Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
5
Helpful
3
Replies

L2 Vlan over L3 link

Go to solution
Mokhalil82
Level 4
Level 4

‎01-19-2015 04:16 AM - edited ‎03-07-2019 10:17 PM

Hi

Please see attachment for my setup. So I have 2 sites which are approx half a mile apart. The ISP has provided 2 circuits, one at each site and these are meant to be acting as a Active/Standby circuit for which they will use HSRP. They have asked us to provide a layer 2 link on which they will run their HSRP Vlan.

We currently have spare fiber running between the 2 sites so no issues there. We are trying to work out how to provide this L2 link. It was suggested by someone to put a switch at each site and use one of the spare fibers to connect into these switches to provide the L2 link, the or router and ISP router can connect into these switches.

The issue is the customer does not want to provide the 2 switches so I was thinking if there is any alternative. The uplinks from my core switches at each site are routed links. Is there any was on running a L2 vlan down those links and across the core switches?

 

Thanks

Labels:
Preview file
28 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎01-19-2015 04:52 AM

so no way I can run a layer 2 vlan via the L3 links

Not as far as I can see although others may want to comment.

The problem is that both your WAN and the ISP routers would be in the same vlan and the only way for traffic to get from the ISP router to your WAN router is via the core switch which means that traffic coming from the internet goes through your core switches before it gets to your firewalls.

Which is just not something you want to do.

Jon

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-19-2015 04:26 AM

I hope others will answer this question as well but it comes back to allowing internet traffic via your core without going through the firewall as previously discussed.

If you want to do that then yes simply run cables via your core but it is, as I said before, a really bad idea.

As soon as you use your core switches for that vlan you are exposing your internal network to the internet.

So the answer is yes it can be done but it is not a secure or safe way to do it.

As I said before all these issues could be solved by simply asking the ISP for a new address block for site 2. Your internal servers wouldn't be accessible if site 1 goes down but you said that is not important.

If they insist on running HSRP and you cannot purchase the switches then the only other way is to use the core switches but I wouldn't do it.

Jon

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎01-19-2015 04:47 AM

Hi Jon

I appreciate the response. I've taken in what you said before and it definitely makes sense, I don't want to introduce a security risk by by passing the firewalls. 

I was just making sure I haven't missed anything, so no way I can run a layer 2 vlan via the L3 links

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎01-19-2015 04:52 AM

so no way I can run a layer 2 vlan via the L3 links

Not as far as I can see although others may want to comment.

The problem is that both your WAN and the ISP routers would be in the same vlan and the only way for traffic to get from the ISP router to your WAN router is via the core switch which means that traffic coming from the internet goes through your core switches before it gets to your firewalls.

Which is just not something you want to do.

Jon

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card