Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

few questions to confirm my concept

Hi every body.

I have few questions to think about during my flight toorrow.

We have one multilayer switch sw1, and layer 2 switch sw2 and host1. sw2 has vlan2 and host, h1 exists in vlan 2.

The goal is to explore different ways to configure sw1 as default gateway for h1.

The topology is:

Sw1 f0/1--------(f0/2)SW2F0/3------h1

Assume sw2 f0/3 is already placed in vlan 2. vlan2 is using 198.198.198.0/24

With the above assumption im mind, I explore different ways i can configure sw1 as default gateway for h1.

Option 1

Sw1:

int f0/1

no switchport

ip address 198.198.198.1/24

I also put the sw2 f0/2 in vlan 2

Can i do this ?

Option 2:

sw1:

int vlan 2

ip address 198.198.198.1/24

no shutdown.

Then i configure the f0/1 on sw1 and f0/2 on sw2 as trunk.

Is it correct?

Option 3

Int vlan 2'

ip address 198.198.198.1/24

I configure the f0/2 as an access port and put it in vlan 2 on sw1 . Next i configure the f0/2 on sw2 as an access port and put it in vlan 2.

Is it correct?

==========================

Thanks and i assure these are my last questions for next 6 months.

Thanks and have a good day.

  • LAN Switching and Routing
7 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: few questions to confirm my concept

Hello Sarah,

your understanding is correct:

a L2 end-to-end path has to exist between host h1 and its default gateway.

Default gateway can be an SVI or a routed port.

In real world 99.99% of times we use option2 to avoid to dedicate an inter-switch link to vlan2 broadcast domain.

Hope to help

Giuseppe

Cisco Employee

Re: few questions to confirm my concept

Hello Sarah,

Option 1: Absolutely correct. It can be done this way. The downside of this approach is that the link between Sw1 and Sw2 is an access link, not a trunk, and cannot presently serve to carry multiple VLANs and perhaps provide routing between them.

Option 2: Absolutely correct. This is the typical configuration.

Option 3: Absolutely correct. The downside is similar to the Option 1.

Regarding your "last question": I am pretty sure that everybody here enjoys having these conversations with you and would be much happier if this wasn't the last question in the next 6 months. But hey, what do you know? Maybe after spotting your talent you'll get to work with those 6500 right after the first month :) (Never been in army so please forgive my naive jokes here.)

Best regards,

Peter

Hall of Fame Super Blue

Re: few questions to confirm my concept

Actually this follows on from a question i was dealing with a while back.

As Giuseppe and Peter say all 3 will work and the most flexible is option 2.

However there is a big difference between option 1 and option 3.

Option 1 makes the switchport a routed port ie. it is not a member of any vlan.

In your example it makes little difference but imagine if you have another L3 switch (SW3) connected to SW1 via a L2 trunk. And sw2 is connected to both SW1 & SW3. You want to run HSRP between SW1 and SW3 for this vlan. This is a very common setup.

With option 3 no problem because you can configure HSRP under the L3 SVI for vlan 2 and the HSRP packets will flow across the L2 trunk link between the 2 L3 SVI's for vlan 2.

However if you used option 1 then it would behave quite differently. Because the 2 ports are not members of any vlan the HSRP packets cannot flow between the 2 routed ports across the L2 trunk. HSRP would not work, assuming the one of the uplinks from sw2 was blocked as there is now no L2 path between the 2 routed ports.

Note if the L2 trunk between SW1 & SW3 ended up being blocked then the 2 uplinks from SW2 would both be forwarding and so HSRP would work.

Finally, looking forward to hearing from you again in 6 months time with all those tricky 6500 questions :-)

Jon

Cisco Employee

Re: few questions to confirm my concept

Hello Jon,

You confused me here:

However if you used option 1 then it would behave quite differently. Because the 2 ports are not members of any vlan the HSRP packets cannot flow between the 2 routed ports across the L2 trunk. HSRP would not work [cut]

It is true that a routed port is not a member of any VLAN. But why should the HSRP Hellos flow through the L2 trunk between SW1 and SW3? Assuming that the SW2 is connected to both SW1 and SW3 and both ports on SW2 are in VLAN2 then the hellos would be sent from SW1 routed port via SW2 to SW3 routed port and vice versa. I think that the HSRP should be working just fine here. And also, no uplink from SW2 would be STP-blocked as the routed ports do not send or receive BPDUs.

Maybe I misunderstood you - can you please help me here?

Best regards,

Peter

Hall of Fame Super Blue

Re: few questions to confirm my concept

Peter

"Maybe I misunderstood you - can you please help me here?"

No, you understood better than me. Your'e correct in what you say. Because the ports are routed then both uplinks from SW2 would indeed be forwarding. Apologies for the misleading information.

Deserves a rating i think.

Jon

Hall of Fame Super Blue

Re: few questions to confirm my concept

Sarah

SW1 is connected to SW3 via a L2 trunk.

SW1 is connected to SW2 via a routed port

SW3 is connected to SW2 via a routed port

So HSRP packets would go via SW2 to get from SW1 to SW3. HSRP would indeed work as Peter said.

The reason HSRP packets cannot just go go across the trunk link between SW1 & SW3 is because HSRP packets only work within the same vlan. The routed port on SW1 and the routed port on SW3 are not in a vlan. But the ports on SW2 that SW1 & SW3 connect to are in a vlan.

So there is a L2 path between SW1 & SW3 for that vlan but that path is via SW2. It is not via the direct link between SW1 & SW3.

If instead of routed ports on SW1/SW3 you had configured "int vlan 2" and given them IP addresses then the L2 path would indeed be across the direct link between SW1 & SW3.

That was what i was trying to point out. The difference between a routed port and switchport on a L3 switch. Unfortunately i made a mistake regarding which ports STP would block, thankfully Peter was on hand to correct it.

Have a good flight :-)

Jon

Hall of Fame Super Blue

Re: few questions to confirm my concept

Sarah

"Why? as the trunk also carries vlan2, so sw1 can send hsrp hello to sw3 vua that trunk."

Lets look at it from the perspective of SW1.

SW1 connects to SW2 and on SW2 that port is in vlan 2.

SW2 connects to SW3 and on SW2 that port is in vlan 2.

So if SW1 sends a packet out of the routed port it will arrive on SW2 in vlan 2. SW2 will then send that packet out to SW3 because that port is also in vlan 2. So you can see there is a direct L2 path between the SW1 routed port and the SW3 routed port.

Now lets looks at it again from SW1 the other way.

SW1 port is a routed port, it is not part of a vlan. So for it to send a packet in vlan 2 and go via the L2 trunk between SW1 & SW3 the packet would have to be routed onto vlan 2 within SW1 ie. there is no direct L2 path between the routed port on SW1 and the routed port on SW3 via the trunk link.

And if the packet has to be routed then HSRP packets wouldn't work that way. Note that in the first example going via SW2 the packet is not routed, it is simply switched through vlan 2 fron SW1 -> SW2 -> SW3.

Key thing to understand is that routed ports on a switch cannot be part of a vlan. So to get to vlan 2 on the same switch the packet would have to be routed.

It can be a tricky concept to understand.

Jon

18 REPLIES
Hall of Fame Super Silver

Re: few questions to confirm my concept

Hello Sarah,

your understanding is correct:

a L2 end-to-end path has to exist between host h1 and its default gateway.

Default gateway can be an SVI or a routed port.

In real world 99.99% of times we use option2 to avoid to dedicate an inter-switch link to vlan2 broadcast domain.

Hope to help

Giuseppe

Cisco Employee

Re: few questions to confirm my concept

Hello Sarah,

Option 1: Absolutely correct. It can be done this way. The downside of this approach is that the link between Sw1 and Sw2 is an access link, not a trunk, and cannot presently serve to carry multiple VLANs and perhaps provide routing between them.

Option 2: Absolutely correct. This is the typical configuration.

Option 3: Absolutely correct. The downside is similar to the Option 1.

Regarding your "last question": I am pretty sure that everybody here enjoys having these conversations with you and would be much happier if this wasn't the last question in the next 6 months. But hey, what do you know? Maybe after spotting your talent you'll get to work with those 6500 right after the first month :) (Never been in army so please forgive my naive jokes here.)

Best regards,

Peter

Bronze

Re: few questions to confirm my concept

Thanks Peter, Giuseppe, and Jon

For Peter.

I have never been in army before so don't worry about the naive jokes. Army won't let me work with routers rightaway. During this three months training, they will teach me every thing from assembling the gun to throwing grenades. Actually I was looking at your profile and really amazed to read about the country your are from. It Is very beautiful country.

For Giuseppe.

Let me congratuale you for being a top net pro.

You guys have a wonderful day.

Cisco Employee

Re: few questions to confirm my concept

Sarah,

You are heartily welcome.

Thank you for your compliments about Slovakia - yes, absolutely, it is a wonderful country.

About Giuseppe: agree 100%. Giuseppe, how come that there is no interview with you here on NetPro?

Best regards,

Peter

Super Bronze

Re: few questions to confirm my concept

"Giuseppe, how come that there is no interview with you here on NetPro? "

Peter, not 100% positive, but strongly suggest it's because Giuseppe, much like you, is a relatively new contributor, who also provides many, many posts of high quality. I'm relatively new contributor myself, and I recall Giuseppe becoming highly active.

Hall of Fame Super Blue

Re: few questions to confirm my concept

Peter

As Joseph says it really depends on how active people are ie. Giuseppe is very active and has moved up the tables very quickly so there is just a lag between being on the all time table and getting an interview.

I'm assuming that you have both now seen Giuseppe's interview though as it has just been posted to the site.

Giuseppe - good to put a face to your name.

Joseph, can't be long before you pop up as well ?

Jon

Hall of Fame Super Silver

Re: few questions to confirm my concept

Hello Peter, Jon and Joseph

Peter: I'm a newcomer in comparison to Jon, Richard Burts, Paolo and others. As you can see your desire to see my interview has been satisfied. :-)

Jon: I hope we will have a chance to meet in some event in the future.

I can say I had the same thought about Jon because his interview appeared one year ago if I'm not wrong.

And yes I expect to see also Joseph's interview and later Peter's one.

Hope to help

Giuseppe

Hall of Fame Super Blue

Re: few questions to confirm my concept

Actually this follows on from a question i was dealing with a while back.

As Giuseppe and Peter say all 3 will work and the most flexible is option 2.

However there is a big difference between option 1 and option 3.

Option 1 makes the switchport a routed port ie. it is not a member of any vlan.

In your example it makes little difference but imagine if you have another L3 switch (SW3) connected to SW1 via a L2 trunk. And sw2 is connected to both SW1 & SW3. You want to run HSRP between SW1 and SW3 for this vlan. This is a very common setup.

With option 3 no problem because you can configure HSRP under the L3 SVI for vlan 2 and the HSRP packets will flow across the L2 trunk link between the 2 L3 SVI's for vlan 2.

However if you used option 1 then it would behave quite differently. Because the 2 ports are not members of any vlan the HSRP packets cannot flow between the 2 routed ports across the L2 trunk. HSRP would not work, assuming the one of the uplinks from sw2 was blocked as there is now no L2 path between the 2 routed ports.

Note if the L2 trunk between SW1 & SW3 ended up being blocked then the 2 uplinks from SW2 would both be forwarding and so HSRP would work.

Finally, looking forward to hearing from you again in 6 months time with all those tricky 6500 questions :-)

Jon

Cisco Employee

Re: few questions to confirm my concept

Hello Jon,

You confused me here:

However if you used option 1 then it would behave quite differently. Because the 2 ports are not members of any vlan the HSRP packets cannot flow between the 2 routed ports across the L2 trunk. HSRP would not work [cut]

It is true that a routed port is not a member of any VLAN. But why should the HSRP Hellos flow through the L2 trunk between SW1 and SW3? Assuming that the SW2 is connected to both SW1 and SW3 and both ports on SW2 are in VLAN2 then the hellos would be sent from SW1 routed port via SW2 to SW3 routed port and vice versa. I think that the HSRP should be working just fine here. And also, no uplink from SW2 would be STP-blocked as the routed ports do not send or receive BPDUs.

Maybe I misunderstood you - can you please help me here?

Best regards,

Peter

176
Views
5
Helpful
18
Replies