07-16-2012 08:45 AM - edited 03-04-2019 04:59 PM
Is it possible to run 802.1Q on a point to point ethernet circuit between 2 Cisco ISR routers? I need to carry multiple VLANs across an ethernet WAN circuit but not sure if a cisco router would let me do this. I can surely lab up but was looking for expert opinion on what's best aproach to carry multiple VLAN across the WAN ethernet. Plugging the circuit to a LAN switch is not an option since this is a managed WAN router.
07-16-2012 08:57 AM
Hello Smunzani,
ISR routers support 802.1Q vlan based subinterfaces, the real question is if the WAN ethernet service supports 802.1Q based frames. They are still ethernet frames but with an overhead.
You may face an MTU issue as 802.1Q uses a 4 byte header.
If the WAN ethernet service supports a greater then default MTU (1518 is the MTU at OSI layer2, 1522 is required to support 802.1Q tagged frames carrying an IP packet of size 1500) you are fine otherwise you have a link that supports up to 1496 of IP MTU.
You can test the WAN link if you find out that IP packet of size 1500 bytes can travel you are fine, otherwise it may be better to reduce MTU on the ISR interfaces to reflect the link real capabilities.
Hope to help
Giuseppe
07-16-2012 08:59 AM
Hello,
I am not entirely sure from your description where the VLANs should be terminated. If you want to create subinterfaces on your routers' Ethernet ports that face the WAN then it depends on the configuration of your WAN service. You can always configured subinterfaces on Ethernet ports but it remains the WAN service provider's discretion whether it wants to carry tagged frames between your locations.
If, on the other hand, you want to extend the VLANs through these ISR routers and the WAN circuit then there are multiple ways of doing this. One option would be to use the L2TPv3 protocol to tunnel the frames, another option would be to configure bridging between your Ethernet interfaces on the ISR routers.
Perhaps you could post a topology diagram showing the placement of the VLANs with relation to these ISR routers and the WAN. Thank you!
Best regards,
Peter
EDIT: Giuseppe, I have noticed your post here after I submitted mine. I don't want to steal this thread.
07-16-2012 09:08 AM
Hello Peter,
don't worry you have added useful information ( more then 2 eurocents as usual!) the original poster hasn't been totally clear on his/her requirements and L2TPv3 can be useful for p2p L2 transport service
He/she probably needs to use L2TPv3 vlan based to extend over an IP network.
Best Regards
Giuseppe
07-16-2012 09:12 AM
I hear your point. Here is the situation. The customer has 2 locations. Currently the WAN services are provided by Comcast managed WAN router which is Cisco ISR 1800. The current WAN is routed WAN.
The customer is trying to implement some DR capabilities for their VMware environment and wants to extend 2 of their VLANs across the WAN. e.g. 192.168.10.0/24 and 192.168.20.0/24 would stretch across the 2 locations.
The best solution would simply take the Ethernet point to point circuit from the router and plug to the switch. Setup as 802.1Q trunk and call it a day. However this service being Comcast managed WAN, they would not let me move the circcuit away from the router.
Below is what I think might be my best bet.
Router A:
config t
int g0/0
no ip addr
description Goes to the WAN ethernet drop
exit
int gig0/0.10
encapsulation dot1q 10
bridge-group 10
int gig0/0.20
encapsulation dot1q 20
bridge-group 20
int gig0/1
descr Goes to internal switch
int gig0/1.10
encapsulation dot1q 10
bridge-group 10
int gig0/1.20
encapsulation dot1q 20
bridge-group 20
bridging irb
int bvi 10
ip addr 192.168.10.1 255.255.255.0
int bvi 20
ip addr 192.168.20.1 255.255.255.0
Similar config on remote end.
Would this work? It looks good on paper but I was not able to get the BVI interface up in the lab.
EDIT: Attached network diagram as per recommendations
07-16-2012 09:18 AM
Hello Smunzani,
here is the link to the L2TPv3 vlan based
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html#wp1043064
I would use it as it allows to extend Vlans over an IP network so the side to Comcast has no changes at all
I used it with good results
Hope to help
Giuseppe
07-16-2012 09:32 AM
Hello Sam,
(I hope I have googled your name correctly - I apologize if not!)
If the WAN service is routed according to what you wrote then you cannot expect it to simply carry your (possibly tagged) frames through the WAN. In that case, you will need to carry the VLAN-tagged frames using the L2TPv3 which is itself a routed protocol but capable of tunneling Layer2 frames.
Giuseppe posted a nice document showing the way of configuring an L2TPv3 tunnel - I suggest considering this solution.
Best regards,
Peter
07-16-2012 09:37 AM
Thanks Peter.
When you are helping me, you can call me anything you like and I would still not get offended. In this case you have googled my name correct though. :-)
I am reading up on L2TPv3 now and it looks promising. All I need to do is make sure the Comcast routers do have the proper feature set to get the pseudowire commands. I tried that on one of the Cisco 1941 IP only IOS in the lab and the command didn't exist there. So now its matter of getting the right IOS with proper featureset to implement the solution.
BTW, if the customer needed only 1 subnet to go across, would I be able to get away with IRB? OR that's still not a good answer?
Thanks,
Sam
07-16-2012 10:14 AM
Hello Sam,
You are welcome.
Regarding the necessary IOS feature set, for 1941, you will need the DATA & SECURITY license. That should unlock the support for L2TPv3.
BTW, if the customer needed only 1 subnet to go across, would I be able to get away with IRB? OR that's still not a good answer?
Only if the WAN service really is capable of carrying the frames end-to-end. You wrote that it is currently "a routed WAN". What does that mean exactly in your understanding?
Best regards,
Peter
07-16-2012 11:16 AM
Peter,
If the requirement was only a single subnet to stretch then something like attached diagram should work in my opinion. Obvious L2TPv3 is better configuration but this is just for the technical discussion point of view.
What I meant by routed network was currently there are 2 ethernet interfaces on the router. The router routes between the two. With bridged, on the LAN side, I would convert G0/1 interface in to 802.1Q and create a bridge-group for it. So 192.168.10 would be bridged across while other subnets on the router do the routing between routed subnets and IRB subnet.
07-16-2012 02:41 PM
Hello Sam,
If this is the case then I believe that you don't need the L2TPv3 after all. What you can do is either bridge selected subinterfaces on the LAN and WAN side as you suggested in your first posts, optionally creating BVI interfaces (only for those VLANs that need to be both stretched over the WAN and routed to other networks at the same time), or you can even bridge entire physical LAN and WAN interfaces without paying attention to VLANs. As the VLAN tagging by 802.1Q is basically just a couple of added bytes in the frame payload, the bridging function will not be in any way influenced by bridging untagged or tagged frames, and you will essentially get all your VLANs carried immediately from one LAN interface through the WAN to the opposite router and its LAN interface. This approach very closely resembles what you would get with L2TPv3 if you configured it on physical LAN interfaces. However, it removes the possibility to route selected VLANs because with bridged physical interfaces, you have no access to particular VLAN. The same would be true for L2TP solution as well.
I am not sure if this is comprehensible - it's late night here already. Please feel welcome to ask further!
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide