Trunking VLANS over WAN with GRE?????

Unanswered Question
Mar 8th, 2007

Ugh! I need to carry my VLANS from one site to another over a WAN I have no control or help from. They do not support QinQ, MPLS, etc. I think I know I can do this with GRE but that is all I can find in searches. I really need a HOWTO or a sample. I get GRE, I get trunking I can not figure how to combine them.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mheusinger Fri, 03/09/2007 - 05:13


did you have a look at L2TPv3?

"L2TPv3: Layer 2 Tunneling Protocol Version 3"

There is a section and configuration examples about Ethernet transport and a section about VLAN transport.

MTU might become an issue because of the additional overhead, but except this, it works. Another issue to watch out for is throughput or CPU load on your router.

So I would assume L2TPv3 pretty much solves your issues.

Hope this helps! Please use the rating system.

Regards, Martin

chglover Mon, 03/12/2007 - 08:46

Thanks. I am looking in to it now. My only concern is the prior versions of L2TP were for Service Providers. In this case I would be the customer, and the SP does NOT support any type of VLAN, VTP, etc traffic. They refuse to allow broadcast. I have apps that require it, so I want to extend my VLANS via a tunnel so they can not see the broadcast. I can not work with them on it because they refuse to see this as anything but putting broadcast on "their" network.



mheusinger Mon, 03/12/2007 - 09:07

Hi Chuck,

L2TPv3 "looks" like IP unicast to the service provider. In fact it is like a point-to-point tunnel transporting L2 frames. So you will NOT send any broadcast into the SP network. If you do not like the SP to investigate the content, you could even use IPSec to encrypt it. Before doing so, I would recommend to do some performance tests, though.

So your SP should not complain about unicast traffic between two IP addresses. Finally this is what you are paying for!

Hope this helps!

Regards, Martin

chglover Tue, 03/13/2007 - 13:19


We got L2TP3 going with one vlan encapsulated on a subinterface like the example on the link you gave. What we want is to send the entire vlan trunk across. Can you help lead us in the right direction to do this? Doing a seperate subinterface for each vlan does not seem very efficient.

Thanks alot for everything so far.


Kevin Xiong Wed, 04/25/2007 - 05:35

Do you use the same WAN router to do the L2TPv3+IPSec or a seperate one for IPSec?

chglover Mon, 06/04/2007 - 06:06

We are not doing IPSec with the tunnels. We would likely do it ourselves. But it is very possible that the provider would be doing it as well, or using some dedicated encryption.



This Discussion