Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

vwire with "zoned" vlans

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

vwire with "zoned" vlans

L3 Networker

I have a design type question I received from a customer today that I couldn't quite answer. They would like to position the PAN inline on a trunked interface in a vwire type configuration. But based on the traffic tagging they would like to create seperate zones. So basically VLAN100-IN and VLAN100-OUT, VLAN200-IN VLAN200-OUT ect ect, all on the same vwire. From what I can tell you can only specifiy what vlans that vwire will carry and I can only assign two zones per physical interface on the vwire.

Would this be a situation that you would use Layer2 subinterfaces?

Thanks for the help, I tried doing some research so far without any clear answers. Before I lab it up, it would be nice to know I'm giong the right direction. 

1 accepted solution

Accepted Solutions

@Rob:

that looks like it would work.

there is no need to assign vlan interfaces. keep it all in layer2 so that it is easier to debug and maintain.

-Benjamin

View solution in original post

3 REPLIES 3

L6 Presenter

@rob:

you are correct. layer 2 subinterfaces would be a good approach to use in this scenario.

-Benjamin

Benjamin,

Can you please quickly validate this design, it would save me some lab time =].

So, I would have the PAN connected between the two switches via two L2 physical interfaces (Switch A > PAN Ethernet 1/1 and Switch B > PAN Ethernet 1/2). These interfaces would then be configured with L2 subinterfaces per VLAN and would be assigned a zone. For example ethernet 1/1.10  tagged vlan 10 (Assigned VLAN10-INSIDE zone), and then 1/2.10 tagged vlan 10 (Assigned VLAN10-OUTSIDE zone) ect ect for each vlan I want to configure?

Also, do I need to assign those subinterfaces to vlan interfaces or can I leave it as none if I didn't want to route the traffic. I would like to keep it all layer 2 between the two switches if possible.

Thanks again for the help and quick response!

@Rob:

that looks like it would work.

there is no need to assign vlan interfaces. keep it all in layer2 so that it is easier to debug and maintain.

-Benjamin

  • 1 accepted solution
  • 3204 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!