05-28-2016 08:56 PM - edited 03-08-2019 05:58 AM
VLAN400 10.225.16.0/24 and this VLAN400 must be separated from all other traffic within the network.
And this VLAN400 shares the same broadcast domain cross the entire network.
Firewall Switch(10.225.16.254)---------trunk-------------SWB--------------trunk-------------SWC-------trunk---------SW-1 VLAN400 (10.225.16.11)
This is easy to achieve, trunking between all switches, the VLAN400 will be passing through without any issues.
Firewall Switch(10.225.16.254)---------trunk-------------SWB---------------WAN-------------SWA--------trunk----------SW-2--------VLAN400 (10.225.16.10)
The challenging how could I pass the same VLAN traffic from SWA to Firewall Switch through a WAN link to SWB?
I am stumped by this, seems VRF lite can resolve this issue, but no idea how to implement it. The requirement is using Layer 3 method to do this.
Could someone shed some light on this? It would be highly appreciated. Cheers, Bryan
05-28-2016 09:19 PM
You basically trying to configure layer-2 between all switches? If that is the case and the WAN provider is handing off a layer-2 Ethernet connection, you can simply trunk the WAN connection and add vlan 400 to it.
HTH
05-28-2016 09:23 PM
Thanks Reza for your prompt reply.
Certainly we can trunk the WAN connection and add VLAN 400 to it as you mentioned.
However according to our past experience, we constantly see UDLD failure which turns the Layer 2 traffic down. That's the reason we want to use Layer 3 approach this time.
05-28-2016 09:47 PM
The UDLD issue you have seen is from the provider's site of the connection?
If that is the case, you can contact them so they can look into fixing the issue.
If the UDLD issue is from your site, you can configure UDLD protection on your switches. See link:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/udld.html
HTH
05-28-2016 09:49 PM
Thanks Reza. But the management wants to use Layer 3 to accomplish this implementation. Otherwise my life will be whole lot easier :)
05-28-2016 10:07 PM
I understand :)
Here is document on using layer-2 over a layer-3 network.
Have a look and see if it can be done in your environment.
As you probably already know extending one vlan between multiple sites is not really best practice, but if your management insist in wanting vlan 400 everywhere than you may not have a choice.
here is the link:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html
Good Luck
05-28-2016 10:16 PM
Really appreciated Reza :) Big thanks for you.
I don't think our platform 6506 and 6509 can support L2TPv3.
Any idea how to implement VRF Lite to achieve this?
B
05-28-2016 10:16 PM
Really appreciated Reza :) Big thanks for you.
I don't think our platform 6506 and 6509 can support L2TPv3.
Any idea how to implement VRF Lite to achieve this?
B
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: