Chapter 12: Multilayer Switching

Cisco Press

Rate your favorite Cisco Press books.

This chapter covers the following topics that you need to master for the CCNP BCMSN exam:

  • InterVLAN Routing—This section discusses how you can use a routing function with a switch to forward packets between VLANs.

  • Multilayer Switching with CEF—This section discusses Cisco Express Forwarding (CEF) and how it is implemented on Catalyst switches. CEF forwards or routes packets in hardware at a high throughput.

  • Troubleshooting Multilayer Switching—This section provides a brief summary of the commands that can verify the configuration and operation of InterVLAN routing, CEF, and fallback bridging.

Chapter 3, "Switch Operation," presents a functional overview of how multilayer switching (MLS) is performed at Layers 3 and 4. The actual MLS process can take two forms: InterVLAN routing and Cisco Express Forwarding (CEF). This chapter expands on multilayer switch operation by discussing both of these topics in greater detail.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 12-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 12-1 "Do I Know This Already?" Foundation Topics Section-to-Question Mapping

Foundation Topics Section

Questions Covered in This Section


InterVLAN Routing



Multilayer Switching with CEF



Troubleshooting Multilayer Switching



Total Score


The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might give you a false sense of security.

  1. Which of the following arrangements can be considered InterVLAN routing?

    1. One switch, two VLANs, one connection to a router

    2. One switch, two VLANs, two connections to a router

    3. Two switches, two VLANs, two connections to a router

    4. All of these answers are correct

  2. How many interfaces are needed in a "router on a stick" implementation for InterVLAN routing among four VLANs?

    1. 1

    2. 2

    3. 4

    4. Cannot be determined

  3. Which of the following commands configures a switch port for Layer 2 operation?

    1. switchport

    2. no switchport

    3. ip address

    4. no ip address

  4. Which of the following commands configures a switch port for Layer 3 operation?

    1. switchport

    2. no switchport

    3. ip address

    4. no ip address

  5. Which one of the following interfaces is an SVI?

    1. interface fastethernet 0/1

    2. interface gigabit 0/1

    3. interface vlan 1

    4. interface svi 1

  6. What information must be learned before CEF can forward packets?

    1. The source and destination of the first packet in a traffic flow

    2. The MAC addresses of both the source and destination

    3. The contents of the routing table

    4. The outbound port of the first packet in a flow

  7. Which of the following best defines an adjacency?

    1. Two switches connected by a common link

    2. Two contiguous routes in the FIB

    3. Two multilayer switches connected by a common link

    4. The MAC address of a host is known

  8. Assume that CEF is active on a switch. What happens to a packet that arrives needing fragmentation?

    1. The packet is switched by CEF and kept intact.

    2. The packet is fragmented by CEF.

    3. The packet is dropped.

    4. The packet is sent to the Layer 3 engine.

  9. Suppose that a host sends a packet to a destination IP address and that the CEF-based switch does not yet have a valid MAC address for the destination. How is the ARP entry (MAC address) of the next-hop destination in the FIB obtained?

    1. The sending host must send an ARP request for it.

    2. The Layer 3 forwarding engine (CEF hardware) must send an ARP request for it.

    3. CEF must wait until the Layer 3 engine sends an ARP request for it.

    4. All packets to the destination are dropped.

  10. During a packet rewrite, what happens to the source MAC address?

    1. There is no change.

    2. It is changed to the destination MAC address.

    3. It is changed to the MAC address of the outbound Layer 3 switch interface.

    4. It is changed to the MAC address of the next-hop destination.

  11. What Spanning Tree Protocol is used for fallback bridging?

    1. 802.1D

    2. IBM STP

    3. PVST+

    4. VLAN-bridge

  12. What command can you use to view the CEF FIB table contents?

    1. show fib

    2. show ip cef fib

    3. show ip cef

    4. show fib-table

You can find the answers to the "Do I Know This Already?" quiz in Appendix A, "Answers to Chapter 'Do I Know This Already?' Quizzes and Q&A Sections." The suggested choices for your next step are as follows:

  • 10 or less overall score—Read the entire chapter. This includes the "Foundation Topics," "Foundation Summary," and "Q&A" sections.

  • 11 or 12 overall score—If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section at the end of the chapter. Otherwise, move to Chapter 13, "Router, Supervisor, and Power Redundancy."

Foundation Topics

InterVLAN Routing

Recall that a Layer 2 network is defined as a broadcast domain. A Layer 2 network also can exist as a VLAN inside one or more switches. VLANs essentially are isolated from each other so that packets in one VLAN cannot cross into another VLAN.

To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router's function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing.

InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch. Separate physical connections can be used, or the router can access each of the VLANs through a single trunk link. Part A of Figure 12-1 illustrates this concept. The external router also can connect to the switch through a single trunk link, carrying all the necessary VLANs, as illustrated in Part B of Figure 12-1. Part B illustrates what commonly is referred to as a "router on a stick" or a "one-armed router" because the router needs only a single interface to do its job.

Finally, Part C of Figure 12-1 shows how the routing and switching functions can be combined into one device: a multilayer switch. No external router is needed.

Figure 12-1

Figure 12-1

Examples of InterVLAN Routing Connections

Types of Interfaces

Multilayer switches can perform both Layer 2 switching and interVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interface can have a Layer 3 address assigned to it.

As with a router, a multilayer switch can assign a Layer 3 address to a physical interface. It also can assign a Layer 3 address to a logical interface that represents an entire VLAN. This is known as a switched virtual interface (SVI).

Configuring InterVLAN Routing

InterVLAN routing first requires that routing be enabled for the Layer 3 protocol. In addition, you must configure static routes or a dynamic routing protocol. These topics are covered fully in the BSCI course.

Because a multilayer switch supports many different types of interfaces for Layer 2 or Layer 3 switching, you must define each interface on a switch that will be used. By default, every switch port on platforms such as the Catalyst 2950, 3560, or 4500 is a Layer 2 interface, whereas every switch port on a Catalyst 6500 (native IOS) is a Layer 3 interface. If another type or mode is needed, you must explicitly configure it.

A port is either in Layer 2 or Layer 3 mode, depending on the use of the switchport configuration command. You can display a port's current mode with the following command:

Switch# show interface type mod/num switchport

If the Switchport: line in the command output is shown as enabled, the port is in Layer 2 mode. If this line is shown as disabled, as in the following example, the port is in Layer 3 mode:

Switch# show interface gigabitethernet 0/1 switchport
Name: Gi0/1
Switchport: Disabled

Figure 12-2 shows how the different types of interface modes can be used within a single switch.

Layer 2 Port Configuration

By default, all switch ports on Catalyst 2950, 3560, and 4500 platforms operate in Layer 2 mode. If you need to reconfigure a port for Layer 2 functionality, use the following command sequence:

Switch(config)# interface type mod/num
Switch(config-if)# switchport

Figure 12-2

Figure 12-2

Catalyst Switch with Various Types of Ports

The switchport command puts the port in Layer 2 mode. Then you can use other switchport command keywords to configure trunking, access VLANs, and so on. As displayed in Figure 12-2, several Layer 2 ports exist, each assigned to a specific VLAN. A Layer 2 port also can act as a trunk, transporting multiple VLANs.

Layer 3 Port Configuration

Physical switch ports also can operate as Layer 3 interfaces, where a Layer 3 network address is assigned and routing can occur, as shown previously in Figure 12-2. By default, all switch ports on the Catalyst 6500 platform (native IOS) operate in the Layer 3 mode. For Layer 3 functionality, you must explicitly configure switch ports with the following command sequence:

Switch(config)# interface type mod/num
Switch(config-if)# no switchport
Switch(config-if)# ip address ip-address mask [secondary]

The no switchport command takes the port out of Layer 2 operation. You then can assign a network address to the port, as you would to a router interface.

Keep in mind that a Layer 3 port assigns a network address to one specific physical interface. If several interfaces are bundled as an EtherChannel, the EtherChannel can become a Layer 3 port too. In that case, the network address is assigned to the port-channel interface—not to the individual physical links within the channel.

SVI Port Configuration

On a multilayer switch, you also can enable Layer 3 functionality for an entire VLAN on the switch. This allows a network address to be assigned to a logical interface: that of the VLAN itself. This is useful when the switch has many ports assigned to a common VLAN, and routing is needed in and out of that VLAN.

If you refer to Figure 12-2, you can see how an IP address is applied to the switched virtual interface called VLAN 10. Notice that the SVI itself has no physical connection to the outside world; to reach the outside, VLAN 10 must extend through a Layer 2 port or trunk.

The logical Layer 3 interface is known as an SVI. However, when it is configured, it uses the much more intuitive interface name vlan vlan-id, as if the VLAN itself is a physical interface. First, define or identify the VLAN interface; then assign any Layer 3 functionality to it with the following configuration commands:

Switch(config)# interface vlan vlan-id
Switch(config-if)# ip address ip-address mask [secondary]

The VLAN must be defined and active on the switch before the SVI can be used. Make sure that the new VLAN interface also is enabled with the no shutdown interface configuration command.

Note - The VLAN and the SVI are configured separately, even though they interoperate. Creating or configuring the SVI doesn't create or configure the VLAN; you still must define each one independently.

As an example, the following commands show how VLAN 100 is created and then defined as a Layer 3 SVI:

  • Switch(config)# vlan 100
  • Switch(config-vlan)# name Example_VLAN
  • Switch(config-vlan)# exit
  • Switch(config)# interface vlan 100
  • Switch(config-if)# ip address
  • Switch(config-if)# no shutdown

Multilayer Switching with CEF

Catalyst switches can use several methods to forward packets based on Layer 3 and Layer 4 information. The current generation of Catalyst multilayer switches uses the efficient Cisco Express Forwarding (CEF) method. This section describes the evolution of multilayer switching and discusses CEF in detail. Although CEF is easy to configure and use, the underlying switching mechanisms are more involved and should be understood.

Traditional MLS Overview

Multilayer switching began as a dual effort between a route processor (RP) and a switching engine (SE). The basic idea is to "route once and switch many." The RP receives the first packet of a new traffic flow between two hosts, as usual. A routing decision is made, and the packet is forwarded toward the destination.

To participate in multilayer switching, the SE must know the identity of each RP. The SE then can listen in to the first packet going to the router and also going away from the router. If the SE can switch the packet in both directions, it can learn a "shortcut path" so that subsequent packets of the same flow can be switched directly to the destination port without passing through the RP.

This technique also is known as NetFlow switching or route cache switching. Traditionally, NetFlow switching was performed on Cisco hardware, such as the Catalyst 6000 Supervisor 1/1a and Multilayer Switch Feature Card (MSFC), Catalyst 5500 with a Route Switch Module (RSM), Route Switch Feature Card (RSFC), or external router. Basically, the hardware consisted of an independent RP component and a NetFlow-capable SE component.

CEF Overview

1 2 3 4 Page 1
Page 1 of 4