7

I am a bit confused on when I need and should use a layer 2 or layer 3 switch. In the corporate network we have Aruba 3810 core switches, and all the access switches are HPE 1950 24/48 PoE+. We have 7 vlans, IT mgmt, workstations, machines, wlan, wlan-guest, wlan-guest2, VoIP. Most of the the phones are having connected the computers connected to them (built in switch).

I know about routing capabilities of layer 3 switches. But... I don't know what happens if I have a layer 2 switch like Aruba 2530 PoE+ connected, what changes and what do I miss. Only the routing between vlans? If routing has to be enabled for the vlans/devices that are connected on the 2530 it will be done on the core switches or the 1950s?

Thanks in advance!

kmd
  • 71
  • 2
  • 2
    You need to provide what you require from this network design, including the topology and what routing protocols it speaks. Read the manuals to find out what features a given model has, or set up a test lab. FYI, https://networkengineering.stackexchange.com/ is a SE entirely about data networking. – John Mahowald Dec 31 '18 at 21:50

1 Answers1

10

A layer-2 switch forwards frames solely based on layer-2 information, ie. the destination MAC address of each frame. Forwarding happens exclusively between ports belonging the same VLAN.

A layer-3 switch has the additional ability to forward layer-3 IP packets based on the destination IP of each packet. This forwarding usually happens between different VLANs. Each VLAN requires an assigned IP address (as gateway). Cisco calls this IP-to-VLAN binding switch virtual interface SVI.

So, if you need a fast, yet simple router a layer-3 switch often is a good solution. If you don't need a router you can just as well use a layer-2 switch.

If you need to control traffic between VLANs most L3 switches support ACLs to filter unwanted traffic. Note that ACLs are usually stateless (unlike most firewalls), so you need to configure rules for both directions.

Edit: As @yagmoth555 has appropriately pointed out, L3 switches can differ significantly in their routing protocol support. Basic L3 switches often support only static routes or sometimes RIP while more advanced switches also support OSPF and other modern protocols. Additionally, there may be differences in the maximum number of routes that can be configured/learned.

Zac67
  • 10,320
  • 2
  • 12
  • 32
  • 3
    A side note to your excellent answer, some layer 3 switch can have a limitated stacks to learn dynamic route if you use it as a router, I had to issue command on some cisco to allow it to use more its memory for such task. – yagmoth555 Dec 31 '18 at 22:52
  • @yagmoth555 Absolutely - I've edit that into the answer. – Zac67 Dec 31 '18 at 23:52
  • 2
    Another point is that only one switch needs to be layer 3 routing enabled. Is does not make sense to have this enabled on all switches and therefor one layer 3 core switch does everything - the access switches do not need to be layer 3 capable. – Andreas Rehm Jan 01 '19 at 01:05
  • @AndreasRehm That depends on the network design. While a small network often only routes at the core, a large spine-leaf network may also be routed at the distribution layer or even at the access layer. – Zac67 Jan 01 '19 at 11:31
  • @Zac67 yes - a large network may need the access switch or edge switch routing. But it‘s not necessary to have layer 3 only. – Andreas Rehm Jan 01 '19 at 11:42
  • 1
    That all depends on your network design which you haven't given us many details about. It'll be fine with L2 switches unless you require a router in that place. – Zac67 Jan 01 '19 at 18:06
  • All the access switches (1950) have the core switch as gefault gateway. I am trying to figure out if having layer 2 managed switches (like 2530 for example) will cause me problems in the setup that I want to have. 1st. many ports are hybrid with workstation and voice-vlan on them. 2nd. each, enterprise, access point will have 3 SSIDs and each one will have its own subnet, so some ports will have to be configured with three vlans/subnets. I wonder if it will be possible to configure it on a L2 switch. – kmd Jan 01 '19 at 18:20
  • @kmd VLANs are possible with the HP 2530 - Even with the cheaper 18x0 and 19x0... – Andreas Rehm Jan 01 '19 at 21:04