A major consideration when designing an enterprise network is whether traffic at the access layer will be switched or routed toward the distribution layer. Placing multilayer switches in the access layer yields significant advantages; chief among them is the ability to fully utilize all uplinks to the distribution layer (as loops are no longer broken by STP). However, many organizations opt to stick with simple switched (layer two) access schemes to support one or two legacy applications which require a direct layer two path to a server or management station, or to maintain a common subnet for similar devices scattered about multiple access blocks (for example, security systems or environmental monitors).
In such a situation, it's quite feasible to extend both routed and switched connectivity to the access layer, provided you have multilayer access switches (such as the Catalyst 3550, 3560, or 3750). Within the IEEE 802.1Q trunks between distribution devices and access switches, one VLAN can be designated as a routed point-to-point link, and one or more additional VLANs can be added for traditional layer two connectivity.
In this hybrid L2/L3 access design, VLANs carrying normal routable traffic are terminated directly on the access switches as in the L3 design shown earlier. Traffic from end hosts is routed out of these access VLANs and onto one of the point-to-point VLANs shared with the distribution switches. In our example above, traffic from VLANs 100 and 101 is routed from the access switch to the distribution switch via VLAN 2 (a point-to-point /30 link). A separate point-to-point VLAN must be created for each physical link between an access switch and a distribution switch.
This design allows us to still extend some VLANs for legacy nonroutable applications up to the distribution layer. In the example above, VLAN 99 extends to the distribution layer, sharing the same 802.1Q trunks as the point-to-point VLANs.
We can see how this hybrid access design allows us to have our cake and eat it too. It's worth noting, however, that this design reinforces the need for independent layer two and layer three documentation and topology drawings.
UPDATE: I've written a follow-up article to better explain the design discussed here and address some of the comments below.