Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
5
Helpful
5
Replies

Passing VLAN's via edge routers

kirkchris01
Level 1
Level 1

‎04-12-2017 08:03 PM - edited ‎03-08-2019 10:11 AM

On my day off, the commercial provider link went down. The remaining personnel could not log in to the edge router and decided to grab another, older router and swap them out. I came in quickly. They had already performed the physical swap and had a copy of the old config. The old router was a 3845, the new router is a 3825. This router is connected to the commercial provider DS3 link. At our remote site is another DS3 edge router connecting our two networks. 

A previous admin configured the connections between the two sites. We have a few VLANs passed down to the Core router at my site, layer 2 pass down. I believe the previous admin passed those VLANs from one site to the other through MPLS/pseudowire. I don't really understand the config and much about this, at all. Reading Cisco's discussions of MPLS definitely do not help. I think my main problem is that not all of the config took because the IOS on the 3825 needs to be updated. I am waiting for approval on that. I keep getting an error to make sure MPLS is configured on router when I try to put in the xconnect command. I think that is because this IOS doesn't support full MPLS. 

Is MPLS the best option for passing VLANs? Is it a secure option? How would you pass a layer 2 VLAN between remote sites? 

This is what I am reading while I have time before the decision to upgrade comes back:

https://www.cisco.com/c/en/us/td/docs/switches/metro/catalyst3750m/software/release/12-2_25_seg_seg1/configuration/guide/3750mscg/swmpls.pdf

Cisco's write-ups are terrible to follow if you are not already well versed on a subject. 

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-12-2017 10:10 PM

There is not enough information to answer this.

Is the 3845 actually dead?  What happens if you power it up on your desk?  Can you access it via the console port?  If it is fine you can put it back into service.

It is possible the 3825 has different licencing, so even with an IOS upgrade it still may not work.  I wouldn't be surprised if it needs a DATA licence.  You can't buy a DATA licence anymore, it has been replaced by an AX licence.

psuedowire's usually require you have a DATA licence.

Do you need MPLS?  Quite possibly not.  Impossible to say without more information.  L2TPv3 (which uses the xconnect command) allows VLAN extension and can happily run over any routed IP link.

kirkchris01
Level 1
Level 1
In response to Philip D'Ath

‎04-13-2017 05:49 PM

I am not getting any response from the 3845 via console. The only time it shows life is when I put a 64MB card in; it responds saying lower 64 MB are missing. When I put the 128 in nothing happens. I tried cycling the power several times. 

The IOS on the 3825 isn't even listed in tools.cisco.com; the file is 12.4-3g. I had our regional senior tech look at my config for the MPLS and everything checked out. I loaded 15.2 into the flash and I am waiting for approval to reboot. The second campus comes all the way up to our campus before it goes out to the internet, so taking the 3825 out of commission will kill internet for the entire second campus. 

One good outcome is that we have proven our need for updated routers...at least for the DS3 links. They are getting emergency funds for two new routers. 

I am still a little confused on passing layer 2 VLANs from one router to another via a commercial DS3 connection...and are these protocols secure like a GRE tunnel with IPSec? Also, most configs I read about are VPNs and what about passing other VLANs like our normal, internal VLANs? Previous admins were under the impression that the two campuses would be seperated at some point...so the VLANs are separate to each network. I would like to share VLANs to make life easier, in some cases. 

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to kirkchris01

‎04-14-2017 12:22 PM

GRE over IPSec is popular and barring any mis or poor configuration is secure.

0 Helpful

paul driver
VIP
VIP

‎04-13-2017 01:36 AM

Hello

It sounds like your using AtoM which is a P2P technology that can link the same or different kinds technology together between each site ( Any Technology over Mpls)

I would say another option could be VPLS which does the same thing but supports only Ethernet and can be either P2P or multipoint between sites.

Can you post your config if applicable?

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

kirkchris01
Level 1
Level 1
In response to paul driver

‎04-13-2017 05:52 PM

I will pull that tomorrow. It was total chaos today. I am not familiar with VPLS. I was also thinking about a GRE tunnel with IPSec. A previous admin used that for trunked radio traffic. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card