Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1830
Views
0
Helpful
2
Replies

Multiple VLAN's over Point-to-Point T1

christopher.ronse
Level 4
Level 4

‎08-16-2010 06:27 PM - edited ‎03-04-2019 09:27 AM

Hello,

I have three locations location 1,2 and 3 at each location I have a 1941 and the locations are connected by a point-to-point T1.  Location 2 and 3 both connect back to the 1941 at location 1 (single WIC card 2-ports).  I need to span vlan's across all three locations, the reason being is that one of the VLAN is in a DMZ.  How would I span the VLAN's across all 3 locations?  I originally thought of L2TPv3 but could only get it to work with two locations and not three.  The reason is because each sub-interface could only have one xconnect statement.  Any help would be appreciated?

Thanks,

Christopher Ronse

Labels:
0 Helpful
2 Replies 2

narainarun
Level 1
Level 1

‎08-16-2010 10:37 PM

Hi,

I dont know whether this setup can work as I have not tested in my network but theoretically this seems to work. Please try.

I assume the setup is like hub and spoke where location 1 is hub which aggregates location 2 and 3. You can extend VLAN's between location 2 and 1 with native VLAN using L2TPv3. In location 1 switch, where the router is connected, you can do a self loop and carry the same VLAN over QinQ tunneling. This QinQ outer VLAN is again extended between location 1 and 3 with L2TPv3. Again in location 3 you can do a self loop in the switch and take the native VLAN's out.

QinQ tunneling does VLAN encapsulation over existing VLAN, thus it has two VLAN's. Inner VLAN being native VLAN and outer VLAN is for encapsulating and hiding the inner VLAN.  QinQ is configured between location 1 and 3. Thus outer VLAN is encapsulated in location 1 and decapsulated in location 3 and vice-versa.

Config in location 1 is as follows:


Router:

interface fa0/0.xxx (native vlan)

xconnect xxx

interface fa0/0.yyy (outer vlan)

xconnect yyy

Switch

interface fa0/0 (connected to router)

open trunk or closed trunk

interface fa 0/1 (connect to fa 0/2 on same switch)

allow native vlan

interface fa 0/2 (connect to fa 0/1 on same switch, used to encapsulate the native vlan over outer vlan)

switch access vlan yyy

switchport mode dot1q-tunneling

Config in location 3:

Router:

interface fa 0/0.yyy (outer vlan)

xconnect yyy

Switch

interface fa 0/0 (connected to router)

allow the outer vlan -- this is enough coz all native vlans are encapsulated over outer vlan

interface fa 0/1 (connect to fa 0/2 on same switch)

allow native vlan's

interface fa 0/2 (connect to fa 0/1 on same switch, used to encapsulate the native vlan over outer vlan)

switch access vlan yyy

switchport mode dot1q-tunneling

Config in location 2 is normal L2TPv3 config.

Thus native vlan's are carried over all 3 locations.

PS: The switch should support QinQ tunneling. C2960 and above swithces support it. MTU size in switches and routers over the entire WAN should be taken in to consideration as extra 4 bytes are added between location 1 and 3.

HTH

N Arun

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-17-2010 03:43 AM

Hello Christopher,

you should look for a routed solution for example VRF lite

if you can use Frame Relay you can dedicate a subinterface to DMZ VRF to site2 and to site3.

OR you can use point to point GRE tunnels to connect DMZ subnets in VRF in each site.

doing so the only point of contact between DMZ VRF and global routing table will be the firewall in central site.

see

http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card