02-24-2020 03:33 PM
Hello all,
Please could I get some advice. I have a site-to-site lan extension (Layer 2 ethernet link provided by ISP), two vlans ie 10 and 20 run between sites (300 meters apart). The connection is vlan tagged from 2960 L3 switch 15 series IOS at site A to another 2960 L3 switch 15 series IOS at site B.
Hosts at site A, use site B as a Gateway, Server resources, DHCP, internet traffic, wifi AP CAPWAP (vlan20).
How would i encrypt this site-to-site link, at Layer 2 (understand IPsec would not work ie L3) ethernet frames, with the 2960's at each site?
Thanks for any help and for reading this.
Jas
Solved! Go to Solution.
02-24-2020 03:42 PM - edited 02-24-2020 03:44 PM
Hi,
You won't be able to do anything with the Cisco 2960 switches, they have limited advanced features. If you had 3650/3850 catalyst switches you could use Macsec, which provides hop-by-hop layer 2 encryption. Reference here.
Why do you need to extend the VLANs between the sites? It is considered bad practice. If you purchased 2 routers, you could run a static VTI between the sites to establish a VPN.
HTH
02-24-2020 03:42 PM - edited 02-24-2020 03:44 PM
Hi,
You won't be able to do anything with the Cisco 2960 switches, they have limited advanced features. If you had 3650/3850 catalyst switches you could use Macsec, which provides hop-by-hop layer 2 encryption. Reference here.
Why do you need to extend the VLANs between the sites? It is considered bad practice. If you purchased 2 routers, you could run a static VTI between the sites to establish a VPN.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide