Solved: Re: Layer 3 device connected to a port on a switch connected upstream as layer 2?

CiscoPurpleBelt · ‎09-24-2019

So if you have a multi-layer switch which is connected via layer 2 switchport to another switch heading to main campus and/or out to core network devices, can you install another device let's say router or FW on a port configured for Layer 3 and traffic will be able to communicate fine as long as the layer 3 IP on the device and "NO Switchport" are in same subnet?

balaji.bandi · ‎09-24-2019

If i understand the question correctly. you looking to connect L3 device like below :

L2 ------L2(L3 port)---L3 port point to point ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎09-24-2019

You can do both the ways.

make a trunk between switches, so you can have SVI to communicate with devices.

or if you require to be L3

leave the left SW on l2 configured that port as access port -----configure L3 connected interface with no switch port and IP address of that VLAN.

To make more clarity make a small diagram of what you intend to do with the information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎09-24-2019

yes the solution is possible as per your diagram.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Deepak Kumar · ‎09-24-2019

Hi,

Yes, It will work without any issue of there is no configuration or software glitch.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Joseph W. Doherty · ‎10-08-2019

Yes, if you have the SVI and the L3 port, that should work fine as long as routing is enabled on the L3 switch and the SVi and L3 link are in different networks.

As to whether to keep the path all L2, or not, much depends on how you want to manage your networks. Using a L3 to a FW or router would be better if you want to "share" that device with other parts of your network and/or want to implement ACL(s).

View solution in original post

Joseph W. Doherty · ‎10-08-2019

"Just realized SVI and L3 port would be in same network so that would not work."

Correct.

"Yes the FW or RT still would have L3 interface with IP connecting to the L2 switchport. "

That's fine; the FW or router would be like any other host connected to a L2 switch port.

View solution in original post

balaji.bandi · ‎09-24-2019

If i understand the question correctly. you looking to connect L3 device like below :

L2 ------L2(L3 port)---L3 port point to point ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎09-24-2019

Yes basically. So its DATA CENTER L2 port-----L2 port on Sw1-----L3 port on Sw1 (new device). Should work without real issues as long as in same subnet correct?

balaji.bandi · ‎09-24-2019

i do not see as issue on high level, end switch treat as end point with IP address.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎09-24-2019

End switch meaning the far right switch the layer 3 device is connected too? Yes it has an SVI and default gateway pointing towards Data Center.

balaji.bandi · ‎09-24-2019

If far right side switch has SVI, then you need to do trunking between the switch.

if the far end switch configured as no switchport treat as end device.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎09-24-2019

Yes far right device has SVI. You mean trunking between Sw1 and the switch to its left? I think I would rather just make layer 3 port with IP on Sw1 and give the FW/router an IP (all in same subnet as SVI) and connect it to that layer 3 port. This is what you mean correct?

balaji.bandi · ‎09-24-2019

You can do both the ways.

make a trunk between switches, so you can have SVI to communicate with devices.

or if you require to be L3

leave the left SW on l2 configured that port as access port -----configure L3 connected interface with no switch port and IP address of that VLAN.

To make more clarity make a small diagram of what you intend to do with the information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎09-24-2019

Ok thanks!

Yes so plan is to do as such meaning no need to have to make trunks. See attached.

balaji.bandi · ‎09-24-2019

yes the solution is possible as per your diagram.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎10-07-2019

Is it better to just configure the port that the layer 3 device (FW or router) is connecting to as a switchport VLAN or configure as Layer 3 with "no switchport"?

Deepak Kumar · ‎09-24-2019

Hi,

Yes, It will work without any issue of there is no configuration or software glitch.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

CiscoPurpleBelt · ‎10-07-2019

Is it better to configure the port that the layer 3 device (FW or router) is connecting to as a switchport VLAN or configure as Layer 3 with "no switchport"?

Joseph W. Doherty · ‎10-08-2019

If I understand your question, and diagram, no it wont work.

Two L3 end devices can intercommunicate across multiple L2 links, but once you make a L3 switch port, it will only intercommunicate with L2 links if they have a SVI defined on the same L3 switch (routing between networks).

e.g.

host x.1 <L2> SW <L2> SW <L2> x.2 host [okay]
host x.1 <L2> SW <L2> {SVI} x.2 SW y.1 <L3> y.2 host [okay]

CiscoPurpleBelt · ‎10-08-2019

Yes, so on the far right end switch (where the layer 3 FW or Router will connect) there is an SVI for that single subnet on that switch. So you saying L3 port on that switch port and l3 port on the FW/RT it should still work fine correct? Is it better to just leave the far right switch port as layer 2 (still have the interface of the Rt/FW connecting to that as layer 3)?