Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Large Campus or Small Carrier

I am deciding on a networking architecture to interconnect 16 metro sites and need to decide between a small carrier (MPLS) or a large campus (VLAN).

We lease fibre to most sites, but have some 34Mbps microwave and 2Mbps for backup. We require secure (not necessarily encrypted) VPN segregation and don't believe VLAN is as secure as MPLS VPN. IP Address clashing is not a concern, but QoS and security is. Our 16 sites operate autonomously, but do share some resources and all connect to a central data centre.

If we take the MPLS path, are we unnecessarily complicating ourselves when VLAN + QoS maybe all we require. We currently don't consider VLAN to be as secure given the dot1Q weaknesses.

Does anyone have any thoughts on this?

Thx

1 REPLY
Cisco Employee

Re: Large Campus or Small Carrier

Depending on the switch, vlan hopping with dot1q may or may not matter. In Cat 6500 this problem is solved - ie, if we receive a tagged frame on an access port & the tag does not match the PVID of the port, then we drop it.

The other low end cats do not do this & indeed suffer from possible vlan hopping issues, but this can all be worked around with proper configuration, ie, make sure your native vlans on the trunks are different from any of the access port vlans.

The MPLS VPN vs VLAN decision may come down to how well you think you can mitigate the VLAN hopping issue vs the possible complexity of your MPLS VPN config/management.

95
Views
0
Helpful
1
Replies
CreatePlease to create content