Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3560G implementation - L3 vs L2 switch

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: 3560G implementation - L3 vs L2 switch

george@ntdigital.com

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

George

Running the switch as a L3 switch means it will be able to route. It doesn't mean that every interface is in a separate subnet. You could just have 2 subnets and allocate half the ports to one subnet and the other half to the other. Note i say allocate to a subnet, you actually allocate them to a vlan. Cisco recommendation is one subnet per vlan.

Yes you can have multiple DHCP servers one for each subnet but most setups run one (or two for redundancy). The vlan the DHCP server is on will not require any additional config but any other vlans will need additional config ie.on the L3 vlan interface you need to use the ip helper-address ... command eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip helper-address

Jon

Hall of Fame Super Blue

Re: 3560G implementation - L3 vs L2 switch

george@ntdigital.com

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

George

If the guest vlan and local vlan do not need to communicate with each other then there really is no benefit in using the 3560 as a L3 switch. In fact it is actually a more secure setup to use the ASA in the way you have. If you needed to apply QOS to limit the guest vlan users then you may want to look into routing off the 3560 but if everything is okay i would leave as is.

As for multiple DHCP pools, you can do this on the ASA - have a look at this thread -


ASA  DHCP

Jon

3 REPLIES
Hall of Fame Super Blue

Re: 3560G implementation - L3 vs L2 switch

george@ntdigital.com

hello,

i'm working on a setup of 3560 switch. it will be a core switch for an office of about 60-80 people. my access layer switches are unmanaged 24-port linksys switches. my question is: if i run 3560 in L3 mode then every interface needs to be a separate subnet or not? so in other words can i have ports 1-10 part of one subnet with access layer switches behind and then port 15 part of different subnet, etc? also can i have multiple dhcp "servers" running for different subnets?

thanks.

George

Running the switch as a L3 switch means it will be able to route. It doesn't mean that every interface is in a separate subnet. You could just have 2 subnets and allocate half the ports to one subnet and the other half to the other. Note i say allocate to a subnet, you actually allocate them to a vlan. Cisco recommendation is one subnet per vlan.

Yes you can have multiple DHCP servers one for each subnet but most setups run one (or two for redundancy). The vlan the DHCP server is on will not require any additional config but any other vlans will need additional config ie.on the L3 vlan interface you need to use the ip helper-address ... command eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip helper-address

Jon

New Member

Re: 3560G implementation - L3 vs L2 switch

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

Hall of Fame Super Blue

Re: 3560G implementation - L3 vs L2 switch

george@ntdigital.com

thanks a lot for your reply. that makes a lot of sense. now here is a bigger picture of my setup and maybe you or someone else can help me with the design as i'm still not sure how can i benefit from L3 switch.

I have an ASA 5510, 1142 AP and a 3560G switch. i want to have local network and also allow guest access through wifi. so on my AP i have two VLANs:

VLAN 100 -> local

VLAN 200 -> guest

the port that connects the swtich and the AP is a trunk port. also the port connecting the swtich and the firewall is a trunk port. all other ports on the switch are in VLAN 100. on the ASA i have one port for outside and one port with two subinterfaces for VLAN 100 and VLAN 200.

now all of this can be configured with L2 switch - even though i still haven't figured out how to set up two DHCP pools on the ASA and have one be for local and the other for guess VLAN. (if anyone has any design suggestions plese chime in). but is there something that 3560 would offer that L2 switch would not?

thanks again.

George

If the guest vlan and local vlan do not need to communicate with each other then there really is no benefit in using the 3560 as a L3 switch. In fact it is actually a more secure setup to use the ASA in the way you have. If you needed to apply QOS to limit the guest vlan users then you may want to look into routing off the 3560 but if everything is okay i would leave as is.

As for multiple DHCP pools, you can do this on the ASA - have a look at this thread -


ASA  DHCP

Jon

1023
Views
0
Helpful
3
Replies