connecting offices, same workgroup

Discussion in 'Cisco' started by Jason, May 13, 2004.

  1. Jason

    Jason Guest

    I am wanting to connect 2 offices via a T1 and allow them to be on the
    same LAN and workgroup. Right now they are bridged using 2 cisco 2610
    routers that belong to the ISP and we can't configure.
    The problem is that we run VOIP and each office has its own phone
    system, as a result our T1 is saturated with multicast traffic.
    Can someone suggest the best way to clean up the T1 while still
    maintaining the common workgroup and appearance that they are apart of
    the same office?
    I am thinking of adding 2 more routers 1700 series and create a bridge
    as well as apply some access lists and filtering. Is this plausable
    or smart?
     
    Jason, May 13, 2004
    #1
    1. Advertising

  2. Jason

    Scooby Guest

    "Jason" <> wrote in message
    news:...
    > I am wanting to connect 2 offices via a T1 and allow them to be on the
    > same LAN and workgroup. Right now they are bridged using 2 cisco 2610
    > routers that belong to the ISP and we can't configure.
    > The problem is that we run VOIP and each office has its own phone
    > system, as a result our T1 is saturated with multicast traffic.
    > Can someone suggest the best way to clean up the T1 while still
    > maintaining the common workgroup and appearance that they are apart of
    > the same office?
    > I am thinking of adding 2 more routers 1700 series and create a bridge
    > as well as apply some access lists and filtering. Is this plausable
    > or smart?


    Jason,

    Are you sure that multicast traffic is what the problem is? I would venture
    to guess that broadcasts are a bigger problem. When bridging sites, you are
    sharing a broadcast domain. I think if you want to add routers, use them to
    route and separate the broadcast domains. You can also control the
    multicasts as well, if that in fact is your problem. Creating another
    bridge does little to help your problem. Why do you need them to be on the
    same LAN and workgroup? There are exceptions to almost every rule, but WANs
    should be routed.

    Jim
     
    Scooby, May 13, 2004
    #2
    1. Advertising

  3. In article <>,
    Jason <> wrote:
    :I am wanting to connect 2 offices via a T1 and allow them to be on the
    :same LAN and workgroup. Right now they are bridged using 2 cisco 2610
    :routers that belong to the ISP and we can't configure.
    :The problem is that we run VOIP and each office has its own phone
    :system, as a result our T1 is saturated with multicast traffic.

    You didn't mention VOIP before. For successful VOIP, you want QoS,
    which current versions of the PIX (that I suggested in your previous
    thread) do not support.

    :Can someone suggest the best way to clean up the T1 while still
    :maintaining the common workgroup and appearance that they are apart of
    :the same office?

    Sounds like you are using Netbios traffic for your workgroup. If so,
    then what I'm told is Active Directory requires much less broadcast
    traffic.

    :I am thinking of adding 2 more routers 1700 series and create a bridge
    :as well as apply some access lists and filtering. Is this plausable
    :eek:r smart?

    NETBIOS relies upon broadcast traffic to lock resources. If you are
    all one workgroup, you -need- those broadcasts to get to all points,
    or else your Workgroup is not going to work correctly. And you
    need at least some of those ARPs to cross the bridge -- filtering
    those down would require some fancy filters.

    What kind of other broadcast traffic do you have, and what kind of filtering
    were you thinking of putting in place? Can you give an example of an
    filter that you would put in place if you could? You cannot easily
    filter bridges on anything other than MAC address, MAC vendor code, or
    protocol type. You can filter based upon arbitrary bytes within the packet,
    but keep in mind that IP addresses and tcp or udp port numbers are not
    really at constant offsets within packets (and you don't have any
    "and" operation to be able to check for just the protocol number in one
    test and the port number in another test on the same line.)


    The 1721 routers handle transparent bridging in the IP feature set
    as of 12.2(8)T1 -- just don't turn on IP routing, and put the appropriate
    interfaces into the same bridge-group. Presumably you would plug in
    whatever goes into your 2600s into the 1721, and plug the other interface
    of the 1721 into your 2600s. That'd get you frame-level filtering, but
    not IP level.


    ===========
    Ah.... significant update to the above. As of 12.3(7)T [very new!!]
    the 1721 supports 'Transparent IOS Firewall', which *does* allow you
    to configure IP access-lists on what is forwarded.

    http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801ee193.html

    --
    Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
    Aleph sub {Aleph sub two} little infinities...
     
    Walter Roberson, May 13, 2004
    #3
  4. Jason

    Jason Guest

    The traffic that I am most concerned with filtering is the broadcast
    and multicast traffic given off by the phone systems. This includes
    Music on Hold. I know that we can probably filter out alot of it
    using MAC addresses but I would like some options available for
    impleminting other types of filters perhaps based on IP address.
    I don't really want to filter anything involving the PCs on the
    workgroup. The most I would ever do is want to block specific PCs
    from accessing the internet.
    I mentioned wanting to manage the traffic. This is because right now
    sending email is problematic, we can only send packets of 1400 bytes
    across the T1 and email is trying to send at 1510. So I would like to
    manipulate that.
     
    Jason, May 14, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kremlar
    Replies:
    4
    Views:
    1,023
    Walter Roberson
    Oct 7, 2004
  2. Alan
    Replies:
    2
    Views:
    1,098
    Davin Mickelson
    Aug 13, 2003
  3. contech24

    Can't access other pcs in same workgroup (router?)

    contech24, Feb 20, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    4,967
    Misa Mirkovic
    Feb 21, 2004
  4. kimiraikkonen
    Replies:
    5
    Views:
    1,364
    Walter Mautner
    Feb 7, 2007
  5. Corbin O'Reilly
    Replies:
    3
    Views:
    642
    Corbin O'Reilly
    Sep 10, 2008
Loading...

Share This Page