Dragon0x40
asked on
Are vlan interfaces layer 2 or layer 3?
To me vlan interfaces seem to be a wierd combination of layer 2 and layer 3.
I cannot find a switchport/no switchport on a vlan interface so that tells me that it is a layer 3 and I can add an ip address.
But when I set them up with an ip address and then use the remote ip on the same vlan as a default-gateway thereby bypassing the local vlan interface address and seemingly extending the broadcast domain that feels more like layer 2.
Does having ip routing on change the behavior of vlan interfaces?
I cannot find a switchport/no switchport on a vlan interface so that tells me that it is a layer 3 and I can add an ip address.
But when I set them up with an ip address and then use the remote ip on the same vlan as a default-gateway thereby bypassing the local vlan interface address and seemingly extending the broadcast domain that feels more like layer 2.
Does having ip routing on change the behavior of vlan interfaces?
Hashim Nangarhari
layer 2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
vlan interface without an ip address is layer2?
vlan interface with an ip address is layer 3 but does not route and passes broadcasts?
vlan interface with an ip address and ip routing enabled on the switch is layer 3 and does not pass broadcasts?
vlan interface with an ip address is layer 3 but does not route and passes broadcasts?
vlan interface with an ip address and ip routing enabled on the switch is layer 3 and does not pass broadcasts?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
vlan interface in layer 2 devices is layer 2
vlan interface in layer 3 devices is layer 3
vlan interface in layer 3 devices is layer 3
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think my confusion started by not remembering that a vlan is a layer 2 broadcast domain. Every switch that has that vlan and trunks between them carrying that vlan can broadcast to each other.
Each switch can have a vlan interface for that vlan and the entire vlan is still a broadcast domain but with multiple entrance and exit points (SVI)?
These entrance and exit points can only be used to get to another vlan if they have an ip address and have ip routing enabled on the switch on which the vlan interface is configured.
I was thinking about the scenario where an access layer switch had an interface vlan 20 with an ip address and the upstream distribution switch also had an interface vlan 20 with an ip address. Even if both switches had ip routing turned on the hosts attached to vlan 20 would still broadcast for local addresses and send remote addresses to the gateway on the distribution switch. In other words having multiple vlan interfaces on the same vlan would not cause routing inside a vlan because the hosts will only have one gateway address of the distribution switch.
I guess that would still be a bad idea because the routing between two vlans should only take place on one switch?
Each switch can have a vlan interface for that vlan and the entire vlan is still a broadcast domain but with multiple entrance and exit points (SVI)?
These entrance and exit points can only be used to get to another vlan if they have an ip address and have ip routing enabled on the switch on which the vlan interface is configured.
I was thinking about the scenario where an access layer switch had an interface vlan 20 with an ip address and the upstream distribution switch also had an interface vlan 20 with an ip address. Even if both switches had ip routing turned on the hosts attached to vlan 20 would still broadcast for local addresses and send remote addresses to the gateway on the distribution switch. In other words having multiple vlan interfaces on the same vlan would not cause routing inside a vlan because the hosts will only have one gateway address of the distribution switch.
I guess that would still be a bad idea because the routing between two vlans should only take place on one switch?
If both switches have vlan 20 interfaces and routing enabled, either could route for the vlan, but it would be based on which gateway is configured on the hosts.
@Dragon0x40: There is nothing incorrect about you description. As @Soulja has said which device performs the routing function will be determined by the IP address of the default gateway used by the client. In fact, technically you could have some clients using the SVI on one switch as their DGW and some clients using the IP of the SVI on the other switch as their DGW. Generally Cisco's model recommends that the distribution layer switches should have the SVI for a VLAN. In addition, it would be unusal and expensive to find L3 switches as access layer switches.
--IJ
--IJ
@ipajones
I hear ya. I have actually deployed 6500's with gigabit at the access layer for a company, as well as 3750's. Not as uncommon as you may think.
I hear ya. I have actually deployed 6500's with gigabit at the access layer for a company, as well as 3750's. Not as uncommon as you may think.