cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5719
Views
5
Helpful
10
Replies

Point to point ethernet circuit - 802.1q

smunzani
Level 1
Level 1

Is it possible to run 802.1Q on a point to point ethernet circuit between 2 Cisco ISR routers? I need to carry multiple VLANs across an ethernet WAN circuit but not sure if a cisco router would let me do this. I can surely lab up but was looking for expert opinion on what's best aproach to carry multiple VLAN across the WAN ethernet. Plugging the circuit to a LAN switch is not an option since this is a managed WAN router.

10 Replies 10

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Smunzani,

ISR routers support 802.1Q vlan based subinterfaces, the real question is if the WAN ethernet service supports 802.1Q based frames. They are still ethernet frames but with an overhead.

You may face an MTU issue as 802.1Q uses a 4 byte header.

If the WAN ethernet service supports a greater then default MTU (1518 is the MTU at OSI layer2, 1522 is required to support 802.1Q tagged frames carrying an IP packet of size 1500) you are fine otherwise you have a link that supports up to 1496 of IP MTU.

You can test the WAN link if you find out that IP packet of size 1500 bytes can travel you are fine, otherwise it may be better to reduce MTU on the ISR interfaces to reflect the link real capabilities.

Hope to help

Giuseppe

Peter Paluch
Cisco Employee
Cisco Employee

Hello,

I am not entirely sure from your description where the VLANs should be terminated. If you want to create subinterfaces on your routers' Ethernet ports that face the WAN then it depends on the configuration of your WAN service. You can always configured subinterfaces on Ethernet ports but it remains the WAN service provider's discretion whether it wants to carry tagged frames between your locations.

If, on the other hand, you want to extend the VLANs through these ISR routers and the WAN circuit then there are multiple ways of doing this. One option would be to use the L2TPv3 protocol to tunnel the frames, another option would be to configure bridging between your Ethernet interfaces on the ISR routers.

Perhaps you could post a topology diagram showing the placement of the VLANs with relation to these ISR routers and the WAN. Thank you!

Best regards,

Peter

EDIT: Giuseppe, I have noticed your post here after I submitted mine. I don't want to steal this thread.

Hello Peter,

don't worry you have added useful information ( more then 2 eurocents as usual!) the original poster hasn't been totally clear on his/her requirements and L2TPv3 can be useful for p2p L2 transport service

He/she probably needs to use L2TPv3 vlan based to extend over an IP network.

Best  Regards

Giuseppe

I hear your point. Here is the situation. The customer has 2 locations. Currently the WAN services are provided by Comcast managed WAN router which is Cisco ISR 1800. The current WAN is routed WAN.

The customer is trying to implement some DR capabilities for their VMware environment and wants to extend 2 of their VLANs across the WAN. e.g. 192.168.10.0/24 and 192.168.20.0/24 would stretch across the 2 locations.

The best solution would simply take the Ethernet point to point circuit from the router and plug to the switch. Setup as 802.1Q trunk and call it a day. However this service being Comcast managed WAN, they would not let me move the circcuit away from the router.

Below is what I think might be my best bet.

Router A:

config t

int g0/0

no ip addr

description Goes to the WAN ethernet drop

exit

int gig0/0.10

encapsulation dot1q 10

bridge-group 10

int gig0/0.20

encapsulation dot1q 20

bridge-group 20

int gig0/1

descr Goes to internal switch

int gig0/1.10

encapsulation dot1q 10

bridge-group 10

int gig0/1.20

encapsulation dot1q 20

bridge-group 20

bridging irb

int bvi 10

ip addr 192.168.10.1 255.255.255.0

int bvi 20

ip addr 192.168.20.1 255.255.255.0

Similar config on remote end.

Would this work? It looks good on paper but I was not able to get the BVI interface up in the lab.

EDIT: Attached network diagram as per recommendations

Hello Smunzani,

here is the link to the L2TPv3 vlan based

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html#wp1043064

I would use it as it allows to extend Vlans over an IP network so the side to Comcast has no changes at all

I used it with good results

Hope to help

Giuseppe

Hello Sam,

(I hope I have googled your name correctly - I apologize if not!)

If the WAN service is routed according to what you wrote then you cannot expect it to simply carry your (possibly tagged) frames through the WAN. In that case, you will need to carry the VLAN-tagged frames using the L2TPv3 which is itself a routed protocol but capable of tunneling Layer2 frames.

Giuseppe posted a nice document showing the way of configuring an L2TPv3 tunnel - I suggest considering this solution.

Best regards,

Peter

Thanks Peter.

When you are helping me, you can call me anything you like and I would still not get offended. In this case you have googled my name correct though. :-)

I am reading up on L2TPv3 now and it looks promising. All I need to do is make sure the Comcast routers do have the proper feature set to get the pseudowire commands. I tried that on one of the Cisco 1941 IP only IOS in the lab and the command didn't exist there. So now its matter of getting the right IOS with proper featureset to implement the solution.

BTW, if the customer needed only 1 subnet to go across, would I be able to get away with IRB? OR that's still not a good answer?

Thanks,

Sam

Hello Sam,

You are welcome.

Regarding the necessary IOS feature set, for 1941, you will need the DATA & SECURITY license. That should unlock the support for L2TPv3.

BTW, if the customer needed only 1 subnet to go across, would I be able to get away with IRB? OR that's still not a good answer?

Only if the WAN service really is capable of carrying the frames end-to-end. You wrote that it is currently "a routed WAN". What does that mean exactly in your understanding?

Best regards,

Peter

Peter,

If the requirement was only a single subnet to stretch then something like attached diagram should work in my opinion. Obvious L2TPv3 is better configuration but this is just for the technical discussion point of view.

What I meant by routed network was currently there are 2 ethernet interfaces on the router. The router routes between the two. With bridged, on the LAN side, I would convert G0/1 interface in to 802.1Q and create a bridge-group for it. So 192.168.10 would be bridged across while other subnets on the router do the routing between routed subnets and IRB subnet.

Hello Sam,

If this is the case then I believe that you don't need the L2TPv3 after all. What you can do is either bridge selected subinterfaces on the LAN and WAN side as you suggested in your first posts, optionally creating BVI interfaces (only for those VLANs that need to be both stretched over the WAN and routed to other networks at the same time), or you can even bridge entire physical LAN and WAN interfaces without paying attention to VLANs. As the VLAN tagging by 802.1Q is basically just a couple of added bytes in the frame payload, the bridging function will not be in any way influenced by bridging untagged or tagged frames, and you will essentially get all your VLANs carried immediately from one LAN interface through the WAN to the opposite router and its LAN interface. This approach very closely resembles what you would get with L2TPv3 if you configured it on physical LAN interfaces. However, it removes the possibility to route selected VLANs because with bridged physical interfaces, you have no access to particular VLAN. The same would be true for L2TP solution as well.

I am not sure if this is comprehensible - it's late night here already. Please feel welcome to ask further!

Best regards,

Peter

Review Cisco Networking for a $25 gift card