Tosibox remote connections support two different connection types: Layer 2 (bridged) and Layer 3 (routed). Their properties are:
Layer 2 connection
- Also known as a bridged, or site-to-site connection
- Creates a virtual network interface that appears to be residing in the remote network
- Can be thought of as having a really long ethernet cable to the remote network
- Each remote user gets its own address from the remote network
- Works on the data link layer (MAC)
Layer 3 connection
- Also known as a routed, or point-to-point connection
- Tunnel end points have private addresses
- Data is routed to the remote network via the remote end of the tunnel
- Traffic in the remote network appears to be coming from the Lock device no additional addresses need to be allocated
- Works on the network layer (Internet Protocol)
Key connections
Use Layer 2 when:
- The application uses a non-IP protocol on top of Ethernet (e.g. Profinet or IPv6)
- The application relies on broadcast functionality (used e.g. in discovery of certain IP cameras)
- Connections originating from Lock’s network to the Key computer are needed
Use Layer 3 when:
- Allocating an IP address for each remote user from remote network is not desired (Layer 2 clients always get an address from the remote network, assigned either using DHCP or manually)
- Connecting to a Central Lock that has Layer 3 connections to Locks
- The Lock has 1:1 NAT enabled and connections should use the translated addresses. A typical example is connecting to several Locks with same/overlapping IP address ranges
- There’s no need to use Layer 2 (Layer 3 is usually more efficient and less prone to DHCP problems)
Central Lock – Lock connections
When serializing a Lock to a Central Lock, the connection type can be chosen between Layer 2 (Sub Lock) and Layer 3 (Lock).
Layer 3 (Lock) connection
- Recommended in most Central Lock deployments as it scales better
- Any Key with Layer 3 connection type that can connect to the Central Lock, can connect to the devices behind Layer 3 -connected Locks
- Any computer in Central Lock’s LAN networks can connect to the devices behind Layer 3 -connected Locks
- Keys can still connect directly to the Lock
- Locks can use same/overlapping IP address ranges when 1:1 NAT setting is enabled
Layer 2 (Sub Lock) connection
- Keys can not connect to the Lock directly – all connections must go through the Central Lock
- The devices behind the Sub Lock will access the Internet via the Central Lock
- The Sub Lock is bridged to one of the Central Lock’s LAN ports
How to create a Layer 2 Key connection.