10
- VLAN 20
-
DSW2 active
- VLAN 30
This design provides split default-gateway ownership while preserving first-hop redundancy.
Validation results are documented in the validation/ directory.
The following were verified before failover testing:
- VLAN presence across all switches
- trunk operational state
- STP forwarding/blocking behavior
- HSRP active/standby ownership
- successful host-to-gateway and inter-VLAN connectivity
HSRP failover was validated by simulating loss of the active distribution switch path and confirming that the standby switch maintained:
- gateway reachability through the HSRP virtual IP
- inter-VLAN connectivity
- continued forwarding after failover
STP failover was validated by shutting down one redundant access uplink and confirming:
- STP reconvergence to the alternate path
- continued connectivity after reconvergence
- expected Layer 2 redundancy behavior
After failure testing, interfaces were restored and the topology was checked to confirm:
- HSRP roles returned to the intended design
- trunk links returned to normal operation
- STP returned to the expected forwarding/blocking state
- end-to-end connectivity was fully restored
show vlan briefshow interfaces trunkshow spanning-treeshow spanning-tree vlan <id>
show ip interface briefshow standby briefping <destination>
- removes dependence on external router-on-a-stick design
- improves scalability for inter-VLAN routing
- better reflects enterprise campus switching design
- ensures predictable traffic flow
- reduces the chance of suboptimal Layer 2 paths
- aligns forwarding behavior with distribution-layer design
- reduces single points of failure
- provides better availability for gateway and path redundancy
- introduces a more realistic campus redundancy model
- provides first-hop gateway redundancy for end devices
- allows virtual gateway continuity during switch/path failure
- reflects common enterprise gateway design practice
- redundant Layer 2 paths require STP control to avoid loops and unstable forwarding
- first-hop redundancy and Layer 2 path redundancy must be validated separately
- multilayer switching provides a cleaner enterprise design than router-on-a-stick
- Packet Tracer can simplify or limit some control-plane visibility, so operational validation is important
- successful validation depends on both correct configuration and structured testing
- multilayer switching configuration
- inter-VLAN routing using SVIs
- STP root bridge placement
- redundant trunk configuration
- HSRP configuration and validation
- failover testing and recovery validation
- structured troubleshooting in a campus LAN topology
- Cisco Packet Tracer
- Cisco IOS CLI
- Markdown documentation
- Structured validation workflow