So, I am a newbie to the thought behind the networks. I can program a cisco switch, but I'm having a hard time trying to decide what would be the best setup. Any help would be appreciated!
Lets say 216WJ is our colo facility that houses our internet connection, our servers on the DMZ (172.16.x.x) and some servers on our internal network of 10.20.x.x
217NJ is our office, that has some servers and ip phones, printers, laptops, etc - all on our netwokr of 10.20.x.x
217NJ has a Cisco 3750G stack that has one end of the 100Mbs ethernet connection to our colo. All traffic goes over this connection and either to the servers located at the colo or heads out to the internet through our gateway of 10.20.1.1 that lives at the colo. also.
All inbound traffic hist our Firebox at 216WJ adn is then routed to the "internal" network, if a user is connected to our SSL VPN concentrator that is at 216WJ also.
Cogent provides our connection from 216WJ to 217NJ and we were told there is a limited number of MAC addresses that comes with our connection ebtween the 2 sites. So, I want to make a VPN? VLAN? to connect the 2 sites, and then each site will have separate VLANs? With routing tables on each of the 3750 stacks at each location. This way, Cogent only sees the 2 MAC addresses, right? Do I need to include their routers in this VLAN/VPN that connects the 2 sites as well? I woudl thingk so? I'm not sure.
Can someone help me understand what I need to setup?
Thank you for your help!!
If there are a limited number of mac-addresses allowed on the link then extending a vlan between sites will not work. What you need to do is route between your sites.
However you say that there are servers in 216 on 10.20.x.x and that 10.20.x.x also exists in 217. If this is so then it all depends on whether you can subnet down 10.20.x.x (if you aren't already). If you could allocate a subnet of 10.20.x.x to the servers in 216 and then have separate 10.20.x.x subnets in 217 for the rest of your LAN then routing would work fine.
But if your servers in 216 are mixed up with clients in 217 using 10.20.x.x then its going to be tricky, as would a VPN as well. So the question is can you have separate subnets at each site without having to readdress your servers ? Note that readdressing clients is usually relatively easy ie. DHCP so if you servers all fell into one subnet but you also had a few client addresses in 217 in the same subnet it would be relatively easy to readdress those clients into a different subnet.
After doing more research, how about using the no switchport feature instead of a VLAN to connect the two sites? Each site will have a different network and the point-to-point created with the no switchport will be on a different network as well.
Is this solution betetr than creating a VLAN connection between the 2 sites? If so, why? If not, why?
Colo (216) switch config:
interface Gi 1/0/X
ip address 10.0.0.1 255.255.255.252
ip route 10.10.0.0 255.255.0.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 10.20.1.1
Office (217) switch config:
interface Gi 1/0/X
ip address 10.0.0.2 255.255.255.252
ip route 10.20.0.0 255.255.0.0 10.0.0.1
ip route 0.0.0.0 0.0.0.0 10.0.0.1
interface Vlan 1
ip address 10.10.1.205 255.255.0.0