Thanks Tom.

Could you please tell me what functionality appears/disappears in general once L3 is enabled?

I know very little about L3 switches. I'd have to learn more about them.

I guess I'll stick to L2 VLAN functionality for now. I don't see any problem with that, do you? The switch supports dot1q tagging, doesn't it? Does it tag the frames if it is L3 switch?

Too bad it doesn't support VTP, but no big deal either.

Thanks again!

Hi Vlad, some differences include-

Bonjour in layer 2 mode is globally enabled vs layer 3 it can be enabled per interface, port, vlan.

Layer 2 vlans do not have IP addresses, layer 3 vlans you can assign an IP per vlan

vlan groups are available in layer 2

layer 2 voice vlan will only synchronize with VSDP enabled devices on the same management vlan, layer 3 can synchronize on any subnet that is directly connected

layer 2 has no routing capability (such as ipv4 routes)

in layer 3 mode, the switch does not support dynamic vlan assignment vlan rate limit syn rate dos protection and advanced qos policers

In layer 2, ARP forwards traffic originating at the switch while layer 3 uses arp also for routing decisions

ARP proxy is for layer 3 only

Ip helper (udp relay) is layer 3 only

Layer 3 dhcp snooping can be enabled on any interface with or without an ip address

DHCP server is available in layer 3 only

Some of the IPV6 menus are different based on system mode

I'm sure there are more differences. Layer 3 vlan supports trunking/tag, yes.

-Tom
Please mark answered for helpful posts

Hi Tom,

In L3 Vlans is tagging nedded at all? Or is it there just for backwards-compatibility with L2 switches? I would assume an L3 switch should be able to limit/differentiate the traffic by IP addresses.

I definitely need to start learning about L3 switches.

Thanks!

If there is no IP address assigned to the vlan on a l3 switch it is basically the same. The layer 3 vlan tags are not needed at all, they just make it easier to get communication.

Without using vlan tags you'd need appropriate static routes on the router (sonicwall) to get traffic on the internet. Then to limit communication to certain hosts/subnets would require access by IP address.

-Tom
Please mark answered for helpful posts

Hi Tom,

What if I just want to put a few ports into its own VLAN so they can act as a separate switch connected to a separate router interface, what do I need for that? No inter-VLAN routing is needed.

The switch should limit its traffic only to these ports, right, unless I have a trunk port? I don't think I need to configure sub-interface or stuff like that, but I believe I do need to enable tagging.

I basically have another line used for testing that has a separate 5-port switch that I want to get rid of.

Thanks!

So long as spanning tree doesn't block anything, it is fine.

If a vlan isn't defined on a port and in a layer 2 environment, no routing can occur... so it just depends what your router is doing.

-Tom
Please mark answered for helpful posts

Thanks Tom, I'll give it a try.

I think, all I need to do is dedicate a few ports to another VLAN and plug the devices to them. That'll give me a separate logical switch, right?