3 Replies Latest reply on Feb 20, 2013 1:07 PM by noor

    Moving from VPN to Comcast Ethernet Ciruit

    scoace New Member

      I have a customer that has one main site and five remote sites and all have Netvanta 3448 routers, we have Comcast at all locations and site to site VPN back to main site. We are cutting over to Comcast Ethernet circuit which I'm told looks like a switch to me so VPN is going away. The Comcast which we have now, will stay for internet access for each office.

      Main Site Private Lan : 192.168.100.0

      Remote Site Hanover: 192.168.6.0

      Remote Ste Shrewsbury: 192.168.7.0

      Remote Site E. Market: 192.168.11.0

      Remote Site Shiloh: 192.168.8.0

      Remote Site Lancaster: 192.168.9.0

       

      I'm not sure how to do it, is VLAN Routing the way to go?

       

      I'm trying to do a Lab in my Office using a Netvanta 1335 and Netvanta 3120 trying to do VLAN Routing but where is no option for 802.1Q and the write up said both routers will support VLAN routing.

       

      Can you tell what the best way, to connect a Ethernet circuit?

        • Re: Moving from VPN to Comcast Ethernet Ciruit
          levi Employee

          scoace:

           

          Thank you for asking this question in the support community.  There are several ways this design can be implemented, but in large part it depends on the ISP's requirements. 

           

          One common configuration is to simply have a WAN IP address and subnet configured on the Ethernet port connected to the ISP's network.  This configuration does not need VLANs or trunking configured; only an IP address, subnet mask, and default-route are required for this network design.

           

          Typically, for metro-Ethernet connections such as the one you described, the ISP will instruct you how each WAN facing Ethernet interface should be configured, and what VLANs need to be tagged or untagged.  You may only need to configure a trunk port to the ISP, and then have a default-route pointing to them, and they will route all the site-to-site traffic for you. 

           

          The Configuring InterVLAN Routing in AOS document explains how to setup a routed Ethernet interface for trunking.  Here is an excerpt from that document:

           

          Configuring 802.1q Trunking in the CLI

           

          1.  First, access the interface that will be serving as the 802.1q trunk. Then, enable 802.1q mode on the interface. Enable the interface by issuing “no shutdown”.

                 Syntax: encapsulation 802.1q

                 Syntax: no shutdown

           

          2. Once 802.1q mode has been enabled on an Ethernet interface, you will be allowed to create multiple subinterfaces. Each subinterface will be the default gateway for devices within that VLAN.

                 Syntax: interface <interface> 0/1.1

           

          3. Each subinterface must be assigned a VLAN ID. This ID represents the VLAN number that the subinterface is responsible for. Valid IDs fall in the range of 1 to 4094. At least one subinterface must be specified as the “native” VLAN. This VLAN is where all untagged traffic will be tagged to.

                 Syntax: vlan-id <vlan number>

                 Syntax: vlan-id <vlan number> native

           

          4.  Finally, each subinterface must be assigned an IP address. This IP must reside in the desired subnet for the VLAN that has been assigned to it. After the assignment, the interface can be activated by issuing “no shutdown”.

                 (config-eth 0/1.1)# ip address <A.B.C.D> <subnet mask>

                 (config-eth 0/1.1)# no shutdown

           

          Please, do not hesitate to reply with any additional questions, I will be happy to help in any way I can.

           

          Levi

          • Re: Moving from VPN to Comcast Ethernet Ciruit
            levi Employee

            scoace:

             

            I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

             

            Levi

              • Re: Moving from VPN to Comcast Ethernet Ciruit
                Employee

                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                 

                Thanks,

                Noor