51

What's the difference between a Layer 2 & Layer 3 switch?

I've always wondered and never needed to know until now.

Jon Rhoades
  • 4,989
  • 3
  • 30
  • 47
  • See the related question (http://serverfault.com/questions/2219/what-should-i-pay-attention-to-when-im-buying-a-network-switch) – Zoredache Mar 18 '10 at 06:31

5 Answers5

63

I will complete Zoredache's answer.

A L2 switch does switching only. This means that it uses MAC addresses to switch the packets from a port to the destination port (and only the destination port). It therefore maintains a MAC address table so that it can remember which ports have which MAC address associated.

A L3 switch also does switching exactly like a L2 switch. The L3 means that it has an identity from the L3 layer. Practically this means that a L3 switch is capable of having IP addresses and doing routing. For intra-VLAN communication, it uses the MAC address table. For extra-VLAN communication, it uses the IP routing table.

This is simple but you could say "Hey but my Cisco 2960 is a L2 switch and it has a VLAN interface with an IP !". You are perfectly right but that VLAN interface cannot be used for IP routing since the switch does not maintain an IP routing table.

Antoine Benkemoun
  • 7,314
  • 3
  • 41
  • 60
  • So if a L3 switch had two hosts on separate VLANs it could route between them rather than going through a router? – Jon Rhoades Mar 18 '10 at 07:49
  • Possibly. Most with routing can. heck, my extreme networks summit supports all major dynamic routing protocols AND can be "split" into multiple logical routers if needed. Routing between VLAN's is the smallest part - and works REALLY nice. The bad side is th ecost of such a beast ;) – TomTom Mar 18 '10 at 08:01
  • 2
    If you've got a lot of L2 vlans, which overlay L3 subnets, then you needed something called a one armed router aka router on a stick. Thus, if you had a lot of intra vlan traffic then this would be come the bottle neck. L3 switches can fulfil this job. http://www.cisco-tips.com/cisco-router-on-a-stick-with-switch/ now, you can think of the layer 3 engine being integrated into the switch itself. – The Unix Janitor Mar 18 '10 at 15:18
8

The layer 3 vs 2 refers to the OSI model. A layer 3 switch supports routing. A layer 2 switch only knows ethernet, you may be able to setup VLANs.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • Adding to that a layer 2 switch normally does hardware routing. It basically sets up a hardware switch module based on bytes in the ethernet packet for "switching the packets according to route". So it is / can be a LOT more efficient than a normal software based router implementation. Some of those get pretty powerfull (looking at the direction of Extreme Networks). – TomTom Mar 18 '10 at 06:34
4

Simply put, a layer 3 switch can forward packets between different networks like a router while layer 2 switches forward packets to different segments/or within a given network.

find_X
  • 141
  • 3
0

A switch can be thought of as a more powerful bridge and a less powerful router.

If a switch is configured to work only as a bridge, it is called a layer 2 switch.

If a switch is configured to work only as a router, it is called a layer 3 switch.

More often, a switch is configured to perform both these functions(layer2 as well as layer3):

  1. Either together on the same ports(using Integrated Routing and Bridging, ie, IRB): If the DMAC in the incoming IP data packet is of the IRB interface, routing or layer 3 behavior is done. Otherwise, the packet is bridged(layer 2 behavior) on all the same vlan ports.

  2. Or, on separate sets of ports of the switch(some ports as L2 ports while some ports as L3 ports): A set of "x" ports on a switch may be configured as a bridge(and will bridge packets). While, another set of "y" ports may have IP addresses assigned to them and will act as router ports(routing received IP packets).

gsinha
  • 323
  • 1
  • 3
  • 15
  • 2
    A switch configured as a bridge would be working at layer 1, not 2. A switch working only as a router would be a router, not a switch... though the difference is getting pedantic. Most switches can't operate at L3, and the DMAC isn't part of the IP header, but part of the Ethernet header. – Chris S Jun 12 '12 at 18:05
  • As per Wikipedia page on this topic, ["bridge"](http://en.wikipedia.org/wiki/Bridging_(networking)) operates at layer 2. So, a switch configured as a "bridge" will be a layer 2 switch. If you go through the data sheets of the different switches manufactured by Juniper Networks(eg, [ex8200](http://www.juniper.net/techpubs/en_US/junos12.1/information-products/pathway-pages/ex-series/index.html), ex6200, ex4200, ex4500, etc) or Cisco, you will find all the layer 3 functionality available(including routing protocols like rip, ospf, isis, bgp). So, most switches, these days, do operate at layer 3. – gsinha Jun 12 '12 at 20:03
  • All IP packets passed over the Ethernet(among the intermediate hops) are encapsulated in Ethernet header. DMAC is present in the Ethernet header. Even a "router" examines the DMAC to decide on whether to process/route the received IP packet or to "discard" it(if the DMAC in the Ethernet header does not match the MAC address of the interface on which the IP packet is received). So, a layer 3 switch behaves in the same way. – gsinha Jun 12 '12 at 20:11
-2

Layer 2 is generally hardware i.e. mac address "routing" or mac tables. Layer 3 has to do with ip's. Layer 3 devices are usually managed and they can create and route between vlans.

jhicks4
  • 45
  • 3