10-10-2024 05:01 PM
I have 2 8200 vsp's i have an interface connected to a wan link for each building I have. Each building does layer 3 routing back to the core. I have seperate super highways running to the firewall and have implemented some segmentation rules for traffic at the firewall. This segmentation works for only networks that are directly connected to the vsp. I would like to be able to add the building networks to these highways so I can segment traffic the same throughout my district. theories are to trunk the traffic through the wan links at each building but i am worried that the broadcast domain will become to large. any other ideas to tackle this problem? Thank you in advance
11-15-2024 11:29 AM
What are you running out at the edge? from your diagram it looks like you are using vlan 10 in different areas of the network/different subnets.
If you have voss at the edge you could just build unique L2VSNs for each subnet you want to present to the firewall and then tag them over to it using whatever local vlans are available
we hand off i-sids to firewalls in a couple ways.. we either do a vlan remapping inside the firewall and keep all L3 on the extreme gear, or we peer with the firewall using OSPF and have the firewall advertise any of the routes it is responsible for. In either scenario we map the vlans to an i-sid and utilize the fabric for transport