Answers: Layer 3 Switching 1

By certskills July 20, 2016 09:10

This lab asks you to configure layer 3 switching, a little trunking, and some VLANs. The lab is long enough to forget all the requirements before you finish, so I would suggest keeping the lab post open in a tab while looking through the answer here. As usual, this answer post lists my opinion about the answer, plus some comments as to why. Enjoy!


Figure 1: Switch Square Topology


Example 1: Dist1 Config


Example 2: Dist2 Config


Example 3: Access1 Config


Example 4: Access2 Config



Layer 3 switching has become the preferred method for layer 3 forwarding in LANs as compared with using routers. Layer 3 switching relies of LAN switching hardware that often performs both layer 2 and layer 3 forwarding at higher capacities (more messages per second) than comparable routers. Also, using layer 3 switches instead of routers avoids having to use the Router-on-a-Stick method required for routers, which sends packets over a link to a router and then back out that same physical link. As a result, many campus and data center networks are built with switches only, with routers sitting only at the edge of the WAN.

With this lab you were tasked with configuring switches as both layer 2 and layer 3. The access switches will utilize only their layer 2 features while their distribution counterparts will use both their layer 2 and layer 3 features. In this case, the layer 3 distribution switches could act as gateways for PCs attached to the access switch interfaces.

Begin by looking at the configuration of the Access1 switch and the two access VLANs. Two interfaces will be access ports that connect to two different LANs. To create the two VLANs use the vlan 10 and vlan 20 commands. (Note that you could configure both in one command with the vlan 10,20 command as shown in Example 3.) To configure interface GigabitEthernet0/2 into VLAN 10 use the switchport access vlan 10, to configure interface GigabiEthernet0/3 into VLAN 20 use the switchport access vlan 20 command.

Similarly, switch Access2 switch has two access VLANs, 30 and 40, and would be configured with similar commands: vlan 30,  vlan 40 and on the respective interfaces, switchport access vlan 30 and switchport access vlan 40.

To create trunks between Access1 and Dist1, plus Acces2 and Dist2, the requirements asked for a manually configured trunk. Basically that means to use the switchport mode trunk interface subcommand on the interfaces on both ends of the trunk.

The distribution switch configuration is a bit more complex as it uses trunks, access ports and layer 3 VLAN interfaces.

At the distribution layer of the design, first consider switch Dist1 and its three VLANs: 10, 20, and 50. Dist1 will need to route for the subnets defined on those three VLANs. First, Dist1 must know about the three VLANs (not VLAN interfaces), so the configuration includes the vlan 10,20,50 command, which defines all three VLANs as if you had typed the vlan 10, vlan 20 and vlan 50 commands separately.

Next, you need to configure a matching VLAN interface for each VLAN with the associated interface subcommands. In each case, you need to configure the IP address as shown in the figure. Also, some switches start with VLAN interfaces in a shutdown state, so to make sure the interface comes up, use the no shutdown command. Example 1 lists the details.

Each of the two distribution switches must also enable layer 3 switching. On some models of switches, the switch first requires that the switching ASIC be enabled to support IPv4 routing with a command like the sdm prefer command, followed by a reload exec command. (This lab does not show that part of the configuration). The switch also needs to have IPv4 routing enabled, which requires the ip routing global configuration command. (That command is listed in the configuration in both Example 1 and Example 2.)

The final part of the configuration on Dist1 calls for the Dist1 to Dist2 link to be an access link in VLAN 50. So, configure Dist1 interface GigabitEthernet0/1 into VLAN 50 use the switchport access vlan 50 command.

Moving on to switch Dist2, it uses similar logic to Dist1, but with different details. Dist2 routes for the subnets sitting on VLANs 30, 40 and 50. As a result, you need to create the VLANs by using the the vlan 30, vlan 40 and vlan 50 commands. Then, as on Dist1, you would enable IPv4 routing (ip routing), create a VLAN interface corresponding to each VLAN (for instance, interface vlan 30), then configure an IP address (for instance, ip address, and enable the interface (no shutdown).

PPP over Ethernet 2
Answers: PPP over Ethernet 2
By certskills July 20, 2016 09:10
Write a comment


  1. Mika June 26, 17:55

    I keep doing this exercise and when I input vlan 50 to the two layer 3 switches on the router I keep getting a native vlan mismatch. What am I doing wrong?

    Reply to this comment
    • CCENTSkills July 5, 09:17

      It could be that you didn’t configure the “switchport access plan 50” command on both Dist1 and Dist2 per the sample answers. I just repeated the exercise with the VIRL file on the site. When I copied the Dist1 config in, I get the same message, until the point at which I copy the Dist2 config in, at which point the message quits happening. FYI.

      Reply to this comment
      • Mika July 10, 20:43

        Thanks for the response. No. I did the exact answers on Packet Tracer twice with the same result. I had to use switchport trunk native vlan to get the message to stop. Maybe it’s an error in the programming on this edition of packet tracer. Weird.

        Though my new question is was it alright to use that command to to get the message to stop? Could anything bad happen as a result?

        Reply to this comment
        • Bav August 12, 14:33

          Mika – I’m assuming no as one of the requirements was to make that link between the 2 distribution switches an access link.

          Wendell – I have tried this in packet tracer and have the same native vlan mismatch logging message. It’s a bit annoying as my config matches what’s above.

          Why am I getting this error?

          Reply to this comment
          • CCENTSkills August 15, 16:33

            Hi Bav,
            I can only assume it’s an issue with PT. It doesn’t happen on real gear in this scenario.

            On real switches, CDP is required for that message to appear – if you find it annoying, maybe also disable CDP – that might at least make the message go away. At least that would mask the incorrect behavior.

  2. Gjorgi November 19, 22:10

    Great exercise in configuring SVIs, I tried this in Packet Tracer and it works just fine- maybe if one has the interface for VLAN 50 shut down first, does the configuration on both sides of the link and then brings those interfaces back up, one could avoid those messages about mismatch.
    Note to self, i had to create actual VLANs not just their SVIs, connectivity between hosts was not there without creating actual VLANs.

    Reply to this comment
  3. Tristan July 14, 05:48

    Hi Wendell !

    In this lab, for the layer 3 switches Dist1 & Dist2’s interfaces G0/1, could it be possible to use one set with the dynamic auto/desirable command while the other is set with the trunk command ?

    Reply to this comment
    • CCENTSkills July 25, 10:24

      Hi Tristan,
      Yep, that’ll work as well! The instructions mention “manual” trunk, which was code to not rely on dynamic protocols, but to make the trunks work in real life, any combination that results in a trunk is valid.

      Reply to this comment
  4. Sophie December 1, 14:00

    Hi Wendell,

    Regarding the two Distribution switches connection… why do you need to the following?

    interface Vlan50
    ip address
    no shutdown

    I omitted this, as the port is configured to be an access port, why is this still needed??

    Reply to this comment
    • certskills Author December 2, 15:34

      It’s honestly a little tricky as shown here. But let me try to explain further.
      The two distribution switches, per this design, need to route packets between the subnets in VLANs 10, 20, 30, and 40. That is, we have end user devices in those four VLANs, and something has to route packets between the IP hosts in those subnets.
      If we do that with layer 3 switches – which is the intent here – then dist1 on the left, which connects to VLANs 10 and 20, needs a VLAN 10 and VLAN 20 interface. Those are DIST1’s layer 3 interfaces connected to those layer 2 VLANs.
      Likewise, DIST 2 needs VLAN interfaces 30 and 40.
      Additionally, we must have some layer 3 link between the two distribution switches. That’s the crux of your question, I think. so both DIST1 and DIST2 need a VLAN X interface (same value X) for some VLAN whose traffic can be forwarded between the two DIST switches. I used VLAN 50 in this case.
      For example, ignore the layer 2 topology, and think of DIST1 and DIST2 as routers. DIST1 connects to subnet 10 and 20, DIST2 to 30 and 40, and then subnet 50 sits between DIST1 and DIST2. That’s the layer 3 part of the logic.
      Make more sense now?

      Reply to this comment
  5. Munachimso Victor Nwaiwu July 22, 10:57

    Hey Wendell,
    for routing between the two distribution switches, I made the ports routed ports and configured the IP address on the physical interface instead of the vlan interface.

    Does this satisfy the requirements?

    Reply to this comment
    • certskills Author July 22, 14:04

      Using layer 3 interfaces meets the broader requirement to make the distribution switches be layer 3 switches. The lab post does ask you to use VLAN interfaces (SVIs), so if the lab post was say in a graded class, and I was grading your lab, I might argue that you didn’t follow the lab to the letter. But that’s not what these are about. I’d say: can you configure both with SVIs and with layer 3 interfaces and make it work? Then that’s where you want to be. Try it both ways and get comfortable with both.

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.