I would like some input on a potential design implementation
We have a fairly large client that is in a hub and spoke configuration that has 7 remote sites. Currently, each spoke is behind its own firewall which has an IPsec tunnel back to the hub. Without prior warning, the client has initiated a contract with Comcast to transition to Metro-E
For those who are unfamiliar, the Metro-E conversion will connect each spoke back to the hub in such a way that it operates in the same broadcast domain(L2) noting that the hub sites networking equipment can accommodate the additional load.
What I would like to do is for each remote site create VLANs as required in the hub network. This way each remote site retains its subnet and I can reduce the amount of change to the remote site's network as a whole. I believe if I can do this successfully the complexity of the project will be much more manageable.
I plan on doing this by configuring each spoke sites Native VLAN with the VLAN associated with that site at the hub. The potential problem that I see is that each spoke site is terminated to a single demarc device at the hub location. What this means is that a single cable/port on the hub core switch will be responsible for the 7 spoke sites.
If each remote site was connected to a different switch port I could very simply make that port untagged on the hub core switch and continue on with little extra configuration.
My question is on the hub switch port can I tag each VLAN and have the switch at each remote location remain untagged.
HUB Switch VLAN 1(Hub Native VLAN): untagged
VLAN 10(Hub Corp Wifi): Tagged
VLAN 20(Hub Guest wifi):Tagged
VLAN 30(remote site #1): tagged ------------> Spoke switch PVID 30
VLAN 40(remote site #2): tagged ------------> Spoke switch PVID 40
Any input would be greatly appreciated as I am really trying to avoid moving 7 sites into a whole other subnet.
No comments:
Post a Comment