Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3094
Views
0
Helpful
7
Replies

Using VRF to span VLAN (separate Layer 2 traffic via a Layer 3 switch)

Bryan
Level 1
Level 1

‎05-28-2016 08:56 PM - edited ‎03-08-2019 05:58 AM

VLAN400  10.225.16.0/24 and this VLAN400 must be separated from all other traffic within the network.

And this VLAN400 shares the same broadcast domain cross the entire network.

Firewall Switch(10.225.16.254)---------trunk-------------SWB--------------trunk-------------SWC-------trunk---------SW-1 VLAN400 (10.225.16.11)

This is easy to achieve, trunking between all switches, the VLAN400 will be passing through without any issues.

Firewall Switch(10.225.16.254)---------trunk-------------SWB---------------WAN-------------SWA--------trunk----------SW-2--------VLAN400 (10.225.16.10)

The challenging how could I pass the same VLAN traffic from SWA to Firewall Switch through a WAN link to SWB?

I am stumped by this, seems VRF lite can resolve this issue, but no idea how to implement it. The requirement is using Layer 3 method to do this.

Could someone shed some light on this? It would be highly appreciated. Cheers, Bryan

Labels:
Preview file
64 KB
0 Helpful
7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-28-2016 09:19 PM

You basically trying to configure layer-2 between all switches? If that is the case and the WAN provider is handing off a layer-2 Ethernet connection, you can simply trunk the WAN connection and add vlan 400 to it.

HTH

0 Helpful

Bryan
Level 1
Level 1
In response to Reza Sharifi

‎05-28-2016 09:23 PM

Thanks Reza for your prompt reply.

Certainly we can trunk the WAN connection and add VLAN 400 to it as you mentioned.

However according to our past experience, we constantly see UDLD failure which turns the Layer 2 traffic down. That's the reason we want to use Layer 3 approach this time.

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Bryan

‎05-28-2016 09:47 PM

The UDLD issue you have seen is from the provider's site of the connection?

If that is the case, you can contact them so they can look into fixing the issue.

If the UDLD issue is from your site, you can configure UDLD protection on your switches. See link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/udld.html

HTH

0 Helpful

Bryan
Level 1
Level 1
In response to Reza Sharifi

‎05-28-2016 09:49 PM

Thanks Reza. But the management wants to use Layer 3 to accomplish this implementation. Otherwise my life will be whole lot easier :)

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Bryan

‎05-28-2016 10:07 PM

I understand :)

Here is document on using layer-2 over a layer-3 network.

Have a look and see if it can be done in your environment.

As you probably already know extending one vlan between multiple sites is not really best practice, but if your management insist in wanting vlan 400 everywhere than you may not have a choice.

here is the link:

http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html

Good Luck

0 Helpful

Bryan
Level 1
Level 1
In response to Reza Sharifi

‎05-28-2016 10:16 PM

Really appreciated Reza :) Big thanks for you.

I don't think our platform 6506 and 6509 can support L2TPv3.

Any idea how to implement VRF Lite to achieve this?

B

0 Helpful

Bryan
Level 1
Level 1
In response to Reza Sharifi

‎05-28-2016 10:16 PM

Really appreciated Reza :) Big thanks for you.

I don't think our platform 6506 and 6509 can support L2TPv3.

Any idea how to implement VRF Lite to achieve this?

B

0 Helpful
Customers Also Viewed These Support Documents