[c-nsp] Tunnels with VLANs

Tim Winders twinders at southplainscollege.edu
Tue Aug 2 17:28:47 EDT 2005 

I have a network with physical connections as such:

6509(3)-C3508G-6509(2)-C3550-6509(1)
          |                    |
          |                 Firewall
          |                    |
        12000                7507
          |                    |
          |                    |
       wireless -\/-----\/- wireless


I do not own the 12000 nor the C3550.  The C3508G is colocated in a facility
with the 12000, but due to location restrictions, I cannot put in a router,
it can ONLY be a L2 switch.

The 6509's all have Sup720 running native IOS.  6509(1) is in its own VTP
domain.  The C3550 is L2 only.  There is a routed port in 6509(1) that
connects to a routed port in 6509(2).

6509(3) and 6509(2) are in the same VTP domain.  They each have a trunk
interface connected to a trunk interface on the C3508G.  There are VLAN
interfaces that route traffic between the different VLANs in the VTP domain.

The wireless connection is a local regional wireless network.  We have a
connection to this through our 7507 gateway.  We have recently been
connected to this wireless network through a L2 port on the 12000.

We only want external traffic to come into our network through the 7507 and
Firewall behind it.

We want to create tunnels between the 6509(3)/6509(1) pair and the 6509(2)
and 6509(1) pairs of routers so that if any of the connections between those
routers go down, we will have an alternate path for routing.

The VLAN interfaces on the 6509(2), 6509(3) and the FE interface on the 7507
will all be in the same /28 subnet on the wireless network.

I think we need to establish an IPSec/GRE tunnel between each of these
router pairs, but I need to ensure the tunnel goes across the wireless link.
I have only done GRE tunnels on physical interfaces.  I don't know if this
can be done over a VLAN interface, but I don't know why not.

Is what I want to do possible?

---

Tim Winders
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336 

Problem replying to my email?  Click the "Sign" button in the OE toolbar or,
better yet, get your own FREE Personal E-Mail Digital ID:
http://www.thawte.com/email/index.html

More information about the cisco-nsp mailing list