Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Layer 2/ Layer 3 Switch Real World Scenario
yazan84
Greetings, I was just curious about a real world scenario on when to use a layer 2 switch and when to use a layer 3 switch, and why?
Thanks,
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
networker050184
Do you know what the difference between the two are? If so that should basically answer your question. If you need L3 capabilities then use an L3 switch. If not, then use the L2 switch.
shodown
I'll throw in 1. When you are on campus networks which can be pretty large having a flat network is not ideal. In this particular example I was working for a large manufacturing firm and when there were fiber breaks, it would take forever for the network to re converge. I installed 3750's with EIGRP across campus back to the core 6500's and when that was implemented when fiber cuts or breaks happened. The network would barley notice.
dave330i
If you have a network that shouldn't be routed (iSCSI for example), use layer 2 switch.
it_consultant
Real world example:
I have a remote site connected in over single mode fiber about 40KM away, the site is managed by another entity but the equipment is ours. At the time of the install the organization did not have layer 3 switches. They ended up installing a switch and a pix firewall that was VPN tunneled over the link to the firewall at the main office.
When I go to replace this setup, I will replace the pix and switch with one switch that has layer 3 code. I will terminate the fiber into a port that is in "route-only" mode. On the other end I will do the same into our core switches which run layer 3 code.
VAHokie56
There are a lot of ways you can go with that...if its a small site and that switch is going to be basically your access/core layer I would make the inter connect a simple /30 then create how ever many SVI's I need on the switch for user vlans and point a default route to the interconnect. OR you could run a routing protocol between the site and your campus. Like I said lots of ways to go from there but if you create the SVI's on that L3 switch you can always expand capacity by trunking down to L2 switches off it.
izatt82
I agree it all depends on how your network is setup. L3 in switches is very nice to have and many switches can do L3.
DevilWAH
A layer 3 switch in most cases simple means you do not have to have a separate router in your network. Thats all a layer 3 switch is really a layer 2 switch with a router built in, and you have the choice if the port acts as a standard layer 2 switch port (switch frames) or a routed port (routing at the IP address layer 3 level).
A common use for it might be in a clapsed access/distribution layer set up.
So the users PC would be connected to the switch via layer two switched ports. While the uplinks in to the core might run as layer 3 routed ports so you can have redundence and load balancing. On a layer 3 switch a port is either Layer 2 or layer 3 you manually configure it but typing either
#switchport (for layer 2) or #no switch port (for layer 3) under the interface.
To make it easier to understand, think of a Layer 3 switch as a "router on a stick" set up all built in to one physical device. This is not 100% accurate I know, but you should understand that an interface on a layer 3 switch does not operate in some magical hybrid state of both layer 2 and layer 3. Each interface operates at either one of the other, and by configuring the switch correctly you can create a set up that if you where to use separate routers and switches would many devices.
The routing function on a layer 3 switch is much more basic than a a full blow router, but on the other hand it can route at wire speed across multiple interfaces, and this was the reason it was created, to remove the need for separate routers where high speed basic routing is needed in the access/core areas of a network.
There is a special type of interface on a layer 3 switch, and this is the VLAN interface, with this you can create a virtual interface that is reachable by all layer 2 ports with in that VLAN. You can assign an IP address to this interface, and then if you wish set this IP address as the Default gateway for devices attached to the layer2 ports in that vlan. AS the vlan interface is a layer 3 interface, you can connect multiple Layer 3 switches together with multiple VLAN interfaces, and linked together using physical layer3 interfaces for the uplinks. And now you have a fully routed network with out the need for a single physical router.
The efficiency gain by using a layer 3 switch are huge once you have a large network spread over a large campus. where you might want to aggregate with in each building and then have multiple diverse links across the site for.
it_consultant
I don't see many people using specialized routers for internal routing anymore, it just isn't necessary. The only question is whether your layer three switch will have the power to hold a full BGP table, which mine will not, and whether you need IS/IS, which isn't always found on layer 3 switch code.
apr911
2 additional situations that I can think of...
You have a large distribution network and a large aggregate network (think a DC with multiple rows and multiple cabs per row [also works on campus networks]).
You might put a layer 2 switch in each cab as your distro layer then aggregate each row (or several rows) into a layer 3 switch before pushing it to your core routers
The other situation I can think of would be to reduce load on core net devices. Instead of doing a Layer 2 switch connected to a core router and having that core router handle both inter-segment communication and internet communication (and associated acls), you might drop a layer 3 switch in so the core only deals with the internet traffic while the layer 3 switch handles the intersegment communications.
Or lets say you dropped a web application gateway/firewall or proxy inline between your layer 2 switch and the core... Its unlikely you would want the proxy/WAF to have to process all inter-segment traffic so you might replace out that layer 2 switch with a layer 3 to keep inter-segment traffic from going to the WAF
jibbajabba
We used Layer 3 Switches (3750Gs) because we could ... no real reason ... QoS was one thing we used on the Layer 3 Switches, but also just because we could, not because we needed.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
