top of page

Access to Distribution Layer Design: Understanding Cisco Ratios and Network Models

  • The Itvue Team
  • Aug 18
  • 5 min read

Updated: Aug 21

Author Ermias Teffera


This week at ITVue Networks, I’ve been studying hierarchical network design concepts, particularly the Access-to-Distribution and Distribution-to-Core ratios. These ratios are fundamental in ensuring that enterprise networks scale efficiently, provide redundancy, and avoid congestion. Let’s break down how they work and why Cisco’s design guidelines of 20:1 for access to distribution and 8:1 for distribution to core matter.


Hierarchical Network Design Overview

Cisco’s three-layer hierarchical model consists of:

  1. Access Layer – Where end devices like PCs, IP phones, and printers connect.

  2. Distribution Layer – The aggregation point for access switches; enforces policies, QoS, and routing.

  3. Core Layer – High-speed backbone that interconnects distribution blocks for fast, resilient traffic forwarding.

The goal is to provide scalability and consistent performance by balancing oversubscription ratios.


What Do the Ratios Mean?

  • 20:1 Access-to-Distribution Ratio: Up to 20 access layer ports can feed into 1 uplink port toward the distribution layer. This prevents distribution switches from being overwhelmed while still supporting many endpoints.

    • Example: 20 devices at 1 Gbps each can share a 1 Gbps uplink, assuming not all devices send traffic at full capacity simultaneously.

  • 8:1 Distribution-to-Core Ratio: Up to 8 aggregated distribution links can share 1 uplink to the core. This ratio ensures that the core is not oversubscribed and can handle high volumes of inter-VLAN and inter-block traffic.

    • Example: 80 Gbps aggregate traffic at distribution might be supported by 10 Gbps uplinks into the core.


Layer 2 and Layer 3 Design Models


1. Layer 2 Loop-Free Design


In this design, access layer switches are dual-homed to two distribution switches, but only one active path is used at a time, avoiding loops. STP (Spanning Tree Protocol) blocks redundant links while providing failover.

Diagram:

Use Case: Enterprises that want simplicity while still maintaining redundancy.
Use Case: Enterprises that want simplicity while still maintaining redundancy.

2. Layer 2 Looped Design


Here, STP actively blocks redundant links in a looped topology. This design provides physical redundancy but depends heavily on STP convergence.

Diagram:

Drawback: STP can cause suboptimal forwarding and longer convergence times during failures.
Drawback: STP can cause suboptimal forwarding and longer convergence times during failures.

3. Layer 3 Routed Design


In this modern design, Layer 3 routing is extended all the way to the access layer. Each access switch uses dynamic routing protocols (like OSPF or EIGRP) toward the distribution, eliminating STP reliance.

Diagram:

Benefits: Faster convergence, equal-cost multipath (ECMP) routing, and better traffic utilization.
Benefits: Faster convergence, equal-cost multipath (ECMP) routing, and better traffic utilization.

Real-World Example


Imagine a university campus:

  • Each building has access switches connecting student PCs, IP phones, and wireless APs.

  • These switches uplink to distribution switches located in the building’s MDF (Main Distribution Frame).

  • The distribution switches then connect to a core switch pair in the data center using an 8:1 ratio.

In a modern setup, the access switches could run Layer 3 routing, ensuring loop-free design and faster failover compared to STP-based designs.


Cisco Configuration Example (Access Uplink to Distribution)

ree



Best Practices


  • Use EtherChannel or LACP for uplinks to increase bandwidth and resiliency.

  • Keep consistent oversubscription ratios across the network.

  • Deploy redundant distribution and core switches to avoid bottlenecks.

  • Prefer Layer 3 routed access for faster failover and scalability.

  • Monitor traffic patterns regularly; adjust uplink speeds as bandwidth demand grows.


Layer 2 Looped Access Design (STP‑Blocked)


In a classic campus block where VLANs span across multiple access switches, you dual‑home each access switch to a pair of distribution switches. Spanning Tree keeps one uplink blocked per VLAN to avoid loops. Align the STP root and FHRP active on the same distribution switch to prevent sub‑optimal traffic flows.


Diagram (looped L2 with STP block):

ree

Key behaviors:

  • VLANs can live on multiple access switches.

  • One uplink is blocked per VLAN; with PVST+/Rapid‑PVST you can load‑balance VLANs across uplinks (e.g., VLAN10 via Dist‑A, VLAN20 via Dist‑B).

  • Convergence relies on STP and FHRP timers (faster with RPVST and tuned FHRP).


Cisco sample (align STP root + HSRP):


! Dist-A (make root + HSRP active for VLAN10)

spanning-tree mode rapid-pvst

spanning-tree vlan 10 root primary

spanning-tree vlan 20 root secondary

!

interface Vlan10

ip address 10.10.10.1 255.255.255.0

standby 10 ip 10.10.10.254

standby 10 priority 120

standby 10 preempt

!

interface Vlan20

ip address 10.10.20.2 255.255.255.0

standby 20 ip 10.10.20.254

standby 20 priority 90

standby 20 preempt


! Dist-B (HSRP active for VLAN20; STP secondary for VLAN10)

spanning-tree mode rapid-pvst

spanning-tree vlan 10 root secondary

spanning-tree vlan 20 root primary

!

interface Vlan10

ip address 10.10.10.2 255.255.255.0

standby 10 ip 10.10.10.254

standby 10 priority 90

standby 10 preempt

!

interface Vlan20

ip address 10.10.20.1 255.255.255.0

standby 20 ip 10.10.20.254

standby 20 priority 120

standby 20 preempt


! Access uplinks (trunks on both links)

interface range Gi1/0/47-48

switchport trunk encapsulation dot1q

switchport mode trunk

spanning-tree portfast trunk

channel-group 10 mode desirable ! Optional if using PAgP/LACP


Where the ratios fit:

  • 20:1 access→distribution remains your planning target for endpoint oversubscription.

  • 8:1 distribution→core ensures the core can absorb aggregated traffic when a blocked uplink unblocks during failure.


Layer 2 Loop‑Free Access Designs


There are two common ways to keep both uplinks forwarding at L2 while still avoiding loops.

A) Local VLANs (no VLAN spans)


Each access switch hosts local VLANs that do not span to other access switches. Both uplinks stay forwarding because there is no L2 loop per VLAN.

Diagram (local VLANs):

ree

Cisco tips:

  • Trunk both uplinks, but prune VLANs so each VLAN is allowed on one uplink only.


ree

  • Default gateways (SVIs) reside at the distribution layer. Inter‑VLAN routing is done there.


B) Multichassis EtherChannel (MEC) – vPC/VSS/StackWise Virtual


Treat both distribution switches as one logical switch and build a single Port‑Channel from the access switch across both uplinks. STP sees a single logical link, so no blocking is needed.

Diagram (MEC loop‑free L2):

ree

Cisco sample (Access + Dist pair):

! Access1

interface range Gi1/0/47-48

switchport mode trunk

channel-group 10 mode active

!

interface Port-channel10

switchport mode trunk

spanning-tree portfast trunk



! Dist-A and Dist-B (example: StackWise Virtual)

stackwise-virtual

stackwise-virtual domain 1

!

interface range Ten1/0/1-2

switchport mode trunk

channel-group 10 mode active

!

interface Port-channel10

switchport mode trunk



Note: Use the appropriate multichassis feature your platform supports (VSS on Catalyst 6500/6800, StackWise Virtual on 9K, vPC on Nexus).



Ratios:

  • Because both uplinks forward, plan the 20:1 budget per access switch accordingly; ensure the aggregated Port‑Channel bandwidth meets peak demand.


Layer 3 Routed Access Design (No STP on Uplinks)

Make the uplinks Layer 3 and run a routing protocol between access and distribution. SVIs (default gateways) live at the distribution. STP remains in the access edge only; no STP on uplinks.

Diagram (routed access):

ree

Cisco sample (OSPF routed uplinks):

! Access1 (multilayer switch)

ip routing

interface Gi1/0/47

no switchport

ip address 10.0.1.2 255.255.255.252

ip ospf 10 area 0

!

interface Gi1/0/48

no switchport

ip address 10.0.1.6 255.255.255.252

ip ospf 10 area 0

!

! (User ports remain L2; no SVIs for client VLANs on the access switch.)


! Distribution (SVIs + routing)

ip routing

interface Vlan10

ip address 10.10.10.1 255.255.255.0

ip ospf 10 area 0

interface Vlan20

ip address 10.10.20.1 255.255.255.0

ip ospf 10 area 0

!

interface Gi2/0/1

no switchport

ip address 10.0.1.1 255.255.255.252

ip ospf 10 area 0

interface Gi2/0/2

no switchport

ip address 10.0.1.5 255.255.255.252

ip ospf 10 area 0


Benefits:

  • Fast convergence with routing protocols (OSPF/EIGRP/IS‑IS).

  • Eliminates L2 loops across the block; STP is confined to access edge only.

  • Predictable equal‑cost multipath (ECMP) upstream.

Ratios:

  • With L3, oversubscription planning still targets 20:1 access→distribution and 8:1 distribution→core, but bandwidth is additive with ECMP instead of STP‑blocked.


Best‑Practice Checklist


  • Pick one design per block (L2 looped, L2 loop‑free, or L3 routed) and be consistent.

  • Align STP root with HSRP/VRRP active when using L2 looped design.

  • Prefer Rapid‑PVST or MSTP; enable BPDU Guard on edge ports.

  • Use MEC (vPC/VSS/SVL) where platform permits to achieve L2 loop‑free.

  • For new greenfield builds, L3 routed access is often the simplest and fastest‑converging.



Conclusion


Adding these three campus variants alongside the oversubscription guidance gives you a complete blueprint:

  • L2 looped (VLANs span; STP blocks per VLAN),

  • L2 loop‑free (local VLANs or MEC), and

  • L3 routed access (no STP on uplinks).

At ITVue Networks, we combine the 20:1 and 8:1 ratios with the right access design to deliver scalable, resilient, and easy‑to‑operate enterprise networks.

 
 
 

Comments

Our Recent Posts

Archive

Tags

bottom of page