Options
Transporting VLANs across Wireless Link
Hi guys
let me pick your brains a little bit.
There are three separate networks:
-Network A (I have full control over this network)
- Network B (run by a contractor, I have oversight/semi-control)
- Network C (run by a third party out of my control)
the way I have it setup right now is:
Local side: Network A/Network B are connected to a switch that is directly connected to the wireless link.
Remote side: 1 switch connected to the wireless link split into two vlans for network A/Network B
Proposed:
network C must also be transported across the wireless link, but there are two firewalls on either end.
example:
Local: one end of the firewall/vpn connects to the switch that is connected to the wireless link.
remote: the other end of the firewall/vpn connection is connected to the split switch in the remote area. and will have a network c switch on the internal side of the firewall.
- I'm currently working with VLANs to separate the networks, but devices connecting to my switches are vpn capable routers
- the ports on either side of the wireless are trunk ports (do i use the native vlan to transport the encrypted traffic)
- is there a better way of doing this ?
restrictions:
The C network is completely out of my hands, all I'm expected to do is provide them with connectivity between their firewalls.
this is the first time im doing this, and if it is sucessful we have a couple of places where we are going to implement this solution.
ive done some googling and searched through these forums but i might be using the wrong keywords or something.
any insight would be appreciated.
let me pick your brains a little bit.
There are three separate networks:
-Network A (I have full control over this network)
- Network B (run by a contractor, I have oversight/semi-control)
- Network C (run by a third party out of my control)
the way I have it setup right now is:
Local side: Network A/Network B are connected to a switch that is directly connected to the wireless link.
Remote side: 1 switch connected to the wireless link split into two vlans for network A/Network B
Proposed:
network C must also be transported across the wireless link, but there are two firewalls on either end.
example:
Local: one end of the firewall/vpn connects to the switch that is connected to the wireless link.
remote: the other end of the firewall/vpn connection is connected to the split switch in the remote area. and will have a network c switch on the internal side of the firewall.
- I'm currently working with VLANs to separate the networks, but devices connecting to my switches are vpn capable routers
- the ports on either side of the wireless are trunk ports (do i use the native vlan to transport the encrypted traffic)
- is there a better way of doing this ?
restrictions:
The C network is completely out of my hands, all I'm expected to do is provide them with connectivity between their firewalls.
this is the first time im doing this, and if it is sucessful we have a couple of places where we are going to implement this solution.
ive done some googling and searched through these forums but i might be using the wrong keywords or something.
any insight would be appreciated.
Comments
-
Options
net_nomad
Member Posts: 15 ■□□□□□□□□□
not even 1 response ... maybe my description is confusing.
im willing to do the work, i just need to be pointed in the right direction.
the two layer 2 networks I can handle, it is the third layer 3 traffic that is worrying me.
im busy in another project but this one is coming up pretty soon.
what in your opinion would make this work or what can i read up on or run on a test network that will solve this ? -
Optionssides14
Member Posts: 113
What type of wireless link (WiFi, Cellular/PCS, Wimax, etc)? Who owns/operates the wireless link?
-
Optionsnet_nomad
Member Posts: 15 ■□□□□□□□□□
ok, i'll work up a diagram of what im talking about.
the wireless part is Ethernet 802.11 Motorola point-point link ... which is already up and running. -
Optionsnet_nomad
Member Posts: 15 ■□□□□□□□□□
image uploading
Networks A and B ive get them running already.
each has a different vlan , and i set the switchport on the wireless as trunk and allow both vlans from A + B.
what im trying to do is include network C, but and provide connectivity between their two firewalls.
my idea
is use the native vlan to transport the ip traffic. and allow it on the trunk
.
is there a better way more secure way of doing things ? -
Options
dead_p00l
Member Posts: 136
I have a few area with similar set ups and that is pretty much how we do everything. either seperated by vlan or in the case of having to pass a 3rd party possibly using a vlan but tagging the port for dot1q tunneling.This is our world now... the world of the electron and the switch, the
beauty of the baud. -
Optionsnet_nomad
Member Posts: 15 ■□□□□□□□□□
thanks alot deadpool, i was just reading up on 802.1q tunelling, it looks like it will solve some other issues I've had and not to mention save me some routers that would have been used.
and for me to get network a+b i had to change the vtp to match, and re-assign vlans. but this tunneling would save me that headache.
but in terms of network c, they are already providing their own vpn tunnel, i have to get them across, the issues that im not sure about is
- unlike networks A and B it is not vlan tagged traffic but encrypted layer-3 traffic
- the ports connected to the wireless are trunk ports (which is why im asking about native vlan )
