How to tell if my vlans are layer 2 or layer 3.

The other day I was asked if my network used layer 2 or layer 3 vlans and I really wasn't sure and I didn't know what to look for. I did some googling and I am guessing that my network uses layer 3 vlans since different parts of the building have their own subnet and default gateway. I also looked at the config on my 4507 and it shows different IP addresses for each vlan. What's the easiest way to tell?

Reply to
BrooklynBadass
Loading thread data ...

the question should have been do you have layer 2 or layer 3 switches in your network.

AFAIK VLANS would be consider to be a layer 2.

If routing is configured on a switch then the switch is a layer 3 switch ( show ip protocol)

Reply to
Merv

BrooklynBadass schrieb:

VLANs are a layer 2 concept. You'll have to ask the person who asked you that question what she or he means by a "layer 3 VLAN".

Reply to
Tilman Schmidt

the question should have been do you have layer 2 or layer 3 switches in your network.

Hi Merv.

I typed the "show ip protcol" and I also typed "show route"...here's what I got. Thanks.

Cat4507#sh ip protocol

*** IP Routing is NSF aware ***

Cat4507#sh route

Cat4507#

Reply to
BrooklynBadass

On Sep 11, 7:10 am, BrooklynBadass wrote:

vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

While my colleagues above definitely have it right, I believe the true context of the question is in regard to layer 3 architecture. If you are using a central set of 'core' switches that effectively own all vlans, as well as have vlan interfaces (usually via an MSFC, but could just be l3 switches), then this is a centralized layer 2 and 3 design. However, if you have decided to go the newer route of having all of your switches (referring to sectors, idfs, or the 'distribution & access' layers) have their own layer 3 vlans and networks distributed out, this is a 'distributed layer 3' model in which your vlans are pushed out into the datacenter. This means that there is effectively no spanning-tree, as vlans are only trunked between two switches in the same sector/idf/distribution point for redundancy to servers and nodes, but all other communications are done via layer 3 via route advertisements (hopefully very well designed and summarized). In short, you may have a /24 or 2 on each set of distribution switches, and run an IGP routing protocol to advertise these to the core. The core then summarizes all of the /24s from all the distribution switches to a /16, /17, or /18 (or smaller of course depending on network size), which then connects to WAN routers that connect to other sites with the same configuration. This means that local routing tables are a bit larger and more distributed, but wide area network tables should be well summarized from the getgo if proper design and ip-schema was used.

Hope this helps.

Reply to
Trendkill

I typed the "show ip protcol" and I also typed "show route"...here's what I got. Thanks.

Cat4507#sh ip protocol

*** IP Routing is NSF aware ***

Cat4507#sh route

to see IP routes use the command "show ip route"

The command you typed in (sh route) would display route-maps if any where configured

Reply to
Merv

Here's the result of show ip route. Cat4507#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.20.9 to network 0.0.0.0

172.16.0.0/22 is subnetted, 12 subnets C 172.16.60.0 is directly connected, Vlan195 C 172.16.56.0 is directly connected, Vlan175 C 172.16.52.0 is directly connected, Vlan600 C 172.16.48.0 is directly connected, Vlan300 C 172.16.44.0 is directly connected, Vlan700 C 172.16.40.0 is directly connected, Vlan500 C 172.16.36.0 is directly connected, Vlan800 C 172.16.32.0 is directly connected, Vlan200 C 172.16.28.0 is directly connected, Vlan150 C 172.16.24.0 is directly connected, Vlan125 C 172.16.20.0 is directly connected, Vlan100 C 172.16.64.0 is directly connected, Vlan400 10.0.0.0/16 is subnetted, 1 subnets C 10.100.0.0 is directly connected, Vlan60 S* 0.0.0.0/0 [1/0] via 172.16.20.9 C 192.168.8.0/21 is directly connected, Vlan50 Cat4507#

thanks!

Reply to
BrooklynBadass

Presuming this is also the switch that owns layer 2 for these vlans, this means that this box is also responsible for inter-vlan routing between those devices. Going off my above post, this means you have a centralized layer2/layer 3 model, although I guess you could have somewhat of a hybrid if you have several of these switches around and they all own l2 & l3 for different subnets. Judging from the size of your subnets, I would guess this is not the case.

In essence, vlans are always layer 2 networks, and most of them are routed at layer 3 by some device. I stick to my original post of what I think the person was asking, but you just never know ;-).

Reply to
Trendkill

vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

Thanks for the explanation. Yes, all vlans were created at the core with trunks going out to each IDF. I guess I have what's called a centralized layer 2 and 3 design. Each IDF only servers about 75 computers out of a total of 1200 computers, so would it even make sense to do distributed layer 3?

thanks

Reply to
BrooklynBadass

vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

Distributed layer 3 has its positives and negatives, but my answer to your question is most likely a 'no'. The general positives are the elimination of risk due to spanning tree, as you can't have layer 2 loops when there is no trunking out to the distribution layer (well unless you have some weird core configuration). Additionally, you can make it very 'pretty' if you have a well-designed IP schema, and you can summarize nicely. This is particularly important for companies with many large WAN sites. This also makes sense when you don't need servers in two different locations (idfs, sectors, etc) in the same VLAN. Generally if you are putting environments in consistent locations based on function, then distributed layer 3 can work well.

The biggest downfall is cost. Your devices have to be routing enabled (layer 3 switches or enterprise class switches with msfc's), and these switches generally should not be small if you have any significant bandwidth. What I mean by this is, it generally takes less processor utilization to switch frames (as opposed to l3 routing, regardless of cut-through, etc), and smaller switches like 3500s, etc, are not going to be able to route gigs of traffic due to its smaller backplane and small processor. The bottom line is to use your judgment, and Cisco Sales Engineers are usually pretty good about recommending when needed.

I will say that some of the newer switches which allow stacking may be a lot better for distributed layer 3, but I don't have much experience with those. My company uses distributed layer 3 for their global network to avoid spanning-tree, but still uses centralized for their DMZs, but is considering options to migrate those as well. Then again as a financial company, we spend whatever it takes....

Reply to
Trendkill

vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

I should also add that distributed layer 3 also can lead to better routing designs, as it generally pushes you to having a few core networks where all routing information is exchanged, and keeping everything else separated and passive. While this isn't necessarily a given (it can still easily be screwed up), its usually a product of going to a well-thought DL3 design.

On the layer 2 side, this distributes switching processing out to each sector or IDF, saving your backbone and any particular switch from doing too much (only processes packets going to/from its own ports, and not anywhere else unless the source or destination is local).

Again, costly, but can be well worth it for very large networks.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.