1748182 Members
3466 Online
108759 Solutions
New Discussion

Vlan question

 
Danniel_Simoni
Occasional Contributor

Vlan question

Hello all.  I have a new 2810 running N.11.52

 

Our MPLS vendor has set up two VLANs to deliver access to their cloud.  My CPE will be a firewall cluster.  So, for these two VLANs, there will be 3 arms into it - the VLANs are id 300 and 310:

 

Arms

  • The vendors ethernet handoff - port 1
  • our cluster 1 member - port 2
  • our HA cluster 2 member - port 3

so this is the config i came up with:

 

vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 192.168.253.224 255.255.255.0
exit
vlan 300
name "VLAN300"
tagged 1-3
exit
vlan 310
name "VLAN310"
tagged 1-3
exit

 

This is first time I've done VLANs, am i missing anything, seemed to work in the lab...

 

thank you.

 

Danny

1 REPLY 1
Vince_Whirlwind
Trusted Contributor

Re: Vlan question

The way I think about VLANs is this: the physical connection is a pipe, the VLANs are colour-coded bits of string running through the pipe. If you have Red string going in at one end, you need to have Red string coming out at the other.

 

So, it seems you have two firewalls each connecting to a switch and the switch has a single connection to the ISP.

 

From your switch configuration, it seems that your "pipes" for all three of these connections will be identical:

VLAN1 untagged + VLAN 300 tagged + VLAN310 tagged.

 

Effectively, you have 3 routed network connections extending from the firewalls through the switch on to (or through) the ISP.