Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8940
Views
7
Helpful
6
Replies

VLAN benefits and risks?

rocknolds
Level 1
Level 1

‎04-24-2010 06:54 AM - edited ‎03-06-2019 10:46 AM

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-24-2010 08:37 AM

Hi,

There is really no benefit in extending layer-2 across a WAN link.  The risk and drawbacks are 1-Since the connection is layer-2, you can not take advantage of tools like ping and trace route. 2-troubleshooting is more difficult sine the vlan spans across multiple locations.3-If you have redundant connection to prevent loop you need to deploy STP.

Although some times you have to deploy it, in general staying away from it is a good idea.

HTH

Reza

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Reza Sharifi

‎04-24-2010 08:55 AM

Technically you can extend the VLAN across a WAN link but why would you want to do this?
You would have a broadcast domain extending the WAN link as well.

VLANs work fine in a LAN environment.
Unless you have a need to, like an ISP, if you're a customer I don't see the need to span the
VLAN across the WAN link.

It will be much better to have separate IP subnets, on the other side of the WAN link on different
L3 segments to ease manageability and troubleshooting.

Hope to help.

Federico.

rocknolds
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-25-2010 01:03 AM

Thank you guys!

It looks like it's easy to spot the risks and disadvantages of spanning VLAN over WAN link.

But it is still unclear to me what the advantage is/are if there is/are like what Federico has pointed out.

Can somebody please explicitly tell me the advantage VLAN brings spanning over a WAN link?

Many many thanks.

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to rocknolds

‎04-25-2010 01:28 AM

Rock,

I have a real world example for ya...

A few months ago i worked with a client that had an application that only worked in layer 2. The app for some reason would not allow a gateway. SO, with that being said, we had to extend the layer 2 (vlan) from one office over the WAN to the other office.This was a requirement for the app to work, it couldnt route.

As for me, I side on the part of NOT spanning vlans over WANs.

Here is another real world example. A year or so ago, a customer called and said their office had a slow connection. So after some digging i found the GW resided on the remote office (side)  for the layer 2 vlan. All the off subnet traffic was being routed over the WAN link to be routed and coming back across the WAN to the central location. Of course an oversight by whomever did the design.

In addition, since the layer 2 extended to the remote office. It also explained why when the IT desk top guy imaged devices over the production LAN it KILLED the remote office.Guess what vlan he used

My practice is to segment all remote locations via layer 3.

i hope this adds some light to your question

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rocknolds
Level 1
Level 1
In response to George Stefanick

‎04-25-2010 01:36 AM

Thank you George.

Those were really something... again thank you.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎04-24-2010 08:46 AM 

rocknolds wrote:
What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.
What are the risks and concerns that need to be considered in this situation?

Just to add to Reza's post. L2 is also harder to secure. If a virus infects one pc then within that vlan it can easily spread. If a broadcast storm happens in the vlan it goes across your WAN links. L3 is generally a better solution for WAN connectivity.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card