Intervlan question - multiple switches

Answered Question
Dec 15th, 2009

I have been going through the community forums looking for a specific answer or example of my question but I wasn’t able to find the correct wording apparently so please forgive me if this has already been asked/answered about Intervlan routing.

My setup for this scenario is the following :

Desktop in vlan 10 (Will get IP 10.1.1.x/24) -> layer2 switch -> layer3 switch in closet (IP 10.1.1.7/24) -> Distro switch layer 3 (IP 10.1.1.5/24) > Core switch (IP 10.1.1.1/24) 

VTP domain and trunking throughout. 

DHCP scope for the Desktop will be giving the Default gateway of 10.1.1.1/24

The destination for this scenario will be a server that is off the layer 3 switch in closet in vlan 20 on another layer 2 switch.  The layer 3 switch (in closet) has an IP for vlan 20 also.

Now my understanding of the using ‘IP routing’ command will allow intervlan routing on layer 3 switches but all the examples show one switch deep and using .1 as the gateway.  I want to confirm that even though the gateway for the desktop is still .1 the path or the majority of the path of the data and connection will stay local to the first layer 3 switch (in closet) or will it always go to the gateway IP (Core) before coming back down?

Thank you.

Correct Answer by sachinraja about 7 years 2 months ago

Hi Ken


If the layer 3 switch is on the same closet (in building A), why is the default gateway pointing to the core in building B ?? Can you have the layer 3 SVI's directly configured on the layer 3 switch in building A ? If the default gateway is pointing towards the core in building B, then obviously the packets would travel on layer 3 till core (Blg B), and then come back... in order to avoid this, you can configure the def gw on the layer 3 switch which is on the same closet as layer 2, and make it a distribution switch.. this also would allow you to have your spanning tree domain isolated in building A, which means that if you have a layer 2 attack or virus in blg A, it would affect the users in bldg B (based on the traffic pattern)..


Hope this helps.. all the best


Raj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Mohamed Sobair Tue, 12/15/2009 - 05:51

Hi,


The Core and SDistribution + layer-3 switches are all reside on the same subnet, so I dont think your Network path drawing is feasible.


However, client should sent all the frames (Broadcast) ARP to all the address of thier GW (1.1). The GW then replies with its mac address as destination for the frames. The frames are then forwarded to the MAC address of (1.1) as thier destination.



HTH

Mohamed

ken.lambert Tue, 12/15/2009 - 06:13

Mohamed, thank you for responding.  Maybe I have explained the network setup incorrectly?  Why isn't the path not feasible?  What is the difference of having one more switch in the mix?  My intent here is to keep traffic local to the closest switch if necessary to get to another vlan with the caveat that the DHCP server is located off the core in another building. 


desktop -> l2 -> l3 -> core (.1)

Mohamed Sobair Tue, 12/15/2009 - 06:45

Hi Ken,


what I meant is that the layer-3 and the distribution and core reside on the same IP subnet, so traffic destined for the core doesnt have to pass all these switches to get to the core right?


Here is the flow of the Network setup I meant or how it should based on the addressing scheme:



Desktop ----  layer2  -----    layer-3 switch


                              -----    distribution switch


                              -----    core switch



HTH

Mohamed

ken.lambert Tue, 12/15/2009 - 07:51

The layer 3 switch is technically in another building with a link to core.

sachinraja Tue, 12/15/2009 - 10:02

Hi Ken


If you are sending packets to any IP on a different VLAN as the local segment, it will surely hit the Layer 3 switch on the other building... if the packets are destined to any PC within the VLAN, then it will not travel all to the Layer 3 switch...


By the way, how many PCs do you have in this building? Do you want to control broadcast traffic (spanning tree etc) passing through the Layer 2 trunk all the way to the other building ? What switches do you have in your local L2 domain ? Cant you restrict the broadcast domain within the building and have a layer 3 connection to the core switch on the other building?


Raj

ken.lambert Tue, 12/15/2009 - 10:33

Raj,


Sorry I meant that the layer3 switch in the same closet  as the layer2 switch(building A), with a link to another building which the core is in(building B). I basically want all traffic to stay local to the layer3 switch (building A) and not go to the core in the other building (building B) if the resources all in building A.


So just to restate:  I what traffic from my desktop in vlan 10 to access data on a server in vlan 20 that is local to the building the desktop is.  The spin is the subnet scope on the DHCP server sets the gateway as .1 which is located on the Core switch in a different building.


desktop (vlan 10) that is plugged into a l2 switch -> l3 switch -> back to another l2 switch -> server (vlan20)


Because the Gateway (.1) is on the core, does all traffic travel all the way to the core (all the time) just to find out that the server resource I'm trying to get to local to the first l3 switch?  Or does it look for the ARP/MAC as Mohamed mentioned in the first post and immediately stay local?


Again, thank you for your patience.


ken.

Correct Answer
sachinraja Tue, 12/15/2009 - 10:42

Hi Ken


If the layer 3 switch is on the same closet (in building A), why is the default gateway pointing to the core in building B ?? Can you have the layer 3 SVI's directly configured on the layer 3 switch in building A ? If the default gateway is pointing towards the core in building B, then obviously the packets would travel on layer 3 till core (Blg B), and then come back... in order to avoid this, you can configure the def gw on the layer 3 switch which is on the same closet as layer 2, and make it a distribution switch.. this also would allow you to have your spanning tree domain isolated in building A, which means that if you have a layer 2 attack or virus in blg A, it would affect the users in bldg B (based on the traffic pattern)..


Hope this helps.. all the best


Raj

ken.lambert Tue, 12/15/2009 - 10:44

ok that gives me a definitive answer that no intervlan routing does do what I assumed, thank you Raj.

sachinraja Tue, 12/15/2009 - 10:47

No problems Ken.. I would anyway suggest you to change your broadcast domain to be constrained within buildings to have better control of broadcast traffic on the network ! Sometime excessive broadcast can kill your networks, in both the buildings Thanks for the points ...

Actions

This Discussion

Related Content