    Distribution Switch Configuration

    Wesley Kirby



      I am working on a network which utilizes a 3750G as a core switch with 3560 access switches.  All switches have multiple vlans configured for data, voice and video and although all are layer 3 devices, only the 3750G is used for routing.  There is also no requirement for the devices on the access switch to communicate directly with each other as they must connect to centrally located management systems via the 3750G core switch.  That being said, I am curious about the opinion of the professional community here about configuration of the 3560 access switches.  Since they do need to route layer 3, I typically configure the 3560 access switches with an IP Default Gateway.  However, I have been told that I should configure them with a static route to the core switch but I see no benefit of a static route configuration.  Can anyone provide rational for either or both?


          Hi Wesley


          You could avoid spanning tree. You might want two 3750. I do not think it matters in that environment. I think this was a plan by marketing to push L3 switches into the access layer. We always use 3750 with stack cable at the access level.


            Wesley Kirby



            Thanks and understand.  Even though you have an L3 access switch, is there an advantage of assigning a static route over just a default gateway?  My thinking is if the L3 switch isn't going to be doing any routing, then a default gateway is sufficient.


              Hi Wesley,

                             I wanted to ask where the default-gateway for the data, voice and video vlans lives?  Is it on the access 3560 switches or at the core 3750 switch?

                             The reason I asked is if the default-gateway for the data, voice and video vlans live on the 3750 switch you could have an 'event' that could swamp the 3750 switch CPU and/or other resources which would affect every other switch (therefore the users).   Example is a user hooks up an inexpensive gigabit mini-switch in their cubicle, then proceeds to loop the cable on the mini-switch.  That simple loop can send enough traffic to swamp a typical core switch CPU.

                             Just curious and I'll say this outloud to the community,  "With the all the vlan default-gateways on the core then I suggest a single point of failure has been built".

                             Ok, I'll wait to hear back from you on where your vlan default-gateways are (and from everyone else that may want to pummel me for saying the 'single point of failure' statement'...;-)


                Wesley Kirby



                I doubt pummeling is required here.


                As for the default-gateway, the 3750 core switch is set up to route the devices on the various vlans to the applicable servers, whether that be a data server, VoIP CM, or whatever.


                Does that clarify for you?


                  Nope, I'm a bit cloudy.  How about this question,  Are the data, voice and video vlan interface's (SVI) on the 3750 or pushed out to the 3560's?

                    Wesley Kirby

                    The actual device interfaces are on the 3560s.  The 3750 is setup as a VTP server with the 3560s as VTP clients.

                      My apologies for repeated questions as the failure in communication is most likely on my end.


                      For example, you create a 'vlan 10' (Data) at layer 2, then you create the SVI or Vlan interface with "interface vlan 10" and then you use "ip address" for the interface vlan 10.

                      Where does the L3 or IP addressed "interface vlan 10" live?  On the 3750 or the 3560's?

                        Wesley Kirby


                          Thanks Wesley,  Now my early morning (I'm on west coast) brain understands..:-)   I would just humbly suggest that on the 3560 (Access) that you use (if not on by default, then enable) some of the built in features to prevent a network event in one 3560 from sending so much traffic up to the 3750 as to swamp the CPU.  The users I have keep finding ways to be creative in this aspect.  We've see both 3750's, 4500 (SupV's) and a VSS pair get very busy with some traffic from some user created activity.  Mini-switches, even those that have STP/RSTP, have been an issue for my network at various time.


                          Thanks for being patient with all my questions!



                            If I understood, you need a default route or static route from 3750 Core Switch pointing out (ISP), and the trunk link between 3750

                            and 3560.


                            3560 Switch being access only, you just need Management vlan and default gateway.


                            for instance


                            int vlan 10 data


                            int vlan 20 voice


                            int vlan 30 video


                            int vlan 50 Management



                            ip route (next hop)(ISP)



                            switchport trunk encapsulation dot1q

                            switchport mode trunk


                            3560(access layer)

                            vlan 10

                            vlan 20

                            vlan 30

                            vlan 50 Management

                            int vlan 50


                            ip default-gateway


                            Hope that will help.



                              Deepak Kumar


                              I hope you will understand the difference between Default route and Static route. There is no need to configure Default route on the Access switches (if no routing) but Some times we required. Why? I am setting in a VLAN 10 and wants to access the switch then What I will do? Switch will not respond and I have to move in the same switch management VLAN or VLAN which is having IP address on the switch or assign multiple static route on the switch. This is totally time consume process for me.


                              What if you want to upgrade your switch using the TFTP server or wants logs on the another server which is not in the same management VLAN?


                              We have consider all points.



                              Deepak Kumar