VLAN trunking over a WAN

By amarshall ·
OK, maybe I just suck at using a search engine, or maybe what I'm trying to do is impossible. So I pose the question to someone more knowledgable about Cisco network equipment than I.

We have three properties that are connected via T1 point-to-point links. We use Cisco 1700-series routers to route traffic over the T1s. Currently, only the primary VLAN is routed over the WAN links. What I would like to do is route a second VLAN over the WAN via a VLAN trunk. I have found ample data on creating a trunk from the switch to the router and using a router to route inter-VLAN traffic, but nothing on getting the routers to set up a VLAN trunk over the WAN connection.

Is what I'm trying to do even possible with my equipment? If so, does someone know where I could find a good tutorial on how to do it?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

well kinda sorta maybe but not really

by CG IT In reply to VLAN trunking over a WAN

VLAN 1 on your Cisco switch is a default which all ports belong to. It doesn't really have an address assigned to it. The switch will operate like any unmanged switch by creating a MAC table so it knows where to send traffic.

So when traffic not destined for the any host on the LAN is sent to the router, the router send that traffic to the WAN port and the next hop router. You really aren't "trunking" VLAN 1 traffic over the WAN link to VLAN 1 hosts on another network.

When you create a second VLAN and assign ports to the second VLAN, your basically creating a second subnet from the first VLAN. To have inter-VLAN routing, you have to have a router or a layer 3 switch which can route between the VLANs. For Cisco you create subinterfaces on the primary interface and assing addresses to the subinterfaces. The router than knows that traffic from one VLAN [address umpity ump] goes to another VLAN[address umpity ump] and routes the traffic between VLANs. Traffic not destined for any local host is sent to the WAN port and next hop router.

Recap: it's not really trunking between VLANs if traffic is sent over a WAN port of a router. But then there is the dedicated T1 lines [private] where the network really is a closed system, not via internet and so...kinda sorta maybe not really trunking between VLANs on a closed network.

Collapse -

Ok, so...

by amarshall In reply to well kinda sorta maybe bu ...

If I understand correctly, all I should need to do is:

1. Assign IP addresses that fall within the IP subnet on their respective VLANs to subinterfaces on the routers.
2. Add proper routing entries for those IP subnets to the routers' configurations.

It's not technically trunking, but it will route traffic from both VLANs across the WAN link. Is this correct?

Collapse -

well kinda sorta maybe

by CG IT In reply to Ok, so...

Routers breakup broadcast domains into smaller broadcast domains.

VLANs typically are kinda sorta a subpart of collision domains.

If you have VLAN2 in one broadcast domain and another VLAN2 in another broadcast domain, you don't really trunk between the VLANs. you can have traffic between the hosts that reside in different broadcast domains and they may have the same VLAN name and even subnet address, but their really not the same VLAN that one would find with stacked switches where VLAN 2 on switch 1 is also VLAN 2 on switch 2 and VLAN 2 on switch 3 all in one broadcast domain.

Collapse -

Too Many Routers

by badp81 In reply to VLAN trunking over a WAN

The short of it is that you can't route a VLAN trunk. Now, if all you want to do is have one big fat LAN spanning three properties, you really have no need for a router. Each point-to-point T1 is giving you a Layer 2 connection, so you can simply do an 802.1q trunk over that. Both ends of the T1 must terminate at a switch that will break out the VLANs, but the good news is that you will only need one router to do your inter-VLAN routing. Really it depends on what you're trying to accomplish. Do you have a need for separate broadcast domains at each property? If not, you don't need all those routers.

Collapse -


by amarshall In reply to Too Many Routers

I suppose that's one way to do it, but it is advantageous for us to have a broadcast domain at each property, since that reduces traffic on the WAN links. Besides that, we don't have any switches with DSU modules.

I actually don't have any need for inter-VLAN routing at all, since there is no reason someone on one VLAN would ever need access to the resources on the other. I just need to extend access to the second VLAN out to our remote properties. Right now I've got the routers set up with subinterfaces on the second VLAN, and I'm just using straight routing to send traffic from the second VLAN over the WAN links. The issue I'm having now is security, since I need to prevent cross-VLAN access. I'm fiddling with the access-lists, but I'm not quite there yet. If someone knows of another way to inherently disable inter-VLAN routing, I'd be much obliged.

Collapse -

Exactly what we need to do

by dkordyban In reply to Re

Can I have a copy of your config?

Related Discussions

Related Forums