cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1344
Views
0
Helpful
7
Replies

Same IP Adress allocation, when using Layer 3

Kai Onken
Level 1
Level 1

One of our customer has a full Layer 3 designed network, e.g. 5 buildings which are connected via redundant Layer 3 links. Each building has e.g. 10 floors and each floor has it own vlan an its own IP Address range. Everything works fine.

Now the customer requested, that some of his employees should keep their IP-Address, because these addresses have special firewall permission. And the customer will not configure 50 IP-Address for each special employee.

But in my mind, I've to switch from Layer 3 to Layer 2, so the IP-Adresses of the employees will be the same and it dosn't matter in which bildung or floor he'll connect to the network.

Is there any kind of configuration I could use, to keep my Layer 3 seperation.... lile

  • 802.1X VLAN allocation + something
  • creating a tunnel
  • using TrustSec
  • or or or

The best would be, if it works automatically.

Kind regards

Kai

7 Replies 7

Hello
How are these clients receiving there IP addresses?

If via dhcp then you can statically assign an IP address from dhcp by the MAC address of the client.

As long as all vlans cross your switch boundary these clients can go anywhere and still obtain the same IP address.

Res
Pul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

Yes, the IP-Address is Set static at the DHCP Server. But I don't want to create large broadcast domains, STP portblocking, etc. by configuring all VLANs on all seiwitches. Because of this, the Quentin was, is there any kind of, e.g. tunneling to solve this case?

Sent from Cisco Technical Support iPad App

You could always reserve a /26 which gives you 62 hosts of every subnet you have - reserve that address block in dhcp only for your special users. Do this for all dhcp pools in the dhcp scope. Then you will have to permit every /26 in your dhcp scopes for admins.

Or you can look at VMPS and dynamic vlans if you already have the infrastructure to do so. This can automatically assign mac addresses to VLANs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vmps.pdf

This instead would mean they are in the same vlan all the time but then you will have to specify its default gateway local to the site. This could be a challenge.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hello,

I think I've other chance to create the same VLAN on all switches, like you wrote VMPS or I've to create a tunnel for each special user. My second could be done with TrustSec, or?

Sent from Cisco Technical Support iPad App

Hello,

I think this will solve my problem: http://lisp.cisco.com/

Hello Kai,

I think this will help only to be more efficient to where to get to these hosts, remember LISP is layer 3 for the most part, but I would strongly advise that you consider what you will do with routing. It may involve something like achieving LAN extension of some sort at Layer 2, which I feel might be required here.

LISP would be of some benefit to you in this scenario - but do you have the right kit/image and licenses to do LISP, are you comfortable with implementing this solution as its fairly recent and new.

What about supportability of this protocol too. Are you able to support this in case something goes wrong?

If I was in your shoes, i'd get my layer 2 sorted before even thinking about anything like LISP. What I mean by this is ensure the user can be on the SAME LAN as if they were in building X when they move to bulding Y and be able to retain their address.

Take a look at something like L2TPv3 which may help you. Its fairly simple quick solution and would work well between buildings. You would have layer 2 over your layer 3 network.

Hope this helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hello Kai, please see here:

http://www.networkstudies.co.uk/2011/11/extend-your-lan-across-multiple-sites.html

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Review Cisco Networking for a $25 gift card