Layer 3 Switch Routing

Routing used to be the sole function of routers. Normally, you would use a router to route between VLANs on a network as indicated in the Single, Separate and Router on a Stick buttons on the top of this page. Layer 3 switches are able to route between VLANs and to do it very fast compared to a router.

Layer 3 Switches

So what is the difference between a Layer 3 switch and a router? It used to be that Layer 3 switches could only route between VLANs on the switch and couldn't run routing protocols like RIP but now Layer 3 switches can run routing protocol. At the time of writing this, Layer 3 switches couldn't run WAN protocols like Frame Relay, T1 lines, ISDN, PPP or ATM but I think that is mainly because they don't have an interface to those protocols.

It isn't hard to imagine a switch manufacturer adding plugin module support for a WAN protocol in the near future! But then again, there is the rising usage of carrier Ethernet which is replacing the traditional WAN protocols. A Layer 3 switch can make direct connection to the WAN using one of its Ethernet ports and making the legacy WAN protocols obsolete!

VLAN'd Network

The first step is to separate the voice and data traffic. Two separate networks could be used but that would be expensive and a waste of resources. A better solution is to VLAN the network. Layer 3 Ethernet switches are used to divide the physical network into Virtual LANs (VLANs). These VLANs can span across many switches and many floors of a building. This physically isolates the data traffic from the voice traffic.

Layer 3 Switches

Passing the Functionality

One of things that happens when you use Layer 3 Switches is the passing of functionality of services from what was traditionally the router to the Layer 3 switch. The routing between VLANs (called InterVLAN routing) is now the responsibility of the Layer 3 switch. What also goes with it, is DHCP services. The switch now provides the DHCP server for each of its VLANs. Each VLAN will have its own subnet address and the associated DHCP pool.

A new VLAN is created specifically for routing between the router and the switch. For lack of a better name, I've called the WAN VLAN as that is where the traffic is going to and coming from.

The router now has more specific functions: interfacing to the WAN using WAN protocols, providing Network Address Translation (NAT) and providing security by acting as a firewall. The configuration of the router becomes much simpler.

Configuring a Layer 3 switch for routing

It is surprisingly easy to configure a Layer 3 Switch for InterVLAN routing. If you come from the complex Router on a Stick configuration then you will find this so easy that it won't make sense! This configuration is based on Cisco just because I'm familiar with it. So here goes:

  1. Enable Layer 3 Functionality - some routers like the Layer 2 Cisco 2960 switch (with the latest IOS) require that you first enable Layer 3 functionality by setting the SDM Preferences:

     Switch(config)#sdm prefer lanbase-routing
     Switch#reload
     
  2. Enable Layer 3 routing - switches that are specifically designated Layer 3 switches usually just need to enable routing:
     Switch(config)#ip routing
     
  3. Create VLAN interfaces for each VLAN:
    interface vlan 10
    description Desktop VLAN 10
    ip address 192.168.20.1
    description Servernet VLAN 20
    ip address 192.168.20.1 255.255.255.0 
    interface vlan 30
    description VoIP VLAN 30
    ip address 192.168.30.1 255.255.255.0 
    interface vlan 40
    description Wireless VLAN 40
    ip address 192.168.40.1 255.255.255.0 
    interface vlan 50
    description WAN VLAN 50
    ip address 192.168.50.1 255.255.255.0 
     

    That's it for InterVLAN routing! The switch will automatically route between VLANs - no trunks, no native VLAN, no sub-interfaces!

  4. Set the default route on the switch:

    You will have to set a default route back to the router (192.168.50.1) and at the router static routes back to the VLANs. This is the default route set on the switch to send traffic back to the router:

    ip route 0.0.0.0 0.0.0.0 192.168.50.2
     

  5. Configure the static routes on the router

    These are the static routes set on the router to send traffic to the switch's VLANs. VLAN 50 is directly connected so a static route is not necessary:

    ip route 192.168.10.0 255.255.255.0 192.168.50.1
    ip route 192.168.20.0 255.255.255.0 192.168.50.1
    ip route 192.168.30.0 255.255.255.0 192.168.50.1
    ip route 192.168.40.0 255.255.255.0 192.168.50.1 
     

  6. Check your routing:

    You can check that the routes are set and working properly by issuing the "show ip route" command. This will show the directly connected routes, the default routes and the static routes. Be aware that for some switches, if there is not a physical device connected to a VLAN, the VLAN interface may not come up! I've run into this where everything is configured properly but the routing is broken until a device like a laptop or PC is plugged into the port assigned to the VLAN. Very frustrating to troubleshoot!

    Switch#sho ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    
    Gateway of last resort is 192.168.50.2 to network 0.0.0.0
    
    C    192.168.10.0/24 is directly connected, Vlan10
    C    192.168.20.0/24 is directly connected, Vlan20
    C    192.168.30.0/24 is directly connected, Vlan30
    C    192.168.40.0/24 is directly connected, Vlan40
    C    192.168.50.0/24 is directly connected, Vlan50
    S*   0.0.0.0/0 [1/0] via 192.168.50.2
     
    Router#sho ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    
    Gateway of last resort is 10.197.4.11 to network 0.0.0.0
    
         10.0.0.0/24 is subnetted, 1 subnets
    C       10.197.4.0 is directly connected, FastEthernet0/0
    S    192.168.10.0/24 [1/0] via 192.168.50.1
    S    192.168.20.0/24 [1/0] via 192.168.50.1
    S    192.168.30.0/24 [1/0] via 192.168.50.1
    S    192.168.40.0/24 [1/0] via 192.168.50.1
    C    192.168.50.0/24 is directly connected, FastEthernet0/1
    S*   0.0.0.0/0 [1/0] via 10.197.4.11
    

If this page has helped you, please consider donating $1.00 to support the cost of hosting this site, thanks.

Return to

TelecomWorld 101

Copyright July 2013 Eugene Blanchard