- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-22-2011 06:15 PM
I have a design type question I received from a customer today that I couldn't quite answer. They would like to position the PAN inline on a trunked interface in a vwire type configuration. But based on the traffic tagging they would like to create seperate zones. So basically VLAN100-IN and VLAN100-OUT, VLAN200-IN VLAN200-OUT ect ect, all on the same vwire. From what I can tell you can only specifiy what vlans that vwire will carry and I can only assign two zones per physical interface on the vwire.
Would this be a situation that you would use Layer2 subinterfaces?
Thanks for the help, I tried doing some research so far without any clear answers. Before I lab it up, it would be nice to know I'm giong the right direction.
08-22-2011 07:34 PM
@Rob:
that looks like it would work.
there is no need to assign vlan interfaces. keep it all in layer2 so that it is easier to debug and maintain.
-Benjamin
08-22-2011 06:19 PM
@rob:
you are correct. layer 2 subinterfaces would be a good approach to use in this scenario.
-Benjamin
08-22-2011 06:34 PM
Benjamin,
Can you please quickly validate this design, it would save me some lab time =].
So, I would have the PAN connected between the two switches via two L2 physical interfaces (Switch A > PAN Ethernet 1/1 and Switch B > PAN Ethernet 1/2). These interfaces would then be configured with L2 subinterfaces per VLAN and would be assigned a zone. For example ethernet 1/1.10 tagged vlan 10 (Assigned VLAN10-INSIDE zone), and then 1/2.10 tagged vlan 10 (Assigned VLAN10-OUTSIDE zone) ect ect for each vlan I want to configure?
Also, do I need to assign those subinterfaces to vlan interfaces or can I leave it as none if I didn't want to route the traffic. I would like to keep it all layer 2 between the two switches if possible.
Thanks again for the help and quick response!
08-22-2011 07:34 PM
@Rob:
that looks like it would work.
there is no need to assign vlan interfaces. keep it all in layer2 so that it is easier to debug and maintain.
-Benjamin
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!