How to tell if my vlans are layer 2 or layer 3.

Discussion in 'Cisco' started by BrooklynBadass, Sep 11, 2007.

  1. The other day I was asked if my network used layer 2 or layer 3 vlans
    and I really wasn't sure and I didn't know what to look for. I did
    some googling and I am guessing that my network uses layer 3 vlans
    since different parts of the building have their own subnet and
    default gateway. I also looked at the config on my 4507 and it shows
    different IP addresses for each vlan. What's the easiest way to tell?
    BrooklynBadass, Sep 11, 2007
    #1
    1. Advertising

  2. BrooklynBadass

    Merv Guest


    > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.


    AFAIK VLANS would be consider to be a layer 2.

    If routing is configured on a switch then the switch is a layer 3
    switch ( show ip protocol)
    Merv, Sep 11, 2007
    #2
    1. Advertising

  3. BrooklynBadass schrieb:
    > The other day I was asked if my network used layer 2 or layer 3 vlans
    > and I really wasn't sure and I didn't know what to look for.


    VLANs are a layer 2 concept. You'll have to ask the person who asked you
    that question what she or he means by a "layer 3 VLAN".

    --
    Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
    Tilman Schmidt, Sep 11, 2007
    #3
  4. On Sep 11, 5:27 am, Merv <> wrote:
    > > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

    >
    > AFAIK VLANS would be consider to be a layer 2.
    >
    > If routing is configured on a switch then the switch is a layer 3
    > switch ( show ip protocol)


    Hi Merv.

    I typed the "show ip protcol" and I also typed "show route"...here's
    what I got.
    Thanks.

    Cat4507#sh ip protocol
    *** IP Routing is NSF aware ***

    Cat4507#sh route

    Cat4507#
    BrooklynBadass, Sep 11, 2007
    #4
  5. BrooklynBadass

    Trendkill Guest

    On Sep 11, 7:10 am, BrooklynBadass <> wrote:
    > On Sep 11, 5:27 am, Merv <> wrote:
    >
    > > > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

    >
    > > AFAIK VLANS would be consider to be a layer 2.

    >
    > > If routing is configured on a switch then the switch is a layer 3
    > > switch ( show ip protocol)

    >
    > Hi Merv.
    >
    > I typed the "show ip protcol" and I also typed "show route"...here's
    > what I got.
    > Thanks.
    >
    > Cat4507#sh ip protocol
    > *** IP Routing is NSF aware ***
    >
    > Cat4507#sh route
    >
    > Cat4507#


    While my colleagues above definitely have it right, I believe the true
    context of the question is in regard to layer 3 architecture. If you
    are using a central set of 'core' switches that effectively own all
    vlans, as well as have vlan interfaces (usually via an MSFC, but could
    just be l3 switches), then this is a centralized layer 2 and 3
    design. However, if you have decided to go the newer route of having
    all of your switches (referring to sectors, idfs, or the 'distribution
    & access' layers) have their own layer 3 vlans and networks
    distributed out, this is a 'distributed layer 3' model in which your
    vlans are pushed out into the datacenter. This means that there is
    effectively no spanning-tree, as vlans are only trunked between two
    switches in the same sector/idf/distribution point for redundancy to
    servers and nodes, but all other communications are done via layer 3
    via route advertisements (hopefully very well designed and
    summarized). In short, you may have a /24 or 2 on each set of
    distribution switches, and run an IGP routing protocol to advertise
    these to the core. The core then summarizes all of the /24s from all
    the distribution switches to a /16, /17, or /18 (or smaller of course
    depending on network size), which then connects to WAN routers that
    connect to other sites with the same configuration. This means that
    local routing tables are a bit larger and more distributed, but wide
    area network tables should be well summarized from the getgo if proper
    design and ip-schema was used.

    Hope this helps.
    Trendkill, Sep 11, 2007
    #5
  6. BrooklynBadass

    Merv Guest

    I typed the "show ip protcol" and I also typed "show route"...here's
    what I got.
    Thanks.

    Cat4507#sh ip protocol
    *** IP Routing is NSF aware ***

    Cat4507#sh route



    to see IP routes use the command "show ip route"

    The command you typed in (sh route) would display route-maps if any
    where configured
    Merv, Sep 11, 2007
    #6
  7. On Sep 11, 7:42 am, Merv <> wrote:
    > I typed the "show ip protcol" and I also typed "show route"...here's
    > what I got.
    > Thanks.
    >
    > Cat4507#sh ip protocol
    > *** IP Routing is NSF aware ***
    >
    > Cat4507#sh route
    >
    > to see IP routes use the command "show ip route"
    >
    > The command you typed in (sh route) would display route-maps if any
    > where configured


    Here's the result of show ip route.
    Cat4507#sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 172.16.20.9 to network 0.0.0.0

    172.16.0.0/22 is subnetted, 12 subnets
    C 172.16.60.0 is directly connected, Vlan195
    C 172.16.56.0 is directly connected, Vlan175
    C 172.16.52.0 is directly connected, Vlan600
    C 172.16.48.0 is directly connected, Vlan300
    C 172.16.44.0 is directly connected, Vlan700
    C 172.16.40.0 is directly connected, Vlan500
    C 172.16.36.0 is directly connected, Vlan800
    C 172.16.32.0 is directly connected, Vlan200
    C 172.16.28.0 is directly connected, Vlan150
    C 172.16.24.0 is directly connected, Vlan125
    C 172.16.20.0 is directly connected, Vlan100
    C 172.16.64.0 is directly connected, Vlan400
    10.0.0.0/16 is subnetted, 1 subnets
    C 10.100.0.0 is directly connected, Vlan60
    S* 0.0.0.0/0 [1/0] via 172.16.20.9
    C 192.168.8.0/21 is directly connected, Vlan50
    Cat4507#

    thanks!
    BrooklynBadass, Sep 12, 2007
    #7
  8. BrooklynBadass

    Trendkill Guest

    On Sep 12, 7:20 am, BrooklynBadass <> wrote:
    > On Sep 11, 7:42 am, Merv <> wrote:
    >
    > > I typed the "show ip protcol" and I also typed "show route"...here's
    > > what I got.
    > > Thanks.

    >
    > > Cat4507#sh ip protocol
    > > *** IP Routing is NSF aware ***

    >
    > > Cat4507#sh route

    >
    > > to see IP routes use the command "show ip route"

    >
    > > The command you typed in (sh route) would display route-maps if any
    > > where configured

    >
    > Here's the result of show ip route.
    > Cat4507#sh ip route
    > Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    > E1 - OSPF external type 1, E2 - OSPF external type 2
    > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    > level-2
    > ia - IS-IS inter area, * - candidate default, U - per-user
    > static route
    > o - ODR, P - periodic downloaded static route
    >
    > Gateway of last resort is 172.16.20.9 to network 0.0.0.0
    >
    > 172.16.0.0/22 is subnetted, 12 subnets
    > C 172.16.60.0 is directly connected, Vlan195
    > C 172.16.56.0 is directly connected, Vlan175
    > C 172.16.52.0 is directly connected, Vlan600
    > C 172.16.48.0 is directly connected, Vlan300
    > C 172.16.44.0 is directly connected, Vlan700
    > C 172.16.40.0 is directly connected, Vlan500
    > C 172.16.36.0 is directly connected, Vlan800
    > C 172.16.32.0 is directly connected, Vlan200
    > C 172.16.28.0 is directly connected, Vlan150
    > C 172.16.24.0 is directly connected, Vlan125
    > C 172.16.20.0 is directly connected, Vlan100
    > C 172.16.64.0 is directly connected, Vlan400
    > 10.0.0.0/16 is subnetted, 1 subnets
    > C 10.100.0.0 is directly connected, Vlan60
    > S* 0.0.0.0/0 [1/0] via 172.16.20.9
    > C 192.168.8.0/21 is directly connected, Vlan50
    > Cat4507#
    >
    > thanks!


    Presuming this is also the switch that owns layer 2 for these vlans,
    this means that this box is also responsible for inter-vlan routing
    between those devices. Going off my above post, this means you have a
    centralized layer2/layer 3 model, although I guess you could have
    somewhat of a hybrid if you have several of these switches around and
    they all own l2 & l3 for different subnets. Judging from the size of
    your subnets, I would guess this is not the case.

    In essence, vlans are always layer 2 networks, and most of them are
    routed at layer 3 by some device. I stick to my original post of what
    I think the person was asking, but you just never know ;-).
    Trendkill, Sep 12, 2007
    #8
  9. On Sep 11, 7:25 am, Trendkill <> wrote:
    > On Sep 11, 7:10 am, BrooklynBadass <> wrote:
    >
    >
    >
    >
    >
    > > On Sep 11, 5:27 am, Merv <> wrote:

    >
    > > > > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

    >
    > > > AFAIK VLANS would be consider to be a layer 2.

    >
    > > > If routing is configured on a switch then the switch is a layer 3
    > > > switch ( show ip protocol)

    >
    > > Hi Merv.

    >
    > > I typed the "show ip protcol" and I also typed "show route"...here's
    > > what I got.
    > > Thanks.

    >
    > > Cat4507#sh ip protocol
    > > *** IP Routing is NSF aware ***

    >
    > > Cat4507#sh route

    >
    > > Cat4507#

    >
    > While my colleagues above definitely have it right, I believe the true
    > context of the question is in regard to layer 3 architecture. If you
    > are using a central set of 'core' switches that effectively own all
    > vlans, as well as have vlan interfaces (usually via an MSFC, but could
    > just be l3 switches), then this is a centralized layer 2 and 3
    > design. However, if you have decided to go the newer route of having
    > all of your switches (referring to sectors, idfs, or the 'distribution
    > & access' layers) have their own layer 3 vlans and networks
    > distributed out, this is a 'distributed layer 3' model in which your
    > vlans are pushed out into the datacenter. This means that there is
    > effectively no spanning-tree, as vlans are only trunked between two
    > switches in the same sector/idf/distribution point for redundancy to
    > servers and nodes, but all other communications are done via layer 3
    > via route advertisements (hopefully very well designed and
    > summarized). In short, you may have a /24 or 2 on each set of
    > distribution switches, and run an IGP routing protocol to advertise
    > these to the core. The core then summarizes all of the /24s from all
    > the distribution switches to a /16, /17, or /18 (or smaller of course
    > depending on network size), which then connects to WAN routers that
    > connect to other sites with the same configuration. This means that
    > local routing tables are a bit larger and more distributed, but wide
    > area network tables should be well summarized from the getgo if proper
    > design and ip-schema was used.
    >
    > Hope this helps.- Hide quoted text -
    >
    > - Show quoted text -


    Thanks for the explanation.
    Yes, all vlans were created at the core with trunks going out to each
    IDF.
    I guess I have what's called a centralized layer 2 and 3 design.
    Each IDF only servers about 75 computers out of a total of 1200
    computers, so would it even make sense to do distributed layer 3?

    thanks
    BrooklynBadass, Sep 12, 2007
    #9
  10. BrooklynBadass

    Trendkill Guest

    On Sep 12, 7:27 am, BrooklynBadass <> wrote:
    > On Sep 11, 7:25 am, Trendkill <> wrote:
    >
    >
    >
    > > On Sep 11, 7:10 am, BrooklynBadass <> wrote:

    >
    > > > On Sep 11, 5:27 am, Merv <> wrote:

    >
    > > > > > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

    >
    > > > > AFAIK VLANS would be consider to be a layer 2.

    >
    > > > > If routing is configured on a switch then the switch is a layer 3
    > > > > switch ( show ip protocol)

    >
    > > > Hi Merv.

    >
    > > > I typed the "show ip protcol" and I also typed "show route"...here's
    > > > what I got.
    > > > Thanks.

    >
    > > > Cat4507#sh ip protocol
    > > > *** IP Routing is NSF aware ***

    >
    > > > Cat4507#sh route

    >
    > > > Cat4507#

    >
    > > While my colleagues above definitely have it right, I believe the true
    > > context of the question is in regard to layer 3 architecture. If you
    > > are using a central set of 'core' switches that effectively own all
    > > vlans, as well as have vlan interfaces (usually via an MSFC, but could
    > > just be l3 switches), then this is a centralized layer 2 and 3
    > > design. However, if you have decided to go the newer route of having
    > > all of your switches (referring to sectors, idfs, or the 'distribution
    > > & access' layers) have their own layer 3 vlans and networks
    > > distributed out, this is a 'distributed layer 3' model in which your
    > > vlans are pushed out into the datacenter. This means that there is
    > > effectively no spanning-tree, as vlans are only trunked between two
    > > switches in the same sector/idf/distribution point for redundancy to
    > > servers and nodes, but all other communications are done via layer 3
    > > via route advertisements (hopefully very well designed and
    > > summarized). In short, you may have a /24 or 2 on each set of
    > > distribution switches, and run an IGP routing protocol to advertise
    > > these to the core. The core then summarizes all of the /24s from all
    > > the distribution switches to a /16, /17, or /18 (or smaller of course
    > > depending on network size), which then connects to WAN routers that
    > > connect to other sites with the same configuration. This means that
    > > local routing tables are a bit larger and more distributed, but wide
    > > area network tables should be well summarized from the getgo if proper
    > > design and ip-schema was used.

    >
    > > Hope this helps.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Thanks for the explanation.
    > Yes, all vlans were created at the core with trunks going out to each
    > IDF.
    > I guess I have what's called a centralized layer 2 and 3 design.
    > Each IDF only servers about 75 computers out of a total of 1200
    > computers, so would it even make sense to do distributed layer 3?
    >
    > thanks


    Distributed layer 3 has its positives and negatives, but my answer to
    your question is most likely a 'no'. The general positives are the
    elimination of risk due to spanning tree, as you can't have layer 2
    loops when there is no trunking out to the distribution layer (well
    unless you have some weird core configuration). Additionally, you can
    make it very 'pretty' if you have a well-designed IP schema, and you
    can summarize nicely. This is particularly important for companies
    with many large WAN sites. This also makes sense when you don't need
    servers in two different locations (idfs, sectors, etc) in the same
    VLAN. Generally if you are putting environments in consistent
    locations based on function, then distributed layer 3 can work well.

    The biggest downfall is cost. Your devices have to be routing enabled
    (layer 3 switches or enterprise class switches with msfc's), and these
    switches generally should not be small if you have any significant
    bandwidth. What I mean by this is, it generally takes less processor
    utilization to switch frames (as opposed to l3 routing, regardless of
    cut-through, etc), and smaller switches like 3500s, etc, are not going
    to be able to route gigs of traffic due to its smaller backplane and
    small processor. The bottom line is to use your judgment, and Cisco
    Sales Engineers are usually pretty good about recommending when
    needed.

    I will say that some of the newer switches which allow stacking may be
    a lot better for distributed layer 3, but I don't have much experience
    with those. My company uses distributed layer 3 for their global
    network to avoid spanning-tree, but still uses centralized for their
    DMZs, but is considering options to migrate those as well. Then again
    as a financial company, we spend whatever it takes....
    Trendkill, Sep 12, 2007
    #10
  11. BrooklynBadass

    Trendkill Guest

    On Sep 12, 7:45 am, Trendkill <> wrote:
    > On Sep 12, 7:27 am, BrooklynBadass <> wrote:
    >
    >
    >
    > > On Sep 11, 7:25 am, Trendkill <> wrote:

    >
    > > > On Sep 11, 7:10 am, BrooklynBadass <> wrote:

    >
    > > > > On Sep 11, 5:27 am, Merv <> wrote:

    >
    > > > > > > The other day I was asked if my network used layer 2 or layer 3 vlansPerhaps the question should have been do you have layer 2 or layer 3 switches in your network.

    >
    > > > > > AFAIK VLANS would be consider to be a layer 2.

    >
    > > > > > If routing is configured on a switch then the switch is a layer 3
    > > > > > switch ( show ip protocol)

    >
    > > > > Hi Merv.

    >
    > > > > I typed the "show ip protcol" and I also typed "show route"...here's
    > > > > what I got.
    > > > > Thanks.

    >
    > > > > Cat4507#sh ip protocol
    > > > > *** IP Routing is NSF aware ***

    >
    > > > > Cat4507#sh route

    >
    > > > > Cat4507#

    >
    > > > While my colleagues above definitely have it right, I believe the true
    > > > context of the question is in regard to layer 3 architecture. If you
    > > > are using a central set of 'core' switches that effectively own all
    > > > vlans, as well as have vlan interfaces (usually via an MSFC, but could
    > > > just be l3 switches), then this is a centralized layer 2 and 3
    > > > design. However, if you have decided to go the newer route of having
    > > > all of your switches (referring to sectors, idfs, or the 'distribution
    > > > & access' layers) have their own layer 3 vlans and networks
    > > > distributed out, this is a 'distributed layer 3' model in which your
    > > > vlans are pushed out into the datacenter. This means that there is
    > > > effectively no spanning-tree, as vlans are only trunked between two
    > > > switches in the same sector/idf/distribution point for redundancy to
    > > > servers and nodes, but all other communications are done via layer 3
    > > > via route advertisements (hopefully very well designed and
    > > > summarized). In short, you may have a /24 or 2 on each set of
    > > > distribution switches, and run an IGP routing protocol to advertise
    > > > these to the core. The core then summarizes all of the /24s from all
    > > > the distribution switches to a /16, /17, or /18 (or smaller of course
    > > > depending on network size), which then connects to WAN routers that
    > > > connect to other sites with the same configuration. This means that
    > > > local routing tables are a bit larger and more distributed, but wide
    > > > area network tables should be well summarized from the getgo if proper
    > > > design and ip-schema was used.

    >
    > > > Hope this helps.- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > Thanks for the explanation.
    > > Yes, all vlans were created at the core with trunks going out to each
    > > IDF.
    > > I guess I have what's called a centralized layer 2 and 3 design.
    > > Each IDF only servers about 75 computers out of a total of 1200
    > > computers, so would it even make sense to do distributed layer 3?

    >
    > > thanks

    >
    > Distributed layer 3 has its positives and negatives, but my answer to
    > your question is most likely a 'no'. The general positives are the
    > elimination of risk due to spanning tree, as you can't have layer 2
    > loops when there is no trunking out to the distribution layer (well
    > unless you have some weird core configuration). Additionally, you can
    > make it very 'pretty' if you have a well-designed IP schema, and you
    > can summarize nicely. This is particularly important for companies
    > with many large WAN sites. This also makes sense when you don't need
    > servers in two different locations (idfs, sectors, etc) in the same
    > VLAN. Generally if you are putting environments in consistent
    > locations based on function, then distributed layer 3 can work well.
    >
    > The biggest downfall is cost. Your devices have to be routing enabled
    > (layer 3 switches or enterprise class switches with msfc's), and these
    > switches generally should not be small if you have any significant
    > bandwidth. What I mean by this is, it generally takes less processor
    > utilization to switch frames (as opposed to l3 routing, regardless of
    > cut-through, etc), and smaller switches like 3500s, etc, are not going
    > to be able to route gigs of traffic due to its smaller backplane and
    > small processor. The bottom line is to use your judgment, and Cisco
    > Sales Engineers are usually pretty good about recommending when
    > needed.
    >
    > I will say that some of the newer switches which allow stacking may be
    > a lot better for distributed layer 3, but I don't have much experience
    > with those. My company uses distributed layer 3 for their global
    > network to avoid spanning-tree, but still uses centralized for their
    > DMZs, but is considering options to migrate those as well. Then again
    > as a financial company, we spend whatever it takes....



    I should also add that distributed layer 3 also can lead to better
    routing designs, as it generally pushes you to having a few core
    networks where all routing information is exchanged, and keeping
    everything else separated and passive. While this isn't necessarily a
    given (it can still easily be screwed up), its usually a product of
    going to a well-thought DL3 design.

    On the layer 2 side, this distributes switching processing out to each
    sector or IDF, saving your backbone and any particular switch from
    doing too much (only processes packets going to/from its own ports,
    and not anywhere else unless the source or destination is local).

    Again, costly, but can be well worth it for very large networks.
    Trendkill, Sep 12, 2007
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sasha

    Layer 3 based VLANs

    Sasha, May 6, 2004, in forum: Cisco
    Replies:
    4
    Views:
    849
    Sasha
    May 7, 2004
  2. Replies:
    0
    Views:
    553
  3. punisher
    Replies:
    2
    Views:
    2,061
    Charles Deling
    Nov 17, 2005
  4. Replies:
    8
    Views:
    2,577
  5. James Harris
    Replies:
    3
    Views:
    2,004
Loading...

Share This Page