Solved: Difference between L2 vs L3 etherchannel - Page 2

Horacio Gutierrez · ‎10-15-2011

Hello,

I have to 6509 core switches that I am running HSRP between them. I have two ethernet channels between the two switches, which are channel 1 and channel 2. My question why would I have a Layer 2 ethernet channnel and also Layer 3 ehternet channel between these two switches instead of only Layer 3 or Layer 2 ethernet channels. Also I have an MPLS network. Please let me know what you guys think. Below is the config.

Thanks.

interface Port-channel1

description to Core

ip address 10.89.255.12 255.255.255.244

ip pim sparse-dense-mode

ip hello-interval eigrp 1226 1

ip hold-time eigrp 1226 3

flowcontrol receive on

flowcontrol send on

hold-queue 250 in

hold-queue 200 out

!

interface Port-channel2

description to Core/ (VLAN traffic)

switchport

switchport access vlan 999

switchport trunk encapsulation dot1q

switchport trunk native vlan 999

switchport trunk allowed vlan 700-705,888,999

switchport mode trunk

!

Jon Marshall · ‎10-16-2011

Horacio

That is the point i was trying to make ie. the L2 and L3 etherchannel are for different things and they do not back each other up.

The L2 portchannel is for inter-vlan routing. The L3 etherchannel is for routing to external subnets ie. subnets across the MPLS WAN.

As an example of inter-vlan routing lets use a traditional design -

ds1 and ds2 are you core switches. They are interconnected via a L2 etherchannel trunk

as1 is an access-layer switch and has s1 (server1) in vlan 10 connected to it.

as2 is an access-layer switch and has s2 (server2) in vlan 11 connected to it

for s1 to talk to s2 you need inter-vlan routing because they are in different vlans.

as1 and as2 are connected to both ds1 and ds2.

ds1 is HSRP active and STP root for vlan 10

ds2 is HSRP active and STP root for vlan 11

as1 uplink to ds1 is forwarding. The etherchannel between ds1 and ds2 is forwarding. as1 to ds2 is blocking (STP)

as2 uplink to ds2 is forwarding. The etherchannel between ds1 and ds2 is forwarding. as2 to ds1 is blocking (STP)

s1 sends a packet to s2. The packet first goes to ds1 because ds1 is HSRP active for vlan 10 and as1 -> ds1 is forwarding.

ds1 receives the packet sees the destination IP is for vlan 11. So ds1 routes the packet on vlan 11. It then needs to send the packet to s2. But the link from as2 to ds1 is blocking. So ds1 L2 switches the packet to ds2. ds2 then L2 switches the packet to s2.

s2 responds. It's active gateway for vlan 11 is on ds2 and the active link is to ds2. So s2 sends the packet to ds2.

ds2 receives the packet and routes the packet onto vlan 10. It now needs to send the packet back to s1 but it cannot go direct to s1 because the as1 to ds2 link is blocking. So ds2 L2 switches the packet back to ds1. ds1 then L2 switches the packet to s1.

So you can see from this example that the L2 etherchannel between the ds1 and ds2 is used to move data for vlans as well.

Using a L2 etherchannel like this is a very common and well tested design. You are reliant on STP to block links but it is still a very common approach.

What is important to note in the above example is that you don't route across the L2 etherchannel. You route on the core switches but you still need a L2 path to the other switch and that is what the L2 etherchannel does.

There are variations on this design where you use a L3 etherchannel between your core switches (without a L2 etherchannel) and then both uplinks from the access-layer switches are forwarding. But you still have a L2 path between the 2 core switches and this is important for inter-vlan routing to work properly.

Feel free to question further if it;s still not entirely clear.

Jon

Horacio Gutierrez · ‎10-16-2011

Hi Jon,

So a Layer 2 etherchannel is just for Vlans to go across the core switches. I have another question for you because I just want to make sure I know the Layer 3 switch and Layer 2 switch concept correctly. A layer 2 switch is a switch that has vlans for portsbut does not have the command inter vlan, ip address 10.89.2.1. 255.255.255.0 and also does not have the eigrp 101 command where as Layer 3 switch does have the command inter vlan, ip address 10.89.2.1. 255.255.255.0 and also eigrp 101?

Jon Marshall · ‎10-16-2011

A layer 2 switch does not do inter-vlan routing. So on a L2 switch you have ports that are allocated into vlans but you don't do any routing.

On a L2 switch you generally have one L3 vlan interface. This interface is used for remotely managing the switch. It is never used as the default-gateway for the clients attached to the switch.

So if your management vlan for switches was vlan 10 subnet 192.168.5.0/24 you would need a L3 switch to route that vlan ie.

L3 switch

=======

int vlan 10

ip address 192.168.5.1 255.255.255.0

then on the L2 switches you would allocate an IP from the same subnet ie.

L2 switch

=======

int vlan 10

ip address 192.168.5.2 255.255.255.0

ip default-gateway 192.168.5.1

so you will see one L3 vlan interface on a L2 switch. But a L2 switch would not be running a routing protocol, it wouldn't even have static routes.

Jon

Horacio Gutierrez · ‎10-16-2011

Jon,

Do you always have to run a routing protocol such EIGRP on a Layer 3 switch or can you can just configure a svi and nothing else?

Thanks.

Jon Marshall · ‎10-17-2011

Horacio

No you don't necessarily need to run a routing protocol.

If all the vlans are connected to the L3 switch and you do not need to route to any subnets on remote devices then you can just have the SVIs on the switch. The switch will see each subnet as directly connected and automatically route between them.

If you need to route to subnets not on the L3 switch then you can either -

1) use static routes but you must then use statics on the other L3 devices to be able to route back to the L3 switch

or

2) use a dynamic routing protocol to advertise and receive routes.

Jon

Horacio Gutierrez · ‎10-17-2011

Jon,

Thank you for all of your help.