Should I use Layer-3 switch or router? Cisco Forum FAQ

This Section

What is the difference between a Layer-3 switch and a router?
Layer-3 Switch recommendation
Should I use Layer-3 switch or router?
Routing and Switching - An Introduction
Various Network Design using Routers, Layer-3 Switches, and more

Should I use Layer-3 switch or router?

Introduction

In general, you want to use a router when most of the time the device does routing. Likewise, you want to use a switch when when most of the time the device does switching. This statement becomes more apparent when dealing with larger network like an ISP or large corporation.

Example in ISP is that they use routers (at least 7600 series) to have full view of BGP (the edge router). As for their "internal network", they use layer-3 switches (usually Catalyst 6500 series). In smaller environment, companies use something like 800, 1800, or 2800 series router as the Internet router and/or WAN router to their private WAN point-to-point, Frame Relay, or MPLS network while they use Catalyst 3560 series Layer-2/3 switches for local routing between different departments or between servers and hosts, and for some Spanning-Tree with Layer-2 access switches (if any).

The idea of creating Layer-3 switch is basically to efficiently do inter-VLAN routing or to do internal routing between multiple broadcast domains (multiple LAN where each LAN has its own subnet) while keeping Layer-2 features such as spanning tree and trunking. However to deal with "border" or "edge" of the network where there are less spanning tree or trunking (less Layer-2) or where there is a need for Layer-2 network termination (edge network), a router is used since a router is basically designed to handle traffic across the border or the edge network.

For more info, you can check out the following FAQ:
»Cisco Forum FAQ »What is the difference between a Layer-3 switch and a router?

Following is illustration of using Layer-3 switch to do inter-VLAN routing where the LAN 1 is user network, LAN 2 is server network, and LAN 3 is guest network.


                                            Internet
                                               |
                                             Router
                                               |
                                               | 10.0.0.0/24
                                               |
                                         Layer-3 Switch
                                        |      |      |
                                        |    LAN 2    |
                                        | 10.0.2.0/24 |
                                        |             |
                                      LAN 1         LAN 3
                                   10.0.1.0/24   10.0.3.0/24

Sample Configuration of Layer-3 Switch design implementation

Router:

interface FastEthernet0/0
description Internet
ip address dhcp
ip nat outside
!
interface FastEthernet0/1
description To Layer-3 Switch
ip address 10.0.0.1 255.255.255.252
ip nat inside
!
ip route 10.0.0.0 255.0.0.0 10.0.0.2
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!

Switch

vlan 1,11-13
!
ip routing
!
interface FastEthernet0/1
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/4
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/5
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/6
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/7
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/8
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/9
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/12
description To Router
no switchport
ip address 10.0.0.2 255.255.255.252
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan11
description LAN 1 - Users
ip address 10.0.1.1 255.255.255.0
!
interface Vlan12
description LAN 2 - Servers
ip address 10.0.2.1 255.255.255.0
!
interface Vlan13
description LAN 3 - Guests
ip address 10.0.3.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!

Keep in mind that Layer-3 switches' prices in general are not cheap from SOHO users or small businesses' perspective since Layer-3 switches are designed for organizations that need physical hardware separation between router and switch when routing is in need. Therefore should there be cheap Layer-3 switches available, SOHO users or small businesses are more than welcome to use them.

When small businesses need to do inter-VLAN routing (i.e. data interchange between multiple departments) or internal routing between LAN subnets (multiple broadcast domains), there are some "cheap" and might still be reliable solutions beside using layer-3 switches.

One solution is to use a "Router On A Stick" design. Such design consists of a router and a layer-2 switch that are capable of doing trunking. Following is illustration.


                                            Internet
                                               |
                                  Router with Trunking Capability
                                               *
                                               *  Trunk between router and switch
                                               *
                                  Switch with Trunking Capability
                                   |      |       |      |      |
                                   |      |       |      |      |
                                   |    LAN 2     |    LAN 4    |
                                   | 10.0.2.0/24  | 10.0.4.0/24 |
                                   |              |             |
                                 LAN 1          LAN 3         LAN 5
                              10.0.1.0/24    10.0.3.0/24   10.0.5.0/24

Sample Configuration of "Router On A Stick" design implementation

Router:

interface FastEthernet0/0
description Internet
ip address dhcp
ip nat outside
!
interface FastEthernet0/1
description Trunk to Switch
no ip address
!
interface FastEthernet0/1.2
description Native VLAN
ip address 10.0.0.1 255.255.255.252
encapsulation dot1q 2 native
ip nat inside
!
interface FastEthernet0/1.11
description LAN 1
ip address 10.0.1.1 255.255.255.0
encapsulation dot1q 11
ip nat inside
!
interface FastEthernet0/1.12
description LAN 2
ip address 10.0.2.1 255.255.255.0
encapsulation dot1q 12
ip nat inside
!
interface FastEthernet0/1.13
description LAN 3
ip address 10.0.1.1 255.255.255.0
encapsulation dot1q 13
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!

Switch

vlan 1-2,11-13
!
interface FastEthernet0/1
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/3
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/12
description Trunk to Router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-2,11-13
switchport mode trunk
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description Native VLAN
ip address 10.0.0.2 255.255.255.252
!

Another solution that is probably cheaper is to setup multiple unmanaged (dumb) switches with also multiple routers. While "Router On A Stick" design means single router terminates multiple LAN subnets, this second solution means each router terminates its own LAN subnet. Following is illustration.


                                            Internet
                                               |
                                         Internet Router
                                               |
                                               | 10.0.0.0/24
                                               |
                                        Unmanaged Switch
                                        |      |      |
                                        |   Router 2  |
                                        |      |      |
                                        |    LAN 2    |
                                        | 10.0.2.0/24 |
                                        |             |
                                    Router 1      Router 3
                                        |             |
                                      LAN 1         LAN 3
                                   10.0.1.0/24   10.0.3.0/24

Sample Configuration of multiple router design implementation

1. Static Routing

When there are only few LAN (broadcast domain), then static routing network design should be sufficient.

Internet Router:

interface FastEthernet0/0
description Internet
ip address dhcp
ip nat outside
!
interface FastEthernet0/1
description Unmanaged Switch (LAN)
ip address 10.0.0.254 255.255.255.0
ip nat inside
!
ip route 10.0.1.0 255.255.255.0 10.0.0.1
ip route 10.0.2.0 255.255.255.0 10.0.0.2
ip route 10.0.3.0 255.255.255.0 10.0.0.3
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!

Router 1

interface FastEthernet0/0
description Unmanaged Switch
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/1
description LAN 1
ip address 10.0.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.0.0.254
ip route 10.0.2.0 255.255.255.0 10.0.0.2
ip route 10.0.3.0 255.255.255.0 10.0.0.3
!

Router 2

interface FastEthernet0/0
description Unmanaged Switch
ip address 10.0.0.2 255.255.255.0
!
interface FastEthernet0/1
description LAN 2
ip address 10.0.2.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.0.0.254
ip route 10.0.1.0 255.255.255.0 10.0.0.1
ip route 10.0.3.0 255.255.255.0 10.0.0.3
!

Router 3

interface FastEthernet0/0
description Unmanaged Switch
ip address 10.0.0.3 255.255.255.0
!
interface FastEthernet0/1
description LAN 3
ip address 10.0.3.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.0.0.254
ip route 10.0.1.0 255.255.255.0 10.0.0.1
ip route 10.0.2.0 255.255.255.0 10.0.0.2
!

When there are more LAN (broadcast domain) in place or when there are multiple connections to reach the same destination (such as having multiple ISP to connect to the Internet), then network design based on dynamic routing might be more scalable than static route approach. Following is illustration.


                ISP 1                                    ISP 2
                  |                                        |
               Router 1                                 Router 2
                  |                                        |
                  | 10.1.0.0/24                            | 10.2.0.0/24
                  |               10.0.0.0/30              |
           Layer-3 Switch 1 ----------------------- Layer-3 Switch 2
            |      |      | .1                   .2  |      |      |
            |    LAN 2    |                          |    LAN 2    |
            | 10.1.2.0/24 |                          | 10.2.2.0/24 |
            |             |                          |             |
           LAN 1         LAN 3                      LAN 1         LAN 3
        10.1.1.0/24   10.1.3.0/24                10.2.1.0/24   10.2.3.0/24
 
              Building #1                              Building #2

Sample Configuration of multiple router and Layer-3 switch design implementation

2. Dynamic Routing

In this sample configuration, RIP as dynamic routing protocol is used to provide dynamic inter-connectivity between two buildings. You may notice that RIP as the dynamic routing protocol in place decides that machines within Building #1 use ISP 1 to go out to the Internet as default, and will only use ISP #2 through point-to-point link between the two switches when ISP #1 becomes unavailable. Similarly, machines within Building #2 use ISP 2 to go out to the Internet as default, and will only use ISP #1 when ISP #2 becomes unavailable.

Router 1:

interface FastEthernet0/0
description ISP 1
ip address dhcp
ip nat outside
!
interface FastEthernet0/1
description Layer-3 Switch 1
ip address 10.1.0.254 255.255.255.0
ip nat inside
!
router rip
version 2
network 10.0.0.0
default-information originate
no auto-summary
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark Permitted Subnet to access Internet
access-list 1 permit 10.0.0.0 0.3.255.255
!

Switch 1

vlan 1-2,11-13
!
ip routing
!
interface FastEthernet0/1
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/4
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/5
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/6
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/7
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/8
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/9
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/11
description Layer-3 Switch 2 (Building #2)
no switchport
ip address 10.0.0.1 255.255.255.252
ip summary-address rip 10.1.0.0 255.255.0.0
!
interface FastEthernet0/12
description Router 1
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description Management VLAN
ip address 10.1.0.2 255.255.255.0
!
interface Vlan11
description LAN 1
ip address 10.1.1.1 255.255.255.0
!
interface Vlan12
description LAN 2
ip address 10.1.2.1 255.255.255.0
!
interface Vlan13
description LAN 3
ip address 10.1.3.1 255.255.255.0
!
router rip
version 2
passive-interface Vlan11
passive-interface Vlan12
passive-interface Vlan13
network 10.0.0.0
distribute-list prefix RIP_Out-to-Building-2 out FastEthernet0/11
no auto-summary
!
ip prefix-list RIP_Out-to-Building-2 description Permitted Subnets To Announce
ip prefix-list RIP_Out-to-Building-2 seq 10 permit 0.0.0.0/0
ip prefix-list RIP_Out-to-Building-2 seq 20 permit 10.1.0.0/16
!

Router 2:

interface FastEthernet0/0
description ISP 2
ip address dhcp
ip nat outside
!
interface FastEthernet0/1
description Layer-3 Switch 1
ip address 10.2.0.254 255.255.255.0
ip nat inside
!
router rip
version 2
network 10.0.0.0
default-information originate
no auto-summary
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark Permitted Subnet to access Internet
access-list 1 permit 10.0.0.0 0.3.255.255
!

Switch 2

vlan 1-2, 11-13
!
ip routing
!
interface FastEthernet0/1
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
description LAN 1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/4
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/5
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/6
description LAN 2
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/7
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/8
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/9
description LAN 3
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/11
description Layer-3 Switch 1 (Building #1)
no switchport
ip address 10.0.0.2 255.255.255.252
ip summary-address rip 10.2.0.0 255.255.0.0
!
interface FastEthernet0/12
description Router 2
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description Management VLAN
ip address 10.2.0.2 255.255.255.0
!
interface Vlan11
description LAN 1
ip address 10.2.1.1 255.255.255.0
!
interface Vlan12
description LAN 2
ip address 10.2.2.1 255.255.255.0
!
interface Vlan13
description LAN 3
ip address 10.2.3.1 255.255.255.0
!
router rip
version 2
passive-interface Vlan11
passive-interface Vlan12
passive-interface Vlan13
network 10.0.0.0
distribute-list prefix RIP_Out-to-Building-1 out FastEthernet0/11
no auto-summary
!
ip prefix-list RIP_Out-to-Building-1 description Permitted Subnets To Announce
ip prefix-list RIP_Out-to-Building-1 seq 10 permit 0.0.0.0/0
ip prefix-list RIP_Out-to-Building-1 seq 20 permit 10.2.0.0/16
!

Whichever solution to choose, you should always use managed switch instead of unmanaged switch since in general, managed switch is more reliable and has more functionality to tune.

Connectivity to Business Partner's Network

Now let's review the following network topology which is typical datacenter layout or Ethernet-based network topology.


Switch A1 ----- Switch A2
       \        /
         \    /
       Switch A3       External network (business partner)
========================
       Switch B3       Your network
        /     \
      /         \
Switch B1 ----- Switch B2

You have a network consisting of three switches (B1, B2, B3) and there is a business partner's network consisting of also three switches (A1, A2, A3). Each network may or may not run Spanning Tree to avoid Layer-2 network loop. The objective is to interconnect your network and the business partner's network somehow with less equipment in place, less complicated, reliable, and most importantly you still maintain your network control and administration.

One may suggest that you simply run cables between switches A3 and B3 running layer-2 connectivity. By having Layer-2 connectivity, there is a danger of Layer-2 network loop which can bring down network immediately.

From different perspective, you may have to surrender your Layer-2 network control over to your business partner since Layer-2 connectivity requires full control by single network administration and more likely, your business partner is the single network administration rather than yourself. When you have internal Layer-2 network within switches B1, B2, or B3; then you lose control of those internal network administrations as well which is typically unwanted. In other words, permitting your business partner to be the single network administration requires such switches B1, B2, and B3 to be dedicated switches for external connectivity to business partner and no internal Layer-2 network is allowed.

Should there be a need to maintain internal Layer-2 network within switches B1, B2, and B3 while having external connection to your business network, Layer-3 connectivity should be your best bet. Even though there is a thing called Layer-3 network loop, such loop does not bring down network severely as Layer-2 network loop. Further, you still maintain your network integrity while having external connection to your business network with Layer-3 connectivity between your network and business partner's.

At this point, let's consider Layer-3 connectivity between your network and business partner's. For the sake of illustration, assume the following

Your network: 10.10.10.0/24
Your business partner's network: 100.32.10.0/24
Point-to-point WAN between your network and business partner's: 1.1.1.0/30

The internal IP subnet you use within your network is 10.10.10.0/24. For this connectivity, your business network uses 100.32.10.0/24 for your network to reach.

Since there will be Layer-3 connectivity, there must be a device within your network that is able to do routing. One solution is to put a router between Switch A3 and Switch B3 like following


Switch A1 ----- Switch A2
       \        /
         \    /
       Switch A3
           |
         Router
           |
       Switch B3
        /     \
      /         \
Switch B1 ----- Switch B2

Note that the router is on your network edge since the router terminates your Layer-2 network to connect to your business partner's network.

The configurations are the following

Switch B1

vlan 1-2
!
interface FastEthernet0/1
description User 1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Switch B3
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.1 255.255.255.0
!

Switch B2

vlan 1-2
!
interface FastEthernet0/1
description User 4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Switch B3
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.2 255.255.255.0
!

Switch B3

vlan 1-2
!
interface FastEthernet0/1
description User 7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
description Router
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Switch B2
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.3 255.255.255.0
!

Router

interface FastEthernet0/0
description Business Partner's Switch A3
ip address 1.1.1.2 255.255.255.252
!
interface FastEthernet0/1
description Switch B3
ip address 10.10.10.254 255.255.255.0
!
ip route 100.32.10.0 255.255.255.0 1.1.1.1
!

When your Switch B3 is a Layer-2/3 switch, then you don't need to put a router between your network and your business partner's since you can utilize the Switch B3 routing functionality to reach the business partner's 100.32.10.0/24 network. No additional router means less equipment to deal with, save physical space, less power consumption, and simplify network topology. The network topology and configuration are as follow


Switch A1 ----- Switch A2
       \        /
         \    /
       Switch A3
           |
           | routing is in place
           |
       Switch B3 (Layer-2/3 switch)
        /     \
      /         \
Switch B1 ----- Switch B2

Switch B1

vlan 1-2
!
interface FastEthernet0/1
description User 1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Switch B3
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.1 255.255.255.0
!

Switch B2

vlan 1-2
!
interface FastEthernet0/1
description User 4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Switch B3
switchport access vlan 2
switchport mode access
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.2 255.255.255.0
!

Switch B3

vlan 1-2
!
ip routing
!
interface FastEthernet0/1
description User 7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
description User 8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
description User 9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
description Switch B1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
description Switch B2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
description Business Partner's Switch A3
no switchport
ip address 1.1.1.2 255.255.255.252
!
interface Vlan1
description VLAN database management only
shutdown
!
interface Vlan2
description User VLAN
ip address 10.10.10.3 255.255.255.0
!
ip route 100.32.10.0 255.255.255.0 1.1.1.1
!

More Sample Design and Configuration
»Cisco Forum FAQ »Various Network Design using Routers, Layer-3 Switches, and more

Some discussions

»[CCNA] Cisco 3 tier design selection
»Suggestion for cisco 3560 Needed
»HELP...Conguration not working...Cisco 1961
»[Config] What would the switch and router configuration be ???

got feedback?

MATERIAL IN THIS DOCUMANT WAS SATISFACTORY. I GOT MY ANS. THANKS TO THE SUPPORT TEAM OF SUCH DOCUMENT.

2010-05-20 08:49:04

This is an excellent article, very helpful and descriptive.

2011-07-27 16:54:40

Excellent and very usefull training. Thanks to the author.

2011-10-30 03:01:31

thank you very much (dynamic routing)

2011-11-09 04:03:56

Great document, really helpful and very well explained and straight to the point. Top marks to author!

2013-01-21 05:54:24

by aryoba
last modified: 2013-02-05 11:04:46

All FAQs » Cisco Forum FAQ » 30.2 Between Router and Layer-3 Switch

Should I use Layer-3 switch or router?