SVI or Layer 3 interface at the distribution layer?

speculor_cisco · ‎01-07-2011

Suppose a Layer 2 access switch is configured with only one VLAN and this VLAN does not span multiple access switches. Suppose, for redundancy as usual, the access switch is linked to two Layer 3 distribution switches. If I am right, I can configure the two interfaces on the two distribution switches not only as Layer 2 (switchport command) and route with SVIs, but also as Layer 3 (no switchport command) and route without SVIs. If the access switch was configured with two different VLANs, then the two uplinks should be two trunks and so I could not use pure Layer 3 interfaces. I wondered, always if I am right, if there is a best practice that suggests which type of configuration is better and why?

Thanks.

cadet alain · ‎01-07-2011

Hi,

L3 ports are mainly used when routing protocols or static routing is needed.I don't see the advantage in access to distribution link and furthermore

I'm not sure we can link a L3 port to a L2 port on a link between switches.

If I've got time this evening I will lab it.

Regards.

Alain.

Don't forget to rate helpful posts.

speculor_cisco · ‎01-07-2011

Hello Alain and thanks for your answer.

Why not? Do you think it would be a problem if I linked a Layer 2 access port (untagged frame) in an access switch with a Layer 3 port in a distribution switch? I do not think that it would be different than linking a normal pc to the Layer 3 port of a distribution switch.

Peter Paluch · ‎01-07-2011

Hello,

I tend to agree with Alain here - connecting a Layer2 access switch to a routed port (no switchport) on a distribution switch is certainly possible and workable but at the same time, it is not flexible. Should you ever need to add another VLAN to the access switch, you will have to convert the uplinks to trunks. And it is worth mentioning that almost everytime, you need at least two VLANs - one VLAN used for access ports on the access switch, and one VLAN used for management purposes of the switch itself. So unless you are using the concept of routed access layer, I see no significant advantage in making the uplinks behave as routed ports.

Routed ports, however, are perfect for creating a termination boundary for VLANs between your distribution and core layer. By declaring a port to be a routed port, you are essentially creating a boundary than no VLAN can span over. Packets have to be routed between other VLANs and this port but the VLANs will not "leak" through such a port. This way, using routed ports can help to contain VLANs and adhere to the concept of local VLANs.

Best regards,

Peter

speculor_cisco · ‎01-07-2011

Hello Peter and thanks for your answer.

From Alain's post I have had the impression that it was not possible, but I was quite sure that it was.

So I had asked for best practice and I have appreciated your answer, as usual.

And because I begin to know and to understand the background behind your answers, I could say it was perfect.

cadet alain · ‎01-07-2011

Hi,

I didn't say it was impossible , i said I was not sure and had to lab it up.

But Peter reinforced my first guess of the advantage/disadvantage it would provide.

as you remarked Peter's answers are always a chance to learn more and even better understand technologies we thought we knew so well.

Regards.

Alain.

Don't forget to rate helpful posts.

speculor_cisco · ‎01-07-2011

Alain, sorry for my misunderstanding.

cadet alain · ‎01-07-2011

no worries, just wanted to clarify my thought.

Regards.

Alain.

Don't forget to rate helpful posts.

Peter Paluch · ‎01-07-2011

Hello Alain,

You and speculor_cisco are both very, very kind. I appreciate your kind words immensely.

Best regards,

Peter

Peter Paluch · ‎01-07-2011

Hello,

I am honored. Thank you very much.

On a different note: I have sent you a private message earlier (see the Account -> Private Messages). If you find some time to answer, I would like very much to read it

Best regards,

Peter