Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
7
Replies

Layer 2 VPn connectivity issue

junaid haroon
Level 1
Level 1

‎10-29-2013 03:47 AM - edited ‎03-04-2019 09:26 PM

Hi,

I have  corporate office in which number of vlans are running 3.i.E Vlan200,Vlan10 and vlan 20.we have branch office in which we took a layer 2 vpn connectivity from our ISP.

I want that my branch office will be the part of vlan 200 how i accomplish this.

Plz help me out

Labels:
0 Helpful
7 Replies 7

rais
Level 7
Level 7

‎10-29-2013 08:16 AM

Have you tried tagging the VLAN 200 across the ISP link? If that didn't work you may have to work with your ISP to carry tagged VLAN 200 packets.

HTH.

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7

‎10-29-2013 09:31 AM

Hello.

I would say, that extending VLAN over WAN is not a good idea, especially if you are going to add client hosts into the VLAN. L2 VPN is cool for GetVPN configuration.

In your case - if single VLAN needs to be extended over WAN, you may assign ports (connected to ISP at both site) to VLAN 200 (access mode). In this case you won't be able to extend any other VLAN.

If you want to extend several VLANs over ISP, then you will have to negotiate the option with ISP.

0 Helpful

junaid haroon
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎10-29-2013 08:54 PM

Hi RAIS and Mikhailovskyvv,

Okay i will commnicate with my ISP regarding this

But I am little bit confused what type of coniguration will be done on both branch and corporate office switches.Can you plz help out me in thi regard.

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7
In response to junaid haroon

‎10-29-2013 11:33 PM

Hello.

If you want to extend single VLAN all other your branches, then "mode access" and "access vlan 200" will be enough.

If your provider will pass tagging, then you may configure "mode trunk" and " allowed vlan ,,".

But I would repeat: it's not a good practise to extend VLAN over WAN!

0 Helpful

junaid haroon
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎10-29-2013 11:37 PM

Hi,

What you suggest what will i do?? What i need is that clients in branch office can access my datacentre from head office and dhcp must be enable from clents.

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7
In response to junaid haroon

‎10-30-2013 12:09 AM

You may deploy L3 devices for WAN connectivity (L3 switch or router).

They will be able to limit traffic broadcasts and (potentially) support encryption and traffic filtering.

If you don't want to deplot DHCP server at branch office (all the routers support built-in DHCP server), then you could use DHCP relay (ip helper-address).

0 Helpful

junaid haroon
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎10-30-2013 12:19 AM

Hi,

on side note can you please confirm me one another thing that ip helper-address command will work on switch 2960??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card