We have a primary and secondary site which I need to span with the same VLAN structure (i.e. four VLAN's). The only type of WAN link available between the two sites does not support any form of traffic separation (i.e. not ATM or Frame). Can the VLANS at the two sites be connected over this type of link while still keeping them separate (for security reasons)? The article http://www.cisco.com/warp/public/473/741_10.html seems to indicate this can be done with IRB but the example does not refer to VLAN's at all.
Since you can't use a WAN protocol that allows VC's to seperate the traffic, can you use a channelized module? This would let you have different interfaces for different timeslot ranges...
I'm not sure if this work (haven't tested it ever) - You could turn trunking on the switch port going to the router, and on the router LAN interface config it for just a bridge-group and same for the WAN interfaces and LAN interface at other site. Logically, this should bridge everything at L2 to the remote site including the VLAN headers but since VLAN packets can be larger packets I'm not sure if the routers will leave them alone when bridging between the interfaces and
You might consider using fiber between the sites if they are relatively close... this way it will be LAN connection. There are also services offered by carriers/telcos/etc if you're in a metro area that give a LAN-like connection.
The WAN link we have is actually a carrier provided LAN however they do not allow customers to implement their own VLAN structure because they use it internally to maintain customer separation. Also the sites are too far apart for 'private' fiber.
However reading your question and the replies, led me to this thought and we have done it in the past.
I assume you are stuck with your WAN link and have to work around that at minimal expense.
Okay beside's going the channelised route despite it being multiplexed into one continual stream anyway at the end of the day. The suggestion is to create a form of LOGICAL seperation, now this can be done via Tunnels across your WAN link, this was traffic is still multiplexed over a single link but still kept seperate in terms of L3, then fo security one could use IPSEC for encryption.
As said, i know this might be a bit over the top but it is not hard to config and can at least provide you with security without changing your WAN infrastructure. This logical seperation can be implemented in an hour with all the correct commands etc whilst a change in curcuit etc will take longer.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.