This is an introductory article to talk about some of the fundamental technologies which will be useful for students of CCNA and CCNP certification exam. Please note that this is not the most comprehensive guide but i hope it will immensely help not only the CCNA/CCNP candidates but network administrators, architects as well. Through this series I will cover interesting topics such as:
1. What is a Layer 3 switch? Why and how can it be useful?
2. Implementing inter-Vlan routing by using an l3-switch.
3. What is an aggregate link? Implementation of an aggregate link.
4. Introduction to GRE tunnel and how it can be implemented on a Cisco router.
At the end you will be able to configure such a topology:
Before I write about inter vlan routing using a multilayer switch I would recommend you understand how it can be achieved using a router. Link to the webpage describing router on stick. If you a total newbie to VLANs, I highly suggest that you go through these blog posts:
If you look at the classic network device paradigm you will find a neat separation between "layers of OSI model". Each layer talks to the upper/lower layer by a protocol and they do not interfere with each other. Similarly each networking device had a specific purpose at a particular OSI model layer. A switch was called a Layer 2 device because it could only understand the Data link layer ie MAC addresses in TCP/IP. It was not designed to read or process anything above layer 2. It did not know which IP address it was sending the packet to. Router on the other hand was a Layer 3 device. It could read and understand the IP address and make modifications to it. So if a network administrator of a relatively large network (having different Vlans and multiple switches) had to design a network topology it used to be pretty simple. Connect all the end devices to the switch (hub has been deprecated). Create a trunk link connecting to the 'upstream' device which used to be a router. The router would be configured to do an inter-Vlan routing. This would be the most simple topology that I can think of. Ofcourse it has many flaws, for example it does not have any redundancy or failover capabilties. Moreover there are chances that some links would get saturated. All about this in some future post! The main problem faced is that all the inter-Vlan routing is done by the router. Now a router was not built and optimized to do Layer 2 lookups and handle Vlans.
In comes a layer 3 switch. It not only has the ASICS to do hardware switching but also do routing lookups (for more details follow the link given below). This gives very fast inter vlan switching because the traffic know longer goes through the relatively slow physical connections. By doing so, a layer 3 switch effectively eliminates the need for a router for vlan switching and makes the connections much much faster.
Consider the following network topology.
NOTE: I have used 2 2960 layer 2 switches and one 3560-24PS layer 3 switch which is available in packet tracer.
Note that by default a layer 3 switch DOES NOT do routing by default. You will have to configure it by running a simple command to make it populate routing table and entries. In practice you need to create either a SVI or a routed interface. An SVI (switched Virtual interface) is a virtual interface which belongs to a particular VLAN and can also have an IP address. A routed interface on the other hand is a physical interface to which an IP address is assigned. Do you notice the difference? An SVI interface has an Ip address but no physical interface attached to it. Creating a routed interface is just like making a switch behaving as a router. The switch will lose any information about vlans will not pass any Layer 2 traffic.
Configure an SVI for all the Vlans between which you want to do inter-Vlan routing. Now these ip addresses will actually act as gateway for the host devices. Let us dig deeper as to how this will work. There are two possible scenarios- when a device wants to talk to another device within the same vlan or when it has to talk to another device in some different vlan.
Intra-Vlan communication will work exactly the way it works in a layer 2 device. Now refer to the diagram. When intra-Vlan communication has to be done, eg PC 0 wants to talk to PC 4, it will realise that PC 4 does not belong to its subnet and therefore it will send a broadcast asking for the MAC address of its gateway which happens to be the switch. As soon as it receives the request, the switch will reply with MAC of the SVI. How the MAC is assigned to an SVI is out of scope of this article but you can read it here. PC 0 will then send the packet with MAC address of the SVI.
When the switch will receive the packet it will realise that the packet was meant for an SVI. It will then consult the routing table and realise that the ip address of the SVI belongs to a network which is in some VLAN. The following illustration should clear the concept.
The switch now knows that the packet is meant for a device in vlan 2. It will flood to all the ports of that vlan an arp request for the destination IP address (remember the destination IP address does not change throughout the packet forwarding, only the mac address does at each hop). The rest is pretty straightforward. Now let us quickly fast move to implementation of these concepts.
NOTE: I will be using the above topology for configuration.
On Layer 2 switch, Switch 0
On switch 1
1. What is a Layer 3 switch? Why and how can it be useful?
2. Implementing inter-Vlan routing by using an l3-switch.
3. What is an aggregate link? Implementation of an aggregate link.
4. Introduction to GRE tunnel and how it can be implemented on a Cisco router.
At the end you will be able to configure such a topology:
Network topology |
Before I write about inter vlan routing using a multilayer switch I would recommend you understand how it can be achieved using a router. Link to the webpage describing router on stick. If you a total newbie to VLANs, I highly suggest that you go through these blog posts:
Layer 3 aka l3 switch
If you look at the classic network device paradigm you will find a neat separation between "layers of OSI model". Each layer talks to the upper/lower layer by a protocol and they do not interfere with each other. Similarly each networking device had a specific purpose at a particular OSI model layer. A switch was called a Layer 2 device because it could only understand the Data link layer ie MAC addresses in TCP/IP. It was not designed to read or process anything above layer 2. It did not know which IP address it was sending the packet to. Router on the other hand was a Layer 3 device. It could read and understand the IP address and make modifications to it. So if a network administrator of a relatively large network (having different Vlans and multiple switches) had to design a network topology it used to be pretty simple. Connect all the end devices to the switch (hub has been deprecated). Create a trunk link connecting to the 'upstream' device which used to be a router. The router would be configured to do an inter-Vlan routing. This would be the most simple topology that I can think of. Ofcourse it has many flaws, for example it does not have any redundancy or failover capabilties. Moreover there are chances that some links would get saturated. All about this in some future post! The main problem faced is that all the inter-Vlan routing is done by the router. Now a router was not built and optimized to do Layer 2 lookups and handle Vlans.
In comes a layer 3 switch. It not only has the ASICS to do hardware switching but also do routing lookups (for more details follow the link given below). This gives very fast inter vlan switching because the traffic know longer goes through the relatively slow physical connections. By doing so, a layer 3 switch effectively eliminates the need for a router for vlan switching and makes the connections much much faster.
Understanding inter-vlan routing using layer 3 switch
Consider the following network topology.
NOTE: I have used 2 2960 layer 2 switches and one 3560-24PS layer 3 switch which is available in packet tracer.
Layer 3 switch doing inter-vlan routing |
Note that by default a layer 3 switch DOES NOT do routing by default. You will have to configure it by running a simple command to make it populate routing table and entries. In practice you need to create either a SVI or a routed interface. An SVI (switched Virtual interface) is a virtual interface which belongs to a particular VLAN and can also have an IP address. A routed interface on the other hand is a physical interface to which an IP address is assigned. Do you notice the difference? An SVI interface has an Ip address but no physical interface attached to it. Creating a routed interface is just like making a switch behaving as a router. The switch will lose any information about vlans will not pass any Layer 2 traffic.
Configure an SVI for all the Vlans between which you want to do inter-Vlan routing. Now these ip addresses will actually act as gateway for the host devices. Let us dig deeper as to how this will work. There are two possible scenarios- when a device wants to talk to another device within the same vlan or when it has to talk to another device in some different vlan.
Intra-Vlan communication will work exactly the way it works in a layer 2 device. Now refer to the diagram. When intra-Vlan communication has to be done, eg PC 0 wants to talk to PC 4, it will realise that PC 4 does not belong to its subnet and therefore it will send a broadcast asking for the MAC address of its gateway which happens to be the switch. As soon as it receives the request, the switch will reply with MAC of the SVI. How the MAC is assigned to an SVI is out of scope of this article but you can read it here. PC 0 will then send the packet with MAC address of the SVI.
When the switch will receive the packet it will realise that the packet was meant for an SVI. It will then consult the routing table and realise that the ip address of the SVI belongs to a network which is in some VLAN. The following illustration should clear the concept.
The switch now knows that the packet is meant for a device in vlan 2. It will flood to all the ports of that vlan an arp request for the destination IP address (remember the destination IP address does not change throughout the packet forwarding, only the mac address does at each hop). The rest is pretty straightforward. Now let us quickly fast move to implementation of these concepts.
Implementation of Layer 3 switch
NOTE: I will be using the above topology for configuration.
On Layer 2 switch, Switch 0
en conf t int fa0/1 port mode access port access vlan 2 //configure the port to be part of vlan id 2 int fa0/3 port mode access port access vlan 3 int fa0/4 port mode trunk //pass all traffic through this link
en conf t int fa0/1 switchport mode access switchport access vlan 2 int fa0/3 switchport mode access switchport access vlan 3 int fa0/4 switchport mode trunk
On Multilayer Switch (layer 3 switch)
en conf t int fa0/1 switchport trunk encapsulation dot1Q #use 802.1Q protocol switchport mode trunk int fa0/2 switchport trunk encapsulation dot1Q switchport mode trunk vlan 2 //create a vlan of id 2 vlan 3 interface vlan 2 //create an SVI belonging to vlan-id 2 ip address 10.0.0.1 255.0.0.0 //assign the SVI an ip address interface vlan 3 ip address 20.0.0.1 255.0.0.0
exit
ip routing //very important command. Enables routing and tells switch to populate routing entries
Troubleshooting:
- First try to ping the local gateway. If you are able to ping then move to step 2, otherwise check whether correct vlans are being passed to the multilayer switch. Check vlans by running
show vlans
Also check whether the host has been assigned an IP and it is connected to an access port. - Try to ping the other Vlans subnet. If you are not able to, it means the IP has not been assigned on the switch. First define a vlan by executing
vlans <vlan-id> interface vlan <vlan id> ip address <ip-address>
- If you are not able to ping the foreign machine, check the routing table by executing the show route command.
- Always remember to run the command "ip routing" to ensure that the switch starts behaving as a router and populates the routing table
You should be able to ping 20.0.0.3 from 10.0.0.2 now. We have successfully achieved inter-vlan routing using a layer 3 switch. In the next article of this series we will understand what an aggregate link is and how to configure it. Finally we will understand what is a GRE tunnel.
Next part of this series: Cisco CCNP Link aggregation or link bundling
Next part of this series: Cisco CCNP Link aggregation or link bundling
Thanks for the sharing of such information we will pass it on to our readers.
ReplyDeleteValuable info. Lucky me I discovered your website unintentionally, and I'm stunned why this coincidence did
ReplyDeletenot took place in advance! I bookmarked it.
Feel free to visit my weblog ... Alaska Heli Skiing ()
I have read your post, it was good to read & I am getting some useful info's through your blog keep sharing...ccna course in Chennai
ReplyDeletethanks Nikshitha! :)
ReplyDelete