How to tell if my vlans are layer 2 or layer 3.

Discussion in 'Cisco' started by BrooklynBadass, Sep 11, 2007.

  1. The other day I was asked if my network used layer 2 or layer 3 vlans
    and I really wasn't sure and I didn't know what to look for. I did
    some googling and I am guessing that my network uses layer 3 vlans
    since different parts of the building have their own subnet and
    default gateway. I also looked at the config on my 4507 and it shows
    different IP addresses for each vlan. What's the easiest way to tell?
     
    BrooklynBadass, Sep 11, 2007
    #1
    1. Advertisements

  2. BrooklynBadass

    Merv Guest

    AFAIK VLANS would be consider to be a layer 2.

    If routing is configured on a switch then the switch is a layer 3
    switch ( show ip protocol)
     
    Merv, Sep 11, 2007
    #2
    1. Advertisements

  3. VLANs are a layer 2 concept. You'll have to ask the person who asked you
    that question what she or he means by a "layer 3 VLAN".
     
    Tilman Schmidt, Sep 11, 2007
    #3
  4. Hi Merv.

    I typed the "show ip protcol" and I also typed "show route"...here's
    what I got.
    Thanks.

    Cat4507#sh ip protocol
    *** IP Routing is NSF aware ***

    Cat4507#sh route

    Cat4507#
     
    BrooklynBadass, Sep 11, 2007
    #4
  5. BrooklynBadass

    Trendkill Guest

    While my colleagues above definitely have it right, I believe the true
    context of the question is in regard to layer 3 architecture. If you
    are using a central set of 'core' switches that effectively own all
    vlans, as well as have vlan interfaces (usually via an MSFC, but could
    just be l3 switches), then this is a centralized layer 2 and 3
    design. However, if you have decided to go the newer route of having
    all of your switches (referring to sectors, idfs, or the 'distribution
    & access' layers) have their own layer 3 vlans and networks
    distributed out, this is a 'distributed layer 3' model in which your
    vlans are pushed out into the datacenter. This means that there is
    effectively no spanning-tree, as vlans are only trunked between two
    switches in the same sector/idf/distribution point for redundancy to
    servers and nodes, but all other communications are done via layer 3
    via route advertisements (hopefully very well designed and
    summarized). In short, you may have a /24 or 2 on each set of
    distribution switches, and run an IGP routing protocol to advertise
    these to the core. The core then summarizes all of the /24s from all
    the distribution switches to a /16, /17, or /18 (or smaller of course
    depending on network size), which then connects to WAN routers that
    connect to other sites with the same configuration. This means that
    local routing tables are a bit larger and more distributed, but wide
    area network tables should be well summarized from the getgo if proper
    design and ip-schema was used.

    Hope this helps.
     
    Trendkill, Sep 11, 2007
    #5
  6. BrooklynBadass

    Merv Guest

    I typed the "show ip protcol" and I also typed "show route"...here's
    what I got.
    Thanks.

    Cat4507#sh ip protocol
    *** IP Routing is NSF aware ***

    Cat4507#sh route



    to see IP routes use the command "show ip route"

    The command you typed in (sh route) would display route-maps if any
    where configured
     
    Merv, Sep 11, 2007
    #6
  7. Here's the result of show ip route.
    Cat4507#sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 172.16.20.9 to network 0.0.0.0

    172.16.0.0/22 is subnetted, 12 subnets
    C 172.16.60.0 is directly connected, Vlan195
    C 172.16.56.0 is directly connected, Vlan175
    C 172.16.52.0 is directly connected, Vlan600
    C 172.16.48.0 is directly connected, Vlan300
    C 172.16.44.0 is directly connected, Vlan700
    C 172.16.40.0 is directly connected, Vlan500
    C 172.16.36.0 is directly connected, Vlan800
    C 172.16.32.0 is directly connected, Vlan200
    C 172.16.28.0 is directly connected, Vlan150
    C 172.16.24.0 is directly connected, Vlan125
    C 172.16.20.0 is directly connected, Vlan100
    C 172.16.64.0 is directly connected, Vlan400
    10.0.0.0/16 is subnetted, 1 subnets
    C 10.100.0.0 is directly connected, Vlan60
    S* 0.0.0.0/0 [1/0] via 172.16.20.9
    C 192.168.8.0/21 is directly connected, Vlan50
    Cat4507#

    thanks!
     
    BrooklynBadass, Sep 12, 2007
    #7
  8. BrooklynBadass

    Trendkill Guest

    Presuming this is also the switch that owns layer 2 for these vlans,
    this means that this box is also responsible for inter-vlan routing
    between those devices. Going off my above post, this means you have a
    centralized layer2/layer 3 model, although I guess you could have
    somewhat of a hybrid if you have several of these switches around and
    they all own l2 & l3 for different subnets. Judging from the size of
    your subnets, I would guess this is not the case.

    In essence, vlans are always layer 2 networks, and most of them are
    routed at layer 3 by some device. I stick to my original post of what
    I think the person was asking, but you just never know ;-).
     
    Trendkill, Sep 12, 2007
    #8
  9. Thanks for the explanation.
    Yes, all vlans were created at the core with trunks going out to each
    IDF.
    I guess I have what's called a centralized layer 2 and 3 design.
    Each IDF only servers about 75 computers out of a total of 1200
    computers, so would it even make sense to do distributed layer 3?

    thanks
     
    BrooklynBadass, Sep 12, 2007
    #9
  10. BrooklynBadass

    Trendkill Guest

    Distributed layer 3 has its positives and negatives, but my answer to
    your question is most likely a 'no'. The general positives are the
    elimination of risk due to spanning tree, as you can't have layer 2
    loops when there is no trunking out to the distribution layer (well
    unless you have some weird core configuration). Additionally, you can
    make it very 'pretty' if you have a well-designed IP schema, and you
    can summarize nicely. This is particularly important for companies
    with many large WAN sites. This also makes sense when you don't need
    servers in two different locations (idfs, sectors, etc) in the same
    VLAN. Generally if you are putting environments in consistent
    locations based on function, then distributed layer 3 can work well.

    The biggest downfall is cost. Your devices have to be routing enabled
    (layer 3 switches or enterprise class switches with msfc's), and these
    switches generally should not be small if you have any significant
    bandwidth. What I mean by this is, it generally takes less processor
    utilization to switch frames (as opposed to l3 routing, regardless of
    cut-through, etc), and smaller switches like 3500s, etc, are not going
    to be able to route gigs of traffic due to its smaller backplane and
    small processor. The bottom line is to use your judgment, and Cisco
    Sales Engineers are usually pretty good about recommending when
    needed.

    I will say that some of the newer switches which allow stacking may be
    a lot better for distributed layer 3, but I don't have much experience
    with those. My company uses distributed layer 3 for their global
    network to avoid spanning-tree, but still uses centralized for their
    DMZs, but is considering options to migrate those as well. Then again
    as a financial company, we spend whatever it takes....
     
    Trendkill, Sep 12, 2007
    #10
  11. BrooklynBadass

    Trendkill Guest


    I should also add that distributed layer 3 also can lead to better
    routing designs, as it generally pushes you to having a few core
    networks where all routing information is exchanged, and keeping
    everything else separated and passive. While this isn't necessarily a
    given (it can still easily be screwed up), its usually a product of
    going to a well-thought DL3 design.

    On the layer 2 side, this distributes switching processing out to each
    sector or IDF, saving your backbone and any particular switch from
    doing too much (only processes packets going to/from its own ports,
    and not anywhere else unless the source or destination is local).

    Again, costly, but can be well worth it for very large networks.
     
    Trendkill, Sep 12, 2007
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.