Layer 3 Switches Explained

by David Davis on August 30, 2007

Layer 3 switches are becoming more and more common in the Enterprise. After reading this tip, you’ll know the difference between a switch, a router, and a Layer 3 switch. You’ll also understand what to look for when shopping for Layer 3 switches.

Layer 3 Switches Explained
By: David Davis, CCIE #9369, CWNA, MCSE, CISSP, Linux+, CEH

The following article was originally posted at 3 Switches Explained and it is reproduced with their permission.

Let’s say that the switches in your data center or wiring closet are old. You know that you need to replace them and have heard about Layer 3 switches. But what is a Layer 3 switch, what can it do for you, and how does it differ from a regular switch or router? Let’s find out.

How do switches and routers work?

Before defining what a Layer 3 switch is, let’s make sure that we are all on common ground and understand what a regular switch and a router do.

A switch works at Layer 2 of the OSI model (data-link). It is a LAN device that can also be called a multi-port bridge. A switch switches Ethernet frames between Ethernet devices. Switches do not care about IP addresses nor do they even examine IP addresses as the frames flow through the switch. However, unlike a hub that just duplicates data and sends it out all ports, switches keep a bridge forwarding table that shows what MAC addresses have been seen on what port.

In the Cisco world, the bridge forwarding table is called a CAM Table, or Content Addressable Memory table. If a switch receives an Ethernet frame for a destination that it doesn’t have in its table, it floods that frame out to all ports (like a hub does all the time). However, the switch learns from the response of that flood and records the response to that frame in its forwarding table for the next time. Switches form collision domains. In other words, the switches “play traffic cop” with the inbound frames by buffering each packet before switching it. This way, there are no collisions and, to each device connected to the switch, it seems like that device has its own Ethernet segment and can talk at full speed, without risk of collisions.

A router, on the other hand, works at Layer 3 of the OSI model (Network). It is a WAN device that connects a LAN to a WAN or a subnetted LAN to another subnetted LAN. A router routes IP packets between IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamic routes. When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table the router drops the packet, unless it has a default route. Routers form broadcast domains because they drop broadcast packets.

How does a Layer 3 switch work?

A Layer 3 switch works much like a router because it has the same IP routing table for lookups and it forms a broadcast domain. However, the “switch” part of “Layer 3 switch” is there because:

  1. The layer 3 switch looks like a switch. It has 24+ Ethernet ports and no WAN interfaces.
  2. The layer 3 switch will act like a switch when it is connecting devices that are on the same network.
  3. The layer 3 switch is the same as a switch with the router’s IP routing intelligence built in.
  4. The switch works very quickly to switch or route the packets it is sent.

In other words, the Layer 3 switch is really like a high-speed router without the WAN connectivity.

You might be asking yourself why you would want the routing functionality of a router in your switch if you don’t have WAN interfaces. Well, the routing functionality of the Layer 3 switch is there to route between different subnets or VLANs on a campus LAN or any sort of large LAN. This means that the Layer 3 switch is really for large Ethernet networks that need to subnet into smaller networks. Most of the time, this is done using VLANs.

When it comes to Layer 3 switching, there are two kinds: hardware and software. With a hardware-based solution, the device is using an ASIC (a dedicated chip) to perform the function. With the software implementation, the device is using a computer processor and software to perform the function. Generally, Layer 3 switches and high-end routers route packets using hardware (ASICs) and general-purpose routers use software to perform routing functions.

What is a VLAN?

A VLAN is a virtual LAN. This virtual LAN is also an IP subnet. The difference between just subnetting a network and using VLANs is the flexibility that VLANs can provide for your LAN subnetting. Here is an example: Say that you have a single switch port in one VLAN, in one building. One hundred yards away, you can have another switch port, in another building. Both of those switch ports can be in the same VLAN and only those two switch ports can talk, despite the fact that they are separated by multiple buildings and are connected by a 100 yard fiber optic cable. Without a VLAN, this type of organization wouldn’t be possible.

In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port on a router. That trunk port and the processing power of the router would create a bottleneck for communications. With a Layer 3 switch, routing and trunking are performed at very high speeds.

Besides the functionality mentioned above, a VLAN has a number of other features such as:

  • Performance & broadcast control
  • Segregating departments or project networks
  • Security

This article can’t begin to cover all that you need to know about VLANs. What you need to know is that Layer 3 switches are used to make VLANs easier and faster. Layer 3 switches make VLANs easier to configure because you don’t need a separate router between VLANs. All the routing can be done right on the switch. Layer 3 switches make VLANs faster because they eliminate the bottleneck that results from a router forming a single link between VLANs.

Do I need a Layer 3 switch?

You should investigate getting a Layer 3 switch if you can answer yes to any of the following questions:

  • Do you have a network with a lot of broadcasts that needs better performance?
  • Do you have subnets and/or VLANs that are currently connected via a router?
  • Do you need higher performance VLANs?
  • Do departments need their own broadcast domains for performance or security?
  • Are you considering implementing VLANs?

Article summary

Here is what we have learned:

  • Routers work at Layer 3 and route IP packets between networks.
  • Switches work at Layer 2 and switch Ethernet frames between Ethernet devices.
  • For some of the higher-end Cisco switches, enabling Layer 3 switching is simply a software upgrade available for a fee.
  • Layer 3 switches are used primarily for inter-VLAN routing.
  • Layer 3 switches don’t have WAN connectivity

{ 1 trackback }

Layer 3 Switches | CCNA Topics
08.01.11 at 1:27 pm

{ 12 comments… read them below or add one }

sijo 05.28.09 at 12:48 am

i need to get the config og DES-3326Sr D-Link switch for layer 3 ..

aslam 06.30.09 at 1:30 am

as we use straight cable between layer 2 switch and what type of cable is use between layer 3 switch and router?


Akhilesh kala 07.20.10 at 10:05 pm

thanks for this important informationa and i want one more question
“In layer3 switches works in different ip like routers?”

lennard 08.22.10 at 4:20 am

hi, thanks for the great acticle, by the way I have a question to inquiry:

with layer3 switch to implement VLAN without the need of router, isn’t that reduce the security level as router does provide firewall and packet filtering of which layer3 switch does not. I agree that performance can greatly be achieved, but the purpose of segmenting network (VLAN) mainly is to reduce broadcast rate and SECURITY purpose,
with layer3 switch, we can improve its performance, but how about security?

Thanks and correct me if i were wrong. ^^

a.rafik 09.02.10 at 1:40 am

its very helpful…………………………..thanks

bnre 02.24.11 at 1:42 am

thanks for your Q & A

Manish Sharma 05.19.11 at 12:26 pm

Thanks you very much, this explaination cleared lot of doubts in my mind……Grt work…:)

balraje 09.27.11 at 11:21 am

thank u so much,…………. really its very useful

Ricky Hou 10.09.11 at 5:28 pm

Great article, easy to follow and excellent explanation to distinguish between Router and L3 switch.

Could you please also explain how Layer 4 or L7 switching works on another article? I have found them event more confusing.

Thanks very much.


Dan 01.29.12 at 12:22 pm

Really good article, thank you

sudhir 02.16.12 at 6:19 am

thanks for your artical

Prashant 09.28.13 at 12:21 am

we have source mac address changing on the exit interface of a router to that interfaces’ mac address. However, in L3 switching, how does it work. For eg. we have VLAN 10 and 20 configured on the switch. Traffic on vlan 10 is received for a destination on VLAN 20 both connected on the same switch. How would the frame change while this inter vlan routing happens on the switch?

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: