VLAN Trunking through a VPN

Discussion in 'Cisco' started by jjfunaz@gmail.com, Mar 24, 2006.

  1. Guest

    We currently have two buildings within our company. We want to connect
    the two building with a vpn. I was wondering if it is possible to get
    VLAN trunking through the vpn so that both buildings' switches can
    utilize the same VLANs. Is this possible with a GRE tunnel, or an
    L2TPv3 vpn? Any advice that can be given would be most appriciated.
    , Mar 24, 2006
    #1
    1. Advertising

  2. thrill5 Guest

    Why would you want to do such a thing!!!!! I know there are special cases
    where this would be a good idea, but that is the extreme exception and not
    the rule. What is the problem with routing the traffic? It's just as fast
    as layer 2 and you have the advantage of not propagating the layer 2
    broadcasts from one location to another and a layer 2 problem (such as
    spanning-tree problem) will affect only one location instead of both. The
    entire point of Layer 3 is to limit your layer 2 broadcast domain, and
    trunking VLANs across a WAN connection is waste of bandwidth. Tell the
    server guys to setup a DNS server, and use DNS names instead of IP addresses
    and then it won't matter if a server moves from location a to location b.
    There is a reason that IP was invented, and this is one of them.

    Scott

    <> wrote in message
    news:...
    > We currently have two buildings within our company. We want to connect
    > the two building with a vpn. I was wondering if it is possible to get
    > VLAN trunking through the vpn so that both buildings' switches can
    > utilize the same VLANs. Is this possible with a GRE tunnel, or an
    > L2TPv3 vpn? Any advice that can be given would be most appriciated.
    >
    thrill5, Mar 24, 2006
    #2
    1. Advertising

  3. BernieM Guest

    >
    > <> wrote in message
    > news:...
    >> We currently have two buildings within our company. We want to connect
    >> the two building with a vpn. I was wondering if it is possible to get
    >> VLAN trunking through the vpn so that both buildings' switches can
    >> utilize the same VLANs. Is this possible with a GRE tunnel, or an
    >> L2TPv3 vpn? Any advice that can be given would be most appriciated.
    >>

    >
    >

    "thrill5" <> wrote in message
    news:...
    > Why would you want to do such a thing!!!!! I know there are special cases
    > where this would be a good idea, but that is the extreme exception and not
    > the rule. What is the problem with routing the traffic? It's just as
    > fast as layer 2 and you have the advantage of not propagating the layer 2
    > broadcasts from one location to another and a layer 2 problem (such as
    > spanning-tree problem) will affect only one location instead of both. The
    > entire point of Layer 3 is to limit your layer 2 broadcast domain, and
    > trunking VLANs across a WAN connection is waste of bandwidth. Tell the
    > server guys to setup a DNS server, and use DNS names instead of IP
    > addresses and then it won't matter if a server moves from location a to
    > location b. There is a reason that IP was invented, and this is one of
    > them.
    >
    > Scott


    Where in the original post do you read they don't have a DHCP server or
    don't use DNS names already? They're already using VLANs so are aware of
    the benefits of VLANs in regard to separating broadcast domains. Are they
    VPN'ing across a WAN? You're probably right in assuming they are but that
    hasn't been mentioned.

    DNS 'names' just resolve to an 'IP address' ... how can a server move from
    location 'A' to location 'B' if location 'B' doesn't have the same
    VLAN/subnet available? Having to change a servers IP address just to bring
    it up in another location can cause more pain than it's worth. Having at
    least one (say the server) VLAN trunked to the other location allows
    'seamless failover'.

    Yes, VLAN's can be trunked through a GRE tunnel or a L2TP VPN and can prove
    to be very useful. We almost went down that path because we had a 1Gb
    (provider managed) Dark-Fibre link from our main building to our DR site 3
    klm away and wanted to have 'same-subnet' availability. It passed through
    the suppliers Cabletron switching and we were rather limited as to what
    VLANs we could actually trunk as we couldn't duplicate any they we already
    using.

    VPN or L2LP would allow us to trunk whatever we wanted so we started to
    investigate the possibilities but decided to fast-track our own Dark-Fibre
    solution instead ... bypassing anyone else's infrastructure.

    To cut a long story short ... yes you can trunk through a GRE Tunnel or L2TP
    VPN ... but I never got that far.

    BernieM
    BernieM, Mar 25, 2006
    #3
  4. Guest

    >> I was wondering if it is possible to get
    >> VLAN trunking through the vpn


    > Why would you want to do such a thing!!!!! I know there are special cases
    > where this would be a good idea, but that is the extreme exception and not
    > the rule.


    One of the key functions of a Network Architect is to resits the
    mad-cap suggestions of the network users. The integrity of the network
    is
    your responsibility and there is no reason to give in to
    the simplistic views of the network users, in this case the
    system admins, it would seem.

    Tell them that it is not "best practise" to extend VLANS unnecessarily
    and use two subnets (networks).

    This is easy to substantiate form publically available
    Cisco documents.

    Have fun.
    , Mar 25, 2006
    #4
  5. On 25.03.2006 01:34 wrote

    >>> I was wondering if it is possible to get VLAN trunking through
    >>> the vpn

    >
    >> Why would you want to do such a thing!!!!! I know there are
    >> special cases where this would be a good idea, but that is the
    >> extreme exception and not the rule.

    >
    > One of the key functions of a Network Architect is to resits the
    > mad-cap suggestions of the network users. The integrity of the
    > network is your responsibility and there is no reason to give in to
    > the simplistic views of the network users, in this case the system
    > admins, it would seem.
    >


    Real world is not always that simple. Often there are good reasons (like
    during migration) to have a L2 backup though you do not want it as a
    permanent solution.


    --
    Arnold Nipper, AN45
    Arnold Nipper, Mar 25, 2006
    #5
  6. Guest

    Thank you all for the responses. I didn't think it was possible to
    actually split a subnet over a VPN. I can see that it might be
    complicated but does anyone have any links on cisco's site or another
    that gives examples of how this is done or resources to point me in the
    right direction?

    Thank you again,
    John Furnari
    , Mar 27, 2006
    #6
  7. In article <>,
    <> wrote:
    >I didn't think it was possible to
    >actually split a subnet over a VPN. I can see that it might be
    >complicated but does anyone have any links on cisco's site or another
    >that gives examples of how this is done or resources to point me in the
    >right direction?


    If I understand correctly, you should be able to this with 7.x OS on
    Cisco PIX 515E, 525, or 535, or Cisco ASA 5500 -- in that you are
    able to establish layer 2 transparent VPNs with that equipment.
    Walter Roberson, Mar 28, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DaZZa
    Replies:
    0
    Views:
    625
    DaZZa
    Feb 16, 2004
  2. Bill F

    pix vlan trunking

    Bill F, May 3, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,141
    Walter Roberson
    May 4, 2004
  3. BG
    Replies:
    4
    Views:
    12,427
  4. Replies:
    0
    Views:
    745
  5. Bryan

    VPN and VLAN Trunking on ASA

    Bryan, Dec 13, 2006, in forum: Cisco
    Replies:
    0
    Views:
    585
    Bryan
    Dec 13, 2006
Loading...

Share This Page