Extending VLAN Default Gateway Question

nesmithterry · ‎07-26-2012

Hello everyone,

I have a design hurdle that I cannot seem to cross. I have two sites and I need the same VLAN to span both sites. I have accomplished this using L2TP but my issue is that I can no longer assign a gateway for this VLAN on the router. The 2 routers are 2821's and are connected with a dedicated fiber run.

Does anyone have a recommendation for how this could be accomplished? It would be great if I could have the same gateway at both sites by leveraging some sort of bridged interface (BVI so I've heard) but I am at a loss as to where I should start with this. Also, this is not the only VLAN that needs to traverse the link.

Any suggestions?

Thanks for your time!

Giuseppe Larosa · ‎07-26-2012

Hello Terry,

in short IRB (BVI) works well if only one vlan has to be extended over the WAN link

Has no C2821 a free LAN interface ?

I guess the answer is negative. If one router would have a free LAN interface it would be enough to connect it to the same LAN switch. On the switch side both ports are configured as trunk ports carrying the set of Vlans V1-Vn that need to be extended over the routed network by L2TPv3.

On the router side one interface would have routed subinterfaces to provide default gateways to V1-Vn corresponding IP subnets. The other interface would have subinterfaces configured for L2TPV3 vlan based subinterfaces.

This is relative easy.

Now the issue is if no C2821 has an additional LAN interface to connect to local LAN switch.

IF the LAN switch has an unused optical port you could do the following:

Create a Vlan to represent the WAN link.

Example Vlan 990

the optical port to which the WAN link is connected is configured as access port in Vlan 990.

The router port is connected to the LAN switch either optically or by RJ-45 ( assuming you can choice the media-type on router interface).

The LAN switch port connected to the router port is configured as a trunk carrying the following Vlans:

V1-Vn + 990

on router side the current configuration of the WAN link is moved to subinterface 990 associated to vlan-id 990.

On the router vlan subinterfaces for Vlans V1-Vn can be created as needed.

This work needs to be done on a single site only

So the suggestion is to rearrange physical links so that both C2821 LAN interfaces are connected to the LAN Switch ( I assume there is a LAN switch in each site) and to convert the interface used only for WAN so that it has N+1 subinterfaces to provide the intersite link and the L3 def GWs to the extended Vlans.

Hope to help

Giuseppe

nesmithterry · ‎08-10-2012

Here's the current setup:

GEORGIA TENNESSEE

VLAN101 ~> G0/0 (xconnect) ~> G0/0/0 (fiber) ~> Carrier (fiber) ~> G0/1 (xconnect) ~> G0/0 ~> VLAN101

The L2TP tunnel is up on both sides. Georgia is sending and Tennessee is receiving :

GEORGIA

Session id 418244970 is up, logical session id 32788, tunnel id 172807082

Remote session id is 11334, remote tunnel id 51199

Locally initiated session

Unique ID is 12

Session Layer 2 circuit, type is Ethernet Vlan, name is GigabitEthernet0/0.101:101

Session vcid is 302

Circuit state is UP

Local circuit state is UP

Remote circuit state is UP

Call serial number is 379500302

Remote tunnel name is

Internet address is x.x.x.x

Local tunnel name is

Internet address is x.x.x.x

IP protocol 115

Session is L2TP signaled

Session state is established, time since change 2d15h

447 Packets sent, 0 received

44804 Bytes sent, 0 received

Last clearing of counters never

Counters, ignoring last clear:

447 Packets sent, 0 received

44804 Bytes sent, 0 received

Receive packets dropped:

out-of-order: 0

other: 0

total: 0

Send packets dropped:

exceeded session MTU: 0

other: 0

total: 0

DF bit off, ToS reflect disabled, ToS value 0, TTL value 255

Sending UDP checksums are disabled

Received UDP checksums are verified

No session cookie information available

FS cached header information:

encap size = 24 bytes

45000014 00000000 ff73b676 010101fe

01010101 00002c46

Sequencing is off

Conditional debugging is disabled

SSM switch id is 4101, SSM segment id is 8203

TENNESSEE

Session id 11334 is up, tunnel id 51199

Call serial number is 379500302

Remote tunnel name is

Internet address is x.x.x.x

Session is L2TP signalled

Session state is established, time since change 2d15h

0 Packets sent, 446 received

0 Bytes sent, 44643 received

Last clearing of "show vpdn" counters never

Receive packets dropped:

out-of-order: 0

total: 0

Send packets dropped:

exceeded session MTU: 0

total: 0

Session vcid is 302

Session Layer 2 circuit, type is Ethernet Vlan, name is GigabitEthernet0/1.101:101

Circuit state is UP

Remote session id is 418244970, remote tunnel id 172807082

DF bit off, ToS reflect disabled, ToS value 0, TTL value 255

No session cookie information available

UDP checksums are disabled

SSS switching enabled

Sequencing is off

Unique ID is 669

When I assign an IP to a host in the Georgia side, it cannot ping the gateway on the other side of the L2TP tunnel. It seems that I'm only getting one-way traffic. Could this be due to a routing issue on the Tennessee side? We are currently using OSPF for route distribution of this network on the Tennessee router and are advertising it only on that side. If not a routing issue, any ideas as to what might be going on here? I can provide more information if needed.

Thanks for your time.