layer 3 at access layer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 10:59 PM
Hi ,
I have two core switch and 25 stacked edge switches , there are around 50 vlans
If I want to configure layer3 at access layer
What is the pros and cons .
currently edge switches are in layer 2 and vlans are spanned between switches .
In one stack switches I have around 8 vlans are configured . If I want to change to l3 how can I do that
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 11:45 PM
Stand up a new pair of core switches and configured for those VLANs. Once it ready, move the links from the current ones to the news ones.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 11:58 PM
Hi @Leo Laohoo
What I mean currently vlan interfaces are configured on core switches and edge switces are layer2 . I want to change to the edge switches to layer3 ( l3 routing licenses are there )
I did not get your point , why should I have new pair of core ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 02:37 AM
@bluesea2010 wrote:
why should I have new pair of core ?
Regardless of the size of the network, think of ways to quickly roll back the config if things go sideways.
Moving the physical link to a new pair of core with the "ideal" Layer 3 ready to go. All new "configurations", to move from layer 2 to layer 3, will be limited to the access switches and it is easy to roll those back (reboot the switch).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 01:55 AM
The two main advantages are that you limit STP to the access layer and you can use both uplinks as they are L3 although with VSS, vPC etc you can use both uplinks anyway.
The main disadvantage is that you cannot have a vlan or more specifically an IP subnet on more than one access switch so you cannot span vlans as you do now.
If you have 8 vlans on one access pair at the moment then you could not have any of those vlans on any other access layer switches.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 02:28 AM
To do this you need downtime, convert from Layer 2 to Layer 3 at the Access level.
here is are the steps :
1. you need to Prepare a p2p Interface between the Core and Access switch
2. Run some IGP so you Load Balance Traffic- if you have more than 1 Link to Core.
3. Configure Layer 3 interface SVI on access switches for the respected VLAN where it belongs to switch
4. bring up the Access to Core switch link to do the testing.
Note: to make this process work to understand if you have a spare switch, do the above steps, so you re familiar with when you doing on Live access switches.
Cons: if you big Block of IP and all VLAN stretched all over Access Layer same VLAN then you need to take a call for change to Layer3.
as you mentioned you already have a Layer3 License on Access, so you already invested money on the License here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 03:44 AM
@bluesea2010
I follow your posts and I think you search for away bypass the FW "not config the FW to be GW for you Host"?
So you think that change the Access SW to be the GW for host.
that have some limitation and you will re design all network.
Instead make the FW as Transparent Mode and this keep your design same except you need to add some VLAN where the VLAN number is different when pass FW.
This My opinion for your network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 04:26 AM
Hello
Pros - limits STP only within each access layer switch's thus no issue with stp l2 loops within the lan estate, no L2 blocking of links, host to host communication between vlans always routed, any FHRP not required, L3 convergence would be a lot quicker than L2 stp convergence
Cons - you cannot extended L2 vlan between the access-layer switches, each switch will have specific vlans assigned with a L3 addresses, meaning you cannot have the same vlans across multiple switches, so if your LAN requires vlan extension, a routed access-layer isnt viable.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 09:12 PM
Hi @paul driver
each switch will have specific VLANs assigned with an L3 address, you mean one VLAN on one switch ?
let's say I have a vlan 20 , the subnet is 10.0.2.0/24 , if I split it to 10.0.2.0/25, and one will be on one switch and another will be on second switch
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2022 11:06 PM
Hello
You could have multiple vlans per switch but their L3 subnets will be specific to that switch and advertised into the routing process as such now you have a routed access-layer -so you cannot have same L3 routed subnet on different switchs
However if you cidr down a /24 into two /25 then these two new subnets can be used on different switches so yes that’s applicable.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
