Sorry - not familiar with the Cisco range and thought a 2921 was a L2 switch. I now realise it's a router.
So both should work - you could use the 2921 to implement the transit VLAN, or you could use your 'Edit' idea and therefore not create a transit VLAN. As for broadcast traffic, unlikely though it is, a faulty NIC, or a badly behaved or configured app (e.g. Symantec Ghost used improperly) in the remote site's VLAN could flood your WAN link with broadcast traffic - effectively a Denial of Service, making accessing either site from the other one impossible. Arguably a broadcast that generates more than 75Mbps of traffic may also also have rendered your switches at the remote site unusable anyway - particularly if you only have 100Mbps to the desktop - making the fact that they can't use the WAN link a bit moot. Given the option, personally I'd probably route it but you may choose not to for simplicity and never have a problem. There's plenty of far more experienced people than me on here, so maybe they'll add other comments. N. On Wed, May 23, 2012 at 10:53 PM, Michael Paul <[email protected]>wrote: > ** ** > > Hi Nick..**** > > ** ** > > Just to clarify, what should work fine? The original idea or the edit? J** > ** > > ** ** > > Please excuse my ignorance, I am rather new to this field..**** > > ** ** > > Why is the broadcast traffic over my WAN link a downside?**** > > ** ** > > Isn’t the point of broadcast traffic to advertise or locate network > resources?**** > > ** ** > > Thank You,**** > > Michael**** > > ** ** > > ** ** > > ** ** > > *From:* Nick Allen [mailto:[email protected]] > *Sent:* Wednesday, May 23, 2012 2:42 PM > > *To:* Enterasys Customer Mailing List > *Subject:* Re: [enterasys] B3 Routing between VLANs**** > > ** ** > > Makes sense to me Mike and should work fine.**** > > A downside is that any broadcast traffic at your remote site will also be > broadcast over your WAN link.**** > > ** ** > > Hugo's solution - which creates a VLAN solely for the point-to-point link > (a transit VLAN) but which requires L3 capable devices at both ends would > contain those broadcasts within the local VLAN's at each site.**** > > ** ** > > On all our point-to-point links, we use a subnet with a mask of > 255.255.255.248 (/29) which gives you 6 useable IP's on that VLAN. It's > tempting to be frugal and go for a 255.255.255.252 (/30) which only gives > you 2 useable (one for each end), but if you ever add WAN optimisation > devices, then it may require an IP in that subnet.**** > > ** ** > > N.**** > > ** ** > > On Wed, May 23, 2012 at 9:55 PM, Michael Paul <[email protected]> > wrote:**** > > **** > > Hi Hugo..**** > > **** > > Thank you for the information.**** > > **** > > Your post reminded me that I forgot to include something important in my > question. **** > > **** > > On the Main office side I have the B3 switch and a Cisco ASA-5510.**** > > **** > > On the remote location side I have a Cisco 2921 and a Cisco ASA-5505. I > have no L3 switch at the remote location.**** > > **** > > My idea was to set up one of the Cisco 2921 ports to connect to the WAN > link and set up the VLAN and routing between the 2 locations on the B3 > switch located here in the main office.**** > > **** > > Essentially, I want the B3 to “see” the WAN connection as just another > VLAN Ethernet connection. Setting up the routing in the B3 will join the 2 > networks as if they were one.**** > > **** > > Since the remote location internet connection will now be routed through > the main office, I no longer need to worry about firewalls, internet > routing, etc at the remote site.**** > > **** > > Does that make sense?**** > > **** > > Edit: I just realized that I may not even need to use the 2921. The > supplier of the WAN link has told me that the link will be an untagged > VLAN. Since the 3Com L2 switches at the remote location support VLANs, all > I would really need to do would be to connect the WAN connection to a > switch at the remote location and configure the port for the VLAN. Then > configure the port on the B3 for the VLAN and then routing between the 2 > VLANs and then both VLANs should be able to freely communicate. Does this > make more sense? **** > > **** > > Thank You,**** > > Michael**** > > **** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Hugo Veiga > *Sent:* Wednesday, May 23, 2012 1:14 PM > *To:* Enterasys Customer Mailing List > *Subject:* Re: [enterasys] B3 Routing between VLANs**** > > **** > > Hi,**** > > **** > > **** > > Let’s say for example that you have a enterasys core, this will work with > any other equipment that is L3 capable.**** > > **** > > And this is the logical topology:**** > > **** > > Enterasys Core “fe.1.1” ----------------------300 mile (untagged > frames)----------------------“fe.1.1” B3**** > > **** > > Let’s say that you have the IP's 192.168.0.0/16 in the B3**** > > **** > > **** > > You should do P2P routing between your core and the B3.**** > > **** > > So in the core you create a vlan 1000 and put it untagged in the port that > connects to the operator.**** > > **** > > In the core:**** > > Set port vlan fe.1.1 1000 modify-egress**** > > interface vlan 1000**** > > ip address 10.0.0.1 255.255.255.248**** > > no shutdown**** > > Create a route like this:**** > > Route 192.168.0.0 255.255.0.0 10.0.0.2**** > > **** > > In the B3:**** > > Set port vlan fe.1.1 1000 modify-egress**** > > Create the same vlan:**** > > Interface vlan 1000**** > > Ip address 10.0.0.2 255.255.255.248**** > > No shutdown**** > > Create a route like this:**** > > Route 0.0.0.0 0.0.0.0 10.0.0.1 **** > > **** > > Create all the other vlans you want in the B3 and create the interface > vlan for them, the gateway for the computers.**** > > **** > > This should do the trick.**** > > **** > > **** > > Best regards,**** > > Hugo Veiga**** > > **** > > **** > > **** > > 2012/5/23 <[email protected]>**** > > Hi, > > I have not used a B3... but usually, you go into router mode, configure > vlan interfaces, assign them IPs, don't forget "no shutdown", etc. > > Or what are the specific problems that you are expecting with your setup? > > On 23-May-12 18:45, Michael Paul wrote: > > > > I have a B3 switch that I need to enable routing between VLANs. > > > > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected]**** > > **** > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > ** ** > > -- **** > > This e-mail is intended only for the named person or entity to which it is > addressed and**** > > contains valuable business information that is proprietary, privileged, > confidential and/or**** > > otherwise protected from disclosure. If you received this e-mail in error, > any review, use,**** > > dissemination, distribution or copying of this e-mail is strictly prohibited. > Please notify**** > > us immediately of the error via e-mail to [email protected] and > please delete**** > > the e-mail from your system, retaining no copies in any media. We appreciate > your cooperation.**** > > ** ** > > ** ** > > ** ** > > **· ** --To unsubscribe from enterasys, send email to [email protected] > with the body: unsubscribe enterasys [email protected]**** > > **· **** ** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
