05-17-2013 01:24 PM - edited 03-07-2019 01:25 PM
One of our customer has a full Layer 3 designed network, e.g. 5 buildings which are connected via redundant Layer 3 links. Each building has e.g. 10 floors and each floor has it own vlan an its own IP Address range. Everything works fine.
Now the customer requested, that some of his employees should keep their IP-Address, because these addresses have special firewall permission. And the customer will not configure 50 IP-Address for each special employee.
But in my mind, I've to switch from Layer 3 to Layer 2, so the IP-Adresses of the employees will be the same and it dosn't matter in which bildung or floor he'll connect to the network.
Is there any kind of configuration I could use, to keep my Layer 3 seperation.... lile
The best would be, if it works automatically.
Kind regards
Kai
05-17-2013 04:26 PM
Hello
How are these clients receiving there IP addresses?
If via dhcp then you can statically assign an IP address from dhcp by the MAC address of the client.
As long as all vlans cross your switch boundary these clients can go anywhere and still obtain the same IP address.
Res
Pul
Sent from Cisco Technical Support iPad App
05-17-2013 09:39 PM
Hello,
Yes, the IP-Address is Set static at the DHCP Server. But I don't want to create large broadcast domains, STP portblocking, etc. by configuring all VLANs on all seiwitches. Because of this, the Quentin was, is there any kind of, e.g. tunneling to solve this case?
Sent from Cisco Technical Support iPad App
05-17-2013 10:58 PM
You could always reserve a /26 which gives you 62 hosts of every subnet you have - reserve that address block in dhcp only for your special users. Do this for all dhcp pools in the dhcp scope. Then you will have to permit every /26 in your dhcp scopes for admins.
Or you can look at VMPS and dynamic vlans if you already have the infrastructure to do so. This can automatically assign mac addresses to VLANs.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vmps.pdf
This instead would mean they are in the same vlan all the time but then you will have to specify its default gateway local to the site. This could be a challenge.
Hope this helps
Sent from Cisco Technical Support iPhone App
05-17-2013 11:16 PM
Hello,
I think I've other chance to create the same VLAN on all switches, like you wrote VMPS or I've to create a tunnel for each special user. My second could be done with TrustSec, or?
Sent from Cisco Technical Support iPad App
06-23-2013 11:36 AM
Hello,
I think this will solve my problem: http://lisp.cisco.com/
06-23-2013 11:55 AM
Hello Kai,
I think this will help only to be more efficient to where to get to these hosts, remember LISP is layer 3 for the most part, but I would strongly advise that you consider what you will do with routing. It may involve something like achieving LAN extension of some sort at Layer 2, which I feel might be required here.
LISP would be of some benefit to you in this scenario - but do you have the right kit/image and licenses to do LISP, are you comfortable with implementing this solution as its fairly recent and new.
What about supportability of this protocol too. Are you able to support this in case something goes wrong?
If I was in your shoes, i'd get my layer 2 sorted before even thinking about anything like LISP. What I mean by this is ensure the user can be on the SAME LAN as if they were in building X when they move to bulding Y and be able to retain their address.
Take a look at something like L2TPv3 which may help you. Its fairly simple quick solution and would work well between buildings. You would have layer 2 over your layer 3 network.
Hope this helps
Please rate useful posts & remember to mark any solved questions as answered. Thank you.
06-23-2013 12:22 PM
Hello Kai, please see here:
http://www.networkstudies.co.uk/2011/11/extend-your-lan-across-multiple-sites.html
Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide