MKA/EAPoL (link-local frames) transparency for M426 when configured with QinQ
we are building a new infrastructure from scratch. Since it's a green field installation we are open to any advice.
I could provide you with a bit of background and sure I will do if required. The environment is that one of a building of three storeys where 50 tenants have rented rooms and some of the tenants do have their net spread over 4 or 5 non-contiguous rooms. With the new infrastructure we must provide connectivity for each tenants among their rooms/lab. So we must have a sort of underlay and overlay. There will be a single overlay for each tenant and aws said it may spread over multiple rooms.
We were contacted by Fortinet and they suggested to use QinQ but here comes the critical point: when connecting multiple points there must be a full transparency in terms of frame forwarding and I'm concerned of frames whose dst addr is among MAC group addresses (01:80:C2:00:00:0X)
The proposed infrastructure will be based on M426 switches and my question is: when configured in order to put in place QinQ will this switch forward ANY frame or will the M426 process/consume locally such link-local frames?
That's important in order to give the tenants indeed the feeling that they are using a true L2 like cables, for instance CDP and LLDP should work through the infrastructure and devices should see each other despite being connected in different rooms.
I hope i was clear in my description of the problem :)
Anyone who had experience or who could share their thoughts on this?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.