[nsp] Multi-layer switches - switching at L2, or sending up to L3 first?

Deepak Jain deepak at ai.net
Thu Jan 9 23:12:55 EST 2003


I think the answer is that the 3550 can do both.

1) If they are switch ports, they will act just like a 3500 switch would for
those ports.

2) If they are configured as layer 3 ports (with their own IP addresses)
they will act as the 2621 did in the same spot. As long as you tag all the
directly connected ports [3550] that should _share_ a VLAN on the 3550 you
will see switch like behaviour as long as they are not-layer 3'd [i.e.
assigned IP addresses].

3) The 3550's and possibly the other switches have a feature designed for
colocation type outfits [that I completely forget] that will FORCE all
traffic to a uplink interface [say a router] rather than cross-talk so all
traffic can be metered/enforced/policed and not switched across the fabric.

If I am wrong, please tell me! :)

DJ

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Stephen J. Wilcox
> Sent: Thursday, January 09, 2003 8:46 PM
> To: Alastair Galloway
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] Multi-layer switches - switching at L2, or sending up
> to L3 first?
>
>
> i would imagine as they are all in the same L2 vlan there is no
> need to go via
> the L3 VLAN
>
> but these are switchports, those in the previous example were
> configured as
> non-switchprots..
>
> Steve
>
> On Fri, 10 Jan 2003, Alastair Galloway wrote:
>
> > Quoting "Stephen J. Wilcox" <steve at telecomplete.co.uk>:
> >
> > > On Fri, 10 Jan 2003, Alastair Galloway wrote:
> > >
> > > > However, I'm not sure about multi-layer switches. My question is
> > > > would the above config work on Cisco 3550 to keep the traffic in the
> > > > like-tagged VLANs, but on different physical interfaces,
> separate? Or
> > > > would the switch/router "helpfully" switch all the like-tagged VLANs
> > > > between physical interfaces at Layer 2, without making them go via
> > > > Layer 3 (and it's access-lists)?
> > > If I understand this correctly...
> > >
> > > Assuming you keep the ports defined as L3 then for multilayer
> switching
> > > to occur an initial packet needs to be routed, if this is
> prohibited by acl
> > > then this will not allow a mls path to be setup
> > >
> > > Your answer is yes therefore!
> >
> > I'm just not certain whether the L2 interface is tied directly to the
> > L3 interface, or if there's a shared plane in between that would allow
> > switching between physical interfaces at L2 before the traffic went to
> > L3.
> >
> > Also, I may well have cases where hosts are directly connected to the
> > distribution (or even core - urgh) mulit-layer switch, eg:
> >
> > !
> > int FastEthernet 0/1
> >  description Access switch 1
> >  switchport mode trunk
> >  switchport trunk encapsulation isl
> > !
> > int FastEthernet 0/1.100
> >  description Staff VLAN (100) on access switch 1
> >  encapsulation isl 100
> >  ip address 192.168.0.1 255.255.255.0
> >  ip access-group from-192-168-0--24 in
> > !
> > interface FastEthernet 0/2
> >  description Directly connected staff server
> >  switchport mode access vlan 100
> > !
> > interface FastEthernet 0/3
> >  description Directly connected staff server
> >  switchport mode access vlan 100
> > !
> > interface Vlan 100
> >  description Directly connected staff-only servers VLAN (100)
> >  ip address 192.168.192.1 255.255.255.0
> >  ip access-group from-192-168-192--24 in
> > !
> >
> > Now what happens to VLAN 100 traffic?  Does the VLAN 100 traffic that
> > comes into FastEthernet0/1 stay separate from the VLAN 100 traffic
> > that moves around the switch between FastEthernet0/2, FastEthernet0/3
> > and the logical interface Vlan100?
> >
> >
> > Cheers,
> >
> > Alastair
> >
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>



More information about the cisco-nsp mailing list