Virtual Wire transition default config ( Tag Allowed ) to layer 2 subinterfaces - Virtual Wire

Virtual Wire transition default config ( Tag Allowed ) to layer 2 subinterfaces - Virtual Wire

Good afternoon, first of all thanks for the support, help and collaboration.

Currently there is a scenario where there are two Virtual Wire interfaces, which to filter only the VLAN-TAG, there is the Tag Allowed option where there are the following VLAN TAG: 10,100,150,200,250.

We want to do this to improve filtering issues, better classification through different zones and to be able to classify the traffic in a better way, it is intended to use VWire Subinterfaces to differentiate each TAG with its respective Unique zone for each VLAN.

We intend to migrate little by little, not all at once, some vlans to this new scheme, therefore please your support, comments, clarifications and/or collaboration regarding this point.

As it is to migrate little by little, each vlan, in X maintenance windows, I understand that the steps at a global and general level would be:

-Create subinterfaces with example the TAG of VLAN 100 -Create the Vwire leaving the TAG Allowed blank, since the TAG of VLAN 100 will be marked in the TAG of the subinterfaces. -Remove the TAG of VLAN 100 from the TAG Allowed, of the virtual wire, which contains all the TAGs of all the Current VLANs. -Create the corresponding zones for VLAN 100 and associating the tagged subinterfaces (VLAN 100) -Correctly associate the security policies, in relation to the traffic of VLAN 100.

This is thinking, as an example, of VLAN-100 to be gradually migrated, to have a correct operation with the new subinterface scheme for VLAN-100 and obviously to guarantee the correct operation of the other VLANs that are not migrated and not to have any impact with the rest of VLANs that are in the virtualwire without subinterfaces.

I remain attentive, please your comments and collaboration.

Thank you

Best regards