Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1217
Views
0
Helpful
2
Replies

881 running 15.0, information on 802.1q VLAN setup question

Go to solution
glass4545
Level 1
Level 1

‎10-04-2010 09:19 AM - edited ‎03-04-2019 09:59 AM

Greetings,

I'm  not sure how to setup trunked vlans from an 881 running 15.0 back to  another 881 at main office. I have two 881s running in a test setup over  a DSL link, test users off branch 881 can reach our main office over an IPSec tunnel  and go direct to Internet if destination not our main office network. Now I'd like to  support 802.1q vlans over the IPSec tunnel but not sure how to setup? Do I  need to do IRB and/or subinterfaces to support VLANs over the 881 IPSec link?  Pointer to example configurations would be great.

I  attached the branch 881 config, this works as I want so far, remote user off  VLAN1 goes over the IPSec tunnel if coming back to main office network  "1.2.0.0/16" otherwise just Internet access. Now I want/need to push  four tagged 802.1q VLANs over this IPSec tunnel also.

thanks!

jim

Labels:
72984-branch-remote.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-04-2010 01:58 PM

Hello Jim,

first of all, are you sure you want to carry vlan traffic over an IPsec tunnel?

I would recommend a routed solution where you use for example a GRE tunnel protected by IPsec as a logical point to point link and then you simply route the 4 subnets of each site to the other one.

For more powerful routers you could use L2TPV3 and you could even protect the L2TPv3 traffic with IPSec but I'm not sure 881 can support it.

see

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html

you can use Vlan based subinterfaces for point to point L2 transport with L2TPv3

to check if L2TPv3 is supported in your devices you can use the feature navigator:

http://www.cisco.com/go/fn

search by feature

L2TPv3 and then check the list of supporting platforms

well: it is supported in 15.0.(1)M like in image

c880data-universalk9-mz.150-1.M1.bin

However, let me enforce the concept that you should use this only in corner cases when really needed and that a routed configuration is much better (control of broadcast traffic, for security reasons, and so on)

so I would recommend to use a GRE tunnel as a way to easily route traffic over IPSec

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-04-2010 01:58 PM

Hello Jim,

first of all, are you sure you want to carry vlan traffic over an IPsec tunnel?

I would recommend a routed solution where you use for example a GRE tunnel protected by IPsec as a logical point to point link and then you simply route the 4 subnets of each site to the other one.

For more powerful routers you could use L2TPV3 and you could even protect the L2TPv3 traffic with IPSec but I'm not sure 881 can support it.

see

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html

you can use Vlan based subinterfaces for point to point L2 transport with L2TPv3

to check if L2TPv3 is supported in your devices you can use the feature navigator:

http://www.cisco.com/go/fn

search by feature

L2TPv3 and then check the list of supporting platforms

well: it is supported in 15.0.(1)M like in image

c880data-universalk9-mz.150-1.M1.bin

However, let me enforce the concept that you should use this only in corner cases when really needed and that a routed configuration is much better (control of broadcast traffic, for security reasons, and so on)

so I would recommend to use a GRE tunnel as a way to easily route traffic over IPSec

Hope to help

Giuseppe

0 Helpful

Go to solution
glass4545
Level 1
Level 1
In response to Giuseppe Larosa

‎11-18-2010 01:15 PM

Thanks Giuseppe!

I did get the L2TPv3 up and running over two 7206 routers and could pass my tagged VLANs OK but they took a hit on CPU usage. I never was able to get tagged VLANs running over the 881s, OK on untagged, it may have just been me not knowing what I was doing with the 881s.

I will take your advise and go with GRE IPSEC tunnels.

thanks again

jim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card