4. Layer 3 Switch
Learn about the third and last option for interval and routing, which is to use a layer three switch. Now you’re less likely to get tested on this option in the CCNA exam, but it’s actually the option which is most commonly used in the real world. So I wanted to explain it to you here to give you the complete picture. So looking at our lab topology, it’s the same as before, where we’ve got a switch which has got both Engineering and Sales PCs plugged into it and we’ve split that into an Engineering and a Sales VLAN and we put the Engineering PCs in axis parts for the engine VLAN. The Sales PCs are configured on access ports for the Sales VLAN.
Once we’ve done that, the PCs will be able to communicate with each other within their own VLAN. But because the two VLANs are also in different IP subnets engines using ten dot 1010, sales is using ten dot 1020, we’re going to need to configure routing between them as well. The first two options we covered used an external router. This option, we’re going to do the routing actually on the switch itself. So to be able to do that, you can’t use a lower end layer two only switch. It has to be a layer three switch to be capable of doing routing. When you do have that, the switch, it doesn’t use a physical interface for the routing, it uses a virtual interface.
That is our Svi, a switch to virtual interface. So you see with the config here, we configure interface VLAN ten and then IP address 1010 one and interface VLAN 20 and IP address 10, 10, 21. Those virtual interfaces will act as the default gateways for the PCs whenever a PC sends traffic into the switch. We’ve already configured the switch with the access port with the correct VLAN on there. So the switch knows which VLAN the traffic is coming in on, so it knows which Svi would correspond with that. As long as we’ve got IP routing enabled on the switch and we’ve configured our Svi switched virtual interfaces, it’s going to be able to route traffic between the two different VLANs. Now notice on here in my topology diagram, I’ve also got an external router.
Even though the switch is able to do routing itself, the reason for that is the external router is connected out to the wide area network. It’s quite often the case that your connection to a service provider is not going to be using an Ethernet port. And earlier three switches only support Ethernet. So if you need to use a different type of interface, you’re going to need to have a separate dedicated router for that. Another reason would be that maybe there’s some kind of Wan feature that is required that again is not supported on the switch, that is only supported on an external router. So that’s why we’ve also got the external router for the Wan connectivity.
So whenever we’ve got any traffic between our internal VLANs that is going to get routed on the switch, that traffic never goes up to the router. But whenever there’s any traffic that needs to go outside the local area network that needs to go out to the wan, that is going to get sent up to the router. So let’s check the configuration for this before we look at that Wan connectivity configuration here.
We’re just doing the interval routing. So this is going to allow traffic between our PCs that are on the internal network, between the engine and the sales PCs at Global Config. First off we have to enable IP routing and then we configure our SVIS. So we say interface VLAN ten IP address 1010 one with a 24 mask and interface VLAN 20 IP address 1010 two 1255-255-2550. Once we’ve done this, the engineering and the sales PCs are going to be able to communicate with each other. We still need to do our one routing configuration as well though. So if I look back at the topology diagram again, you’ll see that it is interface fast zero one on the switch which is connected up to the router and I need to put an IP address directly onto that physical interface.
So to do that, I need to configure it as a layer three interface. A layer three interface means that it’s going to have an IP address on that interface. So I say no switch part for that. Then I can put the IP address on the interface. So I say IP address 1010 101 with a 24 mask and I need to configure the route to send all traffic up to the router that’s going out to the one so IP route. So default static, right? Odor, odor o do odo. Next hop, ten dot ten dot 100 dot two. I also need to configure a matching configuration on the router as well.
If we look back at the diagram again, the inside interface on the router is fast zero one, the outside is two. So on the inside interface I configure IP address ten dot ten dot 100 dot two. And on the outside interface in this example, it’s IP address 203 dot O dot one one three dot one. Then I need to configure a default static route for traffic going out to the wan so that’s IP route. Next hop address 203 01132. And then I also need to configure a route for the internal land traffic as well. I could have configured two different routes, one for 1010 1024 and one for 10 10 24, but I can do that with a single summary route. So I configure 1010 00:25 25 o. Next hop on the switch, ten dot 1010 dot 100 dot one. And that covers me for both the ten dot ten dot 1010 network and the ten dot ten dot 20 network.
Going back to the diagram again, when we did the first two options with a router with separate interfaces or router on a stick. The router was directly connected to the 1010 and the 1020 networks, so I didn’t need to configure an explicit route for it. In this example, it’s the switch which is connected to those networks, the router is not. So I do need to configure a route in this example. Okay, so that is the configuration. Looking at the considerations here, traffic being routed within the campus is now routed across the switch backplane. It doesn’t need to travel up and down physical cables to an external router like what’s happening with the first two options. But as we mentioned earlier in this lecture, you might still need an external router for Wan connectivity and services. Okay, so that is all the theory for our layer three switch. Next up is to configure it in the lab. I’ll do that in the next lecture.
5. Layer 3 Switch Lab Demo
In this lecture, you’ll learn how to configure intervalan routing using a layer three switch with a lab demo. So here’s the lab topology. It’s the same as usual. We’ve got switch one through to switch three, and we’ve got our Engineering and our Sales PCs plugged in there. I’ve already configured all of the layer two VLAN configuration. So I’ve configured trunks going through from switch one to switch three. I’ve configured my Sales and Engineering VLAN and I’ve configured my axis ports to put the correct PC into the correct VLAN. Let’s verify that first. So I’ll go on to switch one, and if I do a show interface gig one switch port, I see that that is configured as a trunk and it’s using native VLAN 199.
And if I do a show VLAN brief, I can see that my VLANs have been configured and I’ve put the correct ports into the correct VLANs. Let’s check that everything is working okay at layer two. So I’ll go into my engine PC, I’ll ping engine 1010 1011, which is on the same switch, and that’s working fine, and ping ten 1012 over on the other side on switch three. And that’s all good too. Obviously, if I try to ping ten 2010 a PC in the Sales VLAN, that’s not going to work because I haven’t configured my routing yet. So let’s do the intervalan routing first. So if we have a look back at the topology diagram, I’m going to use switch two as my layer three switch. I’m going to configure SVIS on here for VLAN ten and for VLAN 20. So let’s do that now. So on switch two, I’ll go to the enable prompt and then global configuration. And let’s just check what we’ve got on here already.
If I do show IP interface brief, you see that I’ve only got the physical interfaces. Apart from I do have my one VLAN interface which is VLAN one. If I do show VLAN brief, I have already configured the VLANs on here. I don’t have any access ports on this switch. Okay, the first thing that I need to do is to enable IP routing on the switch to allow it to route between different IP subnets. The command to do that is just IP routing. Next. I need to configure my SVIS for my engineering and sales. VLANs. So to do that, I create interface VLAN ten, which is the Engineering VLAN. It’s a logical interface, so I see it comes up immediately. And I’m going to add IP address ten 1010 one with a 24 subnet mask. I also need to configure my interface for VLAN 20 and it’s going to be IP address 1010 two 1255-255-2550.
So that’s all I need to do, enable IP routing and create my SVIS. And now my PCs should be able to route to each other. So let’s go on to engine one and try pinging over to the Sales VLAN at 1010 2010. Again, it will probably drop the first ping or two and there we go. It’s now working. So that’s all I had to do to configure my interval and connectivity using a layer three switch. But if we go back to the topology diagram again, I also want to have external connectivity as well. Right now my PCs, so engineering and sales PCs inside the campus have got connectivity to each other, but I want them to have connectivity outbound as well. So I need to configure routes from switch two up to router one and from router one up to the service provider.
So we were already on a switch. So let’s do the switch again. So that’s going to be on interfacefast zero one. So on switch to, if I do a Show IP interface brief, I see that my VLAN interfaces will show up in here now, but I haven’t configured the IP address on fast zero one yet. Now let me show you what happens if I try to do it. Well. It’s a layer two switch port, so if I go interface fast zero one and say IP address 1010, 101, 255-255-2550, it’s going to give me an error message saying you can’t configure an IP address on here. What I need to do first is say no switch part. That converts the physical part to a layer three part, meaning that I can put an IP address on it. So if I now try the IP address command again, I don’t get the switch complaining and I’ll do a no shut down on here and then a Show IP interface brief. And I can see that the interface is configured it’s down down right now because I haven’t configured the interface on the other side over on R one. So let’s do that next. So I’ll go on to R one config T. And what most places normally do is if you’ve got a fast zero and a fast zero one, use zero as the outside because zero looks kind of like an O and use fast zero one as the inside because the one looks like an I for inside. Just keep things a little bit more logical.
So this is going to be interface fast zero one on the inside and I’ll configure IP address ten 102 because it was one on the switch. I’m using a 24 mask here. Real world, you’d probably use a slash 30 and do a no shot. I also need to configure my outside interface, which was fast zero, slash IP address 203, o dot 1255-255-2550 and no shut down here as well. Let’s check that the interfaces have come up. Okay, so there’s Show IP interface brief, but up up, so that looks good. I’ll check I can ping out to the service provider from R one. So ping 203 two and that’s working okay as well. Let’s check. I can ping my PCs on the inside from R one, so I’ll ping engine one at ping ten 1010. And that is working. Okay. All right, so I still need to check. I can ping from the PCs on the inside to the outside. So from engine one, I’ll ping 203 two.
Okay, I’m getting a destination unreachable from the default gateway, which is switch two. So I’ve probably forgot to put the route on switch to let’s check that. So on switch two of your Show IP route, I should have a static default route pointing upstream to R one. And that’s the problem. I forgot to put the route on switch two. So let’s fix that. I’ll say Iproute or actually point up to R one. At 1010. 102, I’ll check. I can ping out to the service provider from switch to now. So ping 203 01132. And that’s looking good. So I think we should be okay. Now. I’ll try the ping again from the engineering PC, and yet it can ping out to the Internet. So we’re all good. We’ve got connectivity going everywhere, and we’ve got the layer three switch, switch two acting as the default gateway for all of the PCs. Okay, so that was all of our different interview and routing options. See you in the next.