in this session we're going to look
at layer 3 switches
so what is a layer 3 switch well
it's an ethernet switch it can look at
ethernet headers
and it can build mac address tables but
it's also a router
because it can look at ip headers it is
an ip folding table
and an arp table so which function it
performs depends on how you configure it
out of the box layer 3 switches usually
default to being
simple layer 2 ethernet switch
so the slide shows what the defactory
default might be
this example has the eight ports
and all ports exist in one vlan
the default is usually vlan 1 and we
have everything set up
as the configuration snippet shows the
interfaces
gigabit 1 through to 8 are all set up as
switch ports
in access mode in other words for end
user devices connect
and they're all members of vlan 1. so
this will be the default
setting we could introduce vlans
the example on this slide now shows four
of the ports have been assigned to one
vlan
and the other four ports assigned to
another vlan
so talking through the example gigabits
one to four
again access ports but assigned to vlan
10
and gigabit 5 through 8 also access
ports
have been assigned to vlan 20.
so question for you how does the device
behave
differently after this configuration
change
how would any device on vlan 10
talk to any device on vlan 20.
remember a vlan is a completely separate
virtual line from any other
virtual line on an ethernet device
we could introduce vlan trunking this is
a way of connecting two switches
together so that
as the slide shows vlan 10 on one switch
can connect to vlan 10 on another switch
and vlan 20 in one switch can connect to
vlan 20 on the other one
the configuration example shows you what
the configuration of gigabit one
could look like there we have changed
the
switch port from access mode so for end
user devices
to trunk mode in other words it's a
trunk carrying
different vlans and the final line in
the configuration
shows which vlans are allowed to
propagate across
that trunk so
if you cast your mind back to some of
the previous sessions
what is different about the frames on
this wire
if we need management access to the
switch well
given that vlan 1 is the default vlan we
can define vlan as having a physical
interface
and an ip address on it the example
shows
ipaddress 192.168.1.1
as the ip address of vlan 1.
so we are now able to access this switch
for management purposes
on that ip address we'll also need to
assign the switch a default gateway so
that it can see devices outside this lan
so again the syntax depends on which
model which device which vendor
the example here is one taken from a
cisco
layer 2 ethernet switch
the management interface has its own ip
interface on vlan 1 with its own
ip address so you could imagine it as
the switch's cpu being plugged into vlan
1
but without actually using up a physical
port on the switch
and you can use this to manage the
switch via secure shell
or snmp or both and like any other ip
device
as i mentioned in user default gateway
to be able to send packets to a
destination address
on a different subnet
now what about when we introduced ip
routing
what we want to do is to extend this by
giving the switch an ip address on
multiple vlans
each address of course is within the ip
subnet for that particular vlan
and to do this we need to enable the
internal router within the switch
and when we do that it can receive
datagrams on one vlan
and resend them on another vlan
remember the question i asked earlier
how do the devices on vlan 10
communicate with the devices on vlan 20
well we've now done it we now have a
layer 3 switch
an ethernet switch that's able to send
packets between different vlans,
in other words ip routing.
and here we have it in the diagram we
have the routing process
sending packets between the two
different vlans
on the switch if you look at the
configuration example you see the two
vlans defined
ip routing is the keyword that has been
added to turn on
routing capability on the switch
and we now have interface vlan 10 with
its address that we saw earlier
and we have vln 20 with its address in a
different subnet
that has been introduced into the switch
configuration
and the default gateway has been added
in as well
so that for management access to this
switch we can see the rest of the world
and indeed the vlans on the switch can
see the rest of the world
as well and it's really that simple
we have an ip address on each vlan other
devices can point the default gateway at
us
and we will forward datagrams on their
behalf
this is based on the ip forwarding table
connected routes
static routes and so forth
so as i just described this slide shows
how this layer 3 switch is now acting as
a gateway
we plug two end user devices in the two
laptops shown on the slide
they will have ip address or whatever
has been assigned and the default
gateway
on vlan 10 will be 192.168.1.1 which is
the address we gave vlan 10 on the
switch
and for the device connected to vlan 20
its default gateway will be 192.168 or
2.1
again the ip address of vlan 20
on this layer 3 switch ipv6 is the same
we assign a v6 address to vlan 10 and to
vlan
20 on the layer 3 switch and
again we have the v6 default gateway as
the example shows
and then any device that's connecting to
this
switch using a v6 address
we'll be using the vlan 10 or vlan 20
default ga teway addresses depending
which vlan they connect to.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.