[nsp] Multi-layer switches - switching at L2, or sending up to
L3 first?
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Jan 10 00:20:53 EST 2003
If I understand this correctly...
Assuming you keep the ports defined as L3 then for multilayer switching to occur
an initial packet needs to be routed, if this is prohibited by acl then this
will not allow a mls path to be setup
Your answer is yes therefore!
And fyi I too have had a lot of problems finding in depth articles about the new
L3 switches to help figure out scenarios and problems..
Steve
--
Stephen J. Wilcox
BSc (Hons). CCIE #10730
Technical Director, Telecomplete
http://www.telecomplete.co.uk/
On Fri, 10 Jan 2003, Alastair Galloway wrote:
> Hi,
>
> I've got a question about how multi-layer switching devices (eg Cisco
> 3550s) handle traffic as it shifts between layers two and three. I've
> had a bit of a look at CCO but it's such a general question that I
> haven't found the answer.
>
> I will have a distribution router/switch (Cisco 3550) attached to a number
> of access switches (Cisco 1924s, 2924s and 2950s). Each access switch
> is in a classroom and has two VLANs (not including the management
> VLAN) - one for staff and one for students. This split allows some
> layer 3 access-lists to control where staff and students can send IP
> traffic. I'd like to re-use the same VLAN tags on each access switch
> without joining the like-tagged VLANs together. Before multi-layer
> switches I think that this would have worked fine (eg on a Cisco 2621):
>
> int FastEthernet 0/1
> description Access switch 1
> switchport mode trunk
> switchport trunk encapsulation isl
> !
> int FastEthernet 0/1.100
> description Staff VLAN (100) on access switch 1
> encapsulation isl 100
> ip address 192.168.0.1 255.255.255.0
> ip access-group from-192-168-0--24 in
> !
> int FastEthernet 0/1.200
> description Student VLAN (200) on access switch 1
> encapsulation isl 200
> ip address 192.168.128.1 255.255.255.0
> ip access-group from-192-168-128--24 in
> !
> int FastEthernet 0/2
> description Access switch 2
> switchport mode trunk
> switchport trunk encapsulation isl
> !
> int FastEthernet 0/2.100
> description Staff VLAN (100) on access switch 2
> encapsulation isl 100
> ip address 192.168.1.1 255.255.255.0
> ip access-group from-192-168-1--24 in
> !
> int FastEthernet 0/2.200
> description Student VLAN (200) on access switch 2
> encapsulation isl 200
> ip address 192.168.129.1 255.255.255.0
> ip access-group from-192-168-129--24 in
> !
>
> In this case hosts in VLAN 200 on access switch 1 could only talk at
> the Layer 2 level to other hosts in the same VLAN on the same switch. Even
> though Ethernet frames tagged with VLAN 200 came into two different
> interfaces on the distribution router (F0/1 and F0/2), the two
> like-tagged VLANs could only talk to each other by going through the
> Layer 3 process, which applied the access lists.
>
> However, I'm not sure about multi-layer switches. My question is
> would the above config work on Cisco 3550 to keep the traffic in the
> like-tagged VLANs, but on different physical interfaces, separate? Or
> would the switch/router "helpfully" switch all the like-tagged VLANs
> between physical interfaces at Layer 2, without making them go via
> Layer 3 (and it's access-lists)?
>
> If it turns out that the frames are switched at Layer 2 then I'll just
> have to say that staff VLANs are 200-299, rather than just 200, eg
> (lines snipped to make it shorter):
>
> !
> int FastEthernet 0/1.100
> description Staff VLAN (100) on access switch 1
> encapsulation isl 100
> !
> int FastEthernet 0/1.200
> description Student VLAN (200) on access switch 1
> encapsulation isl 200
> !
> int FastEthernet 0/2.101
> description Staff VLAN (101) on access switch 2
> encapsulation isl 101
> !
> int FastEthernet 0/2.201
> description Student VLAN (201) on access switch 2
> encapsulation isl 201
> !
>
>
> Cheers,
>
> Alastair Galloway
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list