This post explains a bit how a MLS (layer-3) switch can be used or rather functions as a Inter-VLAN router. The topic of MLS was covered a bit in this post. Traditionally a switch makes forwarding decisions based on Layer-2 information (MAC Address) whereas a router uses Layer-3 information (IP Address).
The above was true when switches were always layer-2 (when hubs were just being dropped and switched networks were coming into fashion) and routers layer-3 but we now have Multilayer switches (MLS) that perform basically the same functions as routers with the ability to switch and forward on layer-2 and layer-3 information.
Now for every positive there is a negative. A router cost more than switches per port this is because routers in essence can “do” more than switches (interconnections instead of just connections) and workgroup switch costing per port around $30 with a MLS around $80 per port; we could go Power over Ethernet and Gigabit to the Desktop and that $80 per port quickly goes to $280.*
The above just highlights that a MLS should be placed where needed and not just anywhere because it is not just “another” switch for access. Now Layer-2 forwarding is based on the destination MAC Address. A switch learns the source MAC Address, populates a MAC address table, and lists MAC address with VLAN pairs with associated interfaces.
Layer-3 forwarding is based on the destination IP address. Layer-3 forwarding happens when a packet is routed from a source subnet to a destination on another subnet. When MLS sees its own MAC address in the layer-2 header, it recognizes that the packet is either destined for itself or has been sent to the default gateway. If the packet is not destined for the MLS, then the IP address is compared to the Layer-3 forwarding table for the longest match; additionally ACL checks are also performed.
Layer-3 Switch Virtual Interfaces (SVI):
An SVI is a virtual interface as the name suggests (there is no physical interface) for the VLAN. The SVI accepts configuration parameters applied to any layer-3 router interface and provides processing for packets from all switch ports associated with that VLAN. Only one SVI can be associated with a VLAN. Use of a SVI is for these reasons:
- To provide a default gateway for a VLAN so that traffic can be routed between VLANs
- To provide fallback bridging if it is required for non-routable protocols
- To provide layer-3 connectivity to the switch
- To support routing protocol and bridging configurations
By default a SVI is created for the default VLAN (vlan 1, a.k.a native vlan) to permit remote switch management. SVIs are created in interface configuration mode:
switch(config)#interface vlan 1
switch(config-if)#
The VLAN corresponds with the VID used on the trunk (ISL or 802.1q). Configure and assign a ip address and mask for each VLAN SVI to route traffic off and onto the local VLAN.
Configuration:
To configure Inter-VLAN routing on a MLS the following commands are used. First we enable layer-3 routing on the switch:
switch(config)#ip routing
Now we create a SVI and move into interface configuration mode to be able to assign an ip address and mask:
switch(config)#interface vlan 1-4094
switch(config-if)#ip address 172.0.0.1 255.255.255.0
A good thing now would be to have a dynamic routing protocol setup on the network (router) so that paths can be learnt dynamically.
switch(config)#router protocol (options)
Testing the routing protocol and routing:
switch#show ip route
Layer-3 Routed Ports
Routed ports are exactly what they sound like and the opposite of switch(ed) ports. They are configured by typically taking away the switch capability (no switchport command). A routed ports have these characteristics and functions:
- The port is a physical port with layer-3 capability.
- The port is not associated with a particular VLAN.
- The port serves as the default gateway for devices OUT that switch port.
- Layer-2 port functionality is removed before the port becomes a routed port.
Configuration:
To configure routed ports on a switch these are the commands that need to be entered. First we enable routing on the switch:
switch(config)#ip routing
Now we enter the interface (note the difference between SVI and router ports)
switch(config)#interface gigabitethernet 0/1
Here is the extra command taking the switch port features away and making it a routed port:
switch(config)#no switchport
Assign an ip address and mask to the port and we are done with the interface:
switch(config)#ip address 172.0.0.1 255.255.255.0
A good thing now would be to have a dynamic routing protocol setup on the network (router) so that paths can be learnt dynamically.
switch(config)#router protocol (options)
Testing the routing protocol and routing:
switch#show ip route
*This is rough estimated Dollar pricing for a WS-C2950-24, WS-C3560-24TS-S, and WS-C3560G-24PS-E switches, you are paying for more than just ports though with IOS, kind/type of chassis, SFP ports and other things coming in to play. But this is a good example to illustrate the price difference.
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
0 Responses to “Inter-VLAN Switching (MLS)”
Leave a Reply