Besides seeing the MAC on two different VLANs, I haven't seen a negative impact with this approach. It actually lets you cut an inline device in and out of line with access port change. In the SMB space, not all of these devices fail open.
Sent from handheld
On May 15, 2012, at 4:44 PM, "marc edwards" <renorider_at_gmail.com> wrote:
> Joe:
>
> A little different but similar concept. Take subnet 192.168.1.0/24 for example
>
>
> VLAN 1 (also SVI 192.168.1.10) ---> (LAN side RB Steelhead inpath 0_0)
> --> (WAN side RB Steelhead inpath 0_0) ---> VLAN2 (no svi un routed)
> --- (multiple WAN next hops with ip addressing in the 192.168.1.0/24
> address space)
>
> It is being used to get all traffic through Riverbed then to other
> next hops on the VLAN2.
>
> I have seen a simmilar setup in Cisco IPS but the pair is actually
> defined in IPS. I am not sure if Cisco has done away with this as I
> hear there are newer inline techniques to add IPS to network.
>
> Your example holds the same premise where 2 VLANs per 1 subnet in
> which devices have to cross VLANs to reach a default gatway. Is there
> any wrongdoing in this I know it works...but...?
>
> On Tue, May 15, 2012 at 1:17 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
>> Marc,
>>
>> are you referring to the designs like: (all on same L3 switch)
>>
>> vlan 200 (layer 2 only) -----> inside interface FW --> outside FW interface
>> (vlan 200 re-map to vlan 210) --------> vlan 210 L3 SVI
>> vlan 3400 (layer 2 only) ------> outside interface IPS ---> inside IPS
>> interface vlan 3410 ----> outside FW interface
>>
>> Not sure is this is what you are speaking of, I just want to get on-point
>> first.
>>
>> JS.
>>
>> On Tue, May 15, 2012 at 1:27 PM, marc edwards <renorider_at_gmail.com> wrote:
>>>
>>> I wanted to get some opinions about the habit of 2 VLANS 1 subnet
>>> configurations I have seen for IPS sensing (inline) and WAN
>>> optimization. Basically causes the switch to constantly ARP for
>>> members on the IP'd VLAN. I am not a fan but don't have any technical
>>> evidence to back my claims it just isn't right.... Nor really any
>>> documentation on this so I can imagine it isn't highly used. Let me
>>> know what you think and why. Thanks in advance for commentary.
>>>
>>> Regards,
>>>
>>> Marc
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 15 2012 - 20:56:01 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART