I thought the idea was that you needed internet access only at the other site correct? I am saying you could create a VLAN that only allows internet access in your enterprise, then setup 802.1x such that when people do not authenticate or fail authentication they are placed into that VLAN with only internet access. Maybe I am misunderstanding the goal.
On Tue, Nov 3, 2009 at 10:29 AM, Michael Lipsey <[email protected]>wrote: > Guest VLAN to where? > > > > *From:* Joe Astorino [mailto:[email protected]] > *Sent:* Monday, November 02, 2009 10:40 PM > *To:* Michael Lipsey > > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_RS] Routing a VLAN between sites > > > > hmmmmm...how about an 802.1x guest vlan? > > On Mon, Nov 2, 2009 at 11:17 PM, Michael Lipsey <[email protected]> > wrote: > > Alright; so the original solution requirements were that I needed to get > our > Internet VLAN into a location that doesn't have access to the Internet > locally for a 3rd party to have access without really using our network. > > I have an Internet VLAN at a few other locations; true to form my first > instinct is complicated. > > The simple solution is just that, these folks wanted access that was > wireless to. We have wireless lan controllers AND guest access through > them. > I can put a LWAPP AP at the location and only publish the guest VLAN (which > only has access to the Internet) on the AP. > > Problem solved. > > The other options sure sounded interesting though. > > -mike > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] > > Sent: Monday, November 02, 2009 4:00 PM > To: [email protected]; [email protected] > Cc: [email protected] > > Subject: RE: [OSL | CCIE_RS] Routing a VLAN between sites > > Disregard, I didn't see the post about being you connecting to a > carrier's MPLS cloud. > > How about EoMPLS? You should be able to tunnel it through your carrier. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Tuesday, November 03, 2009 8:40 AM > To: [email protected]; [email protected] > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > How about IRB bridging across? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Matt Hill > Sent: Tuesday, November 03, 2009 8:38 AM > To: Michael Lipsey > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > That sounds rather odd. Two distinct sites in the same subnet? Apart > from the tunneling already mentioned, I hope you have mammoth bandwidth > because all your servers/hosts will think they are on the same LAN! > > If you do, I am sure you can ask the ISP to provide the tunneling for > you. Ask for l2 VPN ax opposed to l3 VPN. > > Sent from my iPhone > > On 03/11/2009, at 10:32, "Michael Lipsey" <[email protected]> > wrote: > > > > The goal I've been told to meet is that VLAN X in location Y > must also exist in Location Z. Same subnet, etc. > > > > The two locations are interconnected via IP. > > > > I've looked at all I can think to look at regarding GRE tunnels > but the whole 'transport of a vlan' over one just has not jumped up and > bit me yet. So any links you can provide (Adam) to get me in that > direction would be helpful. > > > > Like I mentioned earlier, I know about L2TPv3 but can't use it > due to code limitations on these 6500s. Unfortunately right now a code > upgrade isn't going to work. My other option is to simply implement a > VPN between the sites with the users plugging into a vlan I make up over > there and then VPN them over to location Y and do a translation to get > them where they need to be. It's actually pretty simple to set that up > and I'm reasonably sure that it will meet all the needs. > > > > Right now I'm trying to remember where in the Docs the 'tunnels' > are... > > > > -Mike > > > > > > > > From: Joe Astorino [mailto:[email protected]] > Sent: Monday, November 02, 2009 3:25 PM > To: Michael Lipsey > Cc: Adam Frederick; <mailto:[email protected]> > [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > > > What exactly do you mean "provide access to" ??? If you just > need people at the other site to be able to access devices on that VLAN > simple routing will do just fine. If you want devices on both sides to > be part of the same actual layer 2 broadcast domain, that is a job for > something like L2TPv3 like you said. > > On Mon, Nov 2, 2009 at 5:58 PM, Michael Lipsey < > <mailto:[email protected]> [email protected]> wrote: > > Between the two sites I would consider it 'IP' as far as the > logical topology. The actual topology is that we have an ISP that > provides us connectivity between sites via their MPLS cloud. We are > completely CE however. > > > > -Mike > > > > From: Adam Frederick [mailto: > <mailto:[email protected]> [email protected]] > Sent: Monday, November 02, 2009 2:52 PM > To: Michael Lipsey > Subject: RE: [OSL | CCIE_RS] Routing a VLAN between sites > > > > What is between the 2 sites? (I.e. WAN, Fiber, Internet) > > > > ________________________________ > > From: <mailto:[email protected]> > [email protected] [mailto: > <mailto:[email protected]> > [email protected]] On Behalf Of Michael Lipsey > Sent: Monday, November 02, 2009 5:32 PM > To: <mailto:[email protected]> > [email protected] > Subject: [OSL | CCIE_RS] Routing a VLAN between sites > > > > I've got a little situation in my production environment. I've > got a VLAN at one location that I need to provide access to from another > location. Basically I need to tunnel the VLAN over IP. It is IP between > both sites and the two end points are 6500s running 12.2.SX code. > > > > I had been looking into L2TPv3 but my code doesn't appear to > support that. > > > > Any other ideas? > > > > Thought this might be a good place to ask... > > > > -mike > > > CONFIDENTIALITY NOTICE: This electronic transmission (including > files attached hereto) is intended only for the use > of the individual or entity named above. If the reader of this > message is not the intended recipient, you are hereby > notified that any disclosure, dissemination, copying, > distribution or taking of any action in reliance on the contents > of this confidential information is strictly prohibited. If you > have received this communication in error, please > destroy it and immediately notify us by return email. Thank > you. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab > training, please visit <http://www.ipexpert.com> www.ipexpert.com > > > > > -- > Regards, > > Joe Astorino CCIE #24347 (R&S) > Sr. Technical Instructor - IPexpert > Mailto: <mailto:[email protected]> [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: <http://www.ipexpert.com/chat> > www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco > CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, > Security & Service Provider) Certification Training with locations > throughout the United States, Europe and Australia. Be sure to check out > our online communities at <http://www.ipexpert.com/communities> > www.ipexpert.com/communities and our public website at > <http://www.ipexpert.com> www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab > training, please visit <http://www.ipexpert.com> www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > Regards, > > Joe Astorino CCIE #24347 (R&S) > Sr. Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > -- Regards, Joe Astorino CCIE #24347 (R&S) Sr. Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
