That's the plan, I just have to configure it which I was supposed to do today but haven't yet.
-Mike -----Original Message----- From: Matt Hill [mailto:[email protected]] Sent: Tuesday, November 03, 2009 2:33 PM To: Michael Lipsey Cc: Joe Astorino; [email protected] Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites Didn't you say you had a WLC somewhere? Set up guest access on a new SSID with web auth on that then you wont need to worry about anything... Or am I totally missing the plot here? We do this all the time for contractor etc access for our clients. Cheers, Matt CCIE #22386 CCSI #31207 2009/11/4 Michael Lipsey <[email protected]>: > Thats basically the problem. At this site there is no vlan that has > internet access. We cant get DSL or Cable at the site and they arent > willing (and it wouldnt be appropriate) to pay for a dedicated circuit for > the internet. Its unusual for it to be needed anyway. > > > > With no vlan like that present, I need to provide some access at the site. I > think the LWAPP AP homed to a controller at a site that HAS a guest VLAN and > an SSID on it will do the trick. > > > > -mike > > > > From: Joe Astorino [mailto:[email protected]] > Sent: Tuesday, November 03, 2009 8:13 AM > > To: Michael Lipsey > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > > > I thought the idea was that you needed internet access only at the other > site correct? I am saying you could create a VLAN that only allows internet > access in your enterprise, then setup 802.1x such that when people do not > authenticate or fail authentication they are placed into that VLAN with only > internet access. Maybe I am misunderstanding the goal. > > On Tue, Nov 3, 2009 at 10:29 AM, Michael Lipsey <[email protected]> > wrote: > > Guest VLAN to where? > > > > From: Joe Astorino [mailto:[email protected]] > Sent: Monday, November 02, 2009 10:40 PM > To: Michael Lipsey > > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > > > hmmmmm...how about an 802.1x guest vlan? > > On Mon, Nov 2, 2009 at 11:17 PM, Michael Lipsey <[email protected]> > wrote: > > Alright; so the original solution requirements were that I needed to get our > Internet VLAN into a location that doesn't have access to the Internet > locally for a 3rd party to have access without really using our network. > > I have an Internet VLAN at a few other locations; true to form my first > instinct is complicated. > > The simple solution is just that, these folks wanted access that was > wireless to. We have wireless lan controllers AND guest access through them. > I can put a LWAPP AP at the location and only publish the guest VLAN (which > only has access to the Internet) on the AP. > > Problem solved. > > The other options sure sounded interesting though. > > -mike > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > > Sent: Monday, November 02, 2009 4:00 PM > To: [email protected]; [email protected] > Cc: [email protected] > > Subject: RE: [OSL | CCIE_RS] Routing a VLAN between sites > > Disregard, I didn't see the post about being you connecting to a > carrier's MPLS cloud. > > How about EoMPLS? You should be able to tunnel it through your carrier. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Tuesday, November 03, 2009 8:40 AM > To: [email protected]; [email protected] > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > How about IRB bridging across? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Matt Hill > Sent: Tuesday, November 03, 2009 8:38 AM > To: Michael Lipsey > Cc: [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > That sounds rather odd. Two distinct sites in the same subnet? Apart > from the tunneling already mentioned, I hope you have mammoth bandwidth > because all your servers/hosts will think they are on the same LAN! > > If you do, I am sure you can ask the ISP to provide the tunneling for > you. Ask for l2 VPN ax opposed to l3 VPN. > > Sent from my iPhone > > On 03/11/2009, at 10:32, "Michael Lipsey" <[email protected]> > wrote: > > > > The goal I've been told to meet is that VLAN X in location Y > must also exist in Location Z. Same subnet, etc. > > > > The two locations are interconnected via IP. > > > > I've looked at all I can think to look at regarding GRE tunnels > but the whole 'transport of a vlan' over one just has not jumped up and > bit me yet. So any links you can provide (Adam) to get me in that > direction would be helpful. > > > > Like I mentioned earlier, I know about L2TPv3 but can't use it > due to code limitations on these 6500s. Unfortunately right now a code > upgrade isn't going to work. My other option is to simply implement a > VPN between the sites with the users plugging into a vlan I make up over > there and then VPN them over to location Y and do a translation to get > them where they need to be. It's actually pretty simple to set that up > and I'm reasonably sure that it will meet all the needs. > > > > Right now I'm trying to remember where in the Docs the 'tunnels' > are... > > > > -Mike > > > > > > > > From: Joe Astorino [mailto:[email protected]] > Sent: Monday, November 02, 2009 3:25 PM > To: Michael Lipsey > Cc: Adam Frederick; <mailto:[email protected]> > [email protected] > Subject: Re: [OSL | CCIE_RS] Routing a VLAN between sites > > > > What exactly do you mean "provide access to" ??? If you just > need people at the other site to be able to access devices on that VLAN > simple routing will do just fine. If you want devices on both sides to > be part of the same actual layer 2 broadcast domain, that is a job for > something like L2TPv3 like you said. > > On Mon, Nov 2, 2009 at 5:58 PM, Michael Lipsey < > <mailto:[email protected]> [email protected]> wrote: > > Between the two sites I would consider it 'IP' as far as the > logical topology. The actual topology is that we have an ISP that > provides us connectivity between sites via their MPLS cloud. We are > completely CE however. > > > > -Mike > > > > From: Adam Frederick [mailto: > <mailto:[email protected]> [email protected]] > Sent: Monday, November 02, 2009 2:52 PM > To: Michael Lipsey > Subject: RE: [OSL | CCIE_RS] Routing a VLAN between sites > > > > What is between the 2 sites? (I.e. WAN, Fiber, Internet) > > > > ________________________________ > > From: <mailto:[email protected]> > [email protected] [mailto: > <mailto:[email protected]> > [email protected]] On Behalf Of Michael Lipsey > Sent: Monday, November 02, 2009 5:32 PM > To: <mailto:[email protected]> > [email protected] > Subject: [OSL | CCIE_RS] Routing a VLAN between sites > > > > I've got a little situation in my production environment. I've > got a VLAN at one location that I need to provide access to from another > location. Basically I need to tunnel the VLAN over IP. It is IP between > both sites and the two end points are 6500s running 12.2.SX code. > > > > I had been looking into L2TPv3 but my code doesn't appear to > support that. > > > > Any other ideas? > > > > Thought this might be a good place to ask... > > > > -mike > > > CONFIDENTIALITY NOTICE: This electronic transmission (including > files attached hereto) is intended only for the use > of the individual or entity named above. If the reader of this > message is not the intended recipient, you are hereby > notified that any disclosure, dissemination, copying, > distribution or taking of any action in reliance on the contents > of this confidential information is strictly prohibited. If you > have received this communication in error, please > destroy it and immediately notify us by return email. Thank > you. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab > training, please visit <http://www.ipexpert.com> www.ipexpert.com > > > > > -- > Regards, > > Joe Astorino CCIE #24347 (R&S) > Sr. Technical Instructor - IPexpert > Mailto: <mailto:[email protected]> [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: <http://www.ipexpert.com/chat> > www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco > CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, > Security & Service Provider) Certification Training with locations > throughout the United States, Europe and Australia. Be sure to check out > our online communities at <http://www.ipexpert.com/communities> > www.ipexpert.com/communities and our public website at > <http://www.ipexpert.com> www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab > training, please visit <http://www.ipexpert.com> www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > -- > Regards, > > Joe Astorino CCIE #24347 (R&S) > Sr. Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > -- > Regards, > > Joe Astorino CCIE #24347 (R&S) > Sr. Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
