09-19-2010 04:37 AM - edited 03-06-2019 01:03 PM
Hello,
I know that if I had to look at a layer 2 switch table I would see mac addresses associated with ports and forwarding decision based on this table.
If I had to do the same for a layer 3 swict I would see the exact table but with IP addresses instead of mac addresses or is it different ?
Solved! Go to Solution.
09-19-2010 08:09 AM
aconticisco wrote:
if I have a pc with ip 192.168.1.2 and wants to speak with pc 192.168.2.2, the layer 3 switch will need to have 2 vlans setup ( Vlan 1 and Vlan 2 )
Each vlan should be assigned an ip address. Each pc should have its gateway poiting to the layer 3 device corresponding vlan.
Then within the switch itself it checks destination mac address and IP address, find out that it is ofr a different vlan ( by looking at the table ) and forwards it to Vlan2.
Is this assumption correct ?
Pretty much yes, that's how it works. pc1 (192.168.1.2) will send packet to vlan 1 L3 interface IP with
src mac-address = pc1
dst mac-address = vlan 1 L3 SVI mac-address
src IP = pc1
dst IP = pc2
the L3 switch then checks the dst IP, sees it is on a locally connected network and sends the packet to pc2 with -
src mac-address = vlan 2 L3 SVI mac-address
dst mac-address = pc2
src IP = pc1
dst IP = pc2
If you want to stop clients in vlan 1 talking to clients in vlan 2 you can either -
1) not have L3 SVIs for each vlan on the switch but then clients in each vlan will only be able to communicate with other clients in the same vlan ie. they will not be able to communicate with any other devices including vlan 1 devices but not limted to vlan 1 devices.
2) use access-lists on the L3 SVIs for vlan 1 and vlan 2 denying traffic between the 2 vlans
Jon
09-19-2010 05:52 AM
You still have the same table on a Layer 3 switch as it still needs to understand what MAC addresses are on each port. It will also have a arp table in addition to this which will map IP addresses to MAC addresses. I don't believe you'll have one table with ports, MACs and IPs.
09-19-2010 06:03 AM
so since If I use just 1 layer 3 switch and internally I want to avoid that 1 VLAN speaks to another VLAN, how do I set this since there is no trunk link to allow or deny vlans ?
09-19-2010 07:26 AM
if I have a pc with ip 192.168.1.2 and wants to speak with pc 192.168.2.2, the layer 3 switch will need to have 2 vlans setup ( Vlan 1 and Vlan 2 )
Each vlan should be assigned an ip address. Each pc should have its gateway poiting to the layer 3 device corresponding vlan.
Then within the switch itself it checks destination mac address and IP address, find out that it is ofr a different vlan ( by looking at the table ) and forwards it to Vlan2.
Is this assumption correct ?
09-19-2010 08:09 AM
aconticisco wrote:
if I have a pc with ip 192.168.1.2 and wants to speak with pc 192.168.2.2, the layer 3 switch will need to have 2 vlans setup ( Vlan 1 and Vlan 2 )
Each vlan should be assigned an ip address. Each pc should have its gateway poiting to the layer 3 device corresponding vlan.
Then within the switch itself it checks destination mac address and IP address, find out that it is ofr a different vlan ( by looking at the table ) and forwards it to Vlan2.
Is this assumption correct ?
Pretty much yes, that's how it works. pc1 (192.168.1.2) will send packet to vlan 1 L3 interface IP with
src mac-address = pc1
dst mac-address = vlan 1 L3 SVI mac-address
src IP = pc1
dst IP = pc2
the L3 switch then checks the dst IP, sees it is on a locally connected network and sends the packet to pc2 with -
src mac-address = vlan 2 L3 SVI mac-address
dst mac-address = pc2
src IP = pc1
dst IP = pc2
If you want to stop clients in vlan 1 talking to clients in vlan 2 you can either -
1) not have L3 SVIs for each vlan on the switch but then clients in each vlan will only be able to communicate with other clients in the same vlan ie. they will not be able to communicate with any other devices including vlan 1 devices but not limted to vlan 1 devices.
2) use access-lists on the L3 SVIs for vlan 1 and vlan 2 denying traffic between the 2 vlans
Jon
09-19-2010 12:57 PM
Thanks Jon for the explanation
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: