Having a problem to extend VLAN over WAN link

mail2udaykiran · ‎04-28-2010

I need to extend the vlan that has been created in the cuurrent facility core switch, to another building

over a WAN link. The scope is to route the traffic to wards the onsite(from current building).

Kevin Brennan · ‎04-28-2010

Hi Uday,

Before getting into how this might be done, what is it that you'd like to achieve? - There are a number of drawbacks and innefficiencies to extending a broadcast domain over geographical sites.

What type of WAN circuit do you have - or do you have one yet?

If it is a L3 circuit, you might want to look at L2TPv3 (Layer Two Tunneling Protocal, version 3).

If you have a L2 ethernet circuit you might be able to trunk a few VLANs over the circuit (if the carrier supports dot1q) or else you might only be able to plug in two access ports at each end of the link.

Sorry to repeat myself, but if there is any way to achieve what you want without splitting a VLAN across sites I'd strongly recommend investigating it.

HTH

Kevin

mail2udaykiran · ‎04-28-2010

Thanks for looking into this brennan,

Here I am explaining you that what might be done.

We have 2 branches connected with PRI link (in the same city).

And we have client site and that has connection with only one of our branch. This connection has some limitations. We natted one private VLAN to a single public IP, and we are doing the routings and all to wards the client. For client the source IP is unique(eventhough there are several hosts)

Now we want to give the connectivity to the client site from the other branch also.

Could you please tell me the best way to do it.

Kevin Brennan · ‎04-28-2010

Hi Uday,

I don't think extending a VLAN is what you're looking for.

If I understand correctly, is this your setup?

---------E1/T1----

You want to have access to ?

How does connect to ?

Is it a VPN?

I presume you are using static routes between and ?

Kevin

mail2udaykiran · ‎04-28-2010

Yes Kevin

Exactly

---T1---- ---T1----

Now I want the connectin should be from to thourgh

Coz we cannt go for aother link btw and . And moreover people will be working from to the same client.

And the connection btw and is on (static routes not on VPN)

Kevin Brennan · ‎04-28-2010

Hi Uday,

I'm with you now.

You need two additional static routes. This is assuming that there is full ip connectivity between and .

On you need a static route to the network behind with the next hop of

The syntax for this is

ip route x.x.x.x y.y.y.y z.z.z.z

Where x.x.x.x y.y.y.y is the network and mask of the destination network and z.z.z.z is the next hop to that destination.

Depending on the relationship between yourself and your client, you might want to implement some ACL's to restrict the flow of traffic between you.

HTH

Kevin

(EDIT: You mentioned NAT, could you elaborate on that, as it may have a bearing)

Message was edited by: brennan.k

mail2udaykiran · ‎04-28-2010

As I told eariler.....Client is allowing my traffic as single source

(196.12.X.X)

From the private vlan 192.168.24.X is natted to that IP.

in I created 192.168.34.X and I am routing them to and also natted this praivate VLAN to the same IP(196.12.X.X).

Kevin Brennan · ‎04-28-2010

Hi Uday,

I'm not sure if that would be possible with your NAT configuration.

Can you post your configs (without any sensitive information)?

Kevin

shailesh.h · ‎04-28-2010

Certainly you can achieve the same without extending LAN. Now if site 2 allowed only site 1 to communicate then there are couple of options available to you.

You can use dynamic or static routing
you can NAT client IP behind site 1

I have put my current understanding of your requirement in the diagram attached. Need basic information to suggest something workable for you

What is installed at site1
How Site1 and site 2 connectivity
How is currently Client and site 1 connectivity
How is Client and site2 connectivity

What is the challenge

Share the config of the network devices in the path

Shailesh