Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Layer 2 VPn connectivity issue

Hi,

I have  corporate office in which number of vlans are running 3.i.E Vlan200,Vlan10 and vlan 20.we have branch office in which we took a layer 2 vpn connectivity from our ISP.

I want that my branch office will be the part of vlan 200 how i accomplish this.

Plz help me out

7 REPLIES
Silver

Layer 2 VPn connectivity issue

Have you tried tagging the VLAN 200 across the ISP link? If that didn't work you may have to work with your ISP to carry tagged VLAN 200 packets.

HTH.

Layer 2 VPn connectivity issue

Hello.

I would say, that extending VLAN over WAN is not a good idea, especially if you are going to add client hosts into the VLAN. L2 VPN is cool for GetVPN configuration.

In your case - if single VLAN needs to be extended over WAN, you may assign ports (connected to ISP at both site) to VLAN 200 (access mode). In this case you won't be able to extend any other VLAN.

If you want to extend several VLANs over ISP, then you will have to negotiate the option with ISP.

New Member

Layer 2 VPn connectivity issue

Hi RAIS and Mikhailovskyvv,

Okay i will commnicate with my ISP regarding this

But I am little bit confused what type of coniguration will be done on both branch and corporate office switches.Can you plz help out me in thi regard.

Layer 2 VPn connectivity issue

Hello.

If you want to extend single VLAN all other your branches, then "mode access" and "access vlan 200" will be enough.

If your provider will pass tagging, then you may configure "mode trunk" and " allowed vlan ,,".

But I would repeat: it's not a good practise to extend VLAN over WAN!

New Member

Re: Layer 2 VPn connectivity issue

Hi,

What you suggest what will i do?? What i need is that clients in branch office can access my datacentre from head office and dhcp must be enable from clents.

Re: Layer 2 VPn connectivity issue

You may deploy L3 devices for WAN connectivity (L3 switch or router).

They will be able to limit traffic broadcasts and (potentially) support encryption and traffic filtering.

If you don't want to deplot DHCP server at branch office (all the routers support built-in DHCP server), then you could use DHCP relay (ip helper-address).

New Member

Re: Layer 2 VPn connectivity issue

Hi,

on side note can you please confirm me one another thing that ip helper-address command will work on switch 2960??

180
Views
0
Helpful
7
Replies
CreatePlease login to create content