802.1q VLAN tag through VPN??

wrockall · ‎10-29-2001

I have a 3030 concentrator, is it possible to set different tunnels to have different VLAN tags, eg a sales person coming in will be tagged with the correct VLAN for sales and so will not be able to see the marketing resources, BUT a marketing person coming in will be tagged as such and will not be able to see the sales resources but will have access to the marketing ones?

JOSH GANT · ‎10-30-2001

...No

wrockall · ‎11-16-2001

Thanks for your informative reply. I have now worked out a way to do this.

JOSH GANT · ‎11-16-2001

Sorry about that. ;)

You can't do 802.1q over a VPN because the 802.1q tags that are in each Ethernet frame, are only relevent on trunk links between switches. The connection between your switch and your VPN device will not be a trunk, therfore there is no 802.1q tags on these frames.

I don't belive there are any VPN devices that support extending 802.1q VLANs across a VPN. I could be wrong, of course...

nuno.morais · ‎11-22-2001

In fact Cisco now supports Layer 2 VPNs (VLANs) over MPLS VPNs. I've never tried such thing, but it is supported.

wrockall · ‎11-28-2001

Sorry, you guys seem to have misunderstood my problem. I do not want to transport the tags through the VPN; as far as I know this is impossible with an IPSec tunnel and MPLS although a nice idea is not practical for users dialling in via the PSTN from anywhere in the world through non-predefined POPs.

My aim is to have employees connect through to the Internet via a local ISP (or using GRIC) and then VPN to my concentrator. Once they have made this connection I then want to tag the packets with the relevant VLAN tag. I know this is possible by using a 5000 series concentrator but the 3000 series requires some slightly more creative design work.