VLAN benefits and risks?

Unanswered Question
Apr 24th, 2010

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Reza Sharifi Sat, 04/24/2010 - 08:37

Hi,

There is really no benefit in extending layer-2 across a WAN link.  The risk and drawbacks are 1-Since the connection is layer-2, you can not take advantage of tools like ping and trace route. 2-troubleshooting is more difficult sine the vlan spans across multiple locations.3-If you have redundant connection to prevent loop you need to deploy STP.

Although some times you have to deploy it, in general staying away from it is a good idea.

HTH

Reza

Federico Coto F... Sat, 04/24/2010 - 08:55

Technically you can extend the VLAN across a WAN link but why would you want to do this?
You would have a broadcast domain extending the WAN link as well.

VLANs work fine in a LAN environment.
Unless you have a need to, like an ISP, if you're a customer I don't see the need to span the
VLAN across the WAN link.

It will be much better to have separate IP subnets, on the other side of the WAN link on different
L3 segments to ease manageability and troubleshooting.

Hope to help.

Federico.

rocknolds Sun, 04/25/2010 - 01:03

Thank you guys!

It looks like it's easy to spot the risks and disadvantages of spanning VLAN over WAN link.

But it is still unclear to me what the advantage is/are if there is/are like what Federico has pointed out.

Can somebody please explicitly tell me the advantage VLAN brings spanning over a WAN link?

Many many thanks.

George Stefanick Sun, 04/25/2010 - 01:28

Rock,

I have a real world example for ya...

A few months ago i worked with a client that had an application that only worked in layer 2. The app for some reason would not allow a gateway. SO, with that being said, we had to extend the layer 2 (vlan) from one office over the WAN to the other office.This was a requirement for the app to work, it couldnt route.

As for me, I side on the part of NOT spanning vlans over WANs.

Here is another real world example. A year or so ago, a customer called and said their office had a slow connection. So after some digging i found the GW resided on the remote office (side)  for the layer 2 vlan. All the off subnet traffic was being routed over the WAN link to be routed and coming back across the WAN to the central location. Of course an oversight by whomever did the design.

In addition, since the layer 2 extended to the remote office. It also explained why when the IT desk top guy imaged devices over the production LAN it KILLED the remote office.Guess what vlan he used

My practice is to segment all remote locations via layer 3.

i hope this adds some light to your question

rocknolds Sun, 04/25/2010 - 01:36

Thank you George.

Those were really something... again thank you.

Jon Marshall Sat, 04/24/2010 - 08:46

rocknolds wrote:

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Just to add to Reza's post. L2 is also harder to secure. If a virus infects one pc then within that vlan it can easily spread. If a broadcast storm happens in the vlan it goes across your WAN links. L3 is generally a better solution for WAN connectivity.

Jon

Actions

Login or Register to take actions

This Discussion

Posted April 24, 2010 at 6:54 AM
Stats:
Replies:6 Overall Rating:3.5
Views:3464 Votes:0
Shares:0

Related Content

 

Discussions Leaderboard

Rank Username Points
1
Jon Marshall
16,867
2
Reza Sharifi
9,389
3
Giuseppe Larosa
8,202
4
Leo Laohoo
7,689
5
Peter Paluch
7,654
Rank Username Points
Jon Marshall
469
Joseph W. Doherty
131
Leo Laohoo
103
Reza Sharifi
95
CHARLES HILL
74