Solved: L2 or Ethernet VPN between sites

jas1066uk · ‎02-24-2020

Hello all,

Please could I get some advice. I have a site-to-site lan extension (Layer 2 ethernet link provided by ISP), two vlans ie 10 and 20 run between sites (300 meters apart). The connection is vlan tagged from 2960 L3 switch 15 series IOS at site A to another 2960 L3 switch 15 series IOS at site B.

Hosts at site A, use site B as a Gateway, Server resources, DHCP, internet traffic, wifi AP CAPWAP (vlan20).

How would i encrypt this site-to-site link, at Layer 2 (understand IPsec would not work ie L3) ethernet frames, with the 2960's at each site?

Thanks for any help and for reading this.

Jas

Rob Ingram · ‎02-24-2020

Hi,

You won't be able to do anything with the Cisco 2960 switches, they have limited advanced features. If you had 3650/3850 catalyst switches you could use Macsec, which provides hop-by-hop layer 2 encryption. Reference here.

Why do you need to extend the VLANs between the sites? It is considered bad practice. If you purchased 2 routers, you could run a static VTI between the sites to establish a VPN.

HTH

View solution in original post

Rob Ingram · ‎02-24-2020

Hi,

You won't be able to do anything with the Cisco 2960 switches, they have limited advanced features. If you had 3650/3850 catalyst switches you could use Macsec, which provides hop-by-hop layer 2 encryption. Reference here.

Why do you need to extend the VLANs between the sites? It is considered bad practice. If you purchased 2 routers, you could run a static VTI between the sites to establish a VPN.

HTH