Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
6
Replies

Question about transitioning access layer from layer 2 to layer 3

Go to solution
Terence Lockette
Level 1
Level 1

‎07-03-2017 09:19 AM - edited ‎03-08-2019 11:11 AM

Hello,

I wanted to get some professional feedback as it relates to moving layer 3 down to the access layer of our campus network.  We aren't and have not had any performance issues for the past 2 years or so since we've made changes on our network.  These changes included making our core layer switches VSS and using MEC on the downstream switches.  We have a collapsed core and would maintain this design if we moved routing to the access layer.  My question is if we aren't having any performance issues, is there a reason to move routing down to layer 3 other than performance?

My thoughts on this is that we can restrict broadcast domains to each switch on a floor, create better QoS as well as ACL policies.  I should also mention that we're going to be implementing ISE soon so I'm not sure if implementing ACLs on the switch is still a requirement since ISE can use dACLs.  My other concern is how I need to handle unified APs.  I'm certain I'll need to do Flexconnect and create a small subnet on each layer 3 access switch to talk back to the WLC.  Your feedback and thoughts are much appreciated!

Thanks,

Terence

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to Terence Lockette

‎07-04-2017 01:54 PM

Hello,

sorry for my late reply. To be honest, looking at your design, I am not sure you will gain anything from moving the layer 3 to the access layer. You still need a layer 3 capable device to do the inter-Vlan routing, and in your current design you already have that (and it is fully redundant).

The VSS/MEC setup looks very sound. The core devices look like 6500 MLS switches ? Layer 3 performance is likely to even be adversely affected if whatever device you are planning to do the routing on does not have the same capacity...

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Georg Pauwen
VIP
VIP

‎07-03-2017 10:36 AM

Hello Terence,

in order for us to provide any useful feedback, it would be best if you could post two schematic drawings: one showing your current setup, and the other showing what your planned future setup would look like...

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to Georg Pauwen

‎07-03-2017 10:46 AM

George,

Sure.  I've attached a diagram that simply shows both.  The attached topology represents current connectivity but using L2 MEC to the core.  The new proposed design would simply move L3 down to the access layer.  Currently, VLANs span the campus with restrictions/pruning on trunk links where some VLANs aren't allowed because hosts don't connect into those VLANs.  The campus core does all the routing, ACLs, etc. and I would like to push as much as that down to the access layer as possible.

With the proposed design, I feel like I'll need to break up the larger layer 2 VLAN into smaller subnets since those VLANs won't be able to span across multiple switches.  I hope this attachment helps!

Preview file
100 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Terence Lockette

‎07-04-2017 01:54 PM

Hello,

sorry for my late reply. To be honest, looking at your design, I am not sure you will gain anything from moving the layer 3 to the access layer. You still need a layer 3 capable device to do the inter-Vlan routing, and in your current design you already have that (and it is fully redundant).

The VSS/MEC setup looks very sound. The core devices look like 6500 MLS switches ? Layer 3 performance is likely to even be adversely affected if whatever device you are planning to do the routing on does not have the same capacity...

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to Georg Pauwen

‎07-05-2017 05:51 AM

Georg,

Thanks for your response.  The core layer are in fact 6509s and the access layer switches consists of 4500E (Adv Ent Svs license) chassis and 2960X (LAN base license) switches.  I know the 2960Xs only can do IP-lite so I would look to refresh those switches with the 3650 or 3850 series.

I wasn't sure if there would be any real benefits to moving layer 3 down to the access layer switches and I didn't want to start planning too much to do so if there weren't any real benefits.  I don't like doing unnecessary work and that's what this sounds like.  Thanks!

Terence

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Terence Lockette

‎07-05-2017 06:32 AM

Hello Terence,

merging the layer 3 into the layer 2 sounds like a massive operation with little or no benefit...

Replacing the 2960Xs with newer models on the other hand is definitely a good option, and you can do that one by one without disrupting anything.

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to Georg Pauwen

‎07-05-2017 06:35 AM

Very true.  We're looking at a wireless refresh to replace our 2602i APs with the 3800 series and want to take advantage of the mulitigig port so we'll certainly need to upgrade the 2960Xs with either the 3650 or 3850.  Thanks for your input!

Terence

0 Helpful
Customers Also Viewed These Support Documents