in this session we're going to look at layer 3 switches so what is a layer 3 switch well it's an ethernet switch it can look at ethernet headers and it can build mac address tables but it's also a router because it can look at ip headers it is an ip folding table and an arp table so which function it performs depends on how you configure it out of the box layer 3 switches usually default to being simple layer 2 ethernet switch so the slide shows what the defactory default might be this example has the eight ports and all ports exist in one vlan the default is usually vlan 1 and we have everything set up as the configuration snippet shows the interfaces gigabit 1 through to 8 are all set up as switch ports in access mode in other words for end user devices connect and they're all members of vlan 1. so this will be the default setting we could introduce vlans the example on this slide now shows four of the ports have been assigned to one vlan and the other four ports assigned to another vlan so talking through the example gigabits one to four again access ports but assigned to vlan 10 and gigabit 5 through 8 also access ports have been assigned to vlan 20. so question for you how does the device behave differently after this configuration change how would any device on vlan 10 talk to any device on vlan 20. remember a vlan is a completely separate virtual line from any other virtual line on an ethernet device we could introduce vlan trunking this is a way of connecting two switches together so that as the slide shows vlan 10 on one switch can connect to vlan 10 on another switch and vlan 20 in one switch can connect to vlan 20 on the other one the configuration example shows you what the configuration of gigabit one could look like there we have changed the switch port from access mode so for end user devices to trunk mode in other words it's a trunk carrying different vlans and the final line in the configuration shows which vlans are allowed to propagate across that trunk so if you cast your mind back to some of the previous sessions what is different about the frames on this wire if we need management access to the switch well given that vlan 1 is the default vlan we can define vlan as having a physical interface and an ip address on it the example shows ipaddress as the ip address of vlan 1. so we are now able to access this switch for management purposes on that ip address we'll also need to assign the switch a default gateway so that it can see devices outside this lan so again the syntax depends on which model which device which vendor the example here is one taken from a cisco layer 2 ethernet switch the management interface has its own ip interface on vlan 1 with its own ip address so you could imagine it as the switch's cpu being plugged into vlan 1 but without actually using up a physical port on the switch and you can use this to manage the switch via secure shell or snmp or both and like any other ip device as i mentioned in user default gateway to be able to send packets to a destination address on a different subnet now what about when we introduced ip routing what we want to do is to extend this by giving the switch an ip address on multiple vlans each address of course is within the ip subnet for that particular vlan and to do this we need to enable the internal router within the switch and when we do that it can receive datagrams on one vlan and resend them on another vlan remember the question i asked earlier how do the devices on vlan 10 communicate with the devices on vlan 20 well we've now done it we now have a layer 3 switch an ethernet switch that's able to send packets between different vlans, in other words ip routing. and here we have it in the diagram we have the routing process sending packets between the two different vlans on the switch if you look at the configuration example you see the two vlans defined ip routing is the keyword that has been added to turn on routing capability on the switch and we now have interface vlan 10 with its address that we saw earlier and we have vln 20 with its address in a different subnet that has been introduced into the switch configuration and the default gateway has been added in as well so that for management access to this switch we can see the rest of the world and indeed the vlans on the switch can see the rest of the world as well and it's really that simple we have an ip address on each vlan other devices can point the default gateway at us and we will forward datagrams on their behalf this is based on the ip forwarding table connected routes static routes and so forth so as i just described this slide shows how this layer 3 switch is now acting as a gateway we plug two end user devices in the two laptops shown on the slide they will have ip address or whatever has been assigned and the default gateway on vlan 10 will be which is the address we gave vlan 10 on the switch and for the device connected to vlan 20 its default gateway will be 192.168 or 2.1 again the ip address of vlan 20 on this layer 3 switch ipv6 is the same we assign a v6 address to vlan 10 and to vlan 20 on the layer 3 switch and again we have the v6 default gateway as the example shows and then any device that's connecting to this switch using a v6 address we'll be using the vlan 10 or vlan 20 default ga teway addresses depending which vlan they connect to.

© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.