Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Layer 2 vs Layer 3 to remote site over layer 2 MPLS service

I have a remote building that has about 60 users.  We are getting a layer 2 MPLS (opt-e-man) service point to point.   I plan to have 2 network at the remote site 1 for data and 1 for voice. There are  other vlans I need there for authorization as  well as access points.  What would be the pros and cons of  layer 2 vs. layer 3 connection?  Is a mpls tunnel secure (meets pci and hippa requirements)?  I am running 3750 class switches and have routers and ASA to use if  need.

Thanks for your imput. 



Layer 2 vs Layer 3 to remote site over layer 2 MPLS service

As a general rule (my opinion) I would prefer L3 unless there was a compeling reason to go L2. From my experience the only reason I've ever done L2 between datacenters is because we were too cheap to get some type of load balancing solution. So instead of having VMs on different subnets hidden behind a load balancer, we did L2 so the VMs didn't need an IP change when the load shifted.

The reason we don't like spanning L2 across sites is because we expand our STP domain. So Spanning Tree topology changes propagate across sites and it can become a real headache on larger networks.

I don't know about hippa, but MPLS has never been an issue in the PCI audits I've been involved in. Nevertheless, you certainly want to run any major network changes (new MPLS backbone) by your PCI auditors before you commit finances.

CreatePlease to create content