Stretched VLAN

Unanswered Question
Oct 26th, 2007

I'm trying to setup a stretched vlan between two of our sites, but am having little joy.

I have a 2600 router at each site with the fa0/0 interface connected to a 100Mb COLT line.

The fa0/1 interface on each connects directly to a trunked switchport on a 3750 switch.

Basically, I want to create a vlan with an ID of 50 which spans both sites.

I've tried allsorts, but am drawing a blank.

Any help would be much appreciated.

Thanks in advance...

Campbe

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pstebner1 Fri, 10/26/2007 - 08:55

Hi-

You have to use bridging to do this. If I recall, this is similar to the syntax you would use on each router:

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

Int fa0/0

no ip address

int fa0/0.50

encap dot1q 50

no ip address

bridge-group 1

int bvi1

ip address xx.xx.xx.xx

HTH,

Paul

campbell.thomps... Mon, 10/29/2007 - 04:27

Paul,

Thanks so much for your reply. I think I'm nearly there, but I have one more question for you...

The detail below is how I have my interfaces setup on the routers at each side:

ROUTER A:

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.50

encapsulation dot1Q 50

bridge-group 50

!

interface FastEthernet0/0.254

encapsulation dot1Q 1 native

ip address 10.0.254.25 255.255.255.248

!

interface FastEthernet0/1

ip address 10.1.254.1 255.255.255.0

speed 100

full-duplex

!

interface FastEthernet0/1.50

encapsulation dot1Q 50

bridge-group 50

!

interface BVI50

ip address 10.1.50.28 255.255.255.224

ROUTER B:

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.50

encapsulation dot1Q 50

bridge-group 50

!

interface FastEthernet0/0.254

encapsulation dot1Q 1 native

ip address 10.0.254.26 255.255.255.248

!

interface FastEthernet0/1

ip address 10.2.254.1 255.255.255.0

ip ospf network broadcast

speed 100

full-duplex

!

interface FastEthernet0/1.50

encapsulation dot1Q 50

bridge-group 50

!

interface BVI50

ip address 10.1.50.29 255.255.255.224

My idea is that I would segregate the traffic on to different subinterfaces to keep things simple.

Interface fa0/0 on each router is connected to the leased line. From ROUTER A I can ping the other fa0/0.254 ip address, but I can't ping between fa0/0.50 on each side...

Any ideas?

Thanks in advance.

pstebner1 Mon, 10/29/2007 - 08:10

Campbell-

The syntax is a little wrong, but that is not the issue here. In order for this to work, FA0/0 and FA0/1 have to be part of the same subnet. If they are not, you can only route across them and no VLANs will route this way.

Maybe a picture might clear this up for me if I am misunderstanding something.

Paul

campbell.thomps... Mon, 10/29/2007 - 08:36

Paul,

I've sent you a basic diagram (hope you have visio). Basically, I want to stretch the vlan50 from site 1 to site 2 so that I can ping between the two. The setup you see for the switches and routers is as you see them in the diagram and I think the config is fine for them as I can ping the subnet on each side from the router, but can't ping between the routers (if that makes sense...)

I've obviously set the subinterfaces etc, but I'm interested to know what you would suggest from a vanilla setup.

Thanks in advance.

Attachment: 
pstebner1 Mon, 10/29/2007 - 09:17

Try this. I set this up somewhere about a year ago after tring it in a lab for a week and it's really strange, but give it a try. You will only be able to manage the routers using the IP address on FA0/0. Also, you MAY have to change the mask on vlan 254 to be /8 instead of /24.

Router A

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

int fa0/0

no ip address

bridge-group 1

int fa0/1

no ip address

speed 100

full-duplex

vlan-range dot1q 1 254

exit-vlan-config

bridge-group 1

int bvi1

ip address 10.0.254.25 255.255.255.248

Router B

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

int fa0/0

no ip address

bridge-group 1

int fa0/1

no ip address

speed 100

full-duplex

vlan-range dot1q 1 254

exit-vlan-config

bridge-group 1

int bvi1

ip address 10.0.254.26 255.255.255.248

Let me know how/if it works out.

HTH,

Paul

pstebner1 Mon, 10/29/2007 - 10:45

What IOS version are you running? That command was introduced in 12.3(2)T

campbell.thomps... Mon, 10/29/2007 - 10:52

Here's what 'sh ver' gives me...

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.3(23), RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by cisco Systems, Inc.

Compiled Tue 24-Jul-07 15:44 by stshen

Image text-base: 0x80008098, data-base: 0x81ABF658

ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)

ROM: C2600 Software (C2600-I-M), Version 12.3(22), RELEASE SOFTWARE (fc2)

LONPNWRTR01 uptime is 7 hours, 3 minutes

System returned to ROM by power-on

System image file is "flash:c2600-is-mz.123-23.bin"

cisco 2621 (MPC860) processor (revision 0x200) with 61440K/4096K bytes of memory.

Processor board ID

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

pstebner1 Mon, 10/29/2007 - 11:14

As far as I can tell you need to put on a 'T' version to use this command on 12.3. I think that all 12.4 releases allow this. 12.3.14T7 is the latest one available for the 2600 series, at least. I set this up on a 1721 running that exact version.

Any chance that you can replace your IOS?

Actions

This Discussion