When we talk about networking, we need to talk about hardware devices as building blocks. The usefulness of a network depends heavily on proper devices. In a modern LAN, we don’t use repeaters, hubs or bridges anymore, only high-performance switches and routers. We know the primary purpose of these two: control the data flow. Switches do this in the second layer of the OSI model, by examining the physical address of a frame. Routers, on the other hand, work in the 3rd layer, examining the destination logical address. It seems, that these are two completely separate devices. But nowadays, that’s not exactly true. In this article I’ll explain how to route with a switch – even with a Layer2 switch!
Before we discuss the possibilities of routing on a switch, we need to clarify some things. First, if we want to classify a switch by the OSI model, then it is a data link layer device. A switch is a multiport bridge: it maintains a MAC-address table, and if a frame comes in one of its ports, it looks at the destination MAC-address of the frame and forwards it based on the contents of the table. They can do this very fast, because frame switching is not so difficult, and can be accelerated by hardware. Switches contains ASIC’s (Application Specific Integrated Circuits) for this purpose. The switch traditionally doesn’t do any routing, because it doesn’t look into the package embedded in the frame.
CCNA Training – Resources (Intense)
Routing is done by a router – that’s not a surprise. Traditional routers look at the package header to find the destination’s logical address (mostly this is the IP address), then they do a lookup in the routing table to find the destination network and the interface to send out the message. This process is a software function; therefore, a router can be much slower than a switch. We can say that a router is a Layer3 device. Routers can be used to divide the network into broadcast domains also. A lot of broadcasts is not good for the performance of the network, so the smaller the broadcast domain, the better the performance.
Well, all of that theory is not exactly true for modern devices. Broadcast domains can be segmented by a Layer2 switch also. Virtual LANs (or VLANs for short) can be built on almost any switch today, and they can separate the traffic in broadcast domains without the help of a router. Of course, if we want some traffic go from one VLAN to another, we still need a router, or any Layer3 device.
There are some well known methods for this. We can use a router that has as many interfaces as we have VLANs, with one interface per one VLAN, but this solution is not scalable. It’s better if we use router-on-a-stick: one physical interface of the router is connected to the switch’s trunk port, and we divide the router’s physical interface into logical subinterfaces. This is more scalable, but if there’s a lot of traffic among the VLANs, it can be a bottleneck. Maybe the best solution is to use a Layer3 switch with Switch Virtual Interfaces (SVI). A SVI is bounded to a VLAN and acts like a real IP interface, but in reality, it is virtual.
But wait: what is a Layer3 switch? Some say that it’s no more than a marketing term. If a device can route packages, then it’s a router – though it can be easier to understand what these kinds of devices do if we call them Layer3 (or multilayer) switch. So basically, these are really switches but the operating system on them (and the hardware of course) lets us do routing functions, including dynamic routing. In a LAN for example, when there’s no huge traffic, a Layer3 switch can be better than a separated switch and router. Back to VLANs, we can configure one SVI for one VLAN, which has a unique IP address, and once we activate the IP routing, we are done for the VLAN routing.
As time passed, companies invented advanced technologies in order to accelerate the routing functions on Layer3 devices. A Layer3 switch usually takes the first packet of a dataflow, and determines the destination based on the traditional routing table. The other packets of this flow can then be switched rather than routed, because the device knows which packets are parts of this specific flow. Because switching functions can be accelerated by ASICs, this can dramatically improve the routing speed.
Now we can see the difference between a switch and a router, and know about the hybrid Layer3 switches also. It’s clear, that any Layer3 device can route packets. But it seems odd that a Layer2 switch can also be used as a router. This kind of magic can be done with Cisco Catalyst 2960 series switches, under some circumstances. We consider these switches as Layer2, but with proper IOS, we can do the trick.
In 2010, the release of 12.2(55)SE version of IOS introduced this ability. Before we get our hands dirty with a little lab topology to show its capabilities, we should discuss one important restriction: we cannot do dynamic routing, just static. In addition, the routing table cannot contain more than 16 static routes, and if we have a default route, this will also count.
For demonstration purposes, I’ll use the following topology:
I think it’s rather simple, except maybe for one little thing: we’ll simulate remote networks on the router through loopback interfaces, so we don’t need an actual device to test the reachability of these.
The first step is to upgrade our IOS on the switch to at least the 12.2(55)SE version. If it’s done, we can check if everything went well by issuing the show version command. We then need to reboot the switch once more because we need to activate the proper Switch Database Management (SDM) template. (Note: Do not mix this abbreviation with Security Device Manager!) SDM templates are used for configuring the resources of the switch for a special purpose on a network. We can check which is active with the show sdm prefer command. In order to see what templates are available, issue the following:
Switch#show sdm prefer ?
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
lanbase-routing Lanbase routing
qos QoS bias
| Output modifiers
Notice “lanbase-routing” in the output. We need to activate this, then reboot the switch:
Switch(config)#sdm prefer lanbase-routing
Changes to the running SDM preferences have been stored, but cannot take effect until the next reload.
Use ‘show sdm prefer’ to see what SDM preference is currently active.
*Feb 10 20:07:27.330: %SYS-5-CONFIG_I: Configured from console by console
System configuration has been modified. Save? [yes/no]: y
Now we can use the basic routing functions, but first we need to activate the IP routing itself. It’s also a must on a Layer3 switch.
In order to create an IP interface on the device, first we create two more VLANs in addition to the default VLAN 1, which is the standard Ethernet VLAN. We’ll use VLAN 1 to connect to the router, VLAN 10 and VLAN 20 in turn to connect to the two PCs, and then we’ll put their ports into these VLANs. Then, we configure the SVIs with the proper IP addresses. Note that VLAN 1 interface needs the no shutdown command, while the others do not. If the VLAN exists and there’s one active port in the VLAN, it will start automatically.
Switch(config)# vlan 10
Switch(config-vlan)# vlan 20
Switch(config-vlan)# interface fa0/10
Switch(config-if)# switchport access vlan 10
Switch(config-if)# interface fa0/20
Switch(config-if)# switchport access vlan 20
Switch(config-if)# interface vlan 1
Switch(config-if)# ip address 192.168.1.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Now we have a routing table with three connected routes, and three local entries with the SVIs. We can check this with the show ip route command.
Let’s configure a default route pointing to the router’s IP address as the next-hop, and then check the results:
Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254
Switch(config)#do sh ip route
The relevant part of the output is:
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
For simplicity, we can install a default route on the router also, pointing to the switch’s IP address of 192.168.1.1. After this, we’ll configure our PCs to the proper addresses, with gateways pointing to the SVI addresses of the switch. If we ping the 192.0.2.1 address from either of PCs, it’ll be successful. We need to mention that there was a bug related to default route, but it has been solved – just upgrade the IOS version.
Now delete the default route and let’s try to add some standalone static routes. We can use next-hop as well as output interface, but it’s better to configure them simultaneously because in a shared network (like Ethernet), the router needs to know not only the next-hop but also the output interface to avoid recursive lookups in the routing table.
Switch(config)#ip route 192.0.2.0 255.255.255.252 Vlan1 192.168.1.254
Switch(config)#ip route 192.0.2.4 255.255.255.252 Vlan1 192.168.1.254
Of course, the output interface in our case is Vlan1, as it is the IP interface associated with the virtual LAN, in which the port connecting to the router is in. When we properly design the IP addressing scheme, we can reduce the entries in the routing table with aggregating networks by supernetting. In the above example, the two separate routes can be aggregated with the following address: 192.0.2.0/255.255.255.248. This can be important in our case, when the number of usable routing table entries are limited.
The pings from the PCs should be successful in this time also.
If we experiment with the available commands, we may discover that the global config mode command ”router” exists, but if we want to activate any dynamic routing protocol, the switch will refuse it with an error message:
bgp Border Gateway Protocol (BGP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
Protocol not in this image
Therefore, we really cannot use dynamic routing protocols, but remember: the static routing in a smaller LAN can be enough, and the Catalyst 2960 series switches are for these kind of networks, as they are Cisco’s entry level switches.
The final conclusion is: we can route even with a Layer2 switch, but this routing function is limited to static routing, and in reality, this is possible only if a special IOS runs on the switch. A pure Layer2 switch cannot route IP packets, as it doesn’t look at the IP header of the packet.
In addition to the above, there’s a rather new concept in networking which we can call layer2 routing. We all know the good old Spanning Tree Protocol (STP) and all of its subversions such as RSTP or MSTP. In a switched network, we’ll need more switches if we need some redundancy, and we need to connect our switches with more cables than the minimum. Therefore, there are loops in the network which can cause a lot of troubles, mainly broadcast storms.
To avoid these errors, STP blocks some ports using software that eliminates the logical loops, though physical loops can still exist. If the topology changes, STP reconverges and everything goes on. But there are serious limitations: the converging time can be long, especially with traditional STP, and there’s only one active path for a specific destination. In modern networks, these limitations are unacceptable: think about data centers with virtualization and cloud technologies.
Two new standards come into play to avoid the limitations of STP: Shortest Path Bridging (SPB or 802.1aq) and Transparent Interconnection of Lots of Links (TRILL). Cisco has a technology called FabricPath, which is heavily based on TRILL. The technologies are still under refinement, but some vendors are already supporting them (SPB is supported by Huawei and Avaya, TRILL by Juniper and Cisco.)
The base concept is that we are using switches interconnected with redundant links, but the whole system acts like a big virtual switch for the outside world. Both methods are based on the IS-IS protocol, which is a Layer3 link-state routing protocol, but can be used in switched networks also to route frames. Of course, TRILL and SPB are using a modified version of it. The link-state behaviour of IS-IS allows using multiple active paths in the switched network, rather than STP’s “one active way” concept.
In this article, I just wanted to introduce the concept briefly, and if you are interested, please refer to the links below.
Configuring static routing on Catalyst switches:
About TRILL on Wikipedia:
About SPB on Wikipedia:
Compare and contrast TRILL and SPB: