On Sat, Aug 13, 2011 at 11:04 PM, David Miller <[email protected]> wrote: > I may have spoken too quickly last time as what I said made a lot, probably > too may, assumptions about your network. So lets start over and say as with > most networking things "it depends". You've mentioned that the wireless > links are bridges but you also said that you believe that the switches are > layer 3 and may be used for routing. So the first thing you need to figure > out is if the traffic is being passed between buildings are just forwarded > between buildings using layer 2 mechanisms or is the traffic being routed by > a router, which may be a layer 3 switch in your case. > So if you're dealing with a network that's routing traffic between the > buildings then my original reply stands.
Yeah that's the usual scenario for multiple buildings, you have one or several IP subnets per building, with everything routed between. Then accomplishing failover with a VPN and OSPF is pretty straight forward. If it's all one big or several big broadcast domains across buildings, that's not the best design and makes failover to VPN difficult to impossible to accomplish regardless of what network equipment you're using. Aside from other reasons you generally want to keep broadcast domains limited to one physical location in such networks, like isolating layer 2 problems to a single building, limiting broadcast traffic, etc. May need a pretty considerable change to make VPN failover reasonable if everything is bridged together. This sounds like the kind of scenario where you could benefit greatly from a few hours of our time to go over your entire network design and implement an appropriate solution. We have numerous customers in similar scenarios, responsible for a thousand different things with minimal time to work on such projects, and we can make your life a lot easier in that regard and save you a bunch of time. Also an in-depth network review is generally beyond what you'll be able to get thorough assistance with on a mailing list as it's time consuming (and probably more than you want to publicly divulge). See commercial support link in the footer for info. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
