Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3517
Views
5
Helpful
5
Replies

Best way to extend a VLAN over a VPN?

bhaskaranant
Level 1
Level 1

‎06-25-2007 12:41 PM - edited ‎03-03-2019 05:36 PM

I have a class C private network that I would like to span two different cities over a VPN. To both locations, all the IP addresses must appear to be on the same LAN. What is the best way to do this? Is there any article that explains this?

Labels:
0 Helpful
5 Replies 5

bhaskaranant
Level 1
Level 1
In response to Edison Ortiz

‎06-26-2007 11:29 AM

Edison,

Thanks for pointing me to a great article. I gained a lot of info. Can you confirm that transparent bridging will work well in the following situation? Can I apply it here:

Say, 192.168.1.0 / 24 Ethernet network connects to a layer 3 switch, which connects to a VPN router via another network interface. The VPN router forms a IPSec/GRE tunnel VPN to a remote location over the Internet, terminating in another VPN endpoint. Another private Ethernet interface on this endpoint needs to have the same 192.168.1.0 /24 network. (A VLAN extension). This is needed for a short period while we are moving hosts from one location to another. Can this be accomplished by transparent bridging or do we need something else?

Thanks

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to bhaskaranant

‎06-26-2007 11:35 AM

The VPN Router is also part of the 192.168.1.0/24 segment ? If so GRE tunnel can transport the bridging information via the tunnel.

However, from your environment, I would recommend double NAT'ng between the 2 offices instead of bridging.

With bridging, you will be extending your L2 environment over slow/unreliable VPN links.

Once you configure your bridging environment, one location will hold the root of the spanning tree domain and all traffic within that VLAN will traverse back and forth over the VPN link. Not the most ideal setup for enterprise networking.

NAT'ng between locations gives you the ability to scale the migration to meet your needs without a major change in your L2 topology.

HTH,

0 Helpful

bhaskaranant
Level 1
Level 1
In response to Edison Ortiz

‎06-28-2007 09:14 AM

Yes, the VPN router is also part of the 192.168.1.0 /24 segment. As this is only a short term requirement and as we have a multi-meg WAN pipe, I don't mind extending the VLAN over the WAN/VPN.

Do you have an article for configuring this VLAN extension and an example config? Your help is appreciated.

Thanks.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to bhaskaranant

‎06-28-2007 02:29 PM

In your case, you will have to route and bridge at the same time, so concentrate on the IRB configuration for bridging.

You will have a BVI interface, this is the L3 interface. On the segments you want to bridge, you need to enter the bridge-group command.

Personally, I've never done it on a WAN/VPN. I've only done it on frame-relay or ppp WAN connections in a lab. I never had the need to extend a L2 environment over a WAN connection.

The portion of the documentation you need to concentrate on will be IRB

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.htm#wp1003018

There are some examples on IRB. Please make sure you simulate this scenario in a Lab before deployment.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card