Not sure if our switch will

q-le · ‎09-22-2016

Hi all,

we have a request to set up remote site for a trusted partner where they would have a couple of high-bandwith PCs and run our applications

The site link back to our main office by direct fiber link.

We are going to install our own switch at the partner side so we have control over it.

Should we user layer 2 or layer 3 and should we connect the remote switch directly into our core and applied access-list or should

the remote switch connect to our Firewall?

Any advices are much appreciated.

Thanks

Peter

e.ciollaro · ‎09-23-2016

A network diagram could help to give you a better feedback but as a general rule it's better to close VLAN at distribution switch and avoid broadcast traffic, spaning-tree and other layer 2 protocol to cross WAN link and/or entering the core layer. So I suggest you to use a Layer 3 switch or a router.

Also if the partner is trusted if I ware you I would connect to a remote Firewall, using just ACL to secure a network is not a best practice.

Bye,

enrico

q-le · ‎09-25-2016

Hi enrico,

Thank you for your advice.

Please see our simple diagram enclosed.

We want flexibility hence provided our switch at the partner 'side ie so we would have full control over it. Not sure if our switch will be put behind their firewall or not.

Also we do not want to waste bandwith of the fiber direct link so prefer a direct link to the Core ???

Thanks again.

Peter

e.ciollaro · ‎09-27-2016

Not sure if our switch will be put behind their firewall or not.

If not, I suggest to make traffic flows through a firewall in your site.

Also we do not want to waste bandwith of the fiber direct link so prefer a direct link to the Core ???

Using a layer 2 link might waste bandwidth due to broadcast traffic and unknown unicast flooding; using a layer 3 you have better bandwidth usage and better control. The layer 3 link could connect remote switch to your core switch but with layer 3 connectivity

Bye,

enrico

q-le · ‎10-24-2016

Hi Enrico,

We start deploy the link now.

Can you please explain or provide more details on how to implement Layer 3.

is there any different in configure the switch with layer 2 or 3 ?

You wrote below:

The layer 3 link could connect remote switch to your core switch but with layer 3 connectivity

Much appreciated.

Thanks

P

e.ciollaro · ‎10-25-2016

Configure ip routing with

ip routing

and configure the interf as L3 interf:

interf ..

no switchport

ip add ip subnet

no shut

Then you have to configure routing using static route or a routing protocol.

Bye

E

q-le · ‎10-31-2016

Thank you Enrico,

Much appreciated.

P

paul driver · ‎09-27-2016

Hello

If this remote site is to use this connection for all it WAN traffic and it has no other way to exit then it can be a direct L2 between the main office, as the firewall there will be providing the necessary security, and the core for inter-vlan routing

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Yaron Golan · ‎09-27-2016

Hey ,

1. Layer 2 connectivity will be 1 brodcast domain, thats influence the bandwith of the line. because of the brodcast messages of the PCs and spanning tree messages of the switces.

2. Layer 3 connectivity separate the brodcast domain .( no spanning tree and brodcast messages of the PCs).

Yaron

Site to site link using layer 2 or layer3 ?