[c-nsp] L2TPv3 and Filtering
Leif Sawyer
lsawyer at gci.com
Tue Apr 8 14:50:09 EDT 2008
Jeffrey Ollie writes:
> I have two 2811 routers that I'm setting up to bridge a L2
> VLAN across our WAN to support some POS systems that need to
> be on the same L2 VLAN. I've gotten a L2TPv3 tunnel set up
> between the routers and passing packets. However, I'd like
> to add an access list to prevent traffic like OSPF, PIM, and
> DHCP from passing across the tunnel.
> [...]
> Should I be using something other than L2TPv3?
Well, no. But in addition and in-line you should be using
something like a cheap 1RU server with linux installed on it.
ip bridging and ebtools will allow you to create an L2-fw
that can act on L3 packets.
it doesn't take a powerful box at all. even a p2-300 works fine.
[ VLAN i/f ] -> L2fw -> [ L2tpv3 ] <--- wan ---> [ L2tpv3 ]
make sense?
More information about the cisco-nsp
mailing list