Skip navigation
Cisco Learning Home > CCNP R&S Study Group > Discussions
This Question is Answered 1 Helpful Answer available (2 pts)
5561 Views 4 Replies Latest reply: May 12, 2010 11:46 PM by Milan RSS

Currently Being Moderated

Layer 2 - layer 3 switching

May 12, 2010 7:05 PM

Milan 195 posts since
Sep 3, 2008

Lets say i have 2 switches connected like this via trunk

 

switch1 |--------| switch2

 


Switch1 config - Layer 3 switch

 

int fa0/1 - trunk to switch 2
switchport mode trunk
switchport trunk encap dot1q

 

int vlan 10
ip address 10.1.1.1 255.255.255.0
no shut

 

int vlan 20
ip address 20.1.1.1 255.255.255.0
no shut

 

Switch2 Config

 

int fa0/1 - trunk to switch 1
switchport mode trunk
switchport trunk encap dot1q

 

int vlan 10 - (management IP)
ip address 10.1.1.20 255.255.255.0
no shut

 


QUESTION 1
If on switch2 i have a management interface configured in vlan 10 like this

 

default-gateway 10.1.1.1
int vlan 10 - (management IP)
ip address 10.1.1.20 255.255.255.0
no shut

 

I should be able to connect to this switches management IP from vlan 20 on switch 1 or 2? What is the process of the packet from a host in vlan 20?

 


QUESTION 2
Lets say i decide to configure the ip of switch2 management interface to

 

int vlan 10
ip address 172.30.172.172 255.255.255.0
no shut
Whilst keeping the same gateway of last resort (10.1.1.1).

 

If i ping the new management IP from a host on vlan 20 what would happen? Would arp play its course and get me to switch 2?

 

Question 3

 

Lets say i change switch 2 management interface to vlan 1 and configure IP
Int vlan 1
ip address 50.1.1.1 255.255.255.0
no shut

 

gateway of last resort - same gateway of last resort
10.1.1.1

 

What would be the outcome? Could i ping/telnet to switch 2 from a host on vlan 20 on either switch 1 or 2?

 

The reason i am asking is because right now i have majorly confused myself between layer 2 and layer 3. I dont have any lab equipment to practice this on either so its making it rather difficult.

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,396 posts since
    Oct 7, 2008
    Currently Being Moderated
    1. May 12, 2010 7:11 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching

    1.  Switch 2 would either need "ip default-gateway 10.1.1.1" or "ip route 0.0.0.0 0.0.0.0 10.1.1.1" to be able to send traffic back.

     

    2.  You would probably ARP for it if you had no gateway installed, and proxy ARP may help.  Otherwise, if you had a gateway configured but it didn't respond you would simply get nowhere.

     

    3.  Probably the same of mostly not being reachable. 

     

    Layer 2 provides data link connectivity.  Which means you need the hardware address (MAC) of the device in question.  If we're talking IP, the way you get that information is to ARP.  No ARP or no ARP response, no communication is possible.  So even though you believe you know the L3 address of the other side, if you have no L2 path to get there, it doesn't do you any good.

     

    I know where the Eiffel Tower is (L3 destination).  However, if I have no plane ticket (L2 path) to get there, i'm kinda hosed!

     

    Scott

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    2. May 12, 2010 7:58 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching

    Scott is right on, as usual. 


    Milan -

     

    Regarding your questions, pretend that SW2 is a PC, and the answers may come easier for you.


    Q1.   If my PC is in VLAN 10, and has an IP address of 10.1.1.20/24 and can reach its default gateway of 10.1.1.1, will the PC be able to reach any other destination, and can other destinations reach him.    YES, assuming the rest of the network is routing correctly.


    Q2.  If I put my PC on VLAN 10, give it an IP address of 172.30.172.172/24, and a default gateway of 10.1.1.1, (assuming we are not discussing proxy arp), will the PC be able to communicate outside of what it believes is the 172.30.172.0/24 network?   NO.


    Q3. If I change the PC to VLAN 1, give it an IP from the 50.x.x.x network space, with a default gateway of 10.1.1.1, there won’t be too much talking over the fence their either.



    Best wishes,


    Keith

  • dweaver2009 67 posts since
    Apr 23, 2009
    Currently Being Moderated
    3. May 12, 2010 8:03 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching

    Milan,

     

    The issue is one many contend with and that is "What is that Layer three address doing in the first place on a Layer 2 Switch?".

     

    Ok

     

    Suppose we look at it like this:

     

    1. You can create as many vlans as you like (with no management interface configured and no ip address) can they talk to each other?

     

    Ans: No. Not between the vlans.  Host can speak to hosts on the same vlan.  Try it.

     

    2. Now suppose we want to manage the switch itself (think of it as a PC or other end-point device that we are going "to" as opposed to "thru" which is what happened in the first example).

     

    So we assign an ip address and a default gateway using one of the two methods mentioned above by Scott.

     

    Kewl.

     

    So now we ping the "SWITCH", we can telnet to the switch, and basically manage the switch.  That's about it.

     

    Note I am going to use the work coincidentally - I think it is not used often enough...

     

    Coincidentally we happen to assign the management interface to a vlan which just "HAPPEN TO BE PASSING DATA with a given vlan tag" and that is the ONLY reason is reachable by the vlan in question in the first place.  Nothing else without some type of routing.

     

    I'm keeping my examples to the L2 switch since I've always felt it was never quite delivered as clearly as it could have been.

     

     


    L3 changes things a bit with Arp and L3 SVI's and then routing protocols but not so for VLANs that "TRAVERSE THROUGH" the switch.  Same rules apply.

     

    In other words - there is no requirement that the management IP on the switch exist in ANY of the vlans on the switch which will carry data...

     

    It just happens to be the "easy way" and leads to a **** of a lot of misunderstanding.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)