is possible 2 same VLANs exist?

May 31, 2011 at 08:55:24
Specs: WIn7, 4GB
Hi here is the scenario:
I have a vlan in branch A (vlan ID=2 & 172.20.0.0/22). I want to extend vlan 2 to branch B. However, they are not in the same stack & VTP domain so that they run their own switch networks. They are communicated each other by telco provider (routers at both end usign MPLS). Is it possible to setup PC in branch B using IP range as the same as I setup PC in branch A? Assuming telco had advertised the proper routing in its router.

Angus


See More: is possible 2 same VLANs exist?

Report •

#1
May 31, 2011 at 09:12:33
might want to spend some time understanding the differences between routing and vlans.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#2
May 31, 2011 at 10:30:57
The term "stack" generally refers to two or more switches connected together in such a fashion that they behave as a single unit. No, I'm not talking about daisychaining switches.

What exactly is it you're trying to achieve here? If you just want A and B to communicate, lose the VLAN's and just use the same subnet in both places. All you'd need to do is establish an encrypted VPN tunnel between the two to make it appear as one LAN. If both sites are using the same subnet, then sharing resources between the two is as simple as doing it within one location.

It's not likely you'll be able to carry VLAN tags across a provider link without paying your provider a whole lot of extra money for that ability. In my own experience, and we have two separate WAN connections where I work, neither one allows for VLAN tagging across the link. I'm sure we could get the ability for an exhorbitant monthly fee that makes it not worth the effort.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#3
May 31, 2011 at 13:08:18
VPN is not appropriate because MPLS is connected each other. I want to see if I can use one of current VLANs in branch A extend to branch B so that PC in A is also same subnet PC in B. or second approach is setting up separate VLAN in B and add static route. Please advise...

Angus


Report •

Related Solutions

#4
May 31, 2011 at 13:36:40
all vlan tagging is dropped when it hits the router.
hence my statement to spend some time understanding the differences between routing and vlans.

only reason I can see you asking this question is you are having issues routing between the two sites and their vlans.

This being the case you have a routing issue not a vlan issue.

"PC in A is also same subnet PC in B"
this is called bridging can can not be accomplished with routing.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#5
May 31, 2011 at 14:43:50
Assume the provider will take care all routings between branch A & B. the question is possible to make it happen to use VLAN in branch A extend to branch B. Simply put, PC1 in branch A use IP:172.20.0.100 SM:255.255.252.0 GW:172.20.3.254 can communicate PC2 in branch B use IP:172.20.0.101 SM:255.255.252.0 GW:172.20.3.254

both branch A & B use their own switches with layer 2 & 3. What static ip route should put in switch ?

Angus


Report •

#6
May 31, 2011 at 15:12:12
you are mixing vlans with routing.

simply put this has nothing to do with vlans

"Simply put, PC1 in branch A use IP:172.20.0.100 SM:255.255.252.0 GW:172.20.3.254 can communicate PC2 in branch B use IP:172.20.0.101 SM:255.255.252.0 GW:172.20.3.254"

now I see what your problem is...

branch A use IP:172.20.0.100
branch B use IP:172.20.0.101

You can't use the same subnets in both offices!!!
You can't use the same gateway for both sites!!!
One of the basic rules of routing.
Correct your ip addressing so it can route and your issue is solved.

Who decided on a supernet scope for two sites?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#7
May 31, 2011 at 15:15:52
I suspect the biggest issue you're having is your lack of understanding of the technologies you're attempting to use. I'm not saying this to be rude or insulting. I'm just calling it as I see it. From your own comments it's plain you're struggling with this intersite connection.


all vlan tagging is dropped when it hits the router.
hence my statement to spend some time understanding the differences between routing and vlans.

And hence my statement about the provider not doing tagging across the WAN link. Both wanderer and I actually do know what we're talking about and actually have some pretty good experience with this. As he stated, he has 9 geographical locations to administer. I have 4, two of which have multiple (MAN) sites.

the question is possible to make it happen to use VLAN in branch A extend to branch B.

Again, not possible unless your provider allows you to carry VLAN tags across the WAN which as I said, is not available (in my own experience) by default. If it is available, it's only so if you pay them more on a monthly basis. I suppose it is possible your provider allows VLAN tagging across their external links but I can tell you from my own experience, neither of the two separate providers we are presently using does. Since they can make more money off us by charging us for this (like the charge more for a full-duplex link as compared to a half-duplex) then I suspect yours will be like ours and allow it only for a jacked up fee.

Since you appear to be using the same subnet in both locations, all you need is an encrypted VPN tunnel between the two. Before you tell me again you can't I'm telling you yes, you can establish an encrypted VPN tunnel over an MPLS link.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#8
May 31, 2011 at 16:59:08
More I think about it CurtR I have to question whether you can do a VPN in this situation ignoring the same gateway ip and same ip subnet.

Traditional routing looks like this;
subnetA<>router<>subnetB<>router<>subnetC
SubnetB is transparent to both A and C

A site to site vpn would look like so:
subnetA<>vpn over the inet via the routers<>subnetB

MPSL uses packet lables not ip addressing per say
subnetA<>MPLS network<>subnetC

What we have here is:
subnetA<>MPLS network<>subnetA

I can't visualize any scenerio which has the same subnet on each site work with a VPN or routing. This is what bridging is all about and I know of no vpn in a bridged network.

Since bridging is layer2 and routing a layer 3 it appears MPLS, depending on flavor, can do either or.

https://www.bordergatewayprotocol.n...

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#9
June 1, 2011 at 09:19:33
Hi thank you for your inputs, both of you have got my idea but I would like to explain more specifically that hoping you guys help me out with this situation I have here? I just need to get some advises what the best ways I can implement. The project came out for 2 weeks and I am still struggling the network implementation. May be I better outline the following network info as very similar what Wanderer did:


Site A switches (3 internal vlans) --> PE router --> MPLS networks --> PE router --> site B switches (1 internal vlan)

Site A have 3 vlans and are all able to communicate Site B vlans via MPLS. here is one of routing statements at Site A's switch:
ip route 101.11.6.0 255.255.255.0 101.11.1.254
where 101.11.6.0 is site B vlan & 101.11.1.254 is gateway IP on PE router LAN interface (eth0)

Site B has current 1 vlan and is able to communicate Site A all vlans via MPLS. here is routing statement at Site B's switch:
ip route 0.0.0.0 0.0.0.0 101.11.6.254
where 101.11.6.254 is gateway IP on PE router LAN intterface (eth0)

My objective is to add new VLAN in site B (due to security purpose) so that site A is able to communicate as same as current VLAN's config. If possible, I want to use one of existing VLANs at site A (e.g. 172.20.0.0/22) to be extended to site B.

Q1: is it possible to do that?
Q2: if not possible, should I just need to create a new vlan in site B and then add a new routing statement in Site A's switch? What should I tell the provider to do on PE router?
thank you in advance!

Angus


Report •

#10
June 1, 2011 at 10:12:57
Q1. why are you using vlans? you say security but what do you mean by that specifically
Q2. how many pcs/devices per vlan?
Q3. which flavor of MPLS are you running?

compu-angus when you write this:

Site B has current 1 vlan and is able to communicate Site A all vlans via MPLS. here is routing statement at Site B's switch:
ip route 0.0.0.0 0.0.0.0 101.11.6.254
where 101.11.6.254 is gateway IP on PE router LAN intterface (eth0)

It is clear you are not separating vlans from routing. You are routing ip. Vlans are secondary and not part of the MPLS routing.

You do understand that you can have multiple vlans with the same ip subnet? Having a subnet per vlan is not a requirement. Its an option.

Also are you saying you have site to site communication now with both sites in the same subnet?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#11
June 1, 2011 at 12:48:15
may be you are right to use term subnet and ip routing in my case. so back to my Q2: should I just need to create a new subnet in site B and add ip route on switch A? then both PCs can ping each other? or use the same subnet in both site A & site B?

nope, there is no same subnet communicate both sites.

Angus


Report •

#12
June 1, 2011 at 12:55:29
You can indeed do VPN over MPLS. Our intrasite connections are MPLS and we have encrypted VPN tunnels between them.

As to having a single subnet in two separate locations, you can do that too and I have done it in the past.

Site A and site B are connected through a VPN tunnel. Site A has 20 users and site B has 15. Both sites are using one subnet with the external connection (Internet) running through site A since that's where the gateway is. Users in site B access the internet through site A.

It's a little bulky yes since site B's external traffic runs over the internet to site A and then goes out on the internet and has to run through A to get back to B. But they didn't have routers at either end, they were using PIX boxes.

Preferred way to do it............certainly not. A router at each end makes a whole lot more sense. As to the above situation, it's one I inherited, not one I setup....but it did work and it did allow for a single subnet across two sites.

As I've said previously, our provider doesn't do tagging. So, we established encrypted tunnels and pass our tagged traffic through them and break it out at the other end and then address our tagging.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#13
June 2, 2011 at 06:20:06
I am unable to setup VPN in this case, because this is inter-network and all hosts are communicated each other between 2 sites via MPLS. is it prefereable to create another subnet for site B and add a static route in switch A rather than extending site A subnet to B?

Angus


Report •

#14
June 2, 2011 at 06:56:25
Each site will have its own vlans
Each site will have its own ip subnet different than all other sites.
Your routing between and within each site will determine what vlan is used at each site.

Make sense?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#15
June 2, 2011 at 07:27:58
OMG!

You need to hire someone with the appropriate training, knowledge and experience to do this for you.

You are not capable.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#16
June 2, 2011 at 15:45:26
I got it working now, just simply ask for provider to advertise next hop of new vlan on site B and that's it....

thanks for your support anyway....

Angus


Report •

#17
June 3, 2011 at 05:44:42
I mentioned tagging across provider links on my first response. The smart thing to do at that point would have been to tell me you do/can.

People like you make me want to bang my head on my desk and stop hanging out here.........................

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Ask Question