I haven't mucked with VLAN partitioning in a while so I am drawing a blank. I hope you guys can help out.
I have a carrier who is bringing in an ethernet connection to me and separating different customers by vlan. Each customer has their own distinct VLAN ID.
This connection is terminating into a 2970. I have set up in the ingress port for trunking. However the egress port for these connections connects to a Juniper ISG2000 which does not support VLAN trunking. As such I need to setup the egress port as an access port that is able to accept multiple VLANs.
Is this possible? Or do I need to either swap out the switch with a L3 switch?
I am not sure that I completely understand your situation. But I do not see any way to enforce the restrictions that you describe just with VLANs. With layer 3 and intervlan routing - and with access lists it is quite possible. But I do not see how to do it with only layer 2 VLANs.
As I said I haven't done this sort of thing in years. Way back in the day, before L3 switching was so prevalent, VLAN tagging was a way to separate traffic. You could have multiple groups connect to one server but then each group could have their own.
Sadly I don't remember how I did it, since it was a LONG time ago. And maybe this simply isn't an option any more.
Maybe I did not correctly understand what you were asking and where you were going with it. What you describe in this post sounds like extending the trunk (containing multiple VLANs) to a server which has a NIC that does VLAN trunking. So the server connects to the trunk and can logically identify and process each individual VLAN. That remains possible.
But I thought that your question (at least the original one) was about passing a connection to a Juniper that did not process VLANs. If your requirement is to accept multiple VLANs on one side and is to pass only a single VLAN out the other side, I would think that the solution would be a layer 3 switch which would terminate the multiple input VLANs and intervlan route/forward to the Juniper single VLAN. If I have not understood something please clarify.
I don't know you should be able to do this . After looking at the isg2000 specs it appears to be a firewall ids box which says it supports up to 4000 vlans . I would think if its like other firewalls you would just trunk from the 2960 down to the isg2000 where you would create the vlans via subinterfaces on the connecting link on the 2000 . Its something to check into , in the docs that I looked at the 2000 does support vlans so it may just be a matter of setting up a trunk to the 2000 from the 2960 . I don't maybe its not possible as i don't really know about the juniper box but the specs kind of lean that way and frankly i can't imagine any modern box that can't do this . There seems to be 2 conversations here , one about connecting to a juniper box and then another concerning links to servers so I'm not sure what the question is at this point.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...