Solved: L2 vlans allowed over L3 interface?

clybumat1 · ‎03-02-2017

I have been tasked with creating L3 interfaces between 5 core switches located in different buildings so they can communicate with each other.

We have several L2 vlans that need to span the campus, and I'd like to use these same L3 connections for them.

Is it possible to have a L3 interface between the cores, but also allow several vlans over it?

Could I make a new interface vlan, setup the inter-core connections on this vlan, then allow the L2 vlan spans over this same link? Or is their another design that would follow best practice?

Joseph W. Doherty · ‎03-02-2017

No, you cannot pass a L2 VLAN through a L3 interface unless you use a L2 tunneling protocol, e.g. L2TPv2.

However, you can easily have L3 on top of L2 trunks. As long as L3 interfaces connect to VLAN running across the trunk, you can pass L3 traffic. On L3 switches, you only need to define a SVI. The VLAN being used could be dedicated just for L3 traffic between both ends of a trunk, logically functioning as a L3 p2p. You could also have "real" routers connect to a L2 switch access port that provides the transit VLAN.

e.g.

rtr

int faste 0
desc connects to l2switch f0/0
ip address 192.168.1.1 255.255.255.252

l2switch

vlan 2
name Data2
vlan 3
name Data3
vlan 99
name p2p

int faste 0/0
desc connects to rtr f0
switchport
switchport mode access
switchport access vlan 99

int faste 0/1
desc connects to l3switch f0/0
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 2 , 3 , 99

l3switch

vlan 2
name Data2
vlan 3
name Data3
vlan 99
name p2p

int fast 0/0
desc connects to l2switch f0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 2 , 3 , 99

int vlan 99
ip address 192.168.1.2 255.255.255.252

View solution in original post

Julio E. Moisa · ‎03-02-2017

Hi

If you are going to use L3 links between your switches you should use a routing protocol like ospf, eigrp, etc to communicate the networks of each core switch, remember the L3 devices will not propagate broadcast domains, so the vlans will not be propagated to other core switches.

You could pass the vlans through your network if you are using trunk interfaces between the core switches, layer 2 links.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

clybumat1 · ‎03-02-2017

Yes, we are using EIGRP. I was planning to advertise this new vlan/network for the L3 interfaces in EIGRP.

The reason why I want to use the same L3 interface for the L2 vlan spans so we don't have to run additional fiber for the trunk interfaces. Those long range SFPs are expensive these days.. :)

Joseph W. Doherty · ‎03-02-2017

No, you cannot pass a L2 VLAN through a L3 interface unless you use a L2 tunneling protocol, e.g. L2TPv2.

However, you can easily have L3 on top of L2 trunks. As long as L3 interfaces connect to VLAN running across the trunk, you can pass L3 traffic. On L3 switches, you only need to define a SVI. The VLAN being used could be dedicated just for L3 traffic between both ends of a trunk, logically functioning as a L3 p2p. You could also have "real" routers connect to a L2 switch access port that provides the transit VLAN.

e.g.

rtr

int faste 0
desc connects to l2switch f0/0
ip address 192.168.1.1 255.255.255.252

l2switch

vlan 2
name Data2
vlan 3
name Data3
vlan 99
name p2p

int faste 0/0
desc connects to rtr f0
switchport
switchport mode access
switchport access vlan 99

int faste 0/1
desc connects to l3switch f0/0
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 2 , 3 , 99

l3switch

vlan 2
name Data2
vlan 3
name Data3
vlan 99
name p2p

int fast 0/0
desc connects to l2switch f0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 2 , 3 , 99

int vlan 99
ip address 192.168.1.2 255.255.255.252

clybumat1 · ‎03-02-2017

Ok, I think were getting closer here. Only thing that's throwing me off is the L2 switches you mention. These are all Layer 3 core switches that will be connected together.

Jon Marshall · ‎03-02-2017

I think that was just an example of how a L2 switch could sit between a router and a L3 switch and pass the vlan that you are using for routing.

Basically for each switch to switch trunk connection you have a dedicated vlan just for the link ie. no end devices in it and this vlan is dfferent per link so it does not span the campus. This vlan is the one you use to route traffic.

In addition, only for the vlans you need to span the campus you allow those on all the trunks.

So if the vlan isn't allowed on the trunk then it's traffic will be routed which I think is what you want.

Jon

Joseph W. Doherty · ‎03-02-2017

Exactly!

My example showed how it could be done with a router attached to a L2 switch, or a L3 switch, i.e. you could have rtr<access>L2<trunk>L2<access>rtr, rtr<access>L2<trunk>L3 (as shown) or L3<trunk>L3.

clybumat1 · ‎03-02-2017

Ok, so this is working great so far in packet tracer.

This is my topology. I am able to ping from one server to the other.