Skip navigation
Login   |   Register
Cisco Learning Home > CCNP R&S Study Group > Discussions
This Question is Answered 1 Helpful Answer available (2 pts)
5778 Views 4 Replies Latest reply: May 12, 2010 11:46 PM by Milan RSS

Currently Being Moderated

Layer 2 - layer 3 switching

May 12, 2010 7:05 PM

Milan 195 posts since
Sep 3, 2008

Lets say i have 2 switches connected like this via trunk


switch1 |--------| switch2


Switch1 config - Layer 3 switch


int fa0/1 - trunk to switch 2
switchport mode trunk
switchport trunk encap dot1q


int vlan 10
ip address
no shut


int vlan 20
ip address
no shut


Switch2 Config


int fa0/1 - trunk to switch 1
switchport mode trunk
switchport trunk encap dot1q


int vlan 10 - (management IP)
ip address
no shut


If on switch2 i have a management interface configured in vlan 10 like this


int vlan 10 - (management IP)
ip address
no shut


I should be able to connect to this switches management IP from vlan 20 on switch 1 or 2? What is the process of the packet from a host in vlan 20?


Lets say i decide to configure the ip of switch2 management interface to


int vlan 10
ip address
no shut
Whilst keeping the same gateway of last resort (


If i ping the new management IP from a host on vlan 20 what would happen? Would arp play its course and get me to switch 2?


Question 3


Lets say i change switch 2 management interface to vlan 1 and configure IP
Int vlan 1
ip address
no shut


gateway of last resort - same gateway of last resort


What would be the outcome? Could i ping/telnet to switch 2 from a host on vlan 20 on either switch 1 or 2?


The reason i am asking is because right now i have majorly confused myself between layer 2 and layer 3. I dont have any lab equipment to practice this on either so its making it rather difficult.

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,428 posts since
    Oct 7, 2008
    Currently Being Moderated
    1. May 12, 2010 7:11 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching

    1.  Switch 2 would either need "ip default-gateway" or "ip route" to be able to send traffic back.


    2.  You would probably ARP for it if you had no gateway installed, and proxy ARP may help.  Otherwise, if you had a gateway configured but it didn't respond you would simply get nowhere.


    3.  Probably the same of mostly not being reachable. 


    Layer 2 provides data link connectivity.  Which means you need the hardware address (MAC) of the device in question.  If we're talking IP, the way you get that information is to ARP.  No ARP or no ARP response, no communication is possible.  So even though you believe you know the L3 address of the other side, if you have no L2 path to get there, it doesn't do you any good.


    I know where the Eiffel Tower is (L3 destination).  However, if I have no plane ticket (L2 path) to get there, i'm kinda hosed!



    Join this discussion now: Login / Register
  • Keith Barker - CCIE RS/Security, CISSP 5,327 posts since
    Jul 3, 2009
    Currently Being Moderated
    2. May 12, 2010 7:58 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching

    Scott is right on, as usual. 

    Milan -


    Regarding your questions, pretend that SW2 is a PC, and the answers may come easier for you.

    Q1.   If my PC is in VLAN 10, and has an IP address of and can reach its default gateway of, will the PC be able to reach any other destination, and can other destinations reach him.    YES, assuming the rest of the network is routing correctly.

    Q2.  If I put my PC on VLAN 10, give it an IP address of, and a default gateway of, (assuming we are not discussing proxy arp), will the PC be able to communicate outside of what it believes is the network?   NO.

    Q3. If I change the PC to VLAN 1, give it an IP from the 50.x.x.x network space, with a default gateway of, there won’t be too much talking over the fence their either.

    Best wishes,


    Join this discussion now: Login / Register
  • Currently Being Moderated
    3. May 12, 2010 8:03 PM (in response to Milan)
    Re: Layer 2 - layer 3 switching



    The issue is one many contend with and that is "What is that Layer three address doing in the first place on a Layer 2 Switch?".




    Suppose we look at it like this:


    1. You can create as many vlans as you like (with no management interface configured and no ip address) can they talk to each other?


    Ans: No. Not between the vlans.  Host can speak to hosts on the same vlan.  Try it.


    2. Now suppose we want to manage the switch itself (think of it as a PC or other end-point device that we are going "to" as opposed to "thru" which is what happened in the first example).


    So we assign an ip address and a default gateway using one of the two methods mentioned above by Scott.




    So now we ping the "SWITCH", we can telnet to the switch, and basically manage the switch.  That's about it.


    Note I am going to use the work coincidentally - I think it is not used often enough...


    Coincidentally we happen to assign the management interface to a vlan which just "HAPPEN TO BE PASSING DATA with a given vlan tag" and that is the ONLY reason is reachable by the vlan in question in the first place.  Nothing else without some type of routing.


    I'm keeping my examples to the L2 switch since I've always felt it was never quite delivered as clearly as it could have been.



    L3 changes things a bit with Arp and L3 SVI's and then routing protocols but not so for VLANs that "TRAVERSE THROUGH" the switch.  Same rules apply.


    In other words - there is no requirement that the management IP on the switch exist in ANY of the vlans on the switch which will carry data...


    It just happens to be the "easy way" and leads to a **** of a lot of misunderstanding.

    Join this discussion now: Login / Register


More Like This

  • Retrieving data ...

Bookmarked By (0)