Layer 2 WAN link vs Layer 3 WAN

Posted on 2011-10-02
Last Modified: 2012-06-27
Hi, the company where I work has a combination of layer 2 WAN links and layer 3 WAN links.

Could someone please explain the difference between the two, and in what circumstances you would use each type?

Does layer 2 means the links are switched with MAC addresses and layer 3 is routed via IP addresses?

Question by:paulo999
    LVL 50

    Assisted Solution

    by:Don Johnston
    Basically, a layer 2 WAN would be something like Frame-Relay where a layer 2 address is used for destination determination. A layer 3 WAN would be something like the internet where the layer 3 address is used.

    But this really isn't official terminology. Probably more like someones opinion or view of a link.
    LVL 30

    Assisted Solution

    LVL 6

    Accepted Solution

    Hi there,

    In today's terminology, a layer-2 WAN solution usually refer to Ethernet solutions... Things like EPL (Ethernet Private Line), VPLS, H-VPLS etc...
    Conceptually, a layer-2 service mean that the customer can get his site switches interconnected together at a layer-2 level.. so the customer can share the IP address prefix across several sites.
    The type of the layer-2 solution depends on what you're planning to do... but I am happy to dive down if you provide more information on what you want to do.

    The layer-2 is also used for legacy protocols (other than IP), typically used in old environment..
    Also common for data centre connectivities where clustering could be required (if distance/latency allows).
    Layer-2 is also required sometimes when the customer wants to manage their own routing domain.

    Layer-3 WAN services refer to all products that allow connectivity at layer-3... Things like Internet based VPNs (IPSec/SSL etc...) or MPLS VPN (private layer-3 WAN) where the customer will interconnect at IP level with a private instance of routing at the provider.

    Let me know what exactly you're trying to achieve, and I'll point you in the right direction.
    LVL 6

    Expert Comment

    Answering your question by the way, yes this is right...
    Layer-2 means basically that the frames are being switched based on MAC addresses rather than IP addresses in the packets for layer-3 services.

    The infrastructure over which these services run can rely on a broad range of technologies, either layer-2, layer-2.5 (MPLS) or pure layer-3 or sometimes SONET/SDH for unoversubscribed layer-2 services.

    Depending on the services you're planning to use over the network, oversubscription and QoS requirements, you might prefer a carrier over the other depending on their backbone and service design.

    Be mindful also that layer-3 services comes with more intelligent service portals from the carriers cause they have higher visibility into the network...


    Author Comment


    Thanks very much for the info.

    I need to put a plan together for a smaller network for about 250 users and about 3 ESXi hosts, with Avaya VoIP. I was planning on using a Cisco 4500 for the core with Cisco 2960S as the access. To save costs it has been suggested to use 2x3750s for the core switches. Normally I would stack the two 3750s together to effectively make them act as one switch, but it’s been suggested that the two 3750s should have layer 3 link between them, but I don’t really understand why. Would it be because you can then do QoS etc between the two switches? Would that make the two 3750s on different subnets/VLANS?

    For my own knowledge; Is the reason for using layer 3 instead of layer 2 between switches in this manner so you have features like QoS? I think I’ve read that you should do layer 3 between core switches, and distribution switches to core switches. So would each level of switch effectively be on its own subnet/VLAN?

    Sorry if this is a dumb question :-)
    LVL 6

    Assisted Solution

    The core should be running layer 3 for many reasons, not only for QOS...

    1) To be able to provide redundancy for aggregation and access, with routing protocols on both switches.
    2) To be able to do access control between different distribution levels.
    3) QOS application.
    LVL 6

    Assisted Solution

    I have seen 3750 in the core many times, design typically deployed in the small sites cores.
    VLANs are normally bridged at the different access layers, with SVI in the collapsed distribution/core.


    Author Comment

    Excellent, thank you.

    One last thing I don’t quite understand fully – if you had, say, 2x3750s as your core, why would you put a layer 3 link between them both and not just put them both together in a stack?

    Surely the bandwidth between the two switches in a stack is significantly more than just trunking two 1Gb ports together?

    Author Closing Comment

    Thanks for all comments

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now