Skip to main content
Cisco Meraki

MS Layer 3 Switching and Routing

  1. Last updated
  2. Save as PDF

Layer 3 routing capabilities are available on most Cisco Meraki switches. This allows the switches to route traffic between VLANs in a network without the need for an additional layer 3 device.

Learn more with this free online training course on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

Supported Models

In order to enable and configure layer 3 routing on MS switches, a layer 3 capable switch is required.

Model Layer 3 Interfaces Routes Maximum Routable Clients Features
MS210 16 16 static routes     8192

Static Routing

DHCP Relay
MS225 16 16 static routes 8192
MS250 256 1024 1 (256 static routes) 8192

Static Routing

OSPFv2

DHCP Server + Relay

Warm Spare (VRRP) 2

Multicast Routing (PIM-SM)

IPv6 Static Routing 3
MS350 256 16384 1 (256 static routes) 24k
MS350X 256 8192 (256 static routes) 45k
MS355 256 8192 (256 static routes) 68k
MS390 256 8192 (256 static routes) 24k
MS410 256 16384 1 (256 static routes) 24k
MS425 256 8192 (256 static routes) 212k
MS450 256 8192 (256 static routes) 68k

The alert, "This switch is routing for too many hosts. Performance may be affected" will be displayed if the current number of routed clients exceeds the values listed in the table above.

 

1 To prevent hardware TCAM exhaustion, the following platform limitations are enforced on the number of dynamically (OSPF) learned routes

MS250: 900
MS350, MS410: 15000

If the limit is reached, routes will be rejected indiscriminately and may result in erratic routing behavior. To minimize the impact of this, the default route will not be affected by the limit and will be accepted regardless.  

2 Currently not supported on the MS390 series switches

 3 Supported only on the MS390 series switches on firmware versions MS 15.21.1 and higher.

Initializing Layer 3 Routing

In order to route traffic between VLANs, layer 3 interfaces must be configured. Only VLANs with a layer 3 interface configured will be able to route traffic on the switch, and only if clients/devices on the VLAN are configured to use the switch's layer 3 interface IP address as their gateway or next hop.

To start using layer 3 routing, navigate to the Switching > Routing & DHCP page. Alternatively, you could go to Switch > Monitor > Switches and click on the switch to be configured. Under Status > L3 routing status, click Configure layer 3 settings.

clipboard_e6efcbee9acf26f4abdc71c564ba1cd82

On the Routing & DHCP page, you will have the option to either "create interface" or to add an interface, if any layer 3 interfaces already exist in the network. Clicking on the available option will bring up the Interface Editor UI.

 

Configuring an IPv4 interface

  • Interface name: A friendly name/description for the interface/VLAN.
  • VLAN: The VLAN this layer 3 interface is in.
  • Subnet: The network that this layer 3 interface is in, in CIDR notation (ex. 10.1.1.0/24).
  • Interface IP: The IP address this switch will use for layer 3 routing on this VLAN/subnet. This cannot be the same as the switch's management IP.
  • Multicast support:  Enable multicast support if multicast routing between VLANs is required.
  • Default gateway: When creating the first IPv4 interface on a switch, you will be prompted to enter a default gateway address. This is the next hop IPv4 address for any traffic that isn't going to a directly connected subnet or over a static route. This IP address must exist in a subnet with a layer 3 interface.
  • DHCP settings: If DHCP on this VLAN should be handled by the switch or forwarded to a server, make the appropriate selections. See the article on Configuring DHCP Services for more details.
  • OSPF settings: This VLAN can be distributed via OSPF. See the MS OSPF Overview article for more details.

 

When complete, click Save or Save and add another to configure additional layer 3 interfaces.

 

  ipv4 layer 3 interface.png

 

Configuring an IPv6 interface

  • Interface name: A friendly name/description for the interface/VLAN.
  • VLAN: The VLAN this layer 3 interface is in.
  • Prefix: The IPv6 subnet that this layer 3 interface is in, in CIDR notation (ex. 2001:db8::/32).
  • IPv6 EUI64: Option to use EUI (extended unique identifier) allowing the switch to automatically dervice the interface IPv6 address from the switch's MAC address. This option can only be used if the prefix length is /64.
  • Interface IPv6: The IPv6 address this switch will use for layer 3 routing on this VLAN/subnet. This cannot be the same as the switch's management IPv6 address. If the interace is configure to use EUI64, this option will be disabled.
  • Default gateway: When creating the first IPv6 interface on a switch, you will be prompted to enter a default gateway address. This is the next hop IPv4 address for any traffic that isn't going to a directly connected subnet or over a static route. This IP address must exist in a subnet with a layer 3 interface.

ipv6 layer 3 interface.png

Once created, any layer 3 interfaces or static routes will appear under Switch > Configure > Layer 3 routing.

clipboard_ee73e03662ca1a847a7e48e1936d76be6

 

Note: Each switch can only have a single layer 3 interface per VLAN. 

Configuring Static Routes

In order to route traffic elsewhere in the network, static routes must be configured for subnets that are not being routed by the switch or would not be using the default route already configured, such as if another portion of the network was located behind a router or another layer 3 switch is downstream from the Cisco Meraki layer 3 switch being configured.

To create a new static route:

  1. Navigate to Switch > Configure > Routing and DHCP.
  2. Click Add a static route.
  3. Select the Switch it should be applied to.
  4. Provide the following information:
    • Name: A friendly name/description for the static route.
    • Subnet: The network that this static route is for, in CIDR notation (ex. 10.1.1.0/24 or 2001:db8::/32).
    • Next hop IP: The IP address of the next layer 3 device along the path to this network. This address must exist in a subnet with a layer 3 interface. On switches that support IPv6 static routing, an IPv6 global unicast address can be entered as the next hop IP.
  5. Click Save or Save and add another if additional static routes are needed.

clipboard_e12c9076cb45d483074f78177a001fec9 

Editing an Existing Layer 3 Interface or Static Route

To modify an existing layer 3 interface or static route on a specific switch:

  1. Navigate to Switch > Configure > Routing and DHCP
  2. Click on the desired Interface or Route
  3. Make any desired changes.
  4. Click Save

Moving a Layer 3 Interface to Another Switch

To move a layer 3 interface from one switch to another:

  1. Navigate to Switch > Configure > Routing and DHCP.
  2. Select the layer 3 interfaces that will be moved.
  3. Click Edit > Move...
  4. Select destination switch or switch stack, then click Submit.

Deleting a Layer 3 Interface or Static Route

In order to delete a layer 3 interface or static route:

  1. Navigate to Switch > Configure > Routing and DHCP.
  2. Click on the desired Interface or Route.
  3. Click Delete Interface/Route, then click Confirm delete.

Note: A switch must retain at least one layer 3 interface and the default route. The default route cannot be manually deleted.

Disabling Layer 3 Routing

In order to disable layer 3 routing, any configured static routes and layer 3 interfaces must be deleted in a specific order.

  1. Navigate to Switch > Configure > Routing and DHCP.
  2. Delete any static routes other than the Default route for the desired switch.
  3. Delete any layer 3 interfaces other than the one which contains the next hop IP for the default route on the desired switch.
  4. Delete the last layer 3 interface to disable layer 3 routing.

Performing these steps out of order will result in an error and will not allow the route/interface to be deleted.

Layer 3 Interface Caveats

Switch Management IP and Layer 3 Interfaces

The management IP is treated entirely different from the layer 3 interfaces and must be a different IP address. It can be placed on a routed or non-routed VLAN (such as the case of a management VLAN independent from client traffic). Traffic using the management IP address to communicate with the Cisco Meraki Cloud Controller will not use the layer 3 routing settings, instead using its configured default gateway. Therefore, it is important that the IP address, VLAN, and default gateway entered for the management/LAN IP still provide connectivity to the internet.

The management interface for a switch (stack) performing L3 routing cannot have a configured gateway of one of its own L3 interfaces

For switch stacks performing L3 routing, ensure that the management IP subnet does not overlap with the subnet of any of it's own configured L3 interfaces. Overlapping subnets on the management IP and L3 interfaces can result in packet loss when pinging or polling (via SNMP) the management IP of stack members.

Note: The overlapping subnet limitation does not apply to the MS390 series switches.

Pings Destined for a Layer 3 Interface

MS Switches with Layer 3 enabled will prioritize forwarding traffic over responding to pings. Because of this, packet loss and/or latency may be observed for pings destined for a Layer 3 interface. In such circumstances, it's recommended to ping another device in a given subnet to determine network stability and reachability. 

MS OSPF Overview

Warm Spare (VRRP) on MS Switches

Layer 3 Switch Example

Layer 3 vs. Layer 2 Switching for VLANs

MS Series switch documentation

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    1. is_translated
    2. l3 switching
    3. Layer 3
    4. ms-dash-help-docs
    5. ospf