Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
0
Helpful
1
Replies

Large Campus or Small Carrier

rik_larkin
Level 1
Level 1

‎07-18-2002 10:08 PM - edited ‎03-02-2019 12:00 AM

I am deciding on a networking architecture to interconnect 16 metro sites and need to decide between a small carrier (MPLS) or a large campus (VLAN).

We lease fibre to most sites, but have some 34Mbps microwave and 2Mbps for backup. We require secure (not necessarily encrypted) VPN segregation and don't believe VLAN is as secure as MPLS VPN. IP Address clashing is not a concern, but QoS and security is. Our 16 sites operate autonomously, but do share some resources and all connect to a central data centre.

If we take the MPLS path, are we unnecessarily complicating ourselves when VLAN + QoS maybe all we require. We currently don't consider VLAN to be as secure given the dot1Q weaknesses.

Does anyone have any thoughts on this?

Thx

Labels:
0 Helpful
1 Reply 1

tstevens
Cisco Employee
Cisco Employee

‎07-21-2002 08:57 AM

Depending on the switch, vlan hopping with dot1q may or may not matter. In Cat 6500 this problem is solved - ie, if we receive a tagged frame on an access port & the tag does not match the PVID of the port, then we drop it.

The other low end cats do not do this & indeed suffer from possible vlan hopping issues, but this can all be worked around with proper configuration, ie, make sure your native vlans on the trunks are different from any of the access port vlans.

The MPLS VPN vs VLAN decision may come down to how well you think you can mitigate the VLAN hopping issue vs the possible complexity of your MPLS VPN config/management.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card