To use Layer-2 or Layer-3 link between core switches

Posted on 2009-07-08
Last Modified: 2012-05-07

I am designing a network for a client and have a question regarding the design. They are a pretty small company and they currently have one Layer-3 3560G switch, I plan to get another and use a 2Gb etherchannel between them. Then I'll connect these core 3560G's to the access switches using a layer-2 trunk link.

My question is whether I use layer-2 or layer-3 communications between the 3560G's? If any experts can explain the pro's and con's of both of these then maybe that can help me make a decision. I was initially planning to use layer-3 routed links but after reading about spanning tree and PVST, I am now leaning more towards using a switched connection.

Of course, if you think that there is a better design I would be very happy to listen to your advice. Maybe to use layer-3 links to the access switches???

I have attached a diagram of what I plan to do.

Thanks a lot

Question by:ally0000
  • 4
  • 2
  • 2
  • +1
LVL 50

Expert Comment

by:Don Johnston
ID: 24802651
As with many design questions, there are not always "right" or "wrong" ways.

The quick answer in does a broadcast domain (IP subnet or VLAN) need to exist beyond a 3750 access switch? If it does, then you need to make the access-core links layer 2. If there are multiple VLANs on the access switch, then it needs to be a layer 2 trunk.

If you do not need a broadcast domain to exist beyond an access switch, then you can make the links layer 3.

Author Comment

ID: 24803410

There will only be workstations into the access switches and not more subnets or VLAN's. Would layer 2 not be faster and more efficient from the core to the access switches?

Also, what about the link between the 3560G core switches?


Author Comment

ID: 24804583
The main answer I need from this question is regarding the link between the 2 core switches....should they be a layer-2 etherchannel or a layer-3 routed link? What would be the benefits of layer-2 over layer-3 and vice-versa?

There are no VLAN's beyond the access switches and there are VLAN's on the access switches

Hope that's clear....thanks

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Accepted Solution

Magim_IT earned 250 total points
ID: 24811811

This is a ideal design whereas physical connectivity is concern, below are my suggestions
1.      Both the 3560 can be in routing mode or non routing mode (switching mode), will act as core switches (L3)
2.      All 3750 will be in non routing mode, act as access switches (L2)
3.      All the links shown in the diagram will be trunks (this will enable you to make future changes without any downtime and make your network more scalable compare to routed links, the switching is always faster than routing)
4.      Links connected to both 3560 will be L2 etherchannel (truck)
5.      Dont forget to enable spanning tree so at a time only one link will be forwarding mode. For such small network PVST is not needed
If you want to use these as L3 links,
1.      Your network will be slow
2.      You will create unnecessary hops in your LAN
3.      Will create load on your switch because of routing protocol
4.      Management is complex
5.      Any change may cause downtime
6.      You cannot extend one VLAN from one to other switch (incase you are making the link as L3 links)

Assisted Solution

JanSc earned 250 total points
ID: 24811820
Simply stated:

Use trunk between swicthes for layer 2, and use HRSP for L3 failover. Thats the way Cisco advices (many years ago)
You will have full L2 redundancy, using RSTP, towards the access layer and have Hot-standby for layer 3, per vlan. If you want to you can even have load balanced link-aggregation towards your access layer, when 3750 are stacked using stack cable.

On the other hand: Why not swap a few switches. Build a new core, based on 3750 and stackwise. Then L2 and L3 are fault tolerant and load-balanced. The 3560 can be reused for access-layer then,

Author Comment

ID: 24812158
Thanks for the advice from you both, excellent stuff.

JanSc, I have amended my design to use the 3750's in the core and agree that is a better solution using the stackwise technology. When you said that this would make L2 and L3 fault tolerant and load-balanced, can you please explain the L3 part a little more.

The access switches are L2 are therefore use STP for fault tolerance however I am not sure how the L3 part is relevant? Do you mean that the L3 fault tolerance when these L3 switches connect to the other network devices further down the network path that I have not drawn in, for clairity?

Thanks a lot, great stuff.

Expert Comment

ID: 24812273

2 switches stacked together gives fault toerance L2 solution. Since the 3750 has L3 routing capabilities as well, stackwise gives L3 routing over the stack of 2 or more (max 8) switches.
So, when 1 switch fails, the other ones will route L3 traffic. This is the superior way to create a redundant IP gateway for your lan.

When using the 3560 for routing (L3), only one switch will become the active router. HSRP (hot-standby-routing-protocol) will check if the routing function is available, and when not the other switch will take over. Both switches have their own IP adress, and share a HSRP adress, virtual one, as gateway for the lan.
BTW: this has nothing to do with STP, RSTP or whatsoever on L2.

Using 3750 stack technology can even bring you load-balanced connections towards the access-layer. When you stack the 3750's in the access layer, they become "one switch", same as the core switch.
Now you can link the core to the access in a one-on-one relation, using trunks (dynamic LACP is handy, and perfect solution). RSTP and STP give active-passive links towards access layer, so only one part is used. I hate to invest in dead copper or fiber ports...., therefore a stacking technology gives me a better feeling. All you have to do is buy stack cables, (or 3Com 4500 switches, since they can stack through cheap copper ports on cheap switches. 3750 in access layer is overdone most times)

I think you don't need L3 in access-layer, so only core has L3 function.

clear? If not, let me know.

Expert Comment

ID: 24812421
As JanSc said, If you are using 3750 stack at core then you can also configure etherchannel for links between core and access, you will get more throughput and can make use of the redundant link.

Author Comment

ID: 24812439
Thanks guys, the answers are exactly what I need....Ally

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WatchGuard T50 - Internet Priority Based on VLAN or User 1 51
Receiving wifi on an underground station 22 97
Home internet speed 20 32
VPN Server config in Modem 5 33
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question