[c-nsp] L2/L3 configuration question
Andre Beck
cisco-nsp at ibh.net
Tue May 10 12:29:47 EDT 2005
On Tue, May 10, 2005 at 07:54:18AM -0500, Tim Winders wrote:
>
> I considered this simple setup, but I was told that one should never pass
> "real" traffic through the management VLAN1. Is that really not the case?
There are good reasons for this rule, but they apply to situations where
VLANs are spanning switches. They don't do so here, you're just doing
a trivial GE-2-GE Bridge which from a blackbox point of view doesn't
know anything about VLANs, 802.1Q or thelikes. You need a simple single
broadcast domain, and in that manner, any VLAN will suffice. It's actually
the very reason why there *is* a default VLAN. If you would want to span
a management VLAN to the 3508, things were different. But given that the
6509s can have routed interfaces and VTY security of the 3508 can be
controled with ACLs, I don't see any reason to do so if you don't need
it as a feature of traffic separation etc. Just see it as two remote
routers plugged into a central switch to establish a transit net.
> I am not running HSRP. The two 6509/Sup720s are in two different cities. I
> was unable to get dark fiber between the two locations, so the switch in the
> middle is sitting in the CO where I am given a GigE connection going out to
> each of my pieces of equipment.
A GigE what? LX? SX? T? Not the slightest chance to just couple them
directly? Maybe involving a media converter? Not that I prefered the
latter above a manageable switch...
> It's a long, stupid political reason. No technical reason why I was
> unable to connect the two switches directly together.
Yeah, those Layer 8+ problems...
--
The _S_anta _C_laus _O_peration
or "how to turn a complete illusion into a neverending money source"
-> Andre Beck +++ ABP-RIPE +++ IBH Prof. Dr. Horn GmbH, Dresden <-
More information about the cisco-nsp
mailing list