Basic question Router / Layer 3 switches - differences

alan.morris · ‎06-15-2007

I come form the days when a switch was a switch and routers were glad of it - to miss quote. So what's the difference?

We want to connect 2 subnets with some access control between them. I presume that I could use either a L3 switch or a router with ACLs to manage this. I also presume that Stateful Packet inspection in only on a router using CBAC.

Am I correct? Any guidance/insight warmly welcomed.

Jon Marshall · ‎06-15-2007

Hi Alan

If you want to connect 2 subnets yes you can use either a layer 3 switch or a router.

Layer 3 switches carry out a lot of their functions in hardware rather than routers which generally carry them out in software.

On routers you tend to configure the physical interfaces with IP addresses whereas on a layer 3 switch you generally configure Switch Virtual interfaces to route between vlans.

Both can use ACL's, on a router you apply it to the physical interface and on a switch you apply it to the vlan interface.

HTH

Jon

alan.morris · ‎06-15-2007

Jon, Thanks your reply which is very helpful, I (also) have done a lttle more digging on this and as far as I can tell CBAC is only available on Routers with the Firewall FS, whereas Switches support 'reflexive' ACL's, so for what I want to achieve this is the key differentiator. Do you think I am correct in this?

mohammedmahmoud · ‎06-15-2007

Hi,

Yes you are absolutely right, CBAC is only supported on routers with feature set supporting CBAC plus only Cisco Catalyst 5000 (with RSM) and 6500 (with MSFC) switches.

You can further use the Cisco Feature Navigator:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

HTH,

Mohammed Mahmoud.