Form Layer 2 to Layer 3 on Distribution and Access

tmesbah · ‎10-24-2007

Hi,

Our LAN topology have Core "L3" , Ditribution "L2" and Access "L2". We want to get rid of spanning tree by moving from layer 2 to layer 3 on Access and Distribution layers.

My questions is:

1) Any advice/document on this?

2) in the access switches did I have to configure each interface on 3750 as routed port by issueing "ip routing" and giving an IP address of each port ????. if this is the case than I will need huge amount of IP addresses.

Thanks

ohassairi · ‎10-24-2007

it is not recommanded to use routing in access layer. it is difficult to make it too as you said because every PC will be in subnet !!!! (you need no switchport commaand in all interfaces!!!!!!!!)

i recommand L3 in distribution but keep L2 in access.

why do you want to eliminate STP? do you have problems?

tmesbah · ‎10-25-2007

I want to a Cisco Seminar last month and tehy were recommending to use Layer 3 on the Access switch for fast convergence "layer 3 = 5s, Layer 2 = 30s" and also to eliminate the headake with spanning tree loops.

In my case I want to look at this to

1)load balancing between the uplink "Layer int port is in blocking mode"

2)for the future when implementing VoIP, I neeed to have a fast convergence if one uplink goes down.

Thanks for your help.

scootertgm · ‎10-25-2007

With some planning spanning tree can meet your needs. If you have more than one link to the upstream router you can use the uplink fast command on the link interfaces to shorten the time in case of failure.

Another item to consider is rather than trying to "Load balance" Cisco has etherchannel which allows you to use 2-8 ports to connect switches. If you use two 100 meg links, you would have a 200 meg connection between switches.

johnnylingo · ‎10-31-2007

I think you received some outdated information in that seminar or the speaker just wasn't very knowledgable on how to configure Spanning Tree.

By turning on uplinkfast or converting to Rapid Spanning Tree, you'll have very fast convergence (1-2 seconds) which is just as good as OSPF or EIGRP. Also look in to running loopguard and rootguard to protect against loops and unexpected topology changes.

Now it is true that running Layer 3 will give you equal cost load balancing, but the downside is it will be more difficult to troubleshoot when there's problems. In my opinion, it isn't worth it but others may disagree.

kjmattakat · ‎10-25-2007

you would need to issue the "no switchport" command on the uplink ports, then put IPs on them, you would not need an IP on every port (just the uplinks). Using a 30 bit mask on the uplinks would give you 64 subnets/class C network to use for your uplink connectivity.

Essentially each closet (or potentially each switch, depending how your closets are connected) would become its own subnet. You would have to setup DHCP scopes for each of those subnets. I believe you will also only be able to do static routing between your switches unless you upgrade to the EMI code (unless this has changed for the 3750s).

You are also going to lose VLAN portability. You would no longer be trunking between the closets so you will not be able to assign ports on switches in two different closets to the same VLAN. This may not really be an issue, however we run departmental VLANs and the users in each department are commonly spread over several closets.

Jon Marshall · ‎11-01-2007

Hi

Much of this has already been covered off.

Just to add, I have implemented both routed access-layer and L2 access-layer and each has advantages and disadvantages.

Major advantages for L3

1) STP contained with wiring closet. Yes you can use RPVST+ but you still are extending L2 links between the distribution and access-layer with all that implies eg broadcast traffic. In addtion to utilise both uplinks at the same time requires a lot of extra configuration ie. setting root bridges for odd and even vlans and matching that to active HSRP gateways etc.

2) Automatic equal cost load-balancing (see previous point )

3) Easier troubleshooting. As previous poster said this is a matter of opinion and i have more experience with switching to be honest but i think troubleshooting L3 routing problems is generally easier than L2 STP problems.

Disadvantages

1) Vlan's cannot be extended across floors. May or may not be a problem for you.

2) If your distribution layer utilises 6500's with service modules eg the Firewall Service Module then layer 2 links give you more flexibility in deployment.

3) Cost can be an issue although your 3750's would support EIGRP stub functionality with only the base image.

As another poster pointed out, STP has come a long way from it's 50 seconds failover and with the correct setup it is nowhere near as important that you try and remove it.

I am just as much in favour of L2 access as L3 and most of major sites utilise L2 from the access-layer but with the speed/performance and cost of L3 switching you can get nowadays using L3 is a viable alternative.

HTH

Jon