In discussing IP addresses for switches we need to understand whether the switch will operate as a layer 2 switch or as a layer 3 switch. A layer 2 switch makes its forwarding decisions based only on layer 2 information. A layer 3 switch makes its forwarding decisions based on both layer 2 and layer 3 information.

A layer 2 switch will typically have only a single IP address and that address is used for management purposes not for making any forwarding decisions. There might be more than one vlan but there would typically be only one vlan interface and that is where the IP address is configured. If there are more than one vlan then the network design will usually indicate which of the vlans will function as the management vlan and that is the vlan that gets the IP address. In terms of the original post that would be when vlan 2 is assigned the IP address because the network design designates vlan 2 as the management address.

A layer 3 switch will typically have multiple IP addresses. The multiple IP addresses help the switch gather layer 3 information and to make layer 3 forwarding decisions. The network design might designate one of the vlans as the management vlan. But any of the IP addresses are capable of being used for management purposes.

HTH

Rick

many thanks for the reply everyone, but i still find it somewhat confusing.

So , lets say i have 1 network with several switches(layer 2/3), i dont need to nor can give them an ip-addres?

Hello,

you do not necessarily give the switches an IP address. It is mainly done for management, so you can access the switches remotely and do not have to physically connect to the switch (with a console cable)...

That said, I have never seen a switch being deployed in a business environment that does NOT have an IP address. Why would you NOT want to ?

I am a bit puzzled about this part of the response "several switches(layer 2/3), i dont need to nor can give them an ip-address". I thought I had addressed it but perhaps I should try to explain from a slightly different direction.

Note that we will be discussing how a switch functions, not what the switch is capable of. If the switch were, for example, a 3750 then it is capable of functioning as a layer 3 switch. But if "ip routing" is not enabled then the switch is functioning as a layer 2 switch and not as layer 3.

If a switch is to function as a layer 3 switch then it needs to make forwarding decisions using layer 3 addresses (IP addresses). For this to work you MUST configure IP addresses on the vlan interfaces of the switch. If a switch is to function as a layer 2 switch an IP address is not required. You COULD configure an IP address if you want management access to the switch. If you want to be able to SSH (or telnet) to the switch to troubleshoot, or if you want the switch to send syslog messages to some monitoring system, or if you want the switch to respond to SNMP, these are management functions and for them to work the switch needs an IP address.

The original post asked a relatively simple question about when (or why) you would configure an IP address for vlan 2. So we can answer that question in this way: If the switch is functioning as a layer 3 switch you would configure an IP address on vlan 2 to enable IP forwarding of traffic on interface vlan 2. If the switch is functioning as a layer 2 switch your might configure an IP address on vlan 2 if vlan 2 is operating as the management vlan.

HTH

Rick

many thanks all for the reply. Off course i want to give my switches an ip-address but i was confused with an earlier answer also about the vlan part and maybe my question was wronf.

lets say i would like to give all my switches an ip-address and i dont want to start using vlans.

How should i do that? Because every tutorial i read is using vlans when adding an ip.

Hope the question is somewhat clearer now/

There are several aspects of the most recent post that need to be addressed.

First is this statement " i dont want to start using vlans". With Ethernet switches vlans are a fundamental necessity and not an option that you can use or not. We are not saying that you must configure vlans. It is quite possible to deploy a switch and to have no configuration commands about vlans. In that case all switch ports are in the default vlan 1. So if you deploy an Ethernet switch you are using vlans. So the question really is how do you want to use vlans.

Then we can address this statement " i would like to give all my switches an ip-address". To do this we should start with an understanding that a vlan is a layer 2 entity and that it might (as an option) have layer 3 characteristics. If you just deploy a switch without configuring vlans then it makes all of its forwarding decisions based on source and destination mac addresses. The switch has no understanding or functionality for layer 3 IP addressing. If you want your switch to have an IP address you must configure a layer 3 interface, and that is what a vlan interface is. When you configure interface vlan 1 (or interface vlan 2, or interface vlan <anything>) you are creating a layer 3 interface to which you can assign an IP address.  

Once we understand that there must be an interface vlan x to be able to configure an IP address we can consider questions such as which vlan interface should we configure. You might have multiple layer 2 vlans and have one of them have a layer 3 interface. Interface vlan 1 would associate an IP address with the default vlan and some people believe that Best Practices are to not use vlan 1 for live traffic. But if your switch only has 1 vlan defined then it would need to use interface vlan 1. If your switch has vlan 1 and vlan 2 then it is possible to use either one for the vlan interface and many people would recommend using vlan 2. If your switch has more than 2 layer 2 vlans configured then you can choose which of those vlans would get the layer 3 vlan interface with an IP address and would carry the management traffic in that vlan.

If a switch is functioning as a layer 2 switch i t does not need (and generally does not have) more than 1 interface vlan x. If a switch is functioning as a layer 3 switch then it is usual that each layer 2 vlan will have its own layer 3 vlan interface.

HTH

Rick

Many thanks for the reply(again).

First let me explain that i watch some Lynda/CBT/Youtube movies and did read some chapters in books. But the problem with movies and books is that you cant ask the teacher a question.

I still got some questions, mostly about the L2/L3 switch part.

I do know a layer 2 switch communciates through the macaddress and a L3 through IP(l3 is because of that faster?) but i still find this concept very hard to understand. same with the vlan part, a later 2 switch vlan is slower because it communicates through ,macaddresses and a layer 3 vlan communicates through ipaddress.

Is it correct that a layer 3 switch is just a layer 2 switch with a physical interface so it can do ip-addressing based on ip's ins tead of macaddresses?

And what if we have a layer 3 switch and we dont configure it with its vlans, will it function as a layer 2 switch?

You are also saying this:
If your switch has vlan 1 and vlan 2 then it is possible to use either one for the vlan interface and many people would recommend using vlan 2

But why is that? I did see in a(i think)cbt vlan movie that when using multiple vlans the most importent vlans(the ones with the big machines) need to have the highest numer(1 or 2, not 50) for performance issues.

regards,

Johan

Johan

I appreciate that when you are starting in networking that it can be difficult to understand some of the concepts. And certainly agree that when trying to learn something that it is very helpful to be able to ask questions. That is one of the better things about this community - you can ask questions and are likely to receive answers from multiple people. So let me try to address a few of the questions you raise. 

Layer 2 mac addresses and layer 3 IP addresses are not about speed. (and it is frequently true that a layer 2 forwarding switch is faster than a layer 3 forwarding router). The simple way to explain them is that they are about distance. Layer 2 mac addresses provide for local connectivity. If your computer is connected locally to another computer then all you need to communicate is to learn the mac address of the other computer (and for them to learn the mac address of your computer). An analogy would be that if you were at your desk in an office and you wanted to ask a question to a colleague whose desk was 3 desks away you would simply speak to him directly and he would reply. But if you have a question for a colleague whose desk is in a different city then you can not simple speak to him and would need something like a telephone to communicate over the distance. Layer 3 IP provides communication to resources that are not local. So if the only thing your computer needed was to communicate with other computers in the office then it would not need an IP address but only its mac address. But to communicate with other offices or with the Internet then it needs IP addressing.

Let us also think about switches and layer 2 and layer 3. By definition any Ethernet switch operates as a layer 2 switch. When we say layer 2 switch we are saying that the switch makes its decision about how to forward a frame based on source and destination mac addresses (and does not consider the IP address at all). Some switches are limited in their capability and can only forward based on layer 2 information (and they would be less expensive because they are more simple). Some switches are capable for forwarding traffic based on mac address and also based on layer 3 IP address. We call these layer 3 switches (and they operate at both layers). When a frame arrives at a layer 3 switch the switch first looks at the destination address and determines whether the destination is local or is remote. If the destination is local then it only needs to examine the mac addresses to be able to forward the data. But if the destination is remote then the switch must evaluate the destination IP address and find a path to get to that destination. 

Some switches are designed to be layer 2 only while other switches are designed to be able to do both layer 2 and layer 3. For example you might have a 3850 switch in your network. It is capable of doing layer 3 forwarding. But is it really doing layer 3? To determine this we need to look at how the switch is configured. If the switch has multiple vlan interfaces with IP addresses and if ip routing is enabled then yes this switch is operating as layer 3 switch. But if that 3850 had only a single interface with an IP address and if ip routing was not enabled then it is operating as layer 2 switch.

On an Ethernet switch all interfaces by default belong to vlan 1. You can configure additional vlans and can assign specific ports to specific vlans. So on your switch you might configure a vlan for data and a vlan for phones and assign appropriate ports to each vlan and connect devices to these vlans so that they function correctly. But what happens if someone comes into your office and plugs their laptop into a port of your switch. It could become active and would be in vlan 1. Would you want them to be able to access your management data (which they could do if your management vlan was vlan 1)? This is the main reason why some people suggest to not use vlan 1 for management (and they frequently suggest to not use it for any data either).

I hope this makes sense and that you understand most of it. Feel free to ask additional questions.

Thanks for the reply. I am still processing the info , think i still got some more questions but i need to practice a little bit more to see if i understand everything.

Johan

You are welcome. I am glad that your understanding is increasing. I am sure that there will be more questions. Take your time, and practice more. As things come up feel free to ask more questions.

---

@Enki Doe wrote:

lets say i have 1 network with several switches(layer 2/3), i dont need to nor can give them an ip-addres?

 

---

What kind of "IP address" are you talking about?  

In a lot of cases, unmanaged switches don't require IP addresses (not even management IP addresses).  People just plonk them and turn them on never expected to do anything with them. 

Can you provide more details what you are trying to accomplish?