Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN benefits and risks?

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Everyone's tags (5)
6 REPLIES
VIP Super Bronze

Re: VLAN benefits and risks?

Hi,

There is really no benefit in extending layer-2 across a WAN link.  The risk and drawbacks are 1-Since the connection is layer-2, you can not take advantage of tools like ping and trace route. 2-troubleshooting is more difficult sine the vlan spans across multiple locations.3-If you have redundant connection to prevent loop you need to deploy STP.

Although some times you have to deploy it, in general staying away from it is a good idea.

HTH

Reza

Re: VLAN benefits and risks?

Technically you can extend the VLAN across a WAN link but why would you want to do this?
You would have a broadcast domain extending the WAN link as well.

VLANs work fine in a LAN environment.
Unless you have a need to, like an ISP, if you're a customer I don't see the need to span the
VLAN across the WAN link.

It will be much better to have separate IP subnets, on the other side of the WAN link on different
L3 segments to ease manageability and troubleshooting.

Hope to help.

Federico.

New Member

Re: VLAN benefits and risks?

Thank you guys!

It looks like it's easy to spot the risks and disadvantages of spanning VLAN over WAN link.

But it is still unclear to me what the advantage is/are if there is/are like what Federico has pointed out.

Can somebody please explicitly tell me the advantage VLAN brings spanning over a WAN link?

Many many thanks.

Re: VLAN benefits and risks?

Rock,

I have a real world example for ya...

A few months ago i worked with a client that had an application that only worked in layer 2. The app for some reason would not allow a gateway. SO, with that being said, we had to extend the layer 2 (vlan) from one office over the WAN to the other office.This was a requirement for the app to work, it couldnt route.

As for me, I side on the part of NOT spanning vlans over WANs.

Here is another real world example. A year or so ago, a customer called and said their office had a slow connection. So after some digging i found the GW resided on the remote office (side)  for the layer 2 vlan. All the off subnet traffic was being routed over the WAN link to be routed and coming back across the WAN to the central location. Of course an oversight by whomever did the design.

In addition, since the layer 2 extended to the remote office. It also explained why when the IT desk top guy imaged devices over the production LAN it KILLED the remote office.Guess what vlan he used

My practice is to segment all remote locations via layer 3.

i hope this adds some light to your question

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: VLAN benefits and risks?

Thank you George.

Those were really something... again thank you.

Hall of Fame Super Blue

Re: VLAN benefits and risks?

rocknolds wrote:

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Just to add to Reza's post. L2 is also harder to secure. If a virus infects one pc then within that vlan it can easily spread. If a broadcast storm happens in the vlan it goes across your WAN links. L3 is generally a better solution for WAN connectivity.

Jon

4036
Views
7
Helpful
6
Replies