Take it back. I googled VLAN pairing and many results. happy reading.
I am indifferent but if there is no harm than no foul.
On Tue, May 15, 2012 at 7:40 PM, marc edwards <renorider_at_gmail.com> wrote:
> Thanks for input. Good to hear some insight. hard to dig anything up
> in google. this will make the top of the query :)
>
> On Tue, May 15, 2012 at 2:10 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
>> Well, as far as the RB product line... there are multiple scenarios, but
>> from the perspective of what we are talking about as long as your not
>> spanning the L2 vlan across the eCampus I don't see any problems with these
>> setups.
>>
>> In fact, We deployed this model in a recent Data Center design were the each
>> major distribution blocked was divided into zones based on security with a
>> Active/Standby Firewalls configured with vPC links to the distribution block
>> and the Firewalls configured in Transparent Mode with VLAN remapping much
>> like what I listed in my previous email. Unless you are to PBR to source
>> route the traffic or WCCP there isn't much you can do to get your traffic
>> through your desired device. But, again I haven't seen every network design
>> and or topology, so like you I hope to hear from the rest of the group on
>> their thoughts.
>>
>> JS.
>>
>> On Tue, May 15, 2012 at 3:41 PM, marc edwards <renorider_at_gmail.com> wrote:
>>>
>>> Joe:
>>>
>>> A little different but similar concept. Take subnet 192.168.1.0/24 for
>>> example
>>>
>>>
>>> VLAN 1 (also SVI 192.168.1.10) ---> (LAN side RB Steelhead inpath 0_0)
>>> --> (WAN side RB Steelhead inpath 0_0) ---> VLAN2 (no svi un routed)
>>> --- (multiple WAN next hops with ip addressing in the 192.168.1.0/24
>>> address space)
>>>
>>> It is being used to get all traffic through Riverbed then to other
>>> next hops on the VLAN2.
>>>
>>> I have seen a simmilar setup in Cisco IPS but the pair is actually
>>> defined in IPS. I am not sure if Cisco has done away with this as I
>>> hear there are newer inline techniques to add IPS to network.
>>>
>>> Your example holds the same premise where 2 VLANs per 1 subnet in
>>> which devices have to cross VLANs to reach a default gatway. Is there
>>> any wrongdoing in this I know it works...but...?
>>>
>>> On Tue, May 15, 2012 at 1:17 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
>>> > Marc,
>>> >
>>> > are you referring to the designs like: (all on same L3 switch)
>>> >
>>> > vlan 200 (layer 2 only) -----> inside interface FW --> outside FW
>>> > interface
>>> > (vlan 200 re-map to vlan 210) --------> vlan 210 L3 SVI
>>> > vlan 3400 (layer 2 only) ------> outside interface IPS ---> inside IPS
>>> > interface vlan 3410 ----> outside FW interface
>>> >
>>> > Not sure is this is what you are speaking of, I just want to get
>>> > on-point
>>> > first.
>>> >
>>> > JS.
>>> >
>>> > On Tue, May 15, 2012 at 1:27 PM, marc edwards <renorider_at_gmail.com>
>>> > wrote:
>>> >>
>>> >> I wanted to get some opinions about the habit of 2 VLANS 1 subnet
>>> >> configurations I have seen for IPS sensing (inline) and WAN
>>> >> optimization. Basically causes the switch to constantly ARP for
>>> >> members on the IP'd VLAN. I am not a fan but don't have any technical
>>> >> evidence to back my claims it just isn't right.... Nor really any
>>> >> documentation on this so I can imagine it isn't highly used. Let me
>>> >> know what you think and why. Thanks in advance for commentary.
>>> >>
>>> >> Regards,
>>> >>
>>> >> Marc
>>> >>
>>> >>
>>> >> Blogs and organic groups at http://www.ccie.net
>>> >>
>>> >> _______________________________________________________________________
>>> >> Subscription information may be found at:
>>> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 15 2012 - 19:43:39 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART