How to configure layer 3 switch?

Configuring a layer-3 switch is quite complicated at first. But once you understand the configuration of Virtual LAN then it gets really easy.

Why did we use Layer-3 switch?

Our client was facing slow data transmission speed mostly because of too many requests and traffic on the LAN. They had over one thousand systems connected with the Layer-2 switch and several networks. When a user sent a request to X network, the layer-2 switch broadcast the request on each network, this increased network traffic and eventually slowed down data transmission speed.

We recommended replacing layer-2 switches with layer-3 switches just to reduce network traffic. A Layer-3 switch determines for which network a request is to be sent and then broadcasts that request to that particular network. Unlike layer-2 switch which broadcast requests to all the networks.

Configure layer-3 switch

First, determine all the networks.

For a basic configuration switch, three interfaces are required. One is a switch's default route, the second is for data VLAN, and the third one for voice VLAN.

"Vlan is Virtual LAN. As the name suggests, it is used to connect to a system that is not on the same network. It allows the admin to group hosts together even if a host is not directly connected to the same network with switch."

Here, we need three Virtual LANs(VLAN). The default route VLAN is nothing but the default route for the switch. Data VLAN is configured and will be used to carry only user-generated traffic for transmission. The Voice VLAN will be used to carry voice traffic from these IPs, it only accepts untagged traffic from the users.

  • First, go to Monitor --> Switch and then "Distribution switch" details page.
  • Click on status and select Initialize layer 3
  • Enter following settings:
    • Name: Uplink
    • Subnet: 192.168.128.0/24
    • Interface IP: 192.168.128.1
    • Interface IP: 20
    • Default Gateway: 192.168.128.254

Next, configure layer-3 interfaces for voice and data Virtual LAN(VLANs)

  • Click Add an interface from configure --> Layer 3 routing
  • Select Distribution Switch
  • Enter following data:
    • Name: Data
    • Subnet: 10.1.0.0/23
    • Interface IP: 10.1.1.254
    • VLAN: 5
    • Client Addressing: Relay DHCP to another server
    • DHCP server IPs: 192.168.128.254
  • Click on save and add another
  • Again, select Distribution switch (for the voice configuration)
    • Name: Voice
    • Subnet: 10.1.2.0/23
    • Interface IP: 10.1.3.254
    • VLAN: 10
    • Client Addressing: Relay DHCP to another server
    • DHCP server IPs: 192.168.128.254
  • Click save

Configure switch ports for downstream:

The routed interfaces can allow the downstream access switch and all the connected clients by getting the access switch configured as trunk so that both, Data and Voice Vlans can transmit to other networks as well. You can do this by clicking on the configure option and then switch ports. Under the switch port, you can access switch, add a switch, and update by adding the following options:

  • Type: Trunk
  • Native VLAN: 1
  • Allowed VLANs: All

"Here, an uplink port is used to connect to another router, switch or internet and it should be configured identically, otherwise you will get VLAN mismatch error. The access also needs to be configured properly in order to place client traffic to Voice and data VLANs. Here, in this article, we have shared how to configured the switch ports and how to change these ports."

Firewall configuration

To provide full network connectivity, we need to perform a few additional distribution steps on the firewall. The firewall needs to be configured with static routes which you can find under Configure --> Addressing and VLANs so that any inbound traffic looking to reach voice or data VLANs can directly go through the routing interface of a switch. You can configure the routes by the below steps:

  • For the data VLANs:
    • Enabled: Yes
    • Name: Data
    • Subnet: 10.1.0.0/23
    • Next hop IP: 192.168.128.1
    • Active: Always
    • In VPN: No

  • For the voice VLANs:
    • Enabled: Yes
    • Name: Voice
    • Subnet: 10.1.2.0/23
    • Next hop IP: 192.168.128.1
    • Active: Always
    • In VPN: No

A catalyst 4500 series switch supports IPX routing along with Apple routing. Below, we have shared the configuration of the logic layer-3 interface and updating/assigning a new IP address:

  • Switch> enable
  • Switch# config term
  • Switch(config)# vlan 2
  • Switch(config)# interface vlan 2
  • Switch(config-if)# ip address 10.1.1.1 255.255.255.248
  • Switch(config-if)# no shutdown
  • Switch(config-if)# end

Configure an IP address on Fast Ethernet Interface with this code:

  • Switch# configure terminal
  • Switch(config)# ip routing
  • Switch(config)# interface fastethernet 2/1
  • Switch(config-if)# no switchport
  • Switch(config-if)# ip address 10.1.1.1 255.255.255.248
  • Switch(config-if)# no shutdown
  • Switch(config-if)# end

CONTACT

Lets get in touch. Send us a message:

Ahmedabad, IN

Phone: +91 9426527612

Email: support@lantechinfocom.co.in