- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interconnecting switches - Security question
Have a new site being commissioned and because of the idiot landlord, my single floor space is two separate rooms being "converted" to a single space. However, the cabling is two separate instances.
So, I'll need a switch in Side A and a switch in Side B. not the end of the world, but.....
Landlord won't let us run Fibre to connect the switches, as "there's already fibre". Each of the rooms is connected to a Fibre patch panel and can be easily connected together.
However, as WE won't have access to that patching, what are my options for securing the switch uplinks?
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces. The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed. The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate. The topology diagram will also help assuage any fears.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces. The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed. The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate. The topology diagram will also help assuage any fears.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is one of the use cases for MACsec. Sadly, it is not supported in the Meraki world. If you decide to use two Meraki monitored C9200CX, MACsec should be a way to go.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Honestly, the way things are going with landlord, I'm seriously going with the idea of running our own fibre and just not informing them - so much simpler!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depending on your needs in that space, I would consider using an MR36H and securely tunneling the traffic back to your MX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a good idea! 👍
