01-04-2016 09:56 AM - edited 03-08-2019 03:17 AM
Can you use the same local VLAN in multiple remote areas which have different VTP domains? When specific users log on from remote locations we would like them to be assigned to a local VLAN from our main location. Is this possible or will this just cause more issues?
Thank you,
Doug
Solved! Go to Solution.
01-08-2016 12:48 PM
Forget L2TPv3. It wont scale to 15 sites very easily. It will be difficult.
Either for for LISP, or get a price from your service provide for a layer 2 WAN service.
LISP would suit this problem very well I must say, and all your current routers have LISP functionality.
I'll also mention it again, if you could limit this application to WiFi only this is much easier to solve using the your Cisco WLC. You would just need to fix your WiFi network.
01-07-2016 10:12 PM
You can use the same VLANs on remote switches ... but are you saying you want these remote VLANs to be joined to your local VLANS (rather than separated) so that they share the same layer 3 subnet?
If you want them joined you need some kind of layer 2 wan service - which unless you have a small number of sites is not recommend.
Cisco Wireless Lan Controllers can be quite good and providing WiFi networks that look like this.
01-08-2016 08:47 AM
Good Morning,
No we do not want the external VLANs to join our local VLANS. We only have one specific local VLAN that we would like certain users to automatically be assigned to when they log in through our remote sites. They should be able to plug into any port remotely and be assigned to this local VLAN. Not sure if this can be tunneled or some sort of relay setup. Definitely don't want to cause any spanning tree issues.
We have Cisco Wireless but unfortunately clients lose their connection after about 15 mins and can't log back on. So far, this hasn't been too reliable but will be having Cisco look at this in the future.
Thank You,
Doug
01-08-2016 08:59 AM
Doug
If you are talking about wired connections and the remote sites are connected with L3 links then there are ways to do this depending on the devices you are using to connect the sites eg. routers or switches etc. but it can be a bit of a pain to setup.
What is the reason you need to have clients in remote sites to be in the same vlan as the main site ?
Jon
01-08-2016 09:11 AM
Jon,
Most of our remote sites use 3845 routers going through MPLS (Local Provider) connected through our local core router. We do have one location that uses the sonet service which is only providing layer 1 connectivity.
Reason:
We have a secure local VLAN that we need these users to connect remotely with. These machines are laptops so they move around from site to site alot.
Thank You,
Doug
01-08-2016 09:17 AM
Most of our switches are 3560G's with some 3560X and 3750X's in the mix.
01-08-2016 09:24 AM
Doug
The way to do it with 3845s would be to use L2TPv3 which allows you to extend a L2 vlan across a L3 network.
If you do a search on that you should find an example.
Should say I have never used it so not sure how well it will scale or if it can be done in your scenario but that is the way you would do it, as far as I know, with the equipment you have.
Jon
01-08-2016 09:39 AM
01-08-2016 11:06 AM
Because you don't want your remote VLANs to be an extension of your local VLANs you don't need L2TP. You just need to use plain old routing.
01-08-2016 11:28 AM
The requirement as I understand it is that one vlan needs to be extended so that users at remote sites can be connected into that vlan.
Jon
01-08-2016 11:37 AM
I asked that question earlier and Douglass responded "No we do not want the external VLANs to join our local VLANS."
01-08-2016 11:50 AM
You're right but then the next sentence suggests it is just for one specific vlan.
Could be me :)
Jon
01-08-2016 12:00 PM
Correct. We just have 1 local VLAN that we need personnel in remote areas to connect back to us. They should be able to connect back to our Local VLAN regardless of which remote switch their laptops access.
01-08-2016 12:10 PM
"but are you saying you want these remote VLANs to be joined to your local VLANS (rather than separated) so that they share the same layer 3 subnet"
I took this portion of your answer as merging the remote site VLANS with our Local VLANS database. Probably a misinterpretation on my part.
Thank You,
Doug
01-08-2016 12:33 PM
Ok that changes everything.
L2TP is a point to point technology. So it is easy to connect two sites. You can connect a small number of remote sites using additional interfaces on your core router, but it wont scale very well. So if you have a small number of sites consider using L2TP.
Otherwise LISP is a good option.
Lisp allows you to use the same layer 3 subnet at multiple remote sites, at the same time. It does this by adding a locator ID into the LISP router table. This allows it to know, for example, that 192.168.1.1/24 is at site 1, while 192.168.1.2/24 is at site two, even though they are in the same subnet, and 192.168.1.1 and 192.168.1.2 can still talk to each other.
LISP is a good way to create DR data centres as well. This document has an example and explains it a bit better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide