Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
2
Replies

Is it better to use router port versus vlan member port?

burlingtoniowa
Level 1
Level 1

‎05-12-2011 07:43 AM - edited ‎03-06-2019 05:01 PM

Hi CSC,

This is more of a philosophical or "best practices" question.

I have a Cisco 3550 at the home office. Connected to the 3550 is a number of branch offices by way of T1 circuits or VDSL modems. They all come to the home office, where we have a central internet connection and server farm for our entire organization.

Except for one special case branch office, we don't forsee the need for appearances of the  home office vlan at the branch office sites. In that case, we bring it  into a trunk port at the home office, and at the special case branch office we have a dell 3024  switch and tag some ports as vlan 18 (the home office) or vlan 27 (the  special case branch office).

We also do not forsee a need for the vlan from one branch office to appear at another branch office.

They are all (except for the special case mentioned above) currently configured something like this:

interface FastEthernet0/1

description home office

switchport access vlan 18
switchport mode access

!

interface FastEthernet0/2

description t1 to branch office 1

switchport access vlan 19

switchport mode access

!

interface Vlan18

description subnet for home office

ip address 192.168.18.1 255.255.255.0

!

interface Vlan19

description subnet for branch office 1

ip address 192.168.19.1 255.255.255.0

Is it better, in terms of reduced network complexity or performance on my 3550, to do something like this instead?

That is, to make the interfaces router ports as opposed to vlan member ports?

Of course, if we ever DID need to have appearances of the home office vlan at branch office sites, or appearances of one branch office's vlan at another branch office, we would lose that flexibility.

interface FastEthernet0/1

description home office

switchport access vlan 18
  switchport mode access

!

interface FastEthernet0/2

description t1 to branch office 1

ip address 192.168.19.1 255.255.255.0

!

interface Vlan18

description subnet for home office

ip address 192.168.18.1 255.255.255.0

!

no vlan 19

Labels:
0 Helpful
2 Replies 2

Calin C.
Level 5
Level 5

‎05-13-2011 01:52 AM

Hello,

In my opinion there is no 100% right answer here. I think it depends also about network forecast. I'll try to add here some thoughts:

- if you use trunk interfaces from home to branch and SVI for L3 connection, in terms of scalability is much easier to expand (you have now only one p2p L3 link, but in future you'll need another one; if the port is a trunk one, you just configure another SVI interface, allow vlan on trunk and your good to go)

- trunk interfaces involve more configuration (L2 interface and SVI L3 interface)

- if you add in the home office another switch to existing one, and for some reason you have misconfiguration in STP / VTP, then you can run into problems like loops, vlan database modification (e.g. VTP server mode and the new added switch has a higher revision number than existing one)

- L3 physical interfaces are easier to configure and less complex, but in case you want to scale to additional p2p link will be harder

- L3 configuration is easier to troubleshoot as you avoid the L2 complexity

- in terms of packet exchange a L3 interface will exchange less packets than a L2 trunk with SVI (I'm talking here about control traffic, not user traffic)

- with L2 trunk you can have other problems like if somebody is "smart enough" to add a new switch into the existing switch (if you have a switch there) at the branch location; imagine that the new switch due to misconfigurated STP became root bridge; you have a large STP domain.

As I said, there is no good or bad approach. You have to guide yourself about forecasts in your network. For example if you know that a branch location will not be extended in the next 2 years, then go ahead with L3 interface and that's it. On the other hands if you have doubts you can add for another location L2 trunk with SVI. You can mix this two solution to obtain the best results for your network characteristics.

Cheers,

Calin

0 Helpful

lgijssel
Level 9
Level 9
In response to Calin C.

‎05-16-2011 03:09 AM

When there is no need, I would not extend a layer2 over the WAN.

Especially running STP in such a network can be very tricky.

You should rather create a generic L3 WAN and assign vlans per site as required.

This will make the overall solution more robust and scalable.

regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card