cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2078
Views
0
Helpful
3
Replies

Access port loop prevention

jegan537
Level 1
Level 1

Access port loop prevention

I have recently been told by a consultant that access layer loops can be prevented without spanning tree on host ports by using Layer 3 routing. This go's against everything that I know about L2/L3 switching (although I would never call myself an expert on the matter…)

I have been under the impression that layer 3 at the access layer removes the need for spanning tree only on the distribution layer uplinks and not on host ports. Is this incorrect?

Here are my potentially misguided thoughts…

Moving layer 3 to the access layer removes the need for spanning tree in the core and distribution layers as they are protected by standard routing protocols.

Vlans would no longer be able to span switches in other areas as a result of this configuration.

Host access ports would still need to be layer 2 to connect to servers, workstations, phones, etc and thus require spanning tree to protect these ports from loops.

How close am I?

Also,

Lets say that wireless is added to the network. Would you not need switch spanning vlans for roaming devices? If so, does wireless support suggest that you cannot move Layer 3 to the access layer, or is it possible to 'bridge' a wireless vlan to other switches across layer 3 uplink ports through the distribution layer?

All comments are greatly appreciated…

3 Replies 3

dominic.caron
Level 5
Level 5

I think your understanding is good. You still need a STP process on the access switch to protect your L2 in your wiring closet.

Now for the wireless...

You need a L3 Centralize wireless solution. Cisco's LWAPP can work in a L3 network. The access points connect to a centralize controller(and client traffic is encapsulated). The clients networks are configure on the centralize controller.

Hi Dominic. I'm working on a L2 to L3 network migration plan right now and have this exact problem (re: wireless).

I have 60+ wireless APs -- all of which use six spanned VLANs (VLANs 140-145) -- these VLANs span the entire network.

If I did go to LWAPP and tunnelled the traffic back to the WCS(?) at a central point, could I continue to use that single set of six VLANs for wireless or would I have to have six 'different' VLANs for APs in each wiring closet? (Considering that I'm trying to push L3 right to the access layer.) I have about 70 wiring closets in my campus, so that's 420 wireless VLANs. UGLY!

BTW, I'm now seriously considering a parallel network to be used only for wireless ... ugly, but true! :(

Thanks!

Darren.

bvsnarayana03
Level 5
Level 5

I worked on small to medium networks, but never came across a scenario where L3 would be used at access layer. However, there are networks which deploy a single L3 switch that works on all 3 layers (core, access, distribution). But technically, its not layered architecture.

Even if its L3 switch, access ports are still L2. Trunk ports are still L2. & u'll always need STP on these ports to provide a loop free topology.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco