How to tell if my vlans are layer 2 or layer 3.

The other day I was asked if my network used layer 2 or layer 3 vlans
and I really wasn't sure and I didn't know what to look for. I did
some googling and I am guessing that my network uses layer 3 vlans
since different parts of the building have their own subnet and
default gateway. I also looked at the config on my 4507 and it shows
different IP addresses for each vlan. What's the easiest way to tell?

 

AFAIK VLANS would be consider to be a layer 2.

If routing is configured on a switch then the switch is a layer 3
switch ( show ip protocol)

 

VLANs are a layer 2 concept. You'll have to ask the person who asked you
that question what she or he means by a "layer 3 VLAN".

 

Hi Merv.

I typed the "show ip protcol" and I also typed "show route"...here's
what I got.
Thanks.

Cat4507#sh ip protocol
*** IP Routing is NSF aware ***

Cat4507#sh route

Cat4507#

 

While my colleagues above definitely have it right, I believe the true
context of the question is in regard to layer 3 architecture. If you
are using a central set of 'core' switches that effectively own all
vlans, as well as have vlan interfaces (usually via an MSFC, but could
just be l3 switches), then this is a centralized layer 2 and 3
design. However, if you have decided to go the newer route of having
all of your switches (referring to sectors, idfs, or the 'distribution
& access' layers) have their own layer 3 vlans and networks
distributed out, this is a 'distributed layer 3' model in which your
vlans are pushed out into the datacenter. This means that there is
effectively no spanning-tree, as vlans are only trunked between two
switches in the same sector/idf/distribution point for redundancy to
servers and nodes, but all other communications are done via layer 3
via route advertisements (hopefully very well designed and
summarized). In short, you may have a /24 or 2 on each set of
distribution switches, and run an IGP routing protocol to advertise
these to the core. The core then summarizes all of the /24s from all
the distribution switches to a /16, /17, or /18 (or smaller of course
depending on network size), which then connects to WAN routers that
connect to other sites with the same configuration. This means that
local routing tables are a bit larger and more distributed, but wide
area network tables should be well summarized from the getgo if proper
design and ip-schema was used.

Hope this helps.

 

I typed the "show ip protcol" and I also typed "show route"...here's
what I got.
Thanks.

Cat4507#sh ip protocol
*** IP Routing is NSF aware ***

Cat4507#sh route



to see IP routes use the command "show ip route"

The command you typed in (sh route) would display route-maps if any
where configured

 

Here's the result of show ip route.
Cat4507#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user
static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.20.9 to network 0.0.0.0

172.16.0.0/22 is subnetted, 12 subnets
C 172.16.60.0 is directly connected, Vlan195
C 172.16.56.0 is directly connected, Vlan175
C 172.16.52.0 is directly connected, Vlan600
C 172.16.48.0 is directly connected, Vlan300
C 172.16.44.0 is directly connected, Vlan700
C 172.16.40.0 is directly connected, Vlan500
C 172.16.36.0 is directly connected, Vlan800
C 172.16.32.0 is directly connected, Vlan200
C 172.16.28.0 is directly connected, Vlan150
C 172.16.24.0 is directly connected, Vlan125
C 172.16.20.0 is directly connected, Vlan100
C 172.16.64.0 is directly connected, Vlan400
10.0.0.0/16 is subnetted, 1 subnets
C 10.100.0.0 is directly connected, Vlan60
S* 0.0.0.0/0 [1/0] via 172.16.20.9
C 192.168.8.0/21 is directly connected, Vlan50
Cat4507#

thanks!

 

Presuming this is also the switch that owns layer 2 for these vlans,
this means that this box is also responsible for inter-vlan routing
between those devices. Going off my above post, this means you have a
centralized layer2/layer 3 model, although I guess you could have
somewhat of a hybrid if you have several of these switches around and
they all own l2 & l3 for different subnets. Judging from the size of
your subnets, I would guess this is not the case.

In essence, vlans are always layer 2 networks, and most of them are
routed at layer 3 by some device. I stick to my original post of what
I think the person was asking, but you just never know ;-).

 

Thanks for the explanation.
Yes, all vlans were created at the core with trunks going out to each
IDF.
I guess I have what's called a centralized layer 2 and 3 design.
Each IDF only servers about 75 computers out of a total of 1200
computers, so would it even make sense to do distributed layer 3?

thanks

 

Distributed layer 3 has its positives and negatives, but my answer to
your question is most likely a 'no'. The general positives are the
elimination of risk due to spanning tree, as you can't have layer 2
loops when there is no trunking out to the distribution layer (well
unless you have some weird core configuration). Additionally, you can
make it very 'pretty' if you have a well-designed IP schema, and you
can summarize nicely. This is particularly important for companies
with many large WAN sites. This also makes sense when you don't need
servers in two different locations (idfs, sectors, etc) in the same
VLAN. Generally if you are putting environments in consistent
locations based on function, then distributed layer 3 can work well.

The biggest downfall is cost. Your devices have to be routing enabled
(layer 3 switches or enterprise class switches with msfc's), and these
switches generally should not be small if you have any significant
bandwidth. What I mean by this is, it generally takes less processor
utilization to switch frames (as opposed to l3 routing, regardless of
cut-through, etc), and smaller switches like 3500s, etc, are not going
to be able to route gigs of traffic due to its smaller backplane and
small processor. The bottom line is to use your judgment, and Cisco
Sales Engineers are usually pretty good about recommending when
needed.

I will say that some of the newer switches which allow stacking may be
a lot better for distributed layer 3, but I don't have much experience
with those. My company uses distributed layer 3 for their global
network to avoid spanning-tree, but still uses centralized for their
DMZs, but is considering options to migrate those as well. Then again
as a financial company, we spend whatever it takes....

 

I should also add that distributed layer 3 also can lead to better
routing designs, as it generally pushes you to having a few core
networks where all routing information is exchanged, and keeping
everything else separated and passive. While this isn't necessarily a
given (it can still easily be screwed up), its usually a product of
going to a well-thought DL3 design.

On the layer 2 side, this distributes switching processing out to each
sector or IDF, saving your backbone and any particular switch from
doing too much (only processes packets going to/from its own ports,
and not anywhere else unless the source or destination is local).

Again, costly, but can be well worth it for very large networks.