«

I have an environment that has two Cisco 2950 Switches and a Wireless
(Tranzeo 5.8Ghz) Bridge than spans two buildings. Currently the
network is 192.168.100.x on both sides and looks like this:

124thSt-Building ------>Tranzeo Bridge--<>---- air ----<>-Tranzeo
Bridge<----126thStBuilding
At both 124th and 126th streets does the Tranzeo Bridge plug into a
Cisco Catalyst 2950 Switch, that as far as I know has nothing special
configured in it. Then all the computers plug into the other ports on
the Switch.

What I'd like to do is create another subnet for a division of our
company which needs to be separate from ours. So with this, I'd like
to have a 192.168.100.x network on say VLAN 5 and 192.168.208.x on say
VLAN 6.

One of the questions is, the Tranzeo Wireless Bridge on each side -- do
the ports that it plugs into receive 2 VLAN memberships, because
traffic at the 124thSt Building will have two-users on the
192.168.208.x network, and will connect to a server in the 126th St
building. And the remainder of the 45+ users in both buildings must
stay on the 192.168.100.x and not see the .208 network. Or, does the
Cisco Catalyst do some magic and encapsulate the traffic from the .208
network into the .100 bridge and decapsulate it back into the .208
network?

In article < .com>,
Jack Taugher <> wrote:
:I have an environment that has two Cisco 2950 Switches and a Wireless

:What I'd like to do is create another subnet for a division of our
:company which needs to be separate from ours. So with this, I'd like
:to have a 192.168.100.x network on say VLAN 5 and 192.168.208.x on say
:VLAN 6.

:One of the questions is, the Tranzeo Wireless Bridge on each side -- do
:the ports that it plugs into receive 2 VLAN memberships, because
:traffic at the 124thSt Building will have two-users on the
:192.168.208.x network, and will connect to a server in the 126th St
:building.

Yes. And it will need to be a trunk port.

:And the remainder of the 45+ users in both buildings must
:stay on the 192.168.100.x and not see the .208 network. Or, does the
:Cisco Catalyst do some magic and encapsulate the traffic from the .208
:network into the .100 bridge and decapsulate it back into the .208
:network?

I do not recall offhand whether the 2950 supports Cisco's "private
vlan" feature; if it does, the wireless link still ends up needing
to carry 802.1Q tags (i.e., be a trunk port.)


The mechanisms needed depend upon your security model. If (as you
hint) the two networks must not be able to interchange data, then
you need VLAN trunking over the link. If the possibility of
a slipped packet here and there is not such a big thing, then
you could do without the trunking, provided you had a router
on each end to split the traffic apart (though there are port-
flapping risks associated with that arrangement.) Possibly you
could use the ACLs on the 2950 to block intra-vlan traffic.
--
Oh, to be a Blobel!

> I do not recall offhand whether the 2950 supports Cisco's "private
> vlan" feature; if it does, the wireless link still ends up needing
> to carry 802.1Q tags (i.e., be a trunk port.)
>

Not sure if the wireless link needs to be a trunk port by itself, maybe it
only has to not drop the bigger packets a trunk carries, call it a
"transparent" link.
All in all the wireless link doesn't need to be aware of the vlans like a
trunk port does, it only has to carry packets from one end to the other.
Bye,
Tosh.