In modern networking, Layer 3 switches play a crucial role in routing traffic efficiently between VLANs and different network segments. This guide will walk you through configuring a Cisco L3 switch from scratch, covering VLANs, inter-VLAN routing, and security settings.
1. Enabling IP Routing
By default, a Cisco Layer 3 switch operates as a Layer 2 device. To enable routing capabilities, use the following command:
Switch# configure terminal
Switch(config)# ip routing
Switch(config)# exitThis allows the switch to forward traffic between different VLANs.
2. Creating VLANs and Assigning Interfaces
VLANs segment the network into separate broadcast domains. Here’s how to create VLANs and assign interfaces:
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name HR
Switch(config-vlan)# exit
Next, assign ports to the VLANs:
Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# exit
Switch(config)# interface GigabitEthernet0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# exit3. Configuring Inter-VLAN Routing (SVI)
To allow communication between VLANs, configure Switch Virtual Interfaces (SVIs):
Switch(config)# interface vlan 10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exit
Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exitIf the switch needs to communicate with an external network, set a default gateway:
Switch(config)# ip default-gateway 192.168.1.14. Configuring Routing on the Switch
a) Static Routing (Optional)
For manual route configuration:
Switch(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1b) Dynamic Routing (OSPF Example)
If your network requires dynamic routing, configure OSPF:
Switch(config)# router ospf 1
Switch(config-router)# network 192.168.10.0 0.0.0.255 area 0
Switch(config-router)# network 192.168.20.0 0.0.0.255 area 0
Switch(config-router)# exit5. Configuring Trunk Ports
If you need to connect to another switch, configure a trunk port:
Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# exit6. Configuring DHCP on Layer 3 Switch
To allow the switch to assign IP addresses dynamically:
Switch(config)# ip dhcp excluded-address 192.168.10.1
Switch(config)# ip dhcp pool SALES
Switch(dhcp-config)# network 192.168.10.0 255.255.255.0
Switch(dhcp-config)# default-router 192.168.10.1
Switch(dhcp-config)# exit7. Enabling Security Features
a) Port Security
To restrict MAC addresses on ports:
Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# exitb) Enabling SSH for Secure Access
Secure the switch with SSH instead of Telnet:
Switch(config)# ip domain-name example.com
Switch(config)# crypto key generate rsa
Switch(config)# username admin privilege 15 secret Cisco@123
Switch(config)# line vty 0 4
Switch(config-line)# transport input ssh
Switch(config-line)# login local
Switch(config-line)# exit8. Saving the Configuration
To ensure the changes persist after a reboot, save the configuration:
Switch# write memory9. Verification Commands
Use the following commands to check the switch’s status:
Check VLANs
Switch# show vlan brief
Check the Routing Table:
Switch# show ip route
Check Trunk Ports:
Switch# show interfaces trunk
Check Interface Status:
Switch# show ip interface brief
Check Port Security:
Switch# show port-security interface GigabitEthernet0/1
Final Thoughts
Setting up a Cisco Layer 3 switch is essential for enabling VLAN segmentation, inter-VLAN communication, and secure network management. This guide provides a structured approach to configuring VLANs, routing, and security features.