Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
5
Replies

Tunnel VLANs through GRE

fishcorefish
Level 1
Level 1

‎06-09-2008 01:22 PM - edited ‎03-03-2019 10:17 PM

Ok, so I'm kind of a new at this, but I think I've been coming along so far. This question may be simple for some, but after much searching, I have not been able to come up with an answer.

Problem: Need to extend a Guest VLAN access over our private bonded T1 WAN to our remote site. We currently have a separate layer 2 VLAN at the main office that allows only internet traffic out a separate cable modem. I need to extend that VLAN (we'll call it VLAN 2) to our remote site. From what I have found so far, it sounds like I could set up a GRE tunnel and have VLAN 2 go through that to the remote site. But, I am unsure how to configure that. I found some procedures on how to create the basic GRE tunnel, but how would I associate that to VLAN 2 only, and not VLAN 1? Is this even possible? Also, because it's a private WAN, I do not require IPSec.

Routers: Main office: Cisco 3825. Remote Office: Cisco 2811

Thanks for any help!

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎06-09-2008 01:33 PM

It's possible to extend a L2 vlan across a route network. However using GRE is not a supported configuration from Cisco and i don't know of any docs on CCO for it.

However there is something called L2TPv3 which allows you to do exactly waht you want. It does depend on whether your equipment supports it. Attached is a link explaining it in more detail.

http://www.cisco.com/en/US/netsol/ns588/networking_solutions_white_paper09186a008017fa6e.shtml

Jon

0 Helpful

fishcorefish
Level 1
Level 1
In response to Jon Marshall

‎06-09-2008 01:35 PM

Thanks a lot! I'll look over this document to see what I can figure out.

Thanks!

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-09-2008 02:18 PM

Hi,

there is no reason for trying to extended VLANs in your case.

On the remote site, you will have another "guest vlan" and by the use of ACLs on both routers, the subnet pertaining to this VLAN, will be able to access the internet only.

The ACLs are of the basic type and are applied as "ip access-group" under the interfaces of the LANs that you're protecting.

eg,

access-list 50 deny 192.168.2.0 0.0.0.255

access-list 50 permit any

interface fa0/0

ip access-group 50 in

Hope this helps, please rate post if it does!

0 Helpful

fishcorefish
Level 1
Level 1
In response to paolo bevilacqua

‎06-09-2008 02:24 PM

Thanks for the reply! So, you're saying to create a separate layer 3 VLAN up there and through ACLs it will only allow access out to the internet. Doing this would direct that internet traffic out our production internet connection instead of that separate cable modem (which I don't care). So, this configuration would be done on the switch up there, not the router, right? That sounds like it would be a simpler approach.

Thanks!

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to fishcorefish

‎06-09-2008 02:40 PM

Well, basically yes.

Then to decide exatly what configuration is needed and where, one would need to see a detailed diagram and current configs.

But with a little of common sense you can figure that out anyway.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card