Cisco Blogs

Cisco IOS Software Licenses: What’s What for Layer 2 and Layer 3 Switching – Part 1

- April 11, 2012 - 0 Comments

Layer 2 and layer 3 switching makes a fun topic for a lot of IT professionals. I often see interesting discussions about this subject. A more practical question from many of you, however, is how to choose a Cisco IOS Software feature license to meet your specific needs. Here I will take a look at 4 common Cisco IOS Software feature licenses for Cisco Catalyst 2K and 3K switches. A quick disclaimer before I go any further: This post is for information-sharing purposes only. It does not represent or replace any Cisco documentation. Product information can change very quickly and usage of this post is solely at readers’ own risk.

The four common Cisco IOS Software feature licenses for switching are:
LAN Lite:              Enterprise EntryLevel Layer 2 Switching
LAN Base:            Enterprise Access Layer 2 Switching
IP Base:                Enterprise Access Layer 3 Switching
IP Services:         Advanced Layer 3 Switching

To be specific, I’ll concentrate on the Cisco® Catalyst® 2960, Catalyst 2960-S, Catalyst 3560-X and Catalyst 3750-X switches.

LAN Lite License: Cisco Catalyst 2960 and 2960-S Series Switches

LAN Lite and LAN Base are two common licenses for the 2960 and 2960-S switches. As its name suggests, LAN Lite is an entry level license for enterprise layer 2 access switches with many useful features including 802.1Q trunking, (M)STP, STP extensions, CDP, DTP, UDLD, VTPv2, PAGP/LACP, and LLDP. It also supports important security features such as TACACS+, RADIUS, port security, 802.1X and DHCP snooping. At this level, this license does not provide layer 3 routing capabilities. Nor does it have advanced security and management capabilities such as Dynamic ARP Inspection and advanced QoS beyond some basic functions, for example priority queuing.

LAN Base License: Cisco Catalyst 2960, 2960-S, 3560-X, and 3750-X Series Switches

LAN Base is a powerful license for layer 2 access switches. Its broad range of access features covers all LAN Lite capabilities plus more robust features such as VTPv3 and FlexLinks. VTP version 3 offers better administrative control over VLAN topology information sharing to reduce unintended or disruptive changes. It also adds more VLAN environment support including expanded ISL VLAN support range. FlexLinks increase Layer 2 resiliency by adding a pair of fast converging active and backup links between access and distribution switches. LAN Base allows layer 3 routing by adding static routing support. Many strong security capabilities are added in LAN Base, too. Examples include Flexible Authentication, Radius Change of Authorization and advanced 802.1X features. On the management side, a long list of capabilities becomes available in LAN Base including a wider range of MIBs, Ingress policing, Trust Boundary, AutoQoS, and DSCP mapping.

The Bottom Line

I know that there are many technical details here. The takeaway is that if you have a basic layer 2 access network with essentially no routing needs and no advanced security or management requirements, you might want to consider LAN Lite. For most enterprise layer 2 networks, LAN Base is a minimum requirement. It gives you a robust layer 2 access network with excellent network manageability, security and user experience.

Layer 3 Licenses? Read Blog Part 2

What about layer 3, you’ll ask? Internet, cloud and many other things will all require layer 3, right? Yes. I’ll pause here and come back with another post to talk about layer 3, IP Base and IP Services.

For those of you interested in more details, here are a couple of helpful resources:

Cisco 2960 and 2960-S Q&A

Cisco 3560-X and 3750-X Q&A

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.