Hi all,

I'm a little out of my element here with a Comcast EVPL setup, and their support hasn't been super helpful. Before I try them again...

We have a Metro-E comcast setup, just put in last month, at 8 of our sites. At our main site, we have a 100Mb EDI connection to the internet--that's hooked up to our firewall and working great. At all of our other sites, plus our main site, we have an EVPL line, at various speeds to each building. All connections are between the main site and the secondary site, for the purposes of sharing the internet connection, and I assume, local networking as well.

I'm pretty confused about how to actually set up the EVPLs. We've been given local VLAN tags (10 through 16) for all of the remote buildings, and I've been told that each of these VLANs are to be set up on a managed switch at the main site as a trunk port, and then set up the ports with their respective VLANs at the remote sites. I'm also told it should be possible to use a router/firewall at each site to do this setup, as well. This would be my preferred method, as I would like to set up load balancing/failover with our existing Comcast coaxial connection alongside this new WAN.

We also have been given a range of 14 IPs (/28) to use with the EVPLs. I'm unsure how to use these IPs, and if they are internet-facing, or behind Comcast's IP wall, or our own. They are not a local IP.

Our current network is a flat network at each building, like so:

Name: IP Structure - subnet - gateway
Main site: 10.10.x.x - -
Site 2: 10.20.x.x - -
Site 8: 10.80.x.x - -

Each site has a SonicWALL firewall with site-to-site VPNs connecting each site.

We have Netgear GS748Tv4 switches at each location, SonicWALL NSA 3500s at 3 locations (including the main), and SonicWALL Pro 3060s at the others. We also have a Netgear GSM7328FS Fiber switch with 4 ethernet ports as well, which is our "core" switch at our main location.

Does anyone have any experience setting up an EVPL such as this? How do I use the VLANs and Static IPs in tandem to get this service to work? I'd like all the buildings to still be able to talk, but separate VLANs and/or separate subnets are probably still a good idea, so we're not just one big network.