cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
567
Views
0
Helpful
5
Replies

3560 Switch VLAN IP addressing question

erik.doss
Level 1
Level 1

Maybe I am way off base here, but here is what I am trying to do:

We have a co0location site that hosts our web sites, and we run a fiber connection between HQ and the co-location. We can use the public handoff at the co-location for a backup internet connection from corp HQ. What I have done so far is set up a tunnel between HQ and the co-location, and that is working just fine. Now here is where I need some help. In the switch at the co-location, I have a seperate vlan set up for the public handoff to the co-lo POP. Right now there is a vlan interface for that vlan, but it has no IP address assigned. In order for my tunnel to work, I will need an IP address. My question is, can I use a private IP address for that vlan without screwing anything up, or will I have to use one of my publically assigned IP addresses?

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Erik,

I'm not sure to have understood your post.

However, if you want to setup a tunnel over the internet for a backup purposes you need:

two public ip addresses that are used in the external envelope (header) to allow packets to go between the two locations over the internet

one private subnet used over the tunnel that allows to build a logical point to point link.

So if you are referring to a L3 SVI associated to the l2 broadcast domain (vlan) where the internet link terminates yes you need to assign a public ip address to it and you need to protect your device from access from the internet.

using a private address there would be useless.

Rather you should assign a private ip address to the tunnel itself (I think of a GRE tunnel)

A GRE tunnel carried inside IPSec should be the best solution.

Hope to help

Giuseppe

Thanks for the fast response. Here are my configurations so far so that it makes a little more sense to you:

On my core L3 switch (4507R)

interface Tunnel1

description Tunnel to **** for Internet

ip address 10.0.0.1 255.255.255.252

tunnel source 172.16.6.241

tunnel destination 172.16.6.242

On my 3560 switch at the co-location:

interface Tunnel1

description Tunnel to Corp for Internet

ip address 10.0.0.2 255.255.255.252

tunnel source 172.16.6.242

tunnel destination 172.16.6.241

interface FastEthernet0/24

description PublicHandoff

switchport access vlan 2

switchport mode access

spanning-tree portfast

interface Vlan2

no ip address (I am assuming this needs to be a public IP)

Erik

What other addresses are used in vlan 2 ie. do you need to route from the tunnel to a public IP ? If you do then yes your vlan 2 interface will need a public IP.

If you route from the tunnel to a private IP then no you don't need a public IP.

Jon

Yes, VLAN 2 is my public handoff, IE, it uses a pool of public IP addresses.

Then yes if vlan 2 handoff's within the same vlan to the Internet you should use one of the public IP addresses.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: