Couple of questions about Layer 3 switches... I guess I'm not clear on how to set them up properly when I want to route between vlans.
Lets say I have Vlan 100 and Vlan 200. 100 is on its own access layer L2 switch and 200 is on its own access layer L2 switch. Both of these L2 switches connect back to a single distribution L3 switch for routing. First off, do these links from L2 to L3 need to be trunked or can they simply be normal access port links? I would think they could just be normal links and then on the L3 switch port they connect to I would just set that port to L3 routing and assign that port an IP address and mask.
This correct? Would then the computers in the access layer then use the appropriate L3 switch port (the distribution layer switch) as its gateway? So if the L2 switch for Vlan 100 connects to the distribution switch at port 1/1, whatever IP I assigned to that port (1/1) would be the gateway for the entire Vlan 100? Same goes for Vlan 200?
Could SVI used for the same thing? I would think it could. In this case, I'm guessing I would make sure that I have both Vlans created on the distribution switch and I have each one of the appropriate vlans from the L2 connected to the appropriate vlan on the L3. In other words, I have to make sure on the distribution switch, that I set whatever port that Vlan 100 connects to it also has to be assigned to Vlan 100. Same for 200. Then I only have to assign and IP address and mask to the Vlan and NOT to the individual switch port...
Hope the above make sense. Just want to make sure I am following this properly. From what I can tell, setting up a L3 for routing is nearly the same as setting up a router. Only difference is I have waaay more interfaces to play with and also have SVI...
Why do we even need routers anyway? I'm guessing switches can't connect WAN interfaces... Yet...
Re-reading my book and re-reading my post, I think I didn't understand SVI properly. Essentially, SVI is used when multiple Vlans (although only two Vlans can be used too) are being trunked to the L3 swtich. Then all I have to do is create the Vlans on the L3 swtich and then assign the Vlans an IP and Mask for SVI to work.
So in my above example, I could trunk both L2 swiches (switch 1 Vlan 100 trunks to L3, switch 2 Vlan 200 also trunks to L3) back to the L3. Then setup the Vlans on the distribution and give them their addresses. Sounds simple...
If you never plan to have more than a single vlan on your layer 2 switches the link does "not" need to be trunked and can be a access port, if you have any plans to have multiple vlans on your access then just trunk them to begin with . On layer 2 switches the SVI is used to manage the switch only and has no other function . On layer 3 switches at the distribution layer with routing turned on the switch then when you create your layer 2 vlan and then the corrsponding layer 3 SVI for that vlan this is how routing is enabled on the layer 3 switch . If you do a show ip route on the layer 3 switch it will show all your defined layer 3 SVI' as connected routes and the switch then knows how to route between those particular vlans that you created . as for your other question users default gateway will always be the layer 3 SVI address for that particular vlan , that switch is the one that knows where to route it to .
Yup, I figured as much. So trunking is not neeeded at all in this case and SVI is used just fine? In this case, don't the L3 ports on the Dist. switch need to be assigned to the same Vlans coming off the access layer switches? For example, Vlan 100 connects to dist. switch port 1/1 and Vlan 200 conencts to dist. switch port 1/2. Won't 1/1 need to be assigned to Vlan 100 and 1/2 need to be assigned to Vlan 200? Seems to me they would have to be or else how would the switch know how to get to the Vlans...
If that is the case, one might as well go ahead and trunk the links even though only one Vlan is being carried over the trunk. Doing it like this, one doesn't have to worry about assigning any Vlans to the interfaces in the L3 switch. Only have to make sure that trunking is enabled properly on the L3 switch and it has access to each Vlan via the trunk links. Then SVI can be setup appropriately... Yes?
Man, there are lots of ways to do the same thing... :)
I think that Glen gave a very good answer. There is one aspect of your original post which he did not really address. In the original post you suggested configuring the port on the distribution switch as a layer 3 port and assigning an IP address to the port. This would not work if the port on the distribution switch is connecting to a layer 2 port on the access switch. The port on the distribution switch needs to be a layer 2 port and the layer 3 is the SVI (and just in case it is not obvious the SVI is interface vlan x). You could make the port on the distributio switch (1/1 and 1/2) either as access ports or as trunk ports. As Glen said in your current environment either access port or trunk port would work fine. Especially if you think that you might ever want more than a single VLAN on the access switch it is better to go ahead and make the distribution port into a trunk port (and make it a trunk on the access switch also).
Not sure how I missed your reply, but I'm glad I went back and re-read the post. I think I've got it figured out now...
I think I like the idea of stressing individual vlans per switch in a new environment. But of course, this is not the least costly solution. Although, it sure is a heck-of-a-lot easier to administer... :-)
As far as either making the port a trunk or keeping it as an access port and assigning the specific vlan to it (talking about the distribution switch), its six and a half dozen the other. Really doesn't matter unless future circumstances dictate that multiple vlans need to be carried on each switch...
"In the original post you suggested configuring the port on the distribution switch as a layer 3 port and assigning an IP address to the port. This would not work if the port on the distribution switch is connecting to a layer 2 port on the access switch"
Could you just clarify what you mean by this. Why i am confused is because this is exactly what you would do if you were connecting a standalone router to a switch ie. the switch port would be an access port allocated to a vlan and the router interface would have an IP address out of that vlan range.
So unless i have misunderstood your point, which i may well have done, i guess what i am asking is what is special about a routed port on a L3 switch that makes it different from a router interface.
I agree that generally you would use SVI's on the L3 switch.
He could use a routed port on the 3560 to feed a subnet , the only difference between that and an SVI is you cannot feed that subnet to multiple ports to trunk if you use a routed port versus and SVI on the 3560 . If you never need that subnet trunked to a different switch then it probably doesn't matter if you use a routed port or a SVI and corresponding vlan port .
If the port on the distribution switch is a layer 3 port then how will the distribution switch build the mac-address-table for the ports in the access layer switch?
This is assuming that you only have one vlan on the access-layer switch.
The distribution switch doesn't need to build a mac-address table for the ports as such. What is does need is an mac-address to IP address mapping and so it's arp table will say that clients in the vlan on the access-layer switch are accessible via the L3 interface on the distribution switch, which is exactly how a router does it.
Am i missing something ?
Given the restrictions of only a single VLAN on the access switch and that VLAN not extending to any other switch (including the distribution switch), if you want to treat the switch port like a router interface then I need to retract my statement that it would not work.