;
Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            When to use Layer 2 or Layer 3

            Modified on Fri, 19 Aug 2022 at 12:11 AM

            Tosibox remote connections support two different connection types: Layer 2 (bridged) and Layer 3 (routed). Their properties are:


            Layer 2 connection

            • Also known as a bridged, or site-to-site connection
            • Creates a virtual network interface that appears to be residing in the remote network
            • Can be thought of as having a really long ethernet cable to the remote network
            • Each remote user gets its own address from the remote network
            • Works on the data link layer (MAC)

            Layer 3 connection

            • Also known as a routed, or point-to-point connection
            • Tunnel end points have private addresses
            • Data is routed to the remote network via the remote end of the tunnel
            • Traffic in the remote network appears to be coming from the Lock device no additional addresses need to be allocated
            • Works on the network layer (Internet Protocol)


            Key connections


            Use Layer 2 when:

            • The application uses a non-IP protocol on top of Ethernet (e.g. Profinet or IPv6)
            • The application relies on broadcast functionality (used e.g. in discovery of certain IP cameras)
            • Connections originating from Lock’s network to the Key computer are needed

            Use Layer 3 when:

            • Allocating an IP address for each remote user from remote network is not desired (Layer 2 clients always get an address from the remote network, assigned either using DHCP or manually)
            • Connecting to a Central Lock that has Layer 3 connections to Locks
            • The Lock has 1:1 NAT enabled and connections should use the translated addresses. A typical example is connecting to several Locks with same/overlapping IP address ranges
            • There’s no need to use Layer 2 (Layer 3 is usually more efficient and less prone to DHCP problems)


            Central Lock – Lock connections


            When serializing a Lock to a Central Lock, the connection type can be chosen between Layer 2 (Sub Lock) and Layer 3 (Lock).

            Layer 3 (Lock) connection

            • Recommended in most Central Lock deployments as it scales better
            • Any Key with Layer 3 connection type that can connect to the Central Lock, can connect to the devices behind Layer 3 -connected Locks
            • Any computer in Central Lock’s LAN networks can connect to the devices behind Layer 3 -connected Locks
            • Keys can still connect directly to the Lock
            • Locks can use same/overlapping IP address ranges when 1:1 NAT setting is enabled

            Layer 2 (Sub Lock) connection

            • Keys can not connect to the Lock directly – all connections must go through the Central Lock
            • The devices behind the Sub Lock will access the Internet via the Central Lock
            • The Sub Lock is bridged to one of the Central Lock’s LAN ports


            How to create a Layer 2 Key connection.


            Preview
            0 of 0