Theoretically a L3 design is “better” than a L2 design. Routing protocols like OSPF/EIGRP converge faster than spanning-tree does and instead of blocking redundant links we can do load balancing.
The downside of L3 designs however like you describe is that some services do require L2 and devices that are in the same subnet.
With wireless networking it’s not much of an issue though. The WLC (Wireless LAN controller) has to be connected to a switch through a trunk so that it has access to all required VLANs.
The access points can be located anywhere since they build a L3 CAPWAP tunnel towards the WLC.
Through this CAPWAP tunnel, all VLAN traffic is tunneled. This allows wireless clients to access all the VLANs that the WLC has access to.
Probably WLAN is not good choice of comparing to extended the network since CAPWAP is L3
If you refer to this correct answer in this URL
Assume a access switch (as1) gig0/1 uplink to distribution switch (ds1) gig0/2
as1 switch configuration
!
interface GigabitEthernet0/1
description ** Uplink to ds1 **
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
!
interface vlan 250
ip address 192.168.10.11 255.255.255.128
!
interface vlan 350
description ** Point to point VLAN to ds1**
ip address 192.168.1.1 255.255.255.252
!
interface GigabitEthernet0/2
description ** connected to VLAN 10 legacy computer **
switchport mode access
switchport access vlan 10
!
interface GigabitEthernet0/3
description ** connected to VLAN 250 client VLAN **
switchport mode access
switchport access vlan 250
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ds1 switch configuration
vlan 10
description *Legacy computers*
!
int vlan 10
ip address 10.1.1.10 255.255.255.240
!
interface GigabitEthernet0/2
description ** Uplink to as1 **
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
!
interface vlan 350
description ** Point to point VLAN to as1**
ip address 192.168.1.2 255.255.255.252
!
in the above configure (I need to run in GNS3 later this week)
VLAN 10 configured as L2 in as1 and gateway is configured in ds1
Over the uplink trunk VLAN 10 is allowed and at the same time default route is pointed over to VLAN 350 on ds1 from as1
For me this is carrying both l2 and l3 traffic over same uplink connection
Is this working configuration, and also common practice?
In this example you’ll have L2 interfaces from the access switch to the distribution switch with SVI interfaces for L3 so yes, you’ll have L2/L3 traffic over the same link. It works but it’s not what we normally do.
With a design like this where we use trunks from the access layer to the distribution layer we normally don’t use SVI interfaces on the access layer. You can stick to cheaper L2 switches for the access layer and let the distribution layer do the routing…that’s where you configure SVI interfaces.
Let me give you two examples for a typical L2 or L3 design.
hostname DSW1
!
interface GigabitEthernet0/2
description LINK_TO_ASW1
no switchport
ip address 10.10.10.2 255.255.255.252
In the design above, VLANs are restricted to the access layer switch. The link to the distribution layer is L3. The advantage of this is that you don’t have to deal with STP anymore.
Strictly speaking, Etherchannel is the name that Cisco gives to its technology or architecture of Link Aggregation. Portchannel is the name of the virtual port you create in a switch that binds the physical ports together, thus the Port-channel1, Port-channel2 or Po1 Po2 etc interfaces that you see in the configuration of the switch.
In general however, Cisco and its users may use these two terms interchangeably.
Hi Rene,
I have a doubt Im configuring a etherchannel layer 2 between a switch Cisco 4506E and a firewall fortigate I know that is has to be with LACP we tried to put the etherchannel mode on in the Cisco 4506E and mode static on the firewall fortigate but it doesnt works.
When you use etherchannel mode on (which I assume you mean nonegotiate) that isn’t actually using LACP. Although, from what I have read, the On - Static combination should work, it is generally recommended that you use LACP if you can (it will help stop potential loops or mis-configs).
I would try setting both sides to use LACP mode Active.
On the Cisco side that would be “channel-group X mode active” where X is your channel-group number
On the Fortigate side you would use “set lacp-mode active”
Hi Rene,
Just my 2 cents, it should be worthwhile to mention that order of operation is crucial when creating L-3 port-channel. i.e. “no swithport” cmd must be entered 1st before entering “channel-group” command. If we enter the “channel-group” cmd first then port-channel will become layer-2 port-channel, and this operation is not revertible.
Regards,
Mehul
1 Like
shantel
(Shantel - Networklessons.com)
Split this topic
32
hmm, I never tried mixing different interface speeds but I think CIsco IOS will prevent you from doing so. The physical interfaces and L2 settings (duplex, VLAN, etc.) have to be the same.
Even if you could, it would not make much sense. Etherchannels use load sharing so if you could combine a 100G and 40G interface, your throughput would be lower than when you would only use a single 100G link.
I did not understand the part “your throughput would be lower than when you would only use a single 100G link.”. What do you think the throughput when we combine 100G and 40G in a LAG?
What I mean is that if you have a single 100G link, all packets will be sent with a bit rate of 100G. If you could bundle a 100G and 40G link together, some packets will be sent with the 100G link and some with the 40G link. It takes longer to send a packet through a 40G link than a 100G link so by bundling these two links together, your average throughput will be lower compared to using a single 100G link.
If i don’t use the “no switchport” command, and instead use “no ip address” under the port-configuration, is not that the same? What i mean by this, isn’t that make the interfaces, L3 interfaces? Thank you in advance.
I am asking this because i think i have seen this in the past on old L3 cisco switches. Meaning to configure a L3 port with “no ip address” (instead of using “no switchport” command). Just wanted to verify/confirm this with you. Also, if this is true, can we do the same on “new” cisco switches, or this was only option on some old switches? Thank you.
