Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VLAN Trunking through a VPN

Reply
Thread Tools

VLAN Trunking through a VPN

 
 
jjfunaz@gmail.com
Guest
Posts: n/a
 
      03-24-2006
We currently have two buildings within our company. We want to connect
the two building with a vpn. I was wondering if it is possible to get
VLAN trunking through the vpn so that both buildings' switches can
utilize the same VLANs. Is this possible with a GRE tunnel, or an
L2TPv3 vpn? Any advice that can be given would be most appriciated.

 
Reply With Quote
 
 
 
 
thrill5
Guest
Posts: n/a
 
      03-24-2006
Why would you want to do such a thing!!!!! I know there are special cases
where this would be a good idea, but that is the extreme exception and not
the rule. What is the problem with routing the traffic? It's just as fast
as layer 2 and you have the advantage of not propagating the layer 2
broadcasts from one location to another and a layer 2 problem (such as
spanning-tree problem) will affect only one location instead of both. The
entire point of Layer 3 is to limit your layer 2 broadcast domain, and
trunking VLANs across a WAN connection is waste of bandwidth. Tell the
server guys to setup a DNS server, and use DNS names instead of IP addresses
and then it won't matter if a server moves from location a to location b.
There is a reason that IP was invented, and this is one of them.

Scott

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> We currently have two buildings within our company. We want to connect
> the two building with a vpn. I was wondering if it is possible to get
> VLAN trunking through the vpn so that both buildings' switches can
> utilize the same VLANs. Is this possible with a GRE tunnel, or an
> L2TPv3 vpn? Any advice that can be given would be most appriciated.
>



 
Reply With Quote
 
 
 
 
BernieM
Guest
Posts: n/a
 
      03-25-2006
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
>> We currently have two buildings within our company. We want to connect
>> the two building with a vpn. I was wondering if it is possible to get
>> VLAN trunking through the vpn so that both buildings' switches can
>> utilize the same VLANs. Is this possible with a GRE tunnel, or an
>> L2TPv3 vpn? Any advice that can be given would be most appriciated.
>>

>
>

"thrill5" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Why would you want to do such a thing!!!!! I know there are special cases
> where this would be a good idea, but that is the extreme exception and not
> the rule. What is the problem with routing the traffic? It's just as
> fast as layer 2 and you have the advantage of not propagating the layer 2
> broadcasts from one location to another and a layer 2 problem (such as
> spanning-tree problem) will affect only one location instead of both. The
> entire point of Layer 3 is to limit your layer 2 broadcast domain, and
> trunking VLANs across a WAN connection is waste of bandwidth. Tell the
> server guys to setup a DNS server, and use DNS names instead of IP
> addresses and then it won't matter if a server moves from location a to
> location b. There is a reason that IP was invented, and this is one of
> them.
>
> Scott


Where in the original post do you read they don't have a DHCP server or
don't use DNS names already? They're already using VLANs so are aware of
the benefits of VLANs in regard to separating broadcast domains. Are they
VPN'ing across a WAN? You're probably right in assuming they are but that
hasn't been mentioned.

DNS 'names' just resolve to an 'IP address' ... how can a server move from
location 'A' to location 'B' if location 'B' doesn't have the same
VLAN/subnet available? Having to change a servers IP address just to bring
it up in another location can cause more pain than it's worth. Having at
least one (say the server) VLAN trunked to the other location allows
'seamless failover'.

Yes, VLAN's can be trunked through a GRE tunnel or a L2TP VPN and can prove
to be very useful. We almost went down that path because we had a 1Gb
(provider managed) Dark-Fibre link from our main building to our DR site 3
klm away and wanted to have 'same-subnet' availability. It passed through
the suppliers Cabletron switching and we were rather limited as to what
VLANs we could actually trunk as we couldn't duplicate any they we already
using.

VPN or L2LP would allow us to trunk whatever we wanted so we started to
investigate the possibilities but decided to fast-track our own Dark-Fibre
solution instead ... bypassing anyone else's infrastructure.

To cut a long story short ... yes you can trunk through a GRE Tunnel or L2TP
VPN ... but I never got that far.

BernieM


 
Reply With Quote
 
anybody43@hotmail.com
Guest
Posts: n/a
 
      03-25-2006
>> I was wondering if it is possible to get
>> VLAN trunking through the vpn


> Why would you want to do such a thing!!!!! I know there are special cases
> where this would be a good idea, but that is the extreme exception and not
> the rule.


One of the key functions of a Network Architect is to resits the
mad-cap suggestions of the network users. The integrity of the network
is
your responsibility and there is no reason to give in to
the simplistic views of the network users, in this case the
system admins, it would seem.

Tell them that it is not "best practise" to extend VLANS unnecessarily
and use two subnets (networks).

This is easy to substantiate form publically available
Cisco documents.

Have fun.

 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      03-25-2006
On 25.03.2006 01:34 http://www.velocityreviews.com/forums/(E-Mail Removed) wrote

>>> I was wondering if it is possible to get VLAN trunking through
>>> the vpn

>
>> Why would you want to do such a thing!!!!! I know there are
>> special cases where this would be a good idea, but that is the
>> extreme exception and not the rule.

>
> One of the key functions of a Network Architect is to resits the
> mad-cap suggestions of the network users. The integrity of the
> network is your responsibility and there is no reason to give in to
> the simplistic views of the network users, in this case the system
> admins, it would seem.
>


Real world is not always that simple. Often there are good reasons (like
during migration) to have a L2 backup though you do not want it as a
permanent solution.


--
Arnold Nipper, AN45
 
Reply With Quote
 
jjfunaz@gmail.com
Guest
Posts: n/a
 
      03-27-2006
Thank you all for the responses. I didn't think it was possible to
actually split a subnet over a VPN. I can see that it might be
complicated but does anyone have any links on cisco's site or another
that gives examples of how this is done or resources to point me in the
right direction?

Thank you again,
John Furnari

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      03-28-2006
In article <(E-Mail Removed). com>,
(E-Mail Removed) <(E-Mail Removed)> wrote:
>I didn't think it was possible to
>actually split a subnet over a VPN. I can see that it might be
>complicated but does anyone have any links on cisco's site or another
>that gives examples of how this is done or resources to point me in the
>right direction?


If I understand correctly, you should be able to this with 7.x OS on
Cisco PIX 515E, 525, or 535, or Cisco ASA 5500 -- in that you are
able to establish layer 2 transparent VPNs with that equipment.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN and VLAN Trunking on ASA Bryan Cisco 0 12-13-2006 09:22 PM
VLAN Trunking through a VPN jjfunaz@gmail.com Cisco 0 03-24-2006 09:09 PM
VLAN Trunking Cisco Cat 5500 switch (multiple vlans per port) help please BG Cisco 4 09-07-2004 01:39 AM
pix vlan trunking Bill F Cisco 4 05-04-2004 12:27 AM
VLAN Trunking - can you filter which ports are in a given trunk? DaZZa Cisco 0 02-16-2004 12:42 AM



Advertisments