Re: OT: VLAN Pairing (maybe on topic....) from marc edwards on 2012-05-15 (Ccielab archives 05/2012)

From: marc edwards <renorider_at_gmail.com>
Date: Tue, 15 May 2012 13:41:44 -0700

Joe:

A little different but similar concept. Take subnet 192.168.1.0/24 for example

VLAN 1 (also SVI 192.168.1.10) ---> (LAN side RB Steelhead inpath 0_0)
--> (WAN side RB Steelhead inpath 0_0) ---> VLAN2 (no svi un routed)
--- (multiple WAN next hops with ip addressing in the 192.168.1.0/24
address space)

It is being used to get all traffic through Riverbed then to other
next hops on the VLAN2.

I have seen a simmilar setup in Cisco IPS but the pair is actually
defined in IPS. I am not sure if Cisco has done away with this as I
hear there are newer inline techniques to add IPS to network.

Your example holds the same premise where 2 VLANs per 1 subnet in
which devices have to cross VLANs to reach a default gatway. Is there
any wrongdoing in this I know it works...but...?

On Tue, May 15, 2012 at 1:17 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
> Marc,
>
> are you referring to the designs like: (all on same L3 switch)
>
> vlan 200 (layer 2 only) -----> inside interface FW --> outside FW interface
> (vlan 200 re-map to vlan 210) --------> vlan 210 L3 SVI
> vlan 3400 (layer 2 only) ------> outside interface IPS ---> inside IPS
> interface vlan 3410 ----> outside FW interface
>
> Not sure is this is what you are speaking of, I just want to get on-point
> first.
>
> JS.
>
> On Tue, May 15, 2012 at 1:27 PM, marc edwards <renorider_at_gmail.com> wrote:
>>
>> I wanted to get some opinions about the habit of 2 VLANS 1 subnet
>> configurations I have seen for IPS sensing (inline) and WAN
>> optimization. Basically causes the switch to constantly ARP for
>> members on the IP'd VLAN. I am not a fan but don't have any technical
>> evidence to back my claims it just isn't right.... Nor really any
>> documentation on this so I can imagine it isn't highly used. Let me
>> know what you think and why. Thanks in advance for commentary.
>>
>> Regards,
>>
>> Marc
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 15 2012 - 13:41:44 ART

This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART