cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
864
Views
0
Helpful
2
Replies

Point to point layer 2 connection between 2 sites

Tazio4436
Level 1
Level 1

Hi,

I have 2 sites.

The Main office and the Data Centre. Bothe sites are connected using VPN right now and it works fine.

We have decided to add a Layer 2 Point to Point connection between the 2 sites so that we can better connection and we want to make the point-to-point connection as the primary link and the VPN as the secondary link. If the point-to-point connection fails, then the VPN kicks in.

All the remote users will be accessing the Main office through the Data Centre.

At the Main office the point to point comes in on port 24 and port 22 and 23 goes to my Firewall on primary and secondary Firewall which then connects to may LAN.

In the Data center we have stacked 2 Cisco Sw 9300 stacked, and the point-to-point connection is on port 24 and then port 23 form the stacked Switch goes to port 9 on both primary and secondary Meraki which is connected to my LAN

I have some specific vlans on Main office and Data centre.

Can someone please guide me how I can achieve that.

How do I need to configure the ports on the Cisco Switch? The Fortinet part will be taken care by a contractor.

Thanks

Tazio

 

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

You have not mentioned, how is your routing in place  right now  ? is this IGP or Static routing ? where is your VPN connection in the diagram ?

I go high level plan - you can go deep dive making this plan success. (hope this help you to get an idea)

You should configured p2p Layer 2 link with Trunk and only allow required VLAN in that trunk - so all the VLAN available both sides.

Next you  to  need to choose differnt VLAN X to be created both side to use p2p routing purpose. (if you do not have one already)

if you any IGP like OSPF (example)  you need to use prefered path as new Layer2 p2p link (by establish OSPF relation between sites)

Alternative path is VPN

if it static routing you need to have floating routing in place with IP SLA tracking

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Thanks a lot for your reply.

I have tried to give some more details with a different diagram.

At the main office we have 2 Internet connection for redundancy.

We have two Cisco 9300 for two different Internet connection and 2 more Cisco 9300 Sw stacked as the Core Sw.

We do have 2 FortiGate unit as Firewall and full HA.

The first internet connection (ISP 1) goes in a Cisco 9300 Sw in port 1 and then downstream Port 2 and Port 3 goes to the Firewall.

The second internet connection (ISP 2) goes in another Cisco 9300 Sw in port 1 and then downstream Port 2 and Port 3 goes to the Firewall.

Port 8 and 9 from the FortiGate units goes to my core Sws (stacked) on port 1 and 2.

This is a layer 2 network with vlans, DHCP pools, Trucks and access ports and there is a default route in the core that points to the Firewall. Routing is done on the Firewall.

On the Data center side, we have one ISP (ISP 1), and it is connected to a Cisco 9300 stacked Sw on port TE1/1/1.

The ports 1 and 2 from that same SW go to the WAN ports on the FortiGate.

The 2 locations are connected through VPN right now.

The new connection is a 1 G layer 2 point to point between the 2 sites. In the main office the connection is on port 24 and Port 22 and port 23 are connected to the Fortinet.

On the Data Center side, the point-to-point connection is Fiber and is connected to port Te2/1/1

And port 23 on the stack Sw are connected to port 9 on both FortiGate.

The FortiGate unit can do RIP, OSPF and BGP.

 

Thanks

Tazio

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: