Carrying Local Vlans over Metro Ethernet Without Q-in-Q

Unanswered Question
May 14th, 2009
User Badges:

Hi all,

One of my customers (an University) has a WAN consists of 13 remote campus and a central campus. They are using Metro ethernet between remote campuses and Central campus. They asked that how to carry local vlans which they created on Catalyst 6509 to the all remote campuses. Remote campuses are using Cisco Catalyst 3560 as a metro ethernet switch. All the connections from campuses to the Service provider configured as a trunk. But we have a little problem. Q-in-Q is not available in service provider network. They can not provide an encapsulation vlan (service vlan) for to create a tunnel that can passing all vtp,bpdu,etc data to the remote campuses. As a summary, we are looking for a method to carry all the vlans that have been created on the Backbone Switch to the remote campuses over a metroethernet wan without q-in-q.

I also tried the L2TP , L2PT but it did not accomplish my objective.

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Thu, 05/14/2009 - 23:51
User Badges:
  • Gold, 750 points or more

Not knowing your tolpology in details, It looks like you have to route.


If you have an MPLS backbone, you could look into EoMPLS. otherwise using keeping separation by terminating VLANs into VRFs then back into VLANs is also a solution.


Applications relying on broascat would then need to be addressed.


HTH


Sam

sinan.yilmaz Fri, 05/15/2009 - 00:21
User Badges:

No, I have not a MPLS backbone. It is possible to be successful on this objective via using Q-in-Q. Q-in-Q is not available for this case. I depicted the basic WAN topology. There are not any assigned ip addresses for metro ethernet vlans. it is just working on L2. Service provider makes all forwarding and routing process in its network. It can not be seen by anyone.



cisco_lad2004 Fri, 05/15/2009 - 00:51
User Badges:
  • Gold, 750 points or more

If you cant use Q-in-Q then you have to switch the single tagged vlans.

To provide added security you could consider using PVLANs.


If your customer has large number of VLANs then you need to evaluate if you are willing to compromide your network or force customer to consider a L3 termination at your end where you use routing instead of switching.


HTH


Sam

sinan.yilmaz Fri, 05/15/2009 - 01:21
User Badges:

Forgive me but could you please explain that how I can associate a lot of vlan to a primary vlan that passing through a trunk connection to the Service provider network? I mean this private vlan just gives me a solution that forwarding all or some vlans' traffic that I defined to the remote offices or vice versa. It does not provide a solution about to carry vlan information to the remote offices. What if I use the private vlans it does not accomplish my objective.Because, vtp or bpdus still can not be exchanged by the metroethernet switches.

And I am not sure that to use the L3 instead of L2 will helps me to carry vlan related informations (vtp,cdp,bpdu,etc) to the remote ends. What should I do if I use L3 for to carry the vlan related (vtp,bpdu,cdp,etc.) datas?

cisco_lad2004 Fri, 05/15/2009 - 02:07
User Badges:
  • Gold, 750 points or more

No that is excately what you cannot do.


So if you have 100VLANs, they you have to switch 100VLANs through your core if you are not routing.


PVLANs will only give you added security.


Sam

Actions

This Discussion