Edgeswitch: Layer-3 or not??
-
@dashrender said in Edgeswitch: Layer-3 or not??:
@dashrender said in Edgeswitch: Layer-3 or not??:
@fateknollogee said in Edgeswitch: Layer-3 or not??:
@scottalanmiller said in Edgeswitch: Layer-3 or not??:
@fateknollogee said in Edgeswitch: Layer-3 or not??:
@scottalanmiller said in Edgeswitch: Layer-3 or not??:
Sure, it'll work fine. Of course, one always has to ask, if you have VLANs, why do you want to route between them? Doesn't that mostly defeat the purpose for having VLANs?
Good question, I mentioned VLANs since you had mentioned it previously.
But the routing could be across different subnets (or different sub-companies within a parent company)Sure, but what's the purpose of those? How enormous is this environment that you want separate networks, but tied together?
It's not about size, it's more of a legal requirement.
Scott - see, right here he tells you it's about legal requirement to be separate.
Now your claim is that using L3 is not separating them... assuming no ACL, I'd agree.
They are 100% separate without L3 (assuming he keeps the VLANs.) Any addition of L3 means tying together - dropping the separtion. Even if he adds ACLs, it's still moving from totally separate to at least partially merged.
-
So here's a question for the OP - What is the goal?
It's stated that you need these separate for legal reasons, then why do these networks need to be talking to each other via L3 on a switch?
-
@dashrender said in Edgeswitch: Layer-3 or not??:
It's stated that you need these separate for legal reasons...
Can you find where this stated? I asked why he needed separate networks tied together (not separate) and he said for legal reasons. He never said he needed to separate for legal reasons.
-
@dashrender said in Edgeswitch: Layer-3 or not??:
So here's a question for the OP - What is the goal?
It's stated that you need these separate for legal reasons, then why do these networks need to be talking to each other via L3 on a switch?
Forget legal or any other requirements.
Is this switch good enough for L3 functions like - VLAN routing/ subnet routing (call it whatever)?
-
@fateknollogee said in Edgeswitch: Layer-3 or not??:
It's not about size, it's more of a legal requirement.
@scottalanmiller what does this statement mean to you?
-
@fateknollogee said in Edgeswitch: Layer-3 or not??:
@dashrender said in Edgeswitch: Layer-3 or not??:
So here's a question for the OP - What is the goal?
It's stated that you need these separate for legal reasons, then why do these networks need to be talking to each other via L3 on a switch?
Forget legal or any other requirements.
Can't, IT can never do that, it is the context in which all questions must be answered. Without goals to achieve, there is no way to gauge if something will meet those goals.
-
@fateknollogee said in Edgeswitch: Layer-3 or not??:
Is this switch good enough for L3 functions like - VLAN routing/ subnet routing (call it whatever)?
Doesn't work that way. We can't answer that as we don't know what you are trying to accomplish.
Basically you are asking if a router can route. Of course. That's what it does. Is it "good", that depends on what you are trying to do. Since we don't know and you are intentionally not telling us, we can't answer this, only you can.
-
@dashrender said in Edgeswitch: Layer-3 or not??:
@fateknollogee said in Edgeswitch: Layer-3 or not??:
It's not about size, it's more of a legal requirement.
@scottalanmiller what does this statement mean to you?
That he has a legal requirement to tie them together, exactly as he stated. I asked him why he tied them together, and that's how he answered.
How you came up with that leading to the exact opposite, I have no idea.
-
@fateknollogee said in Edgeswitch: Layer-3 or not??:
@scottalanmiller said in Edgeswitch: Layer-3 or not??:
Sure, but what's the purpose of those? How enormous is this environment that you want separate networks, but tied together?
It's not about size, it's more of a legal requirement.
OK, I'm seeing where Scott and I diverged. I didn't read, bring into the conversation, the bolded part. So I took @FATeknollogee response to mean he needed them separate for legal reasons.
I see now, that when you include that bolded bit - @FATeknollogee response means he legally needs to bring them together. At which point, Scott's question of why are they separated in the first place makes sense. -
I talked to @FATeknollogee offline and he provided the following:
His boss(es) own two companies that share a single location, a single switch and a single internet connection.
The boss(es), for an unspecified reason, want the sets of computers to be separated local network wise.
Additional known information:
Company A has a server/service onsite that company b needs access to.
We don't know if there are more devices/services that are shared between the companies.This is all I know for now.
-
@dashrender said in Edgeswitch: Layer-3 or not??:
I talked to @FATeknollogee offline and he provided the following:
His boss(es) own two companies that share a single location, a single switch and a single internet connection.
The boss(es), for an unspecified reason, want the sets of computers to be separated local network wise.
Up to this point, it makes sense. I'm following, there are definitely reasons why you might consolidate hardware and want to keep the businesses separate.
-
@dashrender said in Edgeswitch: Layer-3 or not??:
Additional known information:
Company A has a server/service onsite that company b needs access to.
We don't know if there are more devices/services that are shared between the companies.This is where we run into weirdness. Now they are no longer separate. And this is where we need a lot of info to understand the goals and what will meet the needs.
Normally something like this would be a DMZ scenario. Which still requires routing, of course, but in a different location.
-
@scottalanmiller said in Edgeswitch: Layer-3 or not??:
@dashrender said in Edgeswitch: Layer-3 or not??:
Additional known information:
Company A has a server/service onsite that company b needs access to.
We don't know if there are more devices/services that are shared between the companies.This is where we run into weirdness. Now they are no longer separate. And this is where we need a lot of info to understand the goals and what will meet the needs.
Normally something like this would be a DMZ scenario. Which still requires routing, of course, but in a different location.
What do you mean different location?
-
@dashrender said in Edgeswitch: Layer-3 or not??:
@scottalanmiller said in Edgeswitch: Layer-3 or not??:
@dashrender said in Edgeswitch: Layer-3 or not??:
Additional known information:
Company A has a server/service onsite that company b needs access to.
We don't know if there are more devices/services that are shared between the companies.This is where we run into weirdness. Now they are no longer separate. And this is where we need a lot of info to understand the goals and what will meet the needs.
Normally something like this would be a DMZ scenario. Which still requires routing, of course, but in a different location.
What do you mean different location?
Meaning you'd expect the router in the router, not the switch.
-
You've said that the bosses want the networks to be separate.
You've also said that company B provides a service for company A akin to B providing email services to A, so A needs access to B's network for that single service.All that said - what is the goal in splitting the networks? Why do it? If you don't know why the bosses want this - ask them. Let's not worry about the how of splitting yet allowing things to continue to work, let's work on the why first - because the helps lead to the correct solution for the goal.