[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Trans.: Re: [afnog] Oposite of VPN ?
- To: "'Mohamadi ZONGO'" <mzongo at zcp.bf>, <afnog at afnog.org>
- Subject: RE: Trans.: Re: [afnog] Oposite of VPN ?
- From: "Mark Tinka" <mtinka at africaonline.co.ug>
- Date: Tue, 19 Aug 2003 10:51:47 +0300
- Content-Transfer-Encoding: quoted-printable
- Content-Type: text/plain;charset="utf-8"
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog at afnog.org
- Importance: Normal
- In-Reply-To: <1061227712.3f410cc0a8e2f at webmail.zcp.bf>
- List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
- List-Help: <mailto:afnog-request at afnog.org?subject=help>
- List-Id: The AfNOG general discussion list <afnog.afnog.org>
- List-Post: <mailto:afnog at afnog.org>
- List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
- List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
- Organization: Africa Online Uganda Limited
- Reply-To: mtinka at africaonline.co.ug
- Sender: afnog-bounces at afnog.org
afnog-bounces at afnog.org wrote:
> A forward (to afnog) this mail , sent only to Brian by inadvertance!
> sorry Brian, you will receive this mail twice!
>
> tanks a lot to all of you in this list working to make each other life
> easier.
>
> ---
> Mohamadi ZONGO
>
> ----- Message transfr de Mohamadi ZONGO <mzongo at zcp.bf> -----
> Date : Mon, 18 Aug 2003 15:23:30 +0000
> De : Mohamadi ZONGO <mzongo at zcp.bf>
> Adresse de retour :Mohamadi ZONGO <mzongo at zcp.bf>
> Sujet : Re: [afnog] Oposite of VPN ?
> : Brian Candler <B.Candler at pobox.com>
>
> Tanks Brian for this quick response.
>
> I am going to setup this.
> Another question :
> In the mean time i was reading a lot of paper talking about VLAN on
> switches, an howto do inter VLAN communication. Almost all these
> paper are from cisco explanning howto do this with cisco routers an
> cisco catalyst switches.
>
> I am rather using cisco routers (2611, 1600 and 1000) and DLINK
> switches (Dlink 3624i)
> If Someone here already experiment or know about inter vlan
> communication with cisco router and switches other than cisco's one,
> i will apreciate his/here advice.
>
> Tanks in advance
Well, looking at D-Link's website, I assume you are talking about the DES-3624i 'managed' switch. You are in luck, because you can do inter-VLAN switching with this switch.
Just remember that because you are going to use Cisco routers with non-Cisco switches, you will want to maintain the use of standards-based protocols. For inter-VLAN switching, you will go for IEEE's 802.1Q VLAN protocol. Also, to prevent recurring paths [switching loops] at Layer 2, use IEEE's 802.1D STP, since switches/bridges can't decrement TTLs like routers can.
However, looking at your routers, I don't seem to see any that supports a FastEthernet configuration by default. IIRC, VLAN trunking requires a port to operate at 100Mbps. I know ISL can run on 10Mbps trunk ports, but the limited bandwidth and other considerations make it rather impractical. Just to be safe, you might want to upgrade to FastEthernet ports.
The actual implementation of these protocols and features is slightly different with each vendor, although the end result is achieved. For this, you may want to consult the product manuals, or download any PDFs, if available, from your vendor's website.
Once your VLANs are created, you can multiplex all of them on a trunk port to which your router is connected. Of course, you will need to configure FastEthernet subinterfaces to represent each VLAN that needs to cross the trunk port.
Also, a very important note to remember, VLAN trunking is usually available, at a minimum, on the IP PLUS featureset of Cisco's IOS images. I haven't yet come across one of the basic IP image that support this. IP PLUS images will usually require more flash and more memory. A quick look says IP PLUS for 12.2 on 2611 requires 16MB Flash and 64MB RAM. Of course, lower major IOS version in the same category may require less resources. You will have to do some digging.
If you can't upgrade memory and flash at the same time, you could run the IOS image of a TFTP server. The only problem with this is that FastEthernet subinterfaces are logical/software interfaces, and are not seen by the router until the IOS has successfully and fully loaded. This means that booting off a TFTP will only work if you have IP processing enabled on the major interface as well as the FastEthernet subinterfaces, which could be a bit crude :-), since the Bootstrap will only load the driver for the major interface to allow a TFTP download, and not the FastEthernet subinterfaces themselves.
If you do decide to boot off TFTP server, remember the STP will need to converge each port through various transitions to ensure no loop occurs once the port is in forwarding mode. During this time, communications between your router and the TFTP server will timeout. To solve this, you will need to disable STP on the specific port you have connected your router to. This will allow the port to transition to forwarding state immediately.
Okay, let me stop here... I could go on and on :-) {/sbin/halt}
Regards,
Mark Tinka - CCNP
Network Engineer, Africa Online Uganda
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>