We currently have a flat network with a bunch of unmanaged switches. I would like to use VLANs to segregate certain users like guests and I would like to use 802.1x. However, I'm not sure if what I need is a layer 3 or a level 2 switch.
From what I understand a layer 3 switch does routing between VLANs. I don't think I need this at the moment but as I said I'm not sure since this is all new to me. What else would a layer 3 switch do for me? Our network is relatively small, less than a 100 users. What exactly does a layer 3 switch do that I can't get with a layer 2 switch? When would I need a layer 3?
Best Answer
Unmanaged, is a basic switch, just passes packets from A to B.
L2, will do basic segregation based on things like vLan, and usually will do QoS, and might do other things like GVRP. This is most useful when used in conjunction with a L3 core switch, or a router that fully supports vLans.
L3, will do routing between different subnets on different vLans and might do basic traffic shaping (depends on manufacturer and model). It may support ACLs, but it's not terribly common. This is most useful as a switching core in a semi-complicated network.
L4, is basically a simple router with a ton of ports. These allow for very complicated networks, and the price reflects it. Usually these have every feature mentioned above plus all the features commonly found in cheaper (business grade) routers.
Edit:
Generally people use vLans to separate different types of traffic. It's common for VoIP phones to use a different vLan for voice traffic than "normal" network traffic. Also it's common to separate SAN and Management networks from the rest of the network. Particularly with the management features it's convenient to have a L3/4 switch with ACLs so that only Admin computers can access the Management controllers (iLO/iLOM, network connected UPSes). Before anyone launches into a "don't you trust your employees" argument, sometimes it's better to just know who can/can't access things.
Also you can use vLans to make a visitors' network. That way certain ports (in conference rooms, waiting rooms, or public areas) can be used by guests/visitors without letting them on your network.
Most of these things can be accomplished with a L2 switch and a vLan aware router. However going this option will reduce your vLan switching fabric to the links to the router; which may not be enough bandwidth (depends on your network and requirements).