Layer 3 or Layer 2?

Unanswered Question
Jul 25th, 2008

Hi folks,

I've a new site to design and I hope you don't mind me asking for some help?

The new site will be connected to an existing site via a 100Mb Microwave link.

IP Phones will be used at the new site and will connect to the pbx at the old site.

No Servers are to be placed on the new site.

Around 20 PC's will be at new site with not a lot of traffic generated, prob under 20% utilization of the link average.

The existing site has about 10 servers and about 100Pc's, varying from AD to file and printer sharing.

On other sites using 18Mb microwave the response time accross the link while polling SNMP is around 30ms average.

My Questions (sorry for the long winded part)...

Should I keep it all Layer2. Should I be safe enough to just trust cos for the Voip and not worry about broadcasts etc going over the Microwave link since it's 100Mb?

Or should I make the link a Layer3 thus creating 2 seperate broacast domains (with no broadcasts going accross the link) and trusting DSCP for the VOIP?

I originally thought I could keep it all layer 2 and use VTP pruning but at least one side never pruned since I need to route between the vlans on at least one side of the link.

thanks for taking the time to read this.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mullzkBern_2 Fri, 07/25/2008 - 00:46

hi dave

i would go for layer 3 - not so much because of the broadcasts (it's not that a big change from 110 to 130 hosts), but because a) the possibilities of ip (the flexibility of dsbp against cos is just one thing) and b) because of risk containment - e.g. if you have a spanning tree loop, it is contained in the building. incident management gets so much more easier if reason and symptom of a problem is in the same place...

d.hodgson Fri, 07/25/2008 - 04:16

I've just found out that although the existing site has VOIP it's being run over the same vlan as data. I've inherited this so maybe as part of the new site design I should also create a new voice vlan in the existing site as well?

d.hodgson Sun, 07/27/2008 - 00:10

Do you all agree wih the first reply? Or do you have another opinion/option?

Your responses are much appreciatted

many thanks


Edison Ortiz Sun, 07/27/2008 - 09:40

The first reply is right on target.

You can contain any threat (virus, hack) in your network when you go with Layer3. The proper design is going Layer3 whenever possible.

For instance, if you have a network with multiple floors, each floor should be on their own subnet. Another example, is creating subnets per function (i.e. Accounting department, Finance, HR) as well as services (printing subnet, VoIP subnet, server subnet, etc).





This Discussion