moving from layer 2 to layer 3 Access and Distribution switches

Unanswered Question
Oct 24th, 2007


Our LAN topology have Core "L3" , Ditribution "L2" and Access "L2". We want to get rid of spanning tree by moving from layer 2 to layer 3.

My questions is:

1) Any advice on this?

2) in the access switches did I have to configure each interface on 3750 as routed port by issueing "ip routing" and giving an IP address of each port ????. if this is the case than I will need huge amount of IP addresses.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Dorrell Wed, 10/24/2007 - 18:13

Before you do this change, be aware that each of your VLANs will be confined to a single access switch. Therefore it will no longer be possible for hosts to be on the same subnet if they are on different access switches. (Actually, there is a way using IP mobility, but it is complicated.)

Also, you will need some system for allocating IP addresses to hosts - usually DHCP is used in this architecture. If you are using static host addresses, then you will no lnger be able to move a host from one access switch to another without reconfiguring the IP address.

What is your reason for wanting to get rid of Spanning Tree?

No, you will not need an IP address on each access port. To do so would imply that you have reserved a subnet for each host machine, and each host machine would have a different default gateway address - that of its access port. There is very little point in doing that.

You will need one IP address for each active VLAN in each access switch. Your access switches will still have layer-2 VLANs, that is, groups of access ports lumped together as a single subnet. For each VLAN, you will create a layer-3 VLAN interface in the access switch that will handle the communication with the distribution layer on behalf of the hosts in that VLAN.

On each uplink port linking the access layer with the distribution layer, issue no switchport, and give it an IP address that it will use to talk to the distribution layer. Normally, each access switch would have two uplink ports for redundancy. These addresses can quite easily be /30 subnets taken from the RFC-1918 address space. (Maybe they can even be /31, since the links are effectively point-to-point - can someone confirm?)

Then enable ip routing globally on the access switch, and set up a routing protocol so that the distribution layer can see the subnets you have put on the VLAN interfaces on the access layer switches.

Is that OK?

Kevin Dorrell


tmesbah Thu, 10/25/2007 - 03:12

First thanks a lot for the reply.

> What is your reason for wanting to get rid of Spanning Tree?

1)load balancing between the two uplinks ports from Access to Distribution "one port is in blocking mode"

2)for the future when implementing VoIP, I neeed to have a fast convergence if one uplink goes down.

3) I want to a Cisco Seminar last month and they were recommending to use Layer 3 on the Access switch.

In my case I want to look at this to

Thanks for your help.

What is your reason for wanting to get rid of Spanning Tree?

glen.grant Thu, 10/25/2007 - 03:44

If you are worried about fast convergence then you can use rapid spanning tree . when using this we find failover is less than 2 seconds and this testing was done in a datacenter. you lose maybe 3 or 4 pings and its back up , don't think routing protocols are much faster than that. Just another option to think about .

lamav Thu, 10/25/2007 - 03:58


You are right, you can use /31s for the point-to-point L3 links.


You have gotten excellent recommendations from both engineers.

By the way, I deployed rpvst+ and reduced convergence time to lessthan a second. I lost 0 PINGs.


This Discussion