Contacts

What is the "level" of the switch L1, L2, L3, L4. L2 and L3 VPN communication channels - Differences between physical and virtual channels of different levels Principles of operation of networks at the l2 l3 level

  • 21.06.2021

Bachelor of Radio Engineering

trainee engineer of NVision Group branch CJSC NVision-Siberia

Master student SibSUTI

Consultant: Maramzin Valery Valentinovich, Lead Design Engineer Direction of Networks and Data Transmission Systems NVision Group

Annotation:

The article describes the elements of the methodology for determining the network topology at the channel and network levels

This article describes the elements of methodology for determining of the network topology at the data link and network layers

Keywords:

topology, protocols

topology, protocols

UDC 004.722

Currently, every large company has its own internal local network infrastructure. The internal network includes both workstations directly and any other network devices that fall under the concept of "host".

Host (from English Host) - the end node in the TCP / IP protocol stack. The most common devices on the network are routers and switches.

The larger the company, the larger and more extensive its network, which includes both intranet resources and other services and nested structures that need to be constantly maintained and monitored. It is for the purpose of high-quality network monitoring, quick troubleshooting and emergency situations, identifying channel obstructions and solving other problems that you need to know the network topology.

Network topology is the configuration of a graph, the vertices of which correspond to the end nodes of the network (computers) and communication equipment (routers, switches), and the edges correspond to physical or informational links between the vertices.

In most cases, the type of topology is a non-fully connected hierarchical tree, when the entire web of the network diverges from one or more powerful root servers, routers. And the larger the local network, the more difficult it is to maintain and detect malfunctions in the absence of knowledge of its architecture.

Of course, at present there are some ready-made solutions that can visualize a network graph with an indication of all the nodes included in it. These include various network management packages that work in automatic mode and do not always correctly display the real state of objects.

For example, Hewlett-Packard's HP OpenView Network Node Manager and related products provide topology information at the L3 level, but provide little information about connecting and disconnecting network devices. That is, to effectively detect network nodes and existing connections between them, it is necessary to operate with topology detection tools at the L2 level, working in the connection discovery mode at the level of switches and routers.

There are other solutions from specific large network equipment manufacturers, such as Cisco Systems, Nortel Networks, which have developed their own CDP protocols, LLDP is a standard for servicing networks of large enterprises. But the problem lies in the following: often many networks are implemented on equipment from different manufacturers, selected for one reason or another, parameters or preferences.

Therefore, there is a need to develop a universal method for determining the topology of networks, regardless of the equipment supplier and other conditions, which would use a branched algorithm for analyzing the network and its nodes, and would also provide the results in a simplified visual form, for example, building a network connectivity graph.

This can be implemented in the following way. The input data for the algorithm will be the authentication parameters of one of the network root devices and its IP address. From there, the collection of information about each device will begin through a sequential SNMP poll, using a specific sequence of actions.

First you need to establish which protocols are active and supported by a particular device, on the device in question. The primary analysis should include checking for LLDP and CDP activity, the simplest ways to discover adjacencies between devices on the network. Link Layer Discovery Protocol (LLDP) is a link-layer protocol that allows network devices to announce information about themselves and their capabilities to the network, as well as collect this information about neighboring devices.

Cisco Discovery Protocol (CDP) is a link-layer protocol developed by Cisco Systems that allows you to discover connected (directly or through first-level devices) Cisco network equipment, its name, IOS version and IP addresses.

Thus, if a device supports one of these protocols, the algorithm immediately accesses the appropriate sections of the MIB table (Management Information Base), which contains all information about neighboring devices, if they also announced it about themselves. It includes IP addresses, port information, chassis information, and device types.

If there is no LLDP / CDP support, the second step of the check will be an SNMP poll of the local MIB of the current device in order to obtain information about its active interfaces and the ARP table.

In this case, first of all, the verification procedure is launched on the switches. Using the switch's ARP (Address Resolution Protocol) table, the algorithm will obtain information about each connected device in the form of a mapping MAC-address ̶ IP-address ̶ interface ̶ TTL

The search for neighboring devices should be carried out by means of a serial unicast poll for all MAC addresses found in the ARP table. Replying to an ARP request from the desired device by MAC address and fixing the interface from which the response was received will become the fact that the device is discovered on the network. Having identified the neighborhood, we perform the MAC address matching procedure: if the interface of the first device receives a response to a request for the MAC address of the second device and vice versa, the interface of the second device receives a response to the request of the first MAC address, then this is a guaranteed communication line between two nodes. As a result, the neighborhood information contains not only the communication line between nodes, but also information about the interfaces through which they are connected.

Determining the neighborhood of devices by MAC addresses

Next, the algorithm switches to the next switch and repeats the verification procedure, leaving a record in the log file about already visited devices and their parameters, thus going through each node in the network in sequence.

When designing this method and developing an algorithm, one should not lose sight of several conditions for its correct operation:

  1. SNMP protocol support must be enabled on devices, preferably version 3.
  2. The algorithm must be able to distinguish virtual interfaces from real ones and build a connectivity graph based on real physical connections.
Having fulfilled the necessary working conditions and implemented this kind of algorithm, as a result, a universal method for determining the network topology will be developed, which can be used both simply to visualize the network connectivity graph, and included as a module in another more complex algorithm for identifying and eliminating faults at the levels L2, L3

Bibliographic list:


1. Olifer V.G., Olifer N.A. Computer networks. Principles, technologies, protocols (4th ed.) - St. Petersburg: Peter, 2010. - 944s
2. Link Layer Discovery Protocol (LLDP). Access mode: http://xgu.ru/wiki/LLDP (accessed 03/12/2014)
3. Cisco Discovery Protocol (CDP) Access mode: http://ru.wikipedia.org/wiki/CDP (Accessed 03/12/2014)

Reviews:

03/13/2014, 21:09 Georgy Todorov Klinkov
Review: It is necessary to keep in mind the fact that the network topology requires efficient routing and data switching, especially in relation to firewall technology - Active-Active topologies, asymmetric routing Cisco MSFC and FWSM. FWSM balancing using PBR or ECMP routing; NAC - location in the topology; IDS and IPS architecture.

03/13/2014, 22:08 Nazarova Olga Petrovna
Review: The last paragraph is a recommendation. There is no conclusion. Refine.


03/17/2014, 9:44 Nazarova Olga Petrovna
Review: Recommended for printing.

Often, when choosing a specific network device for your network, you will hear phrases such as "L2 switch", or "L3 device".

In this case, we are talking about layers in the OSI network model.

An L1 level device is a device that operates at the physical level, they basically “do not understand” anything about the data that they transmit, and work at the level of electrical signals - the signal has arrived, it is transmitted further. Such devices include the so-called "hubs", which were popular in the early days of Ethernet networks, as well as a wide variety of repeaters. Devices of this type are commonly referred to as hubs.

Layer 2 devices operate at the data link layer and perform physical addressing. Work at this level is done with frames, or what is sometimes called "frames". There are no IP addresses at this level, the device identifies the recipient and the sender only by the MAC address and passes frames between them. Such devices are usually called switches, sometimes specifying that this is an “L2 switch”

L3 level devices operate at the network level, which is designed to determine the data transfer path, and understand the ip-addresses of devices, determine the shortest routes. Devices of this level are responsible for establishing various types of connections (PPPoE and the like). These devices are commonly referred to as routers, although they are often referred to as "L3 switches" as well.

L4 level devices are responsible for ensuring the reliability of data transmission. These are, let's say, "advanced" switches, which, based on information from the packet headers, understand that traffic belongs to different applications, can make decisions about redirecting such traffic based on this information. The name of such devices has not settled down, sometimes they are called "intelligent switches", or "L4 switches".

news

1C Company informs about the technical separation of the PROF and CORP versions of the 1C:Enterprise 8 platform (with additional protection of CORP level licenses) and the introduction of a number of restrictions on the use of PROF level licenses from February 11, 2019.

However, a source in the Federal Tax Service explained to RBC that the decision of the tax authorities should not be called a delay. But if the entrepreneur does not have time to update the cash register and from January 1 continues to issue checks with 18% VAT, while reflecting the correct rate of 20% in the reporting, the tax service will not consider this as a violation, he confirmed.

    L2 VPN, OR DISTRIBUTED ETHERNET The L2 VPN category includes a wide range of services: from emulation of leased channels point-to-point (E-Line) to the organization of multipoint connections and emulation of Ethernet switch functions (E-LAN, VPLS). L2 VPN technologies are “transparent” to higher-layer protocols, therefore, they allow, for example, IPv4 or IPv6 traffic to be transmitted, regardless of which version of the IP protocol the operator uses. Their "low-level" nature is also positive in cases where it is necessary to transmit SNA, NetBIOS, SPX/IPX traffic. However, now, in the period of general "ipization", these features are required less and less. Some time will pass, and the new generation of network specialists will probably not know at all that there were times when NetWare OS and SPX / IPX protocols "dominated" networks.

    L2 VPN services are usually used to build corporate networks within the same city (or city and its immediate surroundings), so this concept is often perceived almost as a synonym for the term Metro Ethernet. Such services are characterized by high channel speeds at a lower (compared to L3 VPN) connection cost. The advantages of L2 VPN are also support for jumbo frames, the relative simplicity and low cost of client equipment installed at the edge with the provider (L2).

    The growing popularity of L2 VPN services is largely due to the needs of fault-tolerant geographically distributed data centers: virtual machines “travel” require a direct connection between nodes at the L2 level. Such services, in fact, allow you to stretch the L2 domain. These are well-established solutions, but often require complex customization. In particular, when connecting a data center to a service provider's network at several points - and this is highly desirable to increase fault tolerance - additional mechanisms are required to ensure optimal loading of connections and eliminate the occurrence of "switching loops".

    There are also solutions designed specifically for interconnecting data center networks at the L2 level, such as Overlay Transport Virtualization (OTV) technology implemented in Cisco Nexus switches. It operates over IP networks, using all the advantages of routing at the L3 level: good scalability, high fault tolerance, connection at several points, traffic transmission over multiple paths, etc. solutions/LAN” for 2010).

    L2 OR L3 VPN

    If in the case of purchasing L2 VPN services, the enterprise will have to take care of routing traffic between its nodes, then in L3 VPN systems this task is handled by the service provider. The main purpose of L3 VPN is to connect sites located in different cities, at a great distance from each other. These services tend to be characterized by higher connection costs (because they use a router rather than a switch), high rents, and low bandwidth (typically up to 2 Mbps). The price can increase significantly depending on the distance between connection points.

    An important advantage of L3 VPN is the support of QoS functions and traffic engineering, which allows you to guarantee the required level of quality for IP telephony and video conferencing services. They are not transparent to Ethernet services, do not support oversized Ethernet frames, and are more expensive than Metro Ethernet services.

    Note that MPLS technology can be used to organize both L2 and L3 VPNs. The VPN service level is determined not by the level of technology used for it (MPLS is generally difficult to attribute to any particular level of the OSI model, rather it is L2.5 technology), but by “consumer properties”: if the operator’s network routes client traffic, then this is L3, if it emulates link layer connections (or Ethernet switch functions) - L2. At the same time, other technologies can be used to form an L2 VPN, for example, 802.1ad Provider Bridging or 802.1ah Provider Backbone Bridges.

    802.1ad Provider Bridging, also known by many other names (vMAN, Q-in-Q, Tag Stacking, VLAN Stacking), allows you to add a second 802.1Q VLAN tag to an Ethernet frame. The service provider can ignore the internal VLAN tags set by the client equipment - external tags are sufficient to forward traffic. This technology removes the 4096 VLAN ID limit found in classic Ethernet technology, which greatly improves service scalability. 802.1ah Provider Backbone Bridges (PBB) solutions provide for the addition of a second MAC address to the frame, while the MAC addresses of the end equipment are hidden from the backbone switches. PBB provides up to 16M Service IDs.

RAW Paste Data

L2 VPN, OR DISTRIBUTED ETHERNET The L2 VPN category includes a wide range of services: from emulation of dedicated point-to-point channels (E-Line) to the organization of multipoint connections and emulation of Ethernet switch functions (E-LAN, VPLS). L2 VPN technologies are “transparent” to higher-layer protocols, therefore, they allow, for example, IPv4 or IPv6 traffic to be transmitted, regardless of which version of the IP protocol the operator uses. Their "low-level" nature is also positive in cases where it is necessary to transmit SNA, NetBIOS, SPX/IPX traffic. However, now, in the period of general "ipization", these features are required less and less. Some time will pass, and the new generation of network specialists will probably not know at all that there were times when NetWare OS and SPX / IPX protocols "dominated" networks. L2 VPN services are usually used to build corporate networks within the same city (or city and its immediate surroundings), so this concept is often perceived almost as a synonym for the term Metro Ethernet. Such services are characterized by high channel speeds at a lower (compared to L3 VPN) connection cost. The advantages of L2 VPN are also support for jumbo frames, the relative simplicity and low cost of client equipment installed at the edge with the provider (L2). The growing popularity of L2 VPN services is largely due to the needs of fault-tolerant geographically distributed data centers: virtual machines “travel” require a direct connection between nodes at the L2 level. Such services, in fact, allow you to stretch the L2 domain. These are well-established solutions, but often require complex customization. In particular, when connecting a data center to a service provider's network at several points - and this is highly desirable for increasing fault tolerance - additional mechanisms are required to ensure optimal loading of connections and eliminate the occurrence of "switching loops". There are also solutions designed specifically for interconnecting data center networks at the L2 level, such as Overlay Transport Virtualization (OTV) technology implemented in Cisco Nexus switches. It operates over IP networks, using all the advantages of routing at the L3 level: good scalability, high fault tolerance, connection at several points, traffic transmission over multiple paths, etc. solutions/LAN” for 2010). L2 OR L3 VPN If an enterprise purchases L2 VPN services and has to take care of routing traffic between its nodes, in L3 VPN systems this task is handled by the service provider. The main purpose of L3 VPN is to connect sites located in different cities, at a great distance from each other. These services tend to be characterized by higher connection costs (because they use a router rather than a switch), high rents, and low bandwidth (typically up to 2 Mbps). The price can increase significantly depending on the distance between connection points. An important advantage of L3 VPN is the support of QoS functions and traffic engineering, which allows you to guarantee the required level of quality for IP telephony and video conferencing services. They are not transparent to Ethernet services, do not support oversized Ethernet frames, and are more expensive than Metro Ethernet services. Note that MPLS technology can be used to organize both L2 and L3 VPNs. The VPN service level is determined not by the level of technology used for it (MPLS is generally difficult to attribute to any particular level of the OSI model, rather it is L2.5 technology), but by “consumer properties”: if the operator’s network routes client traffic, then this is L3, if it emulates link layer connections (or Ethernet switch functions) - L2. At the same time, other technologies can be used to form an L2 VPN, for example, 802.1ad Provider Bridging or 802.1ah Provider Backbone Bridges. 802.1ad Provider Bridging, also known by many other names (vMAN, Q-in-Q, Tag Stacking, VLAN Stacking), allows you to add a second 802.1Q VLAN tag to an Ethernet frame. The service provider can ignore the internal VLAN tags set by the client equipment - external tags are sufficient to forward traffic. This technology removes the 4096 VLAN ID limit found in classic Ethernet technology, which greatly improves service scalability. 802.1ah Provider Backbone Bridges (PBB) solutions provide for the addition of a second MAC address to the frame, while the MAC addresses of the end equipment are hidden from the backbone switches. PBB provides up to 16M Service IDs.

With a kind smile, now I remember how humanity anxiously expected the end of the world in 2000. Then this did not happen, but a completely different event happened, and also very significant.

Historically, at that time the world entered a real computer revolution v. 3.0. - start cloud technologies for distributed storage and data processing. Moreover, if the previous "second revolution" was a massive transition to "client-server" technologies in the 80s, then the first can be considered the beginning of simultaneous work of users using separate terminals connected to the so-called. "mainframes" (in the 60s of the last century). These revolutionary changes took place peacefully and imperceptibly for users, but affected the entire world of business along with information technology.

When transferring IT infrastructure to and remote data centers (data processing centers), the organization of reliable communication channels from the client immediately becomes a key issue. On the Web, there are often offers from providers: “physical leased line, optical fiber”, “L2 channel”, “VPN” and so on ... Let's try to figure out what is behind this in practice.

Communication channels - physical and virtual

1. The organization of a “physical line” or “channel of the second level, L2” is usually called the service of providing a dedicated cable (copper or fiber optic) or a radio channel between offices and those sites where data center equipment is deployed. When ordering this service, in practice, most likely you will receive a dedicated fiber optic channel for rent. This solution is attractive because the provider is responsible for reliable communication (and in case of cable damage, it restores the channel on its own). However, in real life, the cable throughout its entire length is not solid - it consists of many interconnected (welded) fragments, which somewhat reduces its reliability. On the path of laying a fiber optic cable, the provider has to use amplifiers, splitters, and modems at the end points.

In marketing materials, this solution is referred to the L2 (Data-Link) layer of the OSI or TCP / IP network model conditionally - it allows you to work, as it were, at the Ethernet frame switching level in the LAN, without worrying about many packet routing problems at the next IP network layer. For example, you can continue to use your so-called "private" IP addresses in client virtual networks instead of registered unique public addresses. Since it is very convenient to use private IP addresses in local networks, special ranges have been allocated to users from the main addressing classes:

  • 10.0.0.0 - 10.255.255.255 in class A (with mask 255.0.0.0 or /8 in alternative mask notation format);
  • 100.64.0.0 - 100.127.255.255 in class A (with mask 255.192.0.0 or /10);
  • 172.16.0.0 - 172.31.255.255 in class B (masked 255.240.0.0 or /12);
  • 192.168.0.0 - 192.168.255.255 in class C (masked 255.255.0.0 or /16).

Such addresses are self-selected by users for "internal use" and can be repeated simultaneously in thousands of client networks, so data packets with private addresses in the header are not routed on the Internet - to avoid confusion. To access the Internet, you have to use NAT (or another solution) on the client side.

Note: NAT - Network Address Translation (the mechanism for replacing network addresses of transit packets in TCP / IP networks, is used to route packets from the client's local network to other networks / Internet and in the opposite direction - inside the client's LAN, to the destination).

This approach (and we are talking about a dedicated channel) has an obvious drawback - if the client's office moves, there may be serious difficulties with connecting to a new location and there may be a need to change the provider.

The assertion that such a channel is much safer, better protected from attacks by intruders and errors of low-skilled technical personnel, upon closer examination, turns out to be a myth. In practice, security problems often arise (or are deliberately created by a hacker) right on the client side, with the participation of the human factor.

2. Virtual circuits and VPNs (Virtual Private Networks) built on them are widely distributed and allow solving most of the client's tasks.

The provision by the provider of "L2 VPN" involves the choice of several possible services of the "second layer", L2:

VLAN - the client receives a virtual network between his offices, branches (in fact, the client's traffic goes through the provider's active equipment, which limits the speed);

Point-to-point connection PWE3(in other words, "pseudowire end-to-end emulation" in packet-switched networks) allows Ethernet frames to be passed between two nodes as if they were directly connected by a cable. For the client in this technology, it is essential that all transmitted frames are delivered to the remote point without changes. The same thing happens in the opposite direction. This is possible due to the fact that the client frame arriving at the provider's router is further encapsulated (added) to a higher-level data block (MPLS packet), and extracted at the endpoint;


Note: PWE3 - Pseudo-Wire Emulation Edge to Edge (a mechanism whereby, from the user's point of view, he receives a dedicated connection).

MPLS - MultiProtocol Label Switching (data transfer technology in which packets are assigned transport / service labels and the path of transmission of data packets in networks is determined only based on the value of the labels, regardless of the transmission medium, using any protocol. During routing, new labels can be added (when necessary) or removed when their function has ended (the contents of the packets are not parsed or modified).

VPLS is a LAN simulation technology with multipoint connections. In this case, the provider's network looks from the client side like a single switch that stores a table of MAC addresses of network devices. Such a virtual "switch" distributes the Ethernet frame that came from the client's network, according to its destination - for this, the frame is encapsulated in an MPLS packet, and then extracted.


Note: VPLS - Virtual Private LAN Service (a mechanism by which, from the user's point of view, its geographically dispersed networks are connected by virtual L2 connections).

MAC - Media Access Control (media access control method - a unique 6-byte address-identifier of a network device (or its interfaces) in Ethernet networks).


3. In the case of deploying "L3 VPN", the provider's network in the eyes of the client looks like a single router with several interfaces. Therefore, the junction of the client's local network with the provider's network occurs at the L3 level of the OSI or TCP/IP network model.

Public IP addresses for network junction points can be determined in agreement with the provider (belong to the client or be obtained from the provider). IP addresses are configured by the client on their routers on both sides (private - from the side of their local network, public - from the provider), further routing of data packets is provided by the provider. Technically, MPLS is used to implement such a solution (see above), as well as GRE and IPSec technologies.


Note: GRE - Generic Routing Encapsulation (tunneling protocol, network packet packaging, which allows you to establish a secure logical connection between two endpoints - using protocol encapsulation at the L3 network layer).

IPSec - IP Security (a set of data protection protocols that are transmitted using IP. Authentication, encryption and packet integrity check are used).

It is important to understand that the modern network infrastructure is built in such a way that the client sees only that part of it that is defined by the contract. Dedicated resources (virtual servers, routers, live data and backup storage), as well as running programs and memory contents are completely isolated from other users. Several physical servers can work in concert and simultaneously for one client, from the point of view of which they will look like one powerful server pool. Conversely, many virtual machines can be created simultaneously on one physical server (each will look like a separate computer with an operating system to the user). In addition to the standard ones, individual solutions are offered, which also meet the accepted requirements regarding the security of processing and storing customer data.

At the same time, the configuration of the "L3 level" network deployed in the cloud allows scaling to almost unlimited sizes (the Internet and large data centers are built on this principle). Dynamic routing protocols, such as OSPF, and others in L3 cloud networks, allow you to choose the shortest paths for routing data packets, send packets in several ways at the same time for the best load and increase channel bandwidth.

At the same time, it is possible to deploy a virtual network at the “L2 level”, which is typical for small data centers and outdated (or highly specific) client applications. In some of these cases, even "L2 over L3" technology is used to ensure network compatibility and application operability.

Summing up

To date, the tasks of the user / client in most cases can be effectively solved by organizing virtual private networks VPN using GRE and IPSec technologies for security.

It makes little sense to oppose L2 and L3, just as it makes no sense to consider the L2 channel offer the best solution for building reliable communication in your network, a panacea. Modern communication channels and provider equipment allow a huge amount of information to pass through, and many dedicated channels leased by users are, in fact, even underloaded. It is reasonable to use L2 only in special cases when it is required by the specifics of the task, take into account the limitations of the possibility of future expansion of such a network and consult with a specialist. On the other hand, L3 VPNs, other things being equal, are more versatile and easier to operate.

This overview briefly lists modern standard solutions that are used when migrating local IT infrastructure to remote data centers. Each of them has its own consumer, advantages and disadvantages, the correct choice of solution depends on the specific task.

In real life, both levels of the network model L2 and L3 work together, each is responsible for its task and opposing them in advertising, providers are frankly cunning.

We will build such a network on cisco devices

Network description:
VLAN1(default-IT) - 192.168.1.0/24
VLAN2(SHD) - 10.8.2.0/27
VLAN3(SERV) - 192.168.3.0/24
VLAN4(LAN) - 192.168.4.0/24
VLAN5(BUH) - 192.168.5.0/24
VLAN6(PHONE) - 192.168.6.0/24
VLAN7(CAMERS) - 192.168.7.0/24

VLAN9(WAN) - 192.168.9.2/24

Devices:
Switches cisco s2960 L2-level - 3pcs
Switch cisco s3560 L2 and L3-level - 1 pc
All switches will be in VLAN1 and have a network of 192.168.1.0/24

Any router (I have Mikrotik RB750) - 1 pc

Server Win2008 (DHCP) - for distributing ip addresses
Each VLAN has 2 computers as end devices.

Let's start.


First, let's configure the cisco L2 switch of level sw1
By default, all ports are in VLAN1, so we will not create it.
  1. We connect to the console: telnet 192.168.1.1
  2. Enter password
  3. sw1>enable(Go to privileged mode to enter commands)
  1. sw# conf-t (go to configuration mode)
  2. sw(config)# vlan 2 (Create VLAN)
  3. sw(config-vlan)# name SHD (we assign a name to this VLAN2)
  4. sw(config-vlan)# exit
  5. sw#

We define ports for connecting computers to VLAN2

On the first and second switch port I will have VLAN1

On the third and fourth port VLAN2

On the fifth and sixth VLAN3

  1. sw# conf-t (go to configuration mode)
  2. sw(config)# int fa0/3 (for one port Select interface)
  3. sw(config)# int fa0 / 3-4 (for several ports at once Choose an interface)
  4. sw(config-if)#
  5. sw(config-if)# switchport access vlan 2 (assign VLAN2 to this port)
  6. sw(config-if)#
  7. sw(config-if)# exit
  8. sw#

To connect our switch (sw1 -cisco 2960-L2) to the switch (sw2 -cisco 3560-L2L3)

we need to transfer the created VLANs (if necessary) to another switch, for this we will configure the TRUNK port (our VLANs walk in the trunk port)

We select the fastest port (since several VLANs (subnets) will walk on it)

  1. sw# conf-t (go to configuration mode)
  2. sw(config)#
  3. sw(config)#
  4. sw(config-if)#
  5. sw(config-if)# switchport trank allowed vlan 2.3, (specify which VLAN will go through)
  6. sw(config-if)# no shutdown (enable interface)
  7. sw(config-if)# exit
  8. Repeat steps for required ports

SUMMARY of setting up the L2 switch:

  1. Since we have this device L2, it does not understand what ip-addresses are.
  2. Computers connected to these ports can see each other within their given VLAN. Ie from VLAN1 I will not get into VLAN2 and vice versa.
  3. Configured a gigabit port for VLAN transmission to the switch sw2-cisco 3560-L2L3.
______________________________________

We add to the network we have already created on the L2 switch (sw1), the switch (sw2) cisco-3560 L2L3

Let's configure our 3560 L3 device (understands ip addresses and makes routing between VLANs)


 1. You need to create all VLANs that will describe your network topology, since this L3 switch will route traffic between VLANs.

Create VLAN (commands for vlan are created on all devices in the same way)

  1. sw# conf-t (go to configuration mode)
  2. sw(config)# vlan 4 (Create VLAN)
  3. sw(config-if)# name LAN (we assign a name to this VLAN2)
  4. sw(config-if)# exit
  5. Repeat the steps if you need to add a VLAN
  6. sw# show vlan brief (see which VLANs have been created)
2. Determine the ports for connecting computers.

- on the first port of the switch I will have VLAN9

- on the third and fourth port VLAN7

  1. sw# conf-t (go to configuration mode)
  2. sw(config)# int fa0/1 (for one port Select interface)
  3. sw(config)# int fa0 / 3-7 (for several ports at once Choose an interface)
  4. sw(config-if)# switchport mode access (Specify that this port will be for devices)
  5. sw(config-if)# switchport access vlan 9 (assign VLAN9 to this port)
  6. sw(config-if)# no shutdown (enable interface)
  7. sw(config-if)# exit
  8. Repeat steps for required ports
  9. sw# show run (see what device settings)
3. Create trunk ports

We select the fastest port (since several VLANs (subnets) will walk on it)

  1. sw# conf-t (go to configuration mode)
  2. sw(config)# int gi0/1 (for one port Select interface)
  3. sw(config)# int gi0 / 1-2 (for several ports at once Choose an interface)
  4. Since we are setting up L3, we need to transfer IP addresses from the physical port to the virtual port and vice versa (encapsulation)
  5. sw(config-if)# switchport trunk encapsulation dot1q (Specify encapsulation)
  6. sw(config-if)# switchport mode trunk (We indicate that this port will be for VLAN)
  7. sw(config-if)# switchport trank allowed vlan 1-7, (specify which VLAN will go through)
  8. sw(config-if)# no shutdown (enable interface)
  9. sw(config-if)# exit
  10. Repeat steps for required ports
4. Transfer the router to L3 mode
  1. sw# conf-t (go to configuration mode)
  2. sw(config)# ip routing (enable routing)
5. Since our switch is L3 level, we hang up ip addresses on VLANs on ports for traffic routing.
For VLAN interworking (so that you can get from VLAN2 to VLAN3, etc.)

We set all virtual interfaces VLAN, ip addresses

  1. sw# conf-t (go to configuration mode)
  2. sw(config)# int vlan 2 (on VLAN2 we hang the ip address)
  3. sw(config)# ip address 10.8.2.1 255.255.255.224 (this address will be the gateway for this subnet)
  4. sw(config-if)# no shutdown (enable interface)
  5. sw(config-if)# exit
  1. sw# conf-t (go to configuration mode)
  2. sw(config)# int vlan 3 (on VLAN3 we hang the ip address)
  3. sw(config)# ip address 192.168.3.1 255.255.255.0 (this address will be the gateway for this subnet)
  4. sw(config-if)# no shutdown (enable interface)
  5. sw(config-if)# exit
  6. Repeat steps for required interfaces



Related Articles

Latest Articles
Popular Articles
Editor's Choice
rzdoro.ru