Solved: Re: L3 Vlan interaction with L2 switch

John Blakley · ‎10-08-2008

All,

If I create a L3 SVI, and assign an access port to that VLAN, then anyone within that L3 switch should STILL be able to see those devices in that vlan because the switch is in routing mode. Correct?

Now, what happens to hosts that are on L2 switches? If I ping a host that's on a L2 switch and the same subnet as the one that I just assigned the access port to, would I be able to see it, or would I need to create the vlan on the L2 switch as well and add that device to the vlan on the L2 switch for the hosts on the L3 to see each other?

Thanks,

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎10-08-2008

1) Broadcasts will always stay local to the vlan unless you configure your L3 interfaces to forward on the broadcasts.

The key thing to note is that the switch is a router if you enable ip routing. If you don't it is just a L2 switch, but broadcasts are still contained within the vlan.

2) Thw wording is a little misleading here. I think what your'e asking is if you have devices in vlan 2 on a L2 switch and vlan 2 has a routed interface on a L3 switch as does vlan 1 can devices in vlan 2 talk to devices in vlan 1 and the answer is yes.

If you had only L2 switches and the devices were allocated to different vlans then yes they would need to be in the same vlan to communicate.

Jon

View solution in original post

Jon Marshall · ‎10-08-2008

John

A layer 3 switch can have one L3 vlan interface active ie. up/up and not be in routing mode. This vlan interface would be used to manage the switch.

Assuming that your switch has ip routing enabled and you create a vlan eg vlan 10 at layer 2 and then you create a L3 SVI for vlan 10 ie.

interface vlan 10

ip address 192.168.5.1 255.255.255.0

if you then attached a device to that switch and put it into vlan 10 that device will

a) be able to communicate with all other devices in vlan 10

b) be able to communicate with other devices not in vlan 10 providing that the other devices also have a L3 interface for their subnet.

Lets say you now have a L2 switch connected to the L3 switch via a trunk and vlan 10 is allowed on that trunk link. You assign another device into vlan 10 on your L2 switch. Yes it can communicate with the device in vlan 10 on your L3 switch.

But vlan 10 must exist on your L2 switch and the switchport on your L2 switch must be assigned into vlan 10.

Think of vlans as L2 rather than L3. A vlan can extend across many switches and a device on one switch in the same vlan as a device on another switch can communicate with each other. The vlan must exist on all L2 switches.

For devices in this vlan to be able to communicate to devices outside of this vlan and vice-versa you need a routed interface for this vlan. It can be a subinterface on a router or a L3 SVI on a L3 switch.

Jon

John Blakley · ‎10-08-2008

So a couple more questions:

1. If I have a routed interface for vlans other than VLAN10, will broadcasts cross into those VLANs, or will the switch then pose as a router and not forward the broadcast?

2. Theoretically, if I have subnets 192.168.1.0 in VLAN1 and 192.168.2.0 in VLAN2, devices on VLAN2 will be able to communicate through a layer 2 switch into the L3 routed interface, and be able to see the 192.168.1.0 network without me adding any of those devices to VLAN2?

The second question would be different if I were working with two L2 switches, right? They HAVE to be on the same VLAN in order to communicate between switches?

Thanks again Jon!

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎10-08-2008

1) Broadcasts will always stay local to the vlan unless you configure your L3 interfaces to forward on the broadcasts.

The key thing to note is that the switch is a router if you enable ip routing. If you don't it is just a L2 switch, but broadcasts are still contained within the vlan.

2) Thw wording is a little misleading here. I think what your'e asking is if you have devices in vlan 2 on a L2 switch and vlan 2 has a routed interface on a L3 switch as does vlan 1 can devices in vlan 2 talk to devices in vlan 1 and the answer is yes.

If you had only L2 switches and the devices were allocated to different vlans then yes they would need to be in the same vlan to communicate.

Jon

John Blakley · ‎10-08-2008

Thanks Jon! I always like your answers :-)

Just to conclude, I added a L2 switch to my network, and verified how they would connect. I gave myself a static address, connected to the L2 switch, and I could NOT ping across the switches unless I made the port that I was in an access port to that VLAN. The point of this question was I have multiple printers (about 20) spread out on the subnet that I'm about to segment with VLANs. At first, we thought that we could just trunk the ports on the switch, but after I did it I realized that all workstations will come in untagged unless you tell the adapter what vlan to tag when it gets to the switch.

Long story short, I have to find all of my printers and make them access ports, and I failed to find a shortcut to do this cleanly. :-)

Thanks Jon!

John

HTH, John *** Please rate all useful posts ***