[nsp] Multi-layer switches - switching at L2, or sending up to L3 first?

Alastair Galloway ag at a.co.nz
Fri Jan 10 14:40:19 EST 2003 

Quoting "Stephen J. Wilcox" <steve at telecomplete.co.uk>:

> On Fri, 10 Jan 2003, Alastair Galloway wrote:
> 
> > However, I'm not sure about multi-layer switches. My question is
> > would the above config work on Cisco 3550 to keep the traffic in the
> > like-tagged VLANs, but on different physical interfaces, separate? Or
> > would the switch/router "helpfully" switch all the like-tagged VLANs
> > between physical interfaces at Layer 2, without making them go via
> > Layer 3 (and it's access-lists)?
> If I understand this correctly...
> 
> Assuming you keep the ports defined as L3 then for multilayer switching
> to occur an initial packet needs to be routed, if this is prohibited by acl 
> then this will not allow a mls path to be setup
> 
> Your answer is yes therefore!

I'm just not certain whether the L2 interface is tied directly to the
L3 interface, or if there's a shared plane in between that would allow
switching between physical interfaces at L2 before the traffic went to
L3.

Also, I may well have cases where hosts are directly connected to the
distribution (or even core - urgh) mulit-layer switch, eg:

!
int FastEthernet 0/1
 description Access switch 1
 switchport mode trunk
 switchport trunk encapsulation isl
!
int FastEthernet 0/1.100
 description Staff VLAN (100) on access switch 1
 encapsulation isl 100
 ip address 192.168.0.1 255.255.255.0
 ip access-group from-192-168-0--24 in
!
interface FastEthernet 0/2
 description Directly connected staff server
 switchport mode access vlan 100
!
interface FastEthernet 0/3
 description Directly connected staff server
 switchport mode access vlan 100
!
interface Vlan 100
 description Directly connected staff-only servers VLAN (100)
 ip address 192.168.192.1 255.255.255.0
 ip access-group from-192-168-192--24 in
!

Now what happens to VLAN 100 traffic?  Does the VLAN 100 traffic that
comes into FastEthernet0/1 stay separate from the VLAN 100 traffic
that moves around the switch between FastEthernet0/2, FastEthernet0/3
and the logical interface Vlan100? 


Cheers,

Alastair

More information about the cisco-nsp mailing list