VLAN connection

Unanswered Question
Mar 24th, 2009
User Badges:

Headquarter and several Branch office.

Each site has some VLANs (overall the same: Legacy, Printers, VoIP, Management, etc.)

The connection between sites are over leased lines (Layer-3 Routing), but I can not access to this Routers.


Some suggestion on the best way to connect the VLANs of each site, limiting the connection only inner the same-service VLAN (VoIP only with VoIP, Legacy only with Legacy, etc.) - intra-VLAN connection is performed and controlled by a FireWall.


Someone suggest me to use L2tp, some other speaks about VPN, or QinQ, or ???

And what about a "simple" routing with ACL?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 03/24/2009 - 10:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Claudio


L2TPv3, QinQ etc. are used to extend the SAME vlan to both sites ie. a machine in one site is in the same vlan as the other site. So a broacast from one machine would be sent to all other machines whether they are in the same site or across the leased lines.


This doesn't sound as though this is what you need. If you just wanted communication between your vlans and you want to limit that communication then by far the easiest way as you say in your last sentence is to use acl's on the interfaces that connect the sites to each other.


No need for anything more complicated.


Jon

davy.timmermans Tue, 03/24/2009 - 10:25
User Badges:
  • Silver, 250 points or more

So there is no ISP between.


What routing protocol do you use? Or do you use static routes?


The subnets are unique on the BO and HQ are unique


...

Some more information could be helpful.





battanc Wed, 03/25/2009 - 00:09
User Badges:

1) So there is no ISP between.

>> Right - NO VPN, there are only DIRECT leased line


2) What routing protocol do you use? Or do you use static routes?

>> EIGRP


3) The subnets are unique on the BO and HQ are unique

>> I have still to plane: I suppose the best way is to have overall unique subnet

Actions

This Discussion