Broadcast domain question

Answered Question
Sep 25th, 2008

All,

I've been asked this question, and I'm not sure how to answer it:

If we have the following topology:

workstation --> layer2 sw --> layer 3

The layer2 switch has vlan1 only, and layer 3 has vlan 1 and 125

Layer 3 switch has some ports that are trunked (primarily because we have VMWare on certain subnets). If the workstation sends broadcasts, will that broadcast go to the layer 3 across ALL ports that are members of VLAN one including the trunked ports?

Also, when I make a port an access port other than one, do those packets ever hit vlan 1?

Thanks,

John

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 2 months ago

John

"If a broadcast storm starts on the layer2 switch, will it affect the devices on ports 3 and 5 on the layer 3? "

Yes because ports 3 & 5 are trunked and so will pass the vlan 1 broadcast traffic.

"And also, let's say that port 23 on the layer 3 is on vlan 1, and uplinked to a DIFFERENT layer 1 switch on the other end, will the broadcast storm affect that as well, crossing from the first layer 2 over the layer 3 and into the second layer 2 on the other side?"

Yes again because it is the same vlan ( vlan 1 ) on all 3 switches.

Cisco recommend not using vlan 1 for either management or end user workstations.

There is nothing inherently wrong with having the same vlan on multiple switches, in fact in many cases it would be very limiting if you couldn't. What is worth doing is pruning/clearing vlans off switch interconnects that are not needed.

It also comes down to design issues. With a L3 routed access-layer you generally end up with vlans being confined to a single or a pair of switches per floor at most.

With L2 from the access-layer you can often end up with multiple switches having the same vlans.

Neither design is right or wrong. They both work and are both applicable in different situations.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Richard Burts Thu, 09/25/2008 - 13:57

John

There may be some aspects of your question that I am not understanding and if my answer is not quite on the mark please help me understand better.

When a workstation sends a broadcast it is flooded out all ports in the vlan including any ports configured as trunk (if the trunk includes that vlan).

If the layer 2 switch has only vlan 1 then is the port on the layer 2 switch which connects to the layer 3 switch configured as an access port or as a trunk port?

When you ask your question about access port in vlan other than 1, and you ask about "those packets' are we talking just about broadcast packets or are we talking about all packets?

A broadcast packet from a station in some other vlan should never hit vlan 1. A unicast packet from a station in some other vlan could hit vlan 1 if intervlan routing is enabled.

HTH

Rick

John Blakley Fri, 09/26/2008 - 02:32

Rick,

You've posed another question that I've been wondering. If I have a switch that does have only one vlan, does the port that connects to the layer 3 need to be configured as a trunk port? I wouldn't think it would.

Thanks!

John

Jon Marshall Fri, 09/26/2008 - 03:42

John

No it doesn't need to be a trunk port if you only want one vlan to cross the link. Switch interconnects are more often than not trunk links because you want multiple common vlans on each switch but in your scenario there would be no point.

Jon

John Blakley Fri, 09/26/2008 - 05:44

So, for instance, lets' say that I have this topology:

layer2sw1 --> layer3sw1(routing)

Layer 2 has vlan 1 only

layer 3 has vlans 1,25, and 50

Ports 3 and 5 on layer 3 are trunked on all 3 vlans (1,25,50)

If a broadcast storm starts on the layer2 switch, will it affect the devices on ports 3 and 5 on the layer 3?

And also, let's say that port 23 on the layer 3 is on vlan 1, and uplinked to a DIFFERENT layer 1 switch on the other end, will the broadcast storm affect that as well, crossing from the first layer 2 over the layer 3 and into the second layer 2 on the other side?

I guess my main question is: Is it better to have your workstations on layer 2 switches on a different vlan other than 1 and put on different vlans so they don't necessarily cross switches?

Thanks,

John

Correct Answer
Jon Marshall Fri, 09/26/2008 - 05:56

John

"If a broadcast storm starts on the layer2 switch, will it affect the devices on ports 3 and 5 on the layer 3? "

Yes because ports 3 & 5 are trunked and so will pass the vlan 1 broadcast traffic.

"And also, let's say that port 23 on the layer 3 is on vlan 1, and uplinked to a DIFFERENT layer 1 switch on the other end, will the broadcast storm affect that as well, crossing from the first layer 2 over the layer 3 and into the second layer 2 on the other side?"

Yes again because it is the same vlan ( vlan 1 ) on all 3 switches.

Cisco recommend not using vlan 1 for either management or end user workstations.

There is nothing inherently wrong with having the same vlan on multiple switches, in fact in many cases it would be very limiting if you couldn't. What is worth doing is pruning/clearing vlans off switch interconnects that are not needed.

It also comes down to design issues. With a L3 routed access-layer you generally end up with vlans being confined to a single or a pair of switches per floor at most.

With L2 from the access-layer you can often end up with multiple switches having the same vlans.

Neither design is right or wrong. They both work and are both applicable in different situations.

Jon

Jon Marshall Thu, 09/25/2008 - 13:57

John

Put simply yes if the workstation sends a broadcast that will get sent down any trunk links that allow the vlan that the workstation is part of.

If put an port in access mode and into a vlan other than vlan 1 then those packets can only hit vlan 1 if they are routed onto that vlan ie. a broadcast on vlan 2 for example would not get sent to vlan 1.

Jon

Actions

This Discussion