08-17-2005 06:00 AM - edited 03-03-2019 10:17 AM
Is it possible to run multiple VLAN's across a T1 Serial interface? If so could you provide a configuration example?
08-17-2005 10:37 AM
Scott
We could give better answers if you would provide some more information about your situation and what you are trying to accomplish.
In general when you talk about several VLANs accross a serial it sounds like you want to have several VLANs (and therefore several subnets) appear on both sides of the serial interface (in several separate locations). The general answer to that is that you need to bridge on the serial interface. Depending on some specifics of your situation you probably will want to implement Integrated Routing and Bridging (IRB) which will allow you to route on some interfaces and bridge on others. You will want to define a bridge group, to assign the bridge group to the VLAN interface. If you have several VLANs and need to keep them separate then you will need a bridge group for each VLAN. You will need to define a Bridged Virtual Interface (BVI) for each bridge group. On there serial interface there will be no ip address and there will be a bridge group. If there are several VLANs and you need to keep them separate there must be some way to separate them on the serial interface. Perhaps you will want to configure Frame Relay on the interface and then define severa PVCs and assign a unique bridge group to each PVC.
As you can see this is a fairly complex solution and has several challenges in it. In general it is not a recommended idea to try to bridge accross serial interfaces. If we knew more about what you are trying to accomplish perhaps we could suggest an alternative solution to bridging.
HTH
Rick
08-18-2005 03:01 AM
Rick,
We have been tasked to provide wireless connectivity
at one of our remote sites. We must provide open and
private network access at the remote site.
We currently handle this by assigning separate VLAN's for open and private access.
Users at the remote sites access services, applications and the internet through our site.
We have been tasked to extend these separate vlans
to the remote site to accomplish this.
Does this clarify things any?
08-18-2005 12:06 PM
As others have mentioned there has got to be a better way to do this. Bridging over a WAN can be quite a performance hit.
When you say "open" wireless access you mean like a hot spot where anybody can connect? If so then create a tunnel on the router and tunnel to wherever you want the wirless clients to go...then use policy routing (route-maps) to send these wireless clients over the tunnel. You can do the same with the other VLAN.
Also this begs for a WLSM module in a catalyst 6500 if you have one.
08-22-2005 08:41 AM
Scott
Thanks for sending the additional information. I wonder if it would be a workable solution to define separate VLANs at the remote site and to provide the same kind of access controls at the remote site that you do at the main site?
As far as controling access on a "visitor" VLAN would it be feasible to configure a GRE tunnel from the remote router to the router which controls the visitor VLAN at the main and to use policy routing on the remote router so that any packet which originated on the visitor VLAN was forwarded to the main site router which could make decisions about what was permitted or not?
Extending a VLAN accross switches so that the VLAN has ports on several switches and so that they are in the same broadcast domain is more feasible in a switching environment. It is quite problematic in a WAN environment.
HTH
Rick
08-17-2005 10:40 AM
Hello,
in order to extend VLANs across a T1, you would need to put the serial interface into bridging mode. It is not really recommendable to do this, since the link will have to carry broadcast and other traffic that typically only runs in a switched environment. Is there a specific need or requirement for your setup ?
Regards,
GP
08-24-2005 07:25 AM
Hi Scotty,
We do that here at my current engagement. I would prefer to show you the configs privately, so PM me at anotherleash at hotmail, and I'll be happy to help... I can show you router, switch and WAP configs so you can see the entire data path if you are interested.
Regards,
Eric
08-24-2005 07:56 AM
Do a search for L2TPv3 on CCO. This might provide what you are looking for.
Regards
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide