I have a customer who provides serviced offices for their customers and they have 1 network for the IP phones (siemens) which they rent per phone to customers with their office. They also have a cisco backbone network with a leased line connected with approx 128 public IP addresses which customers get allocated and we allocate a certain amount of bandwidth per IP address at differing costs for the service being provided.
The customer has now purchased another building in the same area and they are getting a 100mb LES circuit installed between the existing site and the new site and want to be able to provide voice and data as though it were on the main site where the leased line comes in and the where the phone system is located. I believe it should be possible to bridge the the networks by connnecting a cisco router to each end of the LES circuit and then having 2 fast etherner ports connected to the LAN. I think we should be able to connect 1 LAN port to the Voice Network and 1 LAN port to the Data network but am unsure if this will work and what the config would look like.
Can someone please advise if they have done something similar in the past or recommend a way of doing this, we need to keep both networks seperate but still send both traffice across the 1 LES circuit.
I have a lab at home where I can replicate this and test if anyone can give me some ideas.
Renne, your question will probably give you many responses, hence options as to what you can do.
Here are a few of my thoughts.
When you say that you have a cisco (thanks!) router on each site on the LES, why don't you use the LES
to provide connectivity on L3 between these 2 routers and route between the different LANs.
If you have the ability to and you can, probably it is a good idea to separate your bcast domains.
Few other things to think about:
what is the LES service you obtained from the provider, in terms of speed and guarantee. Why is that important?
well a LES service depending on how their core is built might start to loadbalance, and what do they then loadbalance on.
When you do routing between your les circuit, the MAC pairs remain the same, so if you purchased say a 12G service
and they do MAC lb, you'll never get what you pay for.
I hate the answer "it depends" but in this case it might apply, you can go either way, L2 or L3.
My preference is L3, eventhough I am as much familiar with L2 (so not a biased opinion).
I just believe that L3 networks, while may be a bit more complex to manage (routing required) provide for more flexibility in
services and security operations ...
Xander, CCIE #6675
Sr. Tech Lead ASR9000
Thanks for your reply, I'm not sure if this will explain the set up a bit clearer for you, I have read that I can use BVI to bridge a routed network but am unsure if I can bridge 2 networks or how it would work.
The customer has ordered a LES 100 circuit already but I need to know if I can Bridge 2 seperate networks at Site A across the 1 LES 100 circuit to Site B. One of the networks @ Site A is private network with only IP phones in the network and the second network @ Site A is a public network with only Public addresses for customers to configure on their routers. I need to be able to extend the voice Lan so @ Site B they can use the same phones and phone system as at Site A. I also need to be able to have customers @ Site B use a Public IP address (part of a range of 128 public IP's) that is presented on a Cisco Router @ Site A from the leased line.
Any ideas ?
Yup that detail helps. Let me explain a few concepts before we start talking details.
When you have 1 subnet that is spread over multiple locations you can do bridging.
When devices are in different subnets you need to be routing.
What IRB gives you is say you have 2 interfaces on router, both these interfaces are serving the same subnet.
you'll probably want to be bridigng between these two interfaces then. When these two bridged networks need to talk to a different
network, stations would need to route. the BVI interface will help here. It provides an L3 endpoint of the subnet that you're briding from 2 networks.
the default gateway of your stations would point to that BVI in that case.
So to answer your question more directly, yes what you want to do you can.
Ideally you want to do some vlan tagging here and mark your voice with a vlan and your data with a vlan so that that you can manage it more
If the provider can't transport your vlans, then even you can use a single circuit and have both subnets over that same cable.
However a phone can't talk to a workstation unless there is routing in between. Obviously you don't want to transport
local traffic between say a phone and a workstation of siteA over the service, in that regard the BVI will help to be able to route
But then, does a PC need to talk to the Phone? (ok there are cases such as Attendant console etc), but regular desk phones generally
dont need to talk to the PC directly.
For security and voice quality, you probably want to keep your voice and data strictly separated with vlan tagging over your provider link.
That would be my advice.
Xander, CCIE #6675
Sr. Tech Lead ASR9000
Thanks for replies, both of these networks will run seperatly and at the moment there is no need to have the 2 networks routing between each other and will be staying seperate. Just to get it clear in my head i take it I will need the following in place to be able to extend both of my networks across the LES 100 circuit:-
1. A Router at each end of the LES 100 with 3 fast ethernet interfaces (1 for the LES 100 link, 1 for Network Data and 1 for Network Voice)
2. VLAN off each of the network interfaces (would I need different VLAN's at each end of just use VLAN 10 for Data at both ends and VLAN 20 for Voice at both ends ?)
3. Would I need to create a bridge on the LES 100 interfaces and what would the subnet be ?
If you could give me an example config it would be much appreciated and I can then test it in my lab to see if the solution would work for me.
Thanks for you time and assistance.
here is a configuration snippet of how you can make it work.
note however that I am providing you merely a configuration to get this going, but it would not be my preferred design.
you're probably better of using a catalyst switch that can do vlan tagging and the LES facing port being the trunk.
description data network
no ip address
no cdp enable
description to LES service
no negotiation auto
descr vlan encap for data service
encapsulation dot1Q 100
no snmp trap link-status
no cdp enable
bridge 10 protocol ieee
bridge 10 route ip
Optional, routed interface for this bridge domain:
ip address 18.104.22.168 255.255.255.0
Verification of learning and displaying bridging stats:
show bridge 10 verbose
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self
BG Hash Address Action Interface VC Age RX count TX count
10 09/0 0017.0e43.a1a8 forward FastEthernet2/0 - 0 1270 1223
10 62/0 001b.53ff.8cee forward Gi6/0.100 - 3 1113 1111
Flood ports (BG 10) RX count TX count
FastEthernet2/0 54 0
GigabitEthernet6/0.100 0 54
Thanks for reply again, I will try it tomorrow night in my lab. Unfortunatly in my lab I don't have any L3 switches yet only L2 2950's and some routers so am trying to re create the solution with the kit I have.
Have you contacted the LES circuit provider? The last LES circuit I dealt with carried any traffic I sent down it without the need for routers. I just connected a switch on each side to the devices they installed, tagged my ports on the switches using Q and everything worked, similar to a wireless bridge.
I'd contact the provider and ask them the same questions you asked here.
I managed to get the Voice DHCP bridged but could not ping across the network which caused a problem with the public ip's being asigned statically as I could then not test connectivity. I then set it up with 2x Layer 2 switches (will use L3 on the customers site) and set the links between the switches as trunk ports. I then asigned VLAN ID's to the switch ports on switch 1 that the phone network connected to and the same for the ISP network. On Switch 2 i replicated this and everything seemed to work fine, it allowed me to get connectivity on each vlan and restricted access between the vlan's which is what is required. Once I get the Layer 3 switches I will need to set up some QOS on the LES ethernet ports on each switch to prioritise the voice and bandwidth.
Obviously all of this was done with a cross over cable between the 2 switches so we will be checking the LES circuit provider that they allow tagged vlan traffic and qos on the circuit.
Thanks for your help guys, much appreciated.