Are Layer 2 broadcasts passed on by multilayer switch SVI interfaces/trunks or are they blocked?

rgilbert111 · ‎06-20-2016

Hello,

- What are the broadcast domains in this network?

- Are all Layer 2 and Layer 3 protocols supported on VLAN 111 and 112 which are the /30 SVI links connecting the L# switches to each other.

- If PC1_VLAN102 sent out an ARP broadcast, would the broadcast go to all ports or just all VLAN102 ports throughout the network?

- Do Layer 3 switch SVIs support both Layer 2 and Layer 3 protocols?

- Where are the Layer 3 boundaries that are stopping Layer 2 broadcasts?

- Is this network considered a Local VLAN or a Distributed VLAN?

Please look at the attached drawing. The following is the configuration for Layer3 Switch5 which is identical to the other Layer 3 switches expect for the IP addresses:

Current configuration : 2630 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Layer3 Switch5
!
ip routing
!
spanning-tree mode rapid-pvst

!
interface Loopback10
description *** MANAGEMENT INTERFACE ***
ip address 10.30.44.5 255.255.255.255
!
interface FastEthernet0/1
description
switchport access vlan 101
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
description
switchport access vlan 102
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
description
switchport access vlan 103
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
.

.

.
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
description *** L2 TRUNK VLAN112 to Layer3 Switch3 ***
switchport trunk native vlan 99
switchport trunk allowed vlan 101-103,111-112
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
description *** L2 TRUNK VLAN111 to Layer3 Switch7 ***
switchport trunk native vlan 99
switchport trunk allowed vlan 101-103,111-112
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 10.1.1.18 255.255.255.0
!
interface Vlan101
mac-address 0002.164a.9501
ip address 10.30.41.49 255.255.255.240
!
interface Vlan102
mac-address 0002.164a.9502
ip address 10.30.42.49 255.255.255.240
!
interface Vlan103
mac-address 0002.164a.9503
ip address 10.30.43.49 255.255.255.240
!
interface Vlan111
description *** L3 LINK to Layer3 Switch3 ***
mac-address 0002.164a.9504
ip address 10.30.40.10 255.255.255.252
!
interface Vlan112
description *** L3 LINK to Layer3 Switch7 ***
mac-address 0002.164a.9505
ip address 10.30.32.34 255.255.255.252
!
router eigrp 10
eigrp router-id 10.30.44.5
network 10.30.0.0 0.0.255.255
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
end

Stuart Gall · ‎06-20-2016

Broadcasts are limited to the VLAN on which they originate.

Trunks do not block broadcasts

I am not sure what you are asking when you say do SVIs support L3 and L2 protocols.

An SVI will receive the broadcast, and can be configured in some circumstances to process it but it will not forward it to another subnet. The L3 interface will respond to arp requests.

there is a feature called directed broadcast which is blocked by default

say vlan1 has ip range 192.168.1.0/24

vlan 2 192.168.2.0/24

with directed broadcasts enabled a host on vlan 1 can send to 192.168.2.255 and the switch will forward it to vlan 2.

This is not a particularly useful function and has serious security issues, which is why it is off by default.

Stuart

rgilbert111 · ‎06-21-2016

Hello Stuart,

Thanks for the reply.

So you are saying that if a device on VLAN1 sends out an arp, the arp will only broadcast to all devices on VLAN2 throughout the network unless directed broadcast is enabled?

Therefore VLAN1 sends out an arp, it goes to the mac address of the default gateway (SVI address for VLAN1 on the L3 switch) and then the gateway encapsulates the arp in IP and forwards the broadcasts over the SVI trunks (vlan 111 and vlan 112) to other VLAN1 devices?

Would you say the network configuration attached is a "Local VLAN" or "Distributed VLAN" setup?

Thanks ...

devils_advocate · ‎06-21-2016

Hi

I think you are confusing an SVI with a Trunk, they are different entities.

A trunk is a connection between a switch and another device (usually another switch). A trunk tags each packet with its originating VLAN ID so the other end knows which VLAN each packet is part of.

An SVI is like a Layer 3 interface and is often used for routing in that the clients will have the SVI set as their default gateway and a multi layer switch will route packets between VLANS.

Broadcasts are limited to a single VLAN, hence why a VLAN is known as a single broadcast domain because it keeps broadcasts inside their own domain as such.

If a Trunk port is configured to tag packets for a particular vlan, it will send any broadcasts on that vlan across the trunk link. You can disable specific Vlans on a trunk and any which are disabled will not have broadcasts sent down the trunk for those vlans.

A broadcast will not cross between VLAN1 and VLAN2. A broadcast in VLAN1 will go to ALL ports configured in VLAN1, all Trunks which are permitted to pass traffic for VLAN1 and any SVI interfaces which are configured for VLAN1.

Hopefully that makes sense?

Thanks

rgilbert111 · ‎06-21-2016

Hello DA,

VLAN 111 (SVI) and VLAN112 (SVI) are point-to-point links created for each physical link between each L3 switch. This is what I am referring to as an SVI link on a L2 802.1Q trunk, which are L3 links. This why I was wondering if they passed L2 protocols.

From my understanding these L3 SVI links on the L2 trunk will pass L3 and L2 protocols but routed ports will not pass L2 protocols.

DO you consider the enclosed network diagram as a Local Vlan or Distributed Vlan?

Thanks

rgilbert111 · ‎06-21-2016

Hello DA,

Below is a "Show VLAN id 112" and as you can see, VLAN112 is active on Gi1/2 which is a L2 trunk between the L3 switches. The trunks alternate between Vlan 111 and Vlan 112 throughout the network.

#sho vlan id 112

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
112 active Gi1/2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
112 enet 100112 1500 - - - - - 0 0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Stuart Gall · ‎06-21-2016

If a device on vlan 1 sends an arp it only broadcasts to vlan1

directed broadcast will not help because arp requests are not directed broadcasts.

a host on vlan1 will realise from its ip and subnet mask that the host on vlan 2 is on a different subnet. so it will send an arp request for the default gateway.

Then the frame will have source mac of host1, destination mac of the router. The L3 packet will have source IP of the host1 and destination ip of host 2