3560G implementation - L3 vs L2 switch

Answered Question

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 4 days ago

[email protected]

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

George

If the guest vlan and local vlan do not need to communicate with each other then there really is no benefit in using the 3560 as a L3 switch. In fact it is actually a more secure setup to use the ASA in the way you have. If you needed to apply QOS to limit the guest vlan users then you may want to look into routing off the 3560 but if everything is okay i would leave as is.

As for multiple DHCP pools, you can do this on the ASA - have a look at this thread -


ASA  DHCP

Jon

Correct Answer by Jon Marshall about 7 years 4 days ago

[email protected]

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

George

Running the switch as a L3 switch means it will be able to route. It doesn't mean that every interface is in a separate subnet. You could just have 2 subnets and allocate half the ports to one subnet and the other half to the other. Note i say allocate to a subnet, you actually allocate them to a vlan. Cisco recommendation is one subnet per vlan.

Yes you can have multiple DHCP servers one for each subnet but most setups run one (or two for redundancy). The vlan the DHCP server is on will not require any additional config but any other vlans will need additional config ie.on the L3 vlan interface you need to use the ip helper-address ... command eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip helper-address

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 12/04/2009 - 12:03

[email protected]

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

George

Running the switch as a L3 switch means it will be able to route. It doesn't mean that every interface is in a separate subnet. You could just have 2 subnets and allocate half the ports to one subnet and the other half to the other. Note i say allocate to a subnet, you actually allocate them to a vlan. Cisco recommendation is one subnet per vlan.

Yes you can have multiple DHCP servers one for each subnet but most setups run one (or two for redundancy). The vlan the DHCP server is on will not require any additional config but any other vlans will need additional config ie.on the L3 vlan interface you need to use the ip helper-address ... command eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip helper-address

Jon

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

Correct Answer
Jon Marshall Sat, 12/05/2009 - 03:49

[email protected]

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

George

If the guest vlan and local vlan do not need to communicate with each other then there really is no benefit in using the 3560 as a L3 switch. In fact it is actually a more secure setup to use the ASA in the way you have. If you needed to apply QOS to limit the guest vlan users then you may want to look into routing off the 3560 but if everything is okay i would leave as is.

As for multiple DHCP pools, you can do this on the ASA - have a look at this thread -


ASA  DHCP

Jon

Actions

This Discussion