Layer 2 or layer 3 switch required for my network?

[Johno]

Other than price, what are the differences between layer 2 and layer 3 managed switches? I understand that they operate at different layers of the OSI network model and that layer 2 operates at the MAC level whereas layer 3 operates at the IP address level, but in practice I don't fully understand what an L3 switch offers over an L2 switch for it's intended use. My home is wired with 24 infrastucture cat5e drops to a patch panel which will be the central node for the below network; I plan on getting a managed switch of some sort to connect to the patch panel and wonder what will do what's required.

The network topology is:
-Broadband Asus WiFi router with a single gigabit wired connection to the managed switch.
-5 port unmanaged gigabit switch to which a TV, PVR and media streamers will be connected, with that switch connected to the managed switch.
-4 port Linksys router configured as a wireless access point (to provide WiFi coverage to upstairs blackspots) to which a network printer, desktop PC, MacBook and Surface devices are connected via it's gigabit ports, with that router connected to the managed switch.
-A 4 bay QNAP NAS device (with 4 gigabit ethernet ports) connected to the managed switch using link aggregation on two cables.
-Two TVs and a media streamer each connected to managed switch.
-In future possibly an IP camera connected to managed switch.
-In future possibly an IP telephone system (assuming such a service is available or will be available to consumers in future).

I'd want all network traffic to not touch the Asus router unless for internet access and the ability to isolate the TV, PVR and media streamers from the rest of the network would be good, but they'd still need to be able to access streaming services provided by the QNAP NAS device within the network.

Is the above achievable and if so, would I need a layer 3 switch to achieve that or could I get away with a layer 2 switch?

I realise this might seem like overkill for a home network, but networking stuff does interest me (maybe 'cos I have a Novell CNE qualification from decades ago) and I'd like my home network to be as fast and secure as possible, so any advice and info would be greatly appreciated.

 

[abailey]

Personally with what you describe I would get a Layer 3 switch (or at least what they call layer 2+). In other words a switch that can route. You can create VLANs on a layer 2 switch but to give access like you describe you need to be able to route (and/or block) between subnets. I am not saying you can't do what you want with a layer 2 switch. It may be possible but it will be messy (like putting an untagged port in multiple VLANs), and not something I would ever recommend. At my house I use my router to do all the routing but most Asus routers cannot route between subnets so a layer 3 switch would work.

Also make sure your switch has ACLs. Most layer 3 do and some layer 2 do as well. That will give you another way to help keep things seperated by being able to see one device on a certain subnet, like your NAS.

 

[coxhaus]

A layer 3 switch is the best way to go but it is the most complicated way. I posted an example a while back on how to setup a Cisco SG300-28 layer 3 switch to create a guess network. Check my past threads if you want. It will give you an idea of what you need to do in a layer 3 switch to make it work. It is currently what I use with maybe a few changes over the years which I don't remember but basically what I run at home.

By using a layer 3 switch it is real easy to change routers out because most of the local networking is handled by the switch.

 

[Despacitomiko]

I vote for Layer 3 siwtch as well. It may be a little bit complex in setting up at the beginning but it will do the tagging or seperating work easy and well once settle down. Keep the network from mess and meet your requirements above mentioned.

 

[Johno]

Thank you everyone for your replies and useful information, I think it'll be the Cisco SG300 switch I'll be going for then, now just a question of whther a 20 port or 10 port model (which would be enough for current needs but it'd leave only two spare ports)

 

[System Error Message]

actually there are some situations where having a layer 3 switch is detrimental and this is from experience. Some situations can benefit.
If you need to do some internal routing, thats where you use a layer 3 switch, if not stick to layer 2 especially if your network changes a lot on the layer 3 side (a layer 3 switch will remember the gateway so if you change the port connected to router you lose internet access if connected to the switch).

So if you do layer 3 segmentation and need layer 3 routing than use a layer 3 switch. If you only do layer 3 segmentation dont bother with a layer 3 switch.

 

[coxhaus]

actually there are some situations where having a layer 3 switch is detrimental and this is from experience. Some situations can benefit.
If you need to do some internal routing, thats where you use a layer 3 switch, if not stick to layer 2 especially if your network changes a lot on the layer 3 side (a layer 3 switch will remember the gateway so if you change the port connected to router you lose internet access if connected to the switch).

So if you do layer 3 segmentation and need layer 3 routing than use a layer 3 switch. If you only do layer 3 segmentation dont bother with a layer 3 switch.

Ports are assigned to a network in a layer 3 switch so yes you can not just plug into any port but that is all part of the setup of a layer 3 switch. Also there are multiple gateways in a layer 3 switch. There will be a gateway for every network setup in a layer 3 switch.

The nice thing about a layer 3 switch is it offloads local tasks so the router can focus on internet traffic. The layer 3 switch will handle all the local traffic.

 

[System Error Message]

Ports are assigned to a network in a layer 3 switch so yes you can not just plug into any port but that is all part of the setup of a layer 3 switch. Also there are multiple gateways in a layer 3 switch. There will be a gateway for every network setup in a layer 3 switch.

The nice thing about a layer 3 switch is it offloads local tasks so the router can focus on internet traffic. The layer 3 switch will handle all the local traffic.

that can be good or bad depending on your needs. Hence why i said normal segmentation with no inter routing doesnt need a layer 3 switch, but once you want inter routing between layer 3 networks a layer 3 switch is very helpful including for vpn routing too.