cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
329
Views
0
Helpful
3
Replies

2 Separate Buildings, 2 Firewalls, 2 Separate ISP's, 1 Trunk link

michaeltownley7
Level 1
Level 1

Greetings,

I am looking for insight on the best way to configure a new site that is being built within the same vicinity as the current building I am in.

So, in the current infrastructure, there exists a Layer 3 switch that has multiple interface VLANs for the Layer 3 routing that occurs on the device itself. This Layer 3 switch also holds a route that points to our firewall. Most of the other switches that are attached to this are just operating as Layer 2 access switches.

Within the new building, there will exist a newly built data center that will include its own ISP and set of firewalls. It would be ideal for this to operate on the same network so that we would not have to build out new IP address schemas and VLANs. So, with that said we are currently considering running fiber directly from the data center there to the existing building. The idea was to connect the two distribution switches via a trunk link. My problem with this comes with the fact that it was requested that these two buildings could operate independently if the fiber link was broken as well.

I was thinking that it may be possible to create interface VLANs on each of the switches with the same IP addresses so that routing could place to each independent firewall, but I feel like that may cause an IP conflict.

So long story short, my question is, what is the best way to accomplish this and still retain the independence of the buildings?

1 Accepted Solution

Accepted Solutions

Hello! 

With your current deployment having L3 on both switches is not possible, only way that comes to mind is using EVPN/VXLAN between buildings (having anycast GWs), but I assume that will complicate your current design. I would suggest you prepare a new IP address schema/VLANs and have an interconnecting segment between buildings/routing. You will avoid any future problems like L2 loops. 

BR

****Kindly rate all useful posts*****

View solution in original post

3 Replies 3

Hello! 

With your current deployment having L3 on both switches is not possible, only way that comes to mind is using EVPN/VXLAN between buildings (having anycast GWs), but I assume that will complicate your current design. I would suggest you prepare a new IP address schema/VLANs and have an interconnecting segment between buildings/routing. You will avoid any future problems like L2 loops. 

BR

****Kindly rate all useful posts*****

Hello,


Thank you for the reply, after further thought into this topology that makes the most sense. I'm just going to route the traffic from one building to another so they can still talk but keep the IP schemas and VLANs separate. 


Thank you,
DM

we need to see the topology to see what is issue here 

MHM

Review Cisco Networking for a $25 gift card