Independent of the whole Ipad/iphone/apple TV mdns wireless issue, we are constantly being approached by several groups on campus that manage our computer clusters and classroom equipment to have a single layer 2 network provided to them as they believe this will allow them greater flexibility to manage and protect equipment, and to provide the best method of collaboration and resource sharing (Apple products).


We have gone to great lengths to segment our wired network to user subnets that share a similar zone characteristic (Staff, Student, Printers) and are firewalled from each other. The method we use for zone placement is with Cisco Clean Access.


I believe their ability to manage their equipment has been solved with the appropriate rules, however it still gets used as a yet to be obtained goal.


Initially when we set this up, we decided shared use computers in clusters and classrooms would live in the student zone.


They have expressed a desire to be segemented from the student owned machines, which is a valid point.


Our concern is that this equipment lives in 40+ buildings, each homing to one of our 4 distribution routers that only connect via Layer3 connections. So we find ourselves faced with issues such as:


1.       Creating a new ‘zone’ for these devices

2.       How many vlans per distribution router

3.       How many devices maximum per vlan

4.       How many buildings share this new vlan.


Factors to consider are the fewer vlans, the more open it is to L2 mDns and protocols, but the more building uplinks that would be required to carry this broadcast traffic.


So I am looking to see what others have done, thought about, etc.  I have to think this is a common issue.


Thanks, Bob Richman

Network Engineer

University of Notre Dame



