Bridge/route remote office to corporate HQ

Unanswered Question
Dec 6th, 2008

Hi,

We have a corporate office that currently everyone is at. We our opening a new office due to growth that has two point to point t1's between the two. We want to bridge it so traffic from the VLAN's in the corporate office can come across to the new office for things like DHCP and VoIP. What is the best way to do this? Is there any articles around on it? I am wanting to do a full bridge or partial bridge/routed configuration. Both the T1's are also voice gateways one that will have the PRI to the outside world and FXS card in it and the other having just an FXS card in it. Currently I have them configured for a ppp multilink.

Rob

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 12/07/2008 - 03:14

Hello Rob,

a routing solution has to be preferred:

DHCP support can be provided by using the ip hepler-address central.dhcp.ipaddress on all LAN interfaces of the branch router(s)

int f0/0

ip helper-address central.dhcp.ipaddress

with this command the broadcast destination is converted in the DHCP server ip address that can be routed over the T1 links.

VoIP is supported on L3 environments: the DHCP scope can be configured with option 150 to list the TFTP servers (if the servers are CCM or CUCM).

So once you support the DHCP relay with ip helper-address you should be fine.

In fact, we have multiple sites and branch offices and we can provide DHCP services and VoIP over them from central site(s)

Technically you could bridge but it is not recommended for performance, security issues, ability to confine a broadcast storm.

If you use a T1 as a data interface you cannot use it as a PRI you need two separate interfaces to do this

Hope to help

Giuseppe

rraver Sun, 12/07/2008 - 11:30

Yea, I was hoping to avoid creating new subnets in the new office that are just for the office but I am leaning more and more towards it. We have a seperate PRI so I am not worried about that we are using CCM 6.X with the DHCP server on the the CCM box and have another DHCP server for the LAN. Currently our network has a 4507 at the core that is pure L2 except for management. It has L2 switches attached to it for the edge, all routing is done via a pair of ASA's that sit between the LAN and a pair of 3750's that again are L2 and a couple 2851's that run our WAN connections. The users on the network I am moving over is an existing interface on the ASA with the ASA being their default gateway. If they move and there is a router interally that routes that subnet across the would it be best to just create a point to point ethernet connection between the ASA and the router and have it pass the ASA all the traffic? In that case the ASA and both the router would have to pass the DHCP from at least the corporate DHCP servers and possibly the CCM server as well?

Giuseppe Larosa Mon, 12/08/2008 - 12:22

Hello Rob,

>> If they move and there is a router interally that routes that subnet across the would it be best to just create a point to point ethernet connection between the ASA and the router and have it pass the ASA all the traffic?

yes it is correct and the DHCP relay mechanism with ip helper-address allows you to use corporate DHCP servers also on the branch: note the command can be given multiple times if needed one line for each server.

Hope to help

Giuseppe

xcz504d1114 Mon, 12/08/2008 - 14:48

Rob,

I run a similar setup for our disaster recovery scenarios, I believe you are looking for L2TP (layer 2 tunneling protocol).

I would highly recommend a routing solution as annotated by the other people that have replied.

L2TP is very much like a VPN connection, in fact if you are running ASA's you could even use those to terminate an EZVPN connection from your branch office router to extend layer 2.

Here is a link to much more information about L2TP:

http://www.cisco.com/en/US/tech/tk827/tk369/tk388/tsd_technology_support_sub-protocol_home.html

http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns155/networking_solutions_white_paper09186a008017fa6e.shtml

Here is an example of the configuration I have setup on my routers for my DR tests.

RouterA IP: 192.168.1.1

RouterB IP: 192.168.2.1

RouterA#

l2tp-class class1

authentication

password 7 **********

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

no snmp trap link-status

no cdp enable

xconnect 192.168.2.1 123 pw-class vlan-xconnect

RouterB#

l2tp-class class1

authentication

password 7 ************

interface FastEthernet0/1.2

encapsulation dot1Q 2

xconnect 192.168.1.1 123 pw-class vlan-xconnect

BUT again, a routed solution is better for many reasons, running a solid flat network has many drawbacks. One thing to consider with the L2TP is that it will add overhead for encapsulation, and broadcasts will traverse your WAN link, with a T1 resources are fairly limited, and depending on the number of users at the branch office it is very easy to saturate a T1 without the L2TP overhead, broadcasts, spanning-tree, or even a chatty / failing NIC.

If you are running any time sensitive services such as VOIP, Video, or even applications that are just plain coded poorly (you wouldn't believe how many are out there) across that link you could have potential issues as QoS is tagged at L2 and provided at L3.

All in all, I wouldn't recommend a non-routed solution over a T1 link, or even a DS3 unless I had an absolute need to, bridging servers across a WAN link that are clustered would be an instance where I might need to do that, but I would hope I wouldn't cluster servers across a WAN link :)

I hope that helps,

Craig

Giuseppe Larosa Mon, 12/08/2008 - 23:32

hello Craig,

I had thought of L2tpv3 at first, but then reading Rob's initial posts that is just adding a branch office and he wanted to bridge just to to be able to use central site DHCP servers and CCM I give up with this idea.

As you wrote it can be a good solution for DR with much faster links but here it is just enough to add some ip helper-address commands to make the new branch office to work with a routed solution

Hope to help

Giuseppe

Actions

This Discussion