[nsp] Multi-layer switches - switching at L2, or sending up to
L3 first?
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Jan 10 01:46:08 EST 2003
i would imagine as they are all in the same L2 vlan there is no need to go via
the L3 VLAN
but these are switchports, those in the previous example were configured as
non-switchprots..
Steve
On Fri, 10 Jan 2003, Alastair Galloway wrote:
> Quoting "Stephen J. Wilcox" <steve at telecomplete.co.uk>:
>
> > On Fri, 10 Jan 2003, Alastair Galloway wrote:
> >
> > > However, I'm not sure about multi-layer switches. My question is
> > > would the above config work on Cisco 3550 to keep the traffic in the
> > > like-tagged VLANs, but on different physical interfaces, separate? Or
> > > would the switch/router "helpfully" switch all the like-tagged VLANs
> > > between physical interfaces at Layer 2, without making them go via
> > > Layer 3 (and it's access-lists)?
> > If I understand this correctly...
> >
> > Assuming you keep the ports defined as L3 then for multilayer switching
> > to occur an initial packet needs to be routed, if this is prohibited by acl
> > then this will not allow a mls path to be setup
> >
> > Your answer is yes therefore!
>
> I'm just not certain whether the L2 interface is tied directly to the
> L3 interface, or if there's a shared plane in between that would allow
> switching between physical interfaces at L2 before the traffic went to
> L3.
>
> Also, I may well have cases where hosts are directly connected to the
> distribution (or even core - urgh) mulit-layer switch, eg:
>
> !
> int FastEthernet 0/1
> description Access switch 1
> switchport mode trunk
> switchport trunk encapsulation isl
> !
> int FastEthernet 0/1.100
> description Staff VLAN (100) on access switch 1
> encapsulation isl 100
> ip address 192.168.0.1 255.255.255.0
> ip access-group from-192-168-0--24 in
> !
> interface FastEthernet 0/2
> description Directly connected staff server
> switchport mode access vlan 100
> !
> interface FastEthernet 0/3
> description Directly connected staff server
> switchport mode access vlan 100
> !
> interface Vlan 100
> description Directly connected staff-only servers VLAN (100)
> ip address 192.168.192.1 255.255.255.0
> ip access-group from-192-168-192--24 in
> !
>
> Now what happens to VLAN 100 traffic? Does the VLAN 100 traffic that
> comes into FastEthernet0/1 stay separate from the VLAN 100 traffic
> that moves around the switch between FastEthernet0/2, FastEthernet0/3
> and the logical interface Vlan100?
>
>
> Cheers,
>
> Alastair
>
More information about the cisco-nsp
mailing list