VPN with Cisco 3550 (update)

| Thursday, May 20th, 2010 | 2 Comments »

Here’s  a quick update on my attempts to make Cisco’s L3 3550 switch a VPN endpoint. Here is the original post:

http://www.brandontek.com/?p=275

I’ve tried another method to get “some” kind of tunneling to work between the 3550 and 1811 router. I thought maybe a VTI could possibly work. To test this theory out. I first created a VTI between the 1811 and 3620 router successfully.

I then left the 1811 config’s alone and tried to configure the 3550 as close as possible to the 3620 router. I thought maybe I can squeak by and use VTI’s “tunnel” interface to ride through the already established ISAKMP tunnel, but to no avail.

I hate to give up, but I think that at this point, the 3550 just does NOT suppose IPsec in any form. It supports ISAKMP, and you can setup an IKE phase 1 tunnel. But anything beyond that, the IKE phase 2, or anything that has to do with IPsec is not supported.

Cisco will let you configure the switch, but the image just won’t support it. It would be nice if they wouldn’t let you get this far in the first place, prompting you that the commands are not supported, but oh well…you live and learn…

Share
  • http://twitter.com/tonhe tonhe

    Well, leave it to Cisco and their horrid policy on platform based feature support.

    If you check the Cisco Feature Navigator (http://cisco.com/go/fn/) You'll see that Private VLANs are supported on the 3550 as well… listing c3550-ipservicesk9-mz.122-50.SE2 — well, the commands have been removed from that version.. I was runnning 122-25 and it had _some_ of the commands, but not all..

    Cisco is odd.. at least.. imho

  • brandontek

    You're right! I have read that there was some kind of support for PVLAN's on the 3550. I think it was somewhat limited in features but you'd think the 3550 would support PVLAN's all the way.

    At least they are pretty cheap unlike the 3560's or 3750's. But with the 3560's you cannot do etherchannel with PVLAN's, another gotchya…