just to help clear that statement up

you can subnet with a layer3 switch (cisco 3550), but not with a regular switch.


You can setup VLAN's with a L2 switch, but will need a router (or routing card) to intervlan or subnet

soule

soule wrote:
> > You can easily subnet using switch (cisco, juniper etc) which is hardware based.
>
> just to help clear that statement up
>
> you can subnet with a layer3 switch (cisco 3550), but not with a regular switch.
>
>
> You can setup VLAN's with a L2 switch, but will need a router (or routing card) to
> intervlan or subnet
>
> soule

Could you please enlighten us on what a "layer3 switch" is?

An ethernet hub just transmits everything it receives, and knows nothing about IP datagrams, let alone ethernet frames, so that's not even a "layer 1" device, right?

Continuing, a switch forwards frames that it knows need to forwarded, since it's been paying attention to MAC addresses. That makes a switch a "layer 1" device, since layer 1 of the stack is the network access layer and deals with hardware frames only (here, ethernet frames addressed to MAC addresses), correct?

Further, if my GNU/Linux box has 2 ethernet ports on it, and is, say, acting as a router between my LAN at home and the Internet, then it only cares about IP host and network addresses -- layer 2, the internet layer -- so that makes my little router here a "layer 2" device, right?

What sort of packet switching device cares at all about TCP/UDP, thus acquiring the title of a "layer 3" switch?

A hub is a layer 1 device. It is a LAN segment in a box. Hubs are not used much in enterprise environments unless they function as portable test gear or portable lab equipment. Hubs represent a huge drain on network resources because they broadcast everything.
A switch is a layer 2 device (traditionally). It is a Spanning Tree bridge that forwards based on destination MAC addresses.
A layer 3 switch routes. We typically do not call them routers because routers typically have more routing functions and WAN interfaces. Layer 3 switches usually route IP with just some basic options. Nonetheless, layer 3 switches route between networks. Layer 3 switches also function as layer 2 switches.

To make matters more confusing, small routers are going high density. They often are installed with layer 2 or layer 3 switch cards.

Oh, ok. You're talking about the 7-layer OSI model, rather than the 4-layer TCP/IP.

Thanks.

fun stuff...

Layer 3 switch = marketsp3@k for router, possibly without as many bells and whistles.

A VLAN is a software way of setting up a seperate network. It's the same as having a totally seperate switch for each new Local Area Network (aka LAN) or what we call a Virtual LAN...voila! VLAN. Try to think of it as each VLAN being a seperate switch, except the part where you have to actually seperate the switches and move cables to change the network that a host is in. Rather than moving network cables in the wiring closet in the back room, you can change VLAN settings remotly from your laptop in Tahiti.

A switch, or layer 2 (OSI layer 2) device can isolate VLANs, or networks, but can't get them to talk to each other. The exception is plugging VLANs into each other, which as baldy3105 mentioned, defeats the purpose of having two VLANs. You set up a VLAN to isolate a network segment at OSI layer 2.

A router, or a 'layer 3 switch', connects IP subnets (OK it connects other network protocols, but this is 2005 so it's either TCP/IP or 'some other protocol'.) You seperate a network at the IP level by changing IP addresses and you can divide the pre-defined class A, B and C networks into smaller ones by also changing the subnet mask.

An IP subnet is usually put on a network with no other IP subnets on it. This can be done by putting all the hosts on one switch and plugging a router into one of that switch's ports. It can also be done by configuring a VLAN and setting your layer 3 switch to route packets out of that VLAN. When you have a seperate IP network segment, it's called a broadcast domain. Each broadcast domain sees all the layer 3 and layer 2 broadcasts from any host in the same broadcast domain.

At OSI layer 1, the physical layer, all the voltage signals sent over the wire are defined. A hub doesn't have to know about MAC addresses (layer 2) or IP addresses (layer 3) it just has to re-transmit the right voltage signal to other ports. This is also called a collision domain because one host's output goes to all other host's input so the hosts have to share the bandwidth and their data can collide and then need to be sent again.

A lot of this stuff is referenced in network history, further confusing the matter. A switch could only have two ports, it would still work at layer 2 and isolate by MAC address, we would call that a bridge. Bridges don't sell very well these days, what with multiport switches so cheap now, so you probably won't see one. A hub is called a multiport repeater, it repeats the signals it gets out all it's ports. Again, hubs can come with only 2 ports and we would call these repeaters, but these days they don't sell so well either. Old school routers only had a few ports on them, until someone let the tech guys into the marketing groups and realized there might be a demand for one of these with a bunch of switchports in them too, so now we have layer 3 switches and routers with dozens of ports.

Excellent explanation.

Thanks darin

Uhhh, yeah ... ... I got it. Sure ... makes, umm, perfect ... sense. As you can see, Gentle Reader, when network-geeks start talking, they start talking an entirely different language.

And as you can also see, there's quite a difference between the very precise language that's used by a network expert, versus the "common tongue" of small networks and office-sized experience.

So, when you start talking about a network, be sure to clarify your actual usage.

Byte. CPU. Parallel processing. Drive. Mouse.

See?

An anecdotal reason to separate networks.

My company has a Control System running a major part of the manufacturing system. 2 computers (proprietary arch) and 5 operator terminals, all networked in the control room. Another 5 or 6 operator terminals scattered around the factory.

About 3 years ago the Main Computers would suddenly drop all the network connections. They would carry on operating the plant but would not communicate with each other or the operator terminals. We had to use TTYs to put the system into a safe mode and reboot. Very expensive.

After a lot of work and packet sniffing I found that 5 clients in a restaurant owned by the group were configured to look for a Novell Server although no such beast exists in the entire group. Moreover each time these appliances were reset they defaulted back to this behaviour.

For reasons unknown the Control System computers were interpreting the "Is there a Server?" broadcast as an instruction to drop all the network connections. The solution was to put the control room on a different network and put a router between it and the outside world.

We've ditched those silly clients but kept the router.

No worries johnMG, lucky I'm good at something, so's I can pay back some of the Linux help I get around here!

> lucky I'm good at something, so's I can pay back some of the Linux help
> I get around here!