Understanding Layer‑2 vs Layer‑3 Ports, VLANIF, and PVID: A Quick Guide

Layer‑2 vs Layer‑3 Interfaces and VLAN Concepts

A colleague asked about the concepts and distinctions between Layer‑2 and Layer‑3 ports, as well as questions about VLANIF and PVID. The following points summarize the key differences and related concepts.

Layer‑2 interfaces provide only Layer‑2 switching capabilities, such as the physical ports on a Layer‑2 switch or the default mode of ports on a Layer‑3 switch that can be switched to Layer‑3 mode.

Layer‑2 interfaces cannot be assigned IP addresses directly and do not terminate broadcast frames; they flood broadcast frames to all other ports in the same VLAN.

Layer‑3 interfaces maintain both IP and MAC addresses.

Layer‑3 interfaces terminate broadcast frames; they do not flood broadcast traffic.

When a Layer‑2 interface receives a unicast frame, it looks up the destination MAC in its MAC table and forwards accordingly, flooding if no entry exists. A Layer‑3 interface checks if the destination MAC is local, decapsulates the frame, extracts the IP address, performs routing lookup, and forwards.

Layer‑2 Ethernet interfaces come in three types: access, trunk, and hybrid. Layer‑3 interfaces do not have these types.

Layer‑3 interfaces can be physical (e.g., a router’s physical port) or logical, such as VLANIF or Ethernet sub‑interfaces (e.g., GE0/0/1.1). VLANIF maps directly to a VLAN ID (e.g., VLANIF10 ↔ VLAN10) and can communicate at Layer‑2 with devices in the same VLAN. Sub‑interfaces also bind to a VLAN ID and can be assigned IP addresses.

In Ethernet Layer‑2 switching, a VLAN defines a logical broadcast domain identified by a VLAN ID.

The default VLAN ID on a Layer‑2 port, called PVID (Port Default VLAN ID), is the VLAN ID used when incoming traffic has no 802.1Q tag. By default, all ports have PVID = VLAN1.

For access ports, the default VLAN is the VLAN allowed to pass; changing the allowed VLAN changes the default VLAN.

For trunk and hybrid ports, multiple VLANs can pass, but only one default VLAN exists. Changing allowed VLANs does not change the PVID; a specific command is required to modify the PVID.

Layer‑3 interfaces do not necessarily correspond to a VLAN ID; for example, a router’s physical Layer‑3 port does not maintain VLAN information unless a logical sub‑interface is created and associated with a VLAN.

On a Layer‑3 switch, each VLAN has a corresponding VLANIF, which is a logical Layer‑3 interface that can be assigned an IP address and provides routing capability. One VLAN maps to one VLANIF with matching identifiers.