Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best way to extend a VLAN over a VPN?

I have a class C private network that I would like to span two different cities over a VPN. To both locations, all the IP addresses must appear to be on the same LAN. What is the best way to do this? Is there any article that explains this?

Hall of Fame Super Bronze

Re: Best way to extend a VLAN over a VPN?

New Member

Re: Best way to extend a VLAN over a VPN?


Thanks for pointing me to a great article. I gained a lot of info. Can you confirm that transparent bridging will work well in the following situation? Can I apply it here:

Say, / 24 Ethernet network connects to a layer 3 switch, which connects to a VPN router via another network interface. The VPN router forms a IPSec/GRE tunnel VPN to a remote location over the Internet, terminating in another VPN endpoint. Another private Ethernet interface on this endpoint needs to have the same /24 network. (A VLAN extension). This is needed for a short period while we are moving hosts from one location to another. Can this be accomplished by transparent bridging or do we need something else?


Hall of Fame Super Bronze

Re: Best way to extend a VLAN over a VPN?

The VPN Router is also part of the segment ? If so GRE tunnel can transport the bridging information via the tunnel.

However, from your environment, I would recommend double NAT'ng between the 2 offices instead of bridging.

With bridging, you will be extending your L2 environment over slow/unreliable VPN links.

Once you configure your bridging environment, one location will hold the root of the spanning tree domain and all traffic within that VLAN will traverse back and forth over the VPN link. Not the most ideal setup for enterprise networking.

NAT'ng between locations gives you the ability to scale the migration to meet your needs without a major change in your L2 topology.


New Member

Re: Best way to extend a VLAN over a VPN?

Yes, the VPN router is also part of the /24 segment. As this is only a short term requirement and as we have a multi-meg WAN pipe, I don't mind extending the VLAN over the WAN/VPN.

Do you have an article for configuring this VLAN extension and an example config? Your help is appreciated.


Hall of Fame Super Bronze

Re: Best way to extend a VLAN over a VPN?

In your case, you will have to route and bridge at the same time, so concentrate on the IRB configuration for bridging.

You will have a BVI interface, this is the L3 interface. On the segments you want to bridge, you need to enter the bridge-group command.

Personally, I've never done it on a WAN/VPN. I've only done it on frame-relay or ppp WAN connections in a lab. I never had the need to extend a L2 environment over a WAN connection.

The portion of the documentation you need to concentrate on will be IRB

There are some examples on IRB. Please make sure you simulate this scenario in a Lab before deployment.