Layer 3 LAN Switching

As enterprise LANs grow, there becomes a need to break up LANs with routers. Traditionally, routers have performed the layer 3 functionality, but in today’s high-speed LANs there is a need to be able to forward packets much quicker than the traditional routers have been able to. That is where layer 3 switches come into play.

Layer 3 switches can turn on routing by executing the “ip routing” command from the global configuration mode. From there you can create routed interfaces either by using vlan interfaces, which is the likely interface at the distribution layer or on physical Ethernet interfaces by executing the “no switchport” command, then assigning the physical interface an IP Address.

With large networks, topology-based switches may still be too slow. Then you will need to utilize hardwre based layer 3 switching. In hardware based layer 3 switching, the switch can utilize Policy Feature Cards (PFC) and Distributed Feature Cards (DFC) to route traffic at the hardware level. The hardware will do a packet rewrite on the egress port and alter the following fields:

  • Layer 2 (MAC) destination address
  • Layer 2 (MAC) source address
  • Layer 3 IP TTL
  • Layer 3 checksum
  • Layer 2 (MAC) checksum, aka FCS

Any packets that can’t be handled by the hardware will then be sent to the switches MSFC (Multi-Layer Switch Feature Card), which is a software based router.

The switch that uses the PFC, DFC, and MSFC is the Catalyst 6500 switch. Hardware layer 3 switching does not replace routing and routing protocols. It provides IP unicast layer 3 switching locally on each module.

Chassis based switches utilize a centralized forwarding architecture, which enhances LAN performance and can become even better with the use of distributed forwarding as an upgrade.

When CEF (Cisco Express Forwarding) is used a chassis based switch can forward up to 30 mpps per system or when using a dCEF daughter card can deliver 48 mpps sustained throughput per slot.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone

August 8, 2010

Posted In: CCNP Study Notes, LAN Switching, Layer 3 Switching

LAN Switching Layer 3 Redundancy Protocols


Hot Standby Routing Protocol, or HSRP, is a Cisco proprietary redundancy routing protocol. It’s typically used in the distribution layer of a LAN. It works is by having two or more layer three devices that communicate with each other via multicast address to UDP port 1985. In a typical configuration there will be a active router and a standby router. Each router has it’s own physical IP Address and they share a virtual IP Address, which hosts on the LAN use as their default gateway. If the standby router detects that the active router is unavailable, then it will assume the active router role by assigning itself the virtual IP Address. There can only be a single active router in an HSRP group, but there can be multiple standby routers.

HSRP has an election process to determine which router is used as the active router. The router configured with the highest HSRP priority is determined to be the active router. In the event of multiple routers with identical priorities, then the router with the highest IP Address wins the active router election.

The preempt option in HSRP enables a router to resume the forwarding router role.

The hello default is 3 seconds and the hold time default is 10 seconds. When changing the default hello and hold times, the hold time would be at least three times the value of the hello timer.

HSRP is defined by RFC 2281.

Active Router Interface Config

Active Router show output

Standby Router Interface Config

Standby Router show output

Output from sh ip arp

In some instances, your routers participating in an HSRP group connect to different devices on their uplinks. If HSRP doesn’t have any method of tracking when there is an uplink failure, then HSRP doesn’t do a very good job of maintaining an active connection to external resources. In those cases, you should implement interface tracking in HSRP. This is done using the “standby 1 track

” command on the HSRP interface.

The “

” is the interface on your router that you want HSRP to monitor it’s status. This interface would connect to the upstream device and probably isn’t participating in HSRP directly. It’s important to want to track the status of the interface so that HSRP can fail over to the other router in the event of a uplink failure.

The “

” is how much HSRP should automatically decrement it’s priority to make the interface go into standby. This value should lower the value enough to no longer be the highest priority in the HSRP group.

Here is the debug output from the standby router going into active mode, as the primary active router becomes unavailable (via the “shut” command on the interface) and then becomes the standby router again.


Virtual Routing Redundancy Protocol, or VRRP, serves the same purpose as HSRP, with many of the same features, but is an IEEE standard.

VRRP is defined by RFC 2338.

Master VRRP Router Interface Config

Master VRRP Router sh output

Backup VRRP Router Interface config

Backup VRRP Router sh output

Here is the output of the backup vrrp router turning into a master and then backup again.

It doesn’t appear that VRRP has the ability to perform interface tracking, but could be an option to use in multi-vendor networks.


Gateway Load Balancing Protocol, or GLBP, is another Cisco proprietary protocol. It was created with the idea of better utilizing the network resources while still performing the same functionality as HSSRP and VRRP. GLBP performs automatic selection and simultaneous use of multiple available gateways as well as automatic failover in the event of a failure. With HSRP and VRRP, the load balancing and attempt to fully utilize available network resources is a manual process and be burdensome on the network administrator.

GLBP communicates via multicast address to UDP 3222.

Active Router Interface Config

Active Router sh output

Active Router sh ip arp output

Standby Router Interface Config

Standby Router sh output

Standby Router sh ip arp output

Here is the output from a debug from the standby router. As you can see GLBP load balances by continuously moving the virutal IP Address from one router to the other. You can also see where the standby router becomes active in a failure, then becomes standby again.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone

August 8, 2010

Posted In: CCNP Study Notes, GLBP, High Availability, HSRP, LAN Switching, Layer 3 Switching, VRRP