Hello,

In term of performance would you say one is better than other?

Also what is the problem with SVI and ACLs and PBR?

thank you.

Normal L2 switches have Vlan1 by default..this is sort of SVI.

SVI allow you to do intervlan routing w/o involving a router.Also another notable point is the hardware for the SVI interface u create is an EtherSVI .

Choice of SVI's or routed ports depends on wat devices are on the other end of the connection.

This can be explained by 2 scenario's.We have 2 hosts on different vlans trying to communicate with an L3 MLS in between.

*first is using SVI::The L3 will allow Intervlan routing w/o a router.We create 2 SVI's with int vlan XX command alongwith the ip assigned on it.

We'll have to enable ip routing on an L3 switch as its off by default.With this hosts should ip of the respective vlan SVI's as their gateway and they will communicate.

*Ports on a MLS will run as L2 by default.To change this to routed port..use no switchport alongwith the ip address on the interface.Then enable routing using some dynamic protocol and its done.

@ankbhasi 

Let's say we have three switches: sw1 <--> sw2 <--> sw3

Between sw1 and sw2 is P2P link with routed ports. Between sw2 and sw3 is trunk and both switches have vlan interface 100.

The ping from sw1 routed port to vlan interface on sw3 will not work, right? In what setup would ping work?

In the environment that you describe it is quite possible for ping to be successful between sw1 routed port and sw3 SVI. The following conditions must be met for this to happen:

- there must be an IP subnet configured on both routed ports of sw1 and sw2.

- there must be a different IP subnet configured on the SVI for vlan 100 of sw2 and sw3.

- ip routing must be enabled on sw2.

If these are true then ping should be successful. If any one of these is not true then ping will fail.

BTW:

This is Rick's version (should work fine too):

!L2sw1
interface e0
no switchport
ip address 192.168.1.2 255.255.255.0
ip default-gateway 192.168.1.2

!L3sw2
ip routing
interface e0
no switchport
ip address 192.168.1.1 255.255.255.0
interface e1
switchport mode trunk
interface vlan 100
ip address 192.168.2.1 255.255.255.0
no shut

!L2sw3
interface e1
switchport mode trunk
interface vlan 100
ip address 192.168.2.2 255.255.255.0
no shut
ip default-gateway 192.168.2.1

Without seeing your reply, I have just configured myself something similar and it worked. I have used default route instead of ip default-gateway. Nonetheless, many thanks!

Great!

BTW, default-gateway and default-route accomplish the same but the former implies you're not routing while the latter does (so I believe).

Also if sw2 is proxying, neither sw1 or sw2 might need either default gateway or route (possibly why Rick didn't mention either).

What do you mean by "proxying"?

I believe that he was referring to proxy-arp, in which a device responds to an arp request for a destination that is actually remote.

Joseph points out that I did not mention default-gateway as a requirement in my suggestion for sw1 and sw3, suggesting that I was making an assumption about configuration of the switches. He is correct that I was making an assumption and that having a correct default-gateway is indeed part of the requirement.

Proxy ARP

You implying switches 1 and 2 or L3 switches, possibly switch 3 also?

"The ping from sw1 routed port to vlan interface on sw3 will not work, right?"

Incorrect, it can work.

"In what setup would ping work?"

(more or less)

!L3sw1
ip routing
interface e0
no switchport
ip address 192.168.1.2 255.255.255.0
route 0.0.0.0 0.0.0.0 192.168.1.2

!L3sw2
ip routing
interface e0
no switchport
ip address 192.168.1.1 255.255.255.0
interface e1
switchport mode trunk
interface vlan 100
ip address 192.168.2.1 255.255.255.0
no shut

!L3sw3
ip routing
interface e1
switchport mode trunk
interface vlan 100
ip address 192.168.2.2 255.255.255.0
no shut
route 0.0.0.0 0.0.0.0 192.168.2.1

It certainly makes it easier if you enable ip routing on all 3 switches, and if you do this the ping absolutely will work. I believe that with appropriate ip default-gateway configuration on sw1 and sw3 that it should work with ip routing on just sw2.

Agreed.  No doubt you were composting your reply to mine concurrently with my "example" reply to yours.