How can I join the native internal vlan1 of 2 sites over a WAN routed link?

Unanswered Question
Jan 29th, 2010
User Badges:

Hi there,


I have two sites with a Cisco 3825 each. Site B is connected to the service provider with a 100 mbps link. Site A is connected with a 400 mbps link as a trunk port because it is use to receive data from other sites. Each site with its own vlan ID. For Site B the vlan ID is 10 but it was defined only in router at site A, by defining a subinterface and using encapsulation dot1q. Site B have no reference to that vlan ID but I'm assuming that the vlan 10 should be defined at the service provider's network equipment. I think that they are using MPLS but that's completly transparent for me in terms that I have no control over their MPLS configuration. For my perspective it is like having all my sites connected to a switch.


I need to configure both routers in order to extend the internal native vlan1 from site A to site B  to have both sites using the same IP address scheme. In other words a server at site A is 192.168.100.1 and another server at site B is 192.168.100.2 with the same netmask. I completely clear that it is not recommendable or advisable to this over the WAN but I have to do it anyways.


I tried using GRE/Tunnels but I couldn't pull it out. I also read about L2TP and VPLS but I don't understand the concept entirely. Encryption is not a concern for me, actually I don't want to use IPSec unless there is no other option.


Can you please help me?


Thanks for your attention!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Fri, 01/29/2010 - 19:24
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hellp Edil,


If your service provider is running MPLS, then you can work with them to provision a layer-2 VPN for you and run EoMPLS.  This way you can keep the same IP and VLAN for both sides of your connections.  I would suggest using another VLAN in place of VLAN 1 and not use VLAN 1 at all, because that is the default/native  VLAN and it is used for control traffic and not secure.


Please refere to this document in section EoMPLS and 802.1Q Tunneling for more info:



http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_25_seg_seg1/configuration/guide/swmpls.pdf


HTH

Reza




Edil Cajigas Sat, 01/30/2010 - 04:44
User Badges:

Reza,


Thank you very much for your help.


To be completely clear with this. It is possible to do what I want using only GRE/Tunnels? Even if it is not the best methode. If so how? I just want to know for sure if GRE/Tunnels is something that I have to disccard not because it is a poor choice but because it can not provide me what I want.


I will have to check with the SP about EoMPLS. What they told me is that they can allow me to pass whatever vlan I want instead of only vlan 10 between SITE A and SITE B but that that's not something that they have done for their other customers and they will charge me a very hefty monthly fee, because in their service plan they charge a fee per vlan.


Best regards


Edil

Giuseppe Larosa Sat, 01/30/2010 - 08:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Edil,

the right  tool may be L2TPv3 that allows to build a L2 point-to-point transport service over IP.

It is supported on C3825 with appropriate feature set.


http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html


more specifically service can be defined on a per vlan based subinterface basis:


http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html#wp1043064


the limitations are those of performance of routers in use (so no chance to get 400 Mbps of traffic over the pipe)


Hope to help

Giuseppe

Edil Cajigas Mon, 02/01/2010 - 05:29
User Badges:

Guseppe,


Thanks for your help. I did tried to use L2TPv3 following an example from another web site but the instrucction said to use a diggest command and that is not listed as a valid command in the IOS I'm using.


Any ideas? The other option I'm checking now is QinQ but again how can I use QinQ with vlan1, do you know of a good tutorial?

paolo bevilacqua Sat, 01/30/2010 - 08:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Why you want to bridge? What it means "I have to" ??

Everything works good and better with regular routing.

2 sites = 2 subnets.

Edil Cajigas Mon, 02/01/2010 - 05:42
User Badges:

bevilacqua,


I  have 2 sites and I want their internal native vlan1 to be the same. I was instructed to do it basically because we have two Exchange and Blackberry servers already published with a particular IP and we want to create a replica of those servers at SITE B for the continuity of service in case of a failure in SITE A.


The system administrator is using Exchange 2003. I check products like Neverfail and Doubletake but those are very expensive.


2 sites = 2 subnets = better = U R right...  but I have to do it

paolo bevilacqua Mon, 02/01/2010 - 08:42
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

From my understanding, replication does not require servers to be on same subnet..

Actions

This Discussion

Related Content