VLAN over WAN Question

genXrcist

Hello everyone,

Working on my CCNA certification and I'm currently on the VLAN section. I've pretty well got the commands down and have setup a number of VLAN's to work w/VTP but I haven't got this part figured out.

Is it possible to communicate VLAN's accross a WAN? I think I am missing something key here because the big advantgage to VLAN's is geography is not important. So, I put a member of one of my VLAN's accross a WAN connection (Router2-> WAN-> Router3->Switch4-> HostVLAN3) but it cannot ping any pc in it's own VLAN accross the WAN. All of my VLANs Gateway's are assigned to Router3 sub-interface Fa0/0.1, .2 & .3 respectively so my thought is all traffic is being routed back to the switch it came from, Switch 4.

How do I get this traffic to cross the WAN from Router 3 back into Router 2?

I hope this makes sense, as I said I'm still learning. Thanks all!

***Please note that this is all being done via Sybex Virtual Lab Titanium ed

JavonR

I am 99% sure that what you are describing is not possible. Vlans = local, they also need to be carried across trunk links, which belong to all vlans. You cannot have a trunk link between routers, you can only specify encapsulations.

genXrcist

Gotcha. To clarify though, is it then not possible to have say, VLAN 10 name AMERICA with users belonging to this same VLAN 10 in Florida and New York?

I guess I thought that VLAN's allowed people to be in two totally different geographical regions able to communicate as if they were in the next office, via the Network. Is this incorrect?

JavonR

genXrcist wrote:

Gotcha. To clarify though, is it then not possible to have say, VLAN 10 name AMERICA with users belonging to this same VLAN 10 in Florida and New York?

I guess I thought that VLAN's allowed people to be in two totally different geographical regions able to communicate as if they were in the next office, via the Network. Is this incorrect?

you're thinking too broad, when you think of VLAN's you should be thinking the "Campus Lan". You can have people spread across different areas, ie: buildings connected via multiple switches, but not across a WAN.

Something to keep in mind that will really help lay it down is this: A Vlan = A subnet = A Broadcast Domain.

If you are trying to communicate between different routers and PC1 on the 192.168.10.0 subnet (vlan 10) needs to communicate with PC50 in Florida which is also in vlan 10 on the 192.168.10.0 subnet it won't even get to the default gateway, as it will just arp for a mac address thinking everything is a-ok, see the problem?. Hope that helps.

genXrcist

Ahhh, gotcha. I made the assumption while reading the book that VLAN's could span across subnet's seperated by WAN's so I was trying to make that work.

On the bright side, at least I know I wasn't setting it up wrong, just that it wasn't possible.

Thanks!

dtlokee

Well it is possible, but not using a L3 WAN link. There are services provided by MPLS (like AToM) that allow the VLAN tags to be maintained across the WAN.

LBC90805

dtlokee wrote:

Well it is possible, but not using a L3 WAN link. There are services provided by MPLS (like AToM) that allow the VLAN tags to be maintained across the WAN.

That's CCNP stuff ehh?

dtlokee

More into CCIP. It's offered as a L2 connection by many service providers, basically they give you an Ethernet connection you connect your switch to and that's it, the switches at both ends will see each other as CDP neighbors.

bighornsheep

JavonR wrote:

I am 99% sure that what you are describing is not possible. Vlans = local, they also need to be carried across trunk links, which belong to all vlans. You cannot have a trunk link between routers, you can only specify encapsulations.

What you've said isn't exactly true.

1) VLANs are logical and virtual, they do not have to be local. You can very easily bridge the Ethernet/Fastethernet segment of a router over a frame-relay or T1 network, connect the FastEthernet segment of that router to an access port on a switch, and do the same thing on a remote router and its Ethernet/Fastethernet segment, and you've just got yourself a wide-area "vlan".

2) Trunking is a feature for managing VLANs across inter-switch links, specifically for saving physical connections. There are no requirements to do this, you can simply have individual access interfaces.

3) You can most CERTAINLY trunk to a router, the dot1q encapsulation on the router is in essence a trunk, in fact 1) will still work in this setup, and from experience, I can tell you this can make for a very interesting quick fix solution in the event something really bad happens.

To the OP, to generalize your question; you shouldn't have a tunnel vision/thinking for what is and isn't, learn the fundamentals and apply the theory, do not memorize hard facts such as VLAN is this and WAN is that, you'll just confuse yourself down the right when improvements or enhancements are available. As for exactly how VLAN would work over long distance in WAN scenario, you can read up on ATM and LAN emulation once you've got DTP, VTP, STP, MST, RSTP, and all the CCNA fun stuff figured out.

To LBC90805, 1) and the things about ATM/LANe may be CCNP, but 2) & 3) are most certainly CCNA material!

good luck,

JavonR

bighornsheep wrote:

1) VLANs are logical and virtual, they do not have to be local. You can very easily bridge the Ethernet/Fastethernet segment of a router over a frame-relay or T1 network, connect the FastEthernet segment of that router to an access port on a switch, and do the same thing on a remote router and its Ethernet/Fastethernet segment, and you've just got yourself a wide-area "vlan".

Can you explain this in more detail? I'm having a hard time figuring out how this will work. The way it was explained to me is that a VLAN = a subnet = a broadcast domain. If this is true then I can't see how you can have the same subnet on each side of a router. IE: 192.168.10.0/24 behind router A, and subnet 192.168.10.0 /24 behind router B on the other side of your frame-relay cloud.

bighornsheep wrote:

3) You can most CERTAINLY trunk to a router, the dot1q encapsulation on the router is in essence a trunk, in fact 1) will still work in this setup, and from experience, I can tell you this can make for a very interesting quick fix solution in the event something really bad happens.

This is what I was trying to get across in my original post. While you can trunk to a router, routers cannot trunk between each other across WAN serial links. (in CCNA land, anyway)

bighornsheep

JavonR wrote:

I'm having a hard time figuring out how this will work. The way it was explained to me is that a VLAN = a subnet = a broadcast domain. If this is true then I can't see how you can have the same subnet on each side of a router. IE: 192.168.10.0/24 behind router A, and subnet 192.168.10.0 /24 behind router B on the other side of your frame-relay cloud.

That's the exact reason why I said in my post to think bigger and get away from the "this is A" and "that is B" thinking. I understand to an extent that while preparing for CCNA, there's no need to think too far ahead, but once you complete CCNA and is working in the field, you'll see the vital need to not be too bogged down by just the theory; CCNA/CCNP/CCIE is irrespective of this fact, I believe that's the reason why CCIE is still so valuable, is because of the lab (practical) component.

VLAN=subnet=broadcast domain is valid, so therefore VLAN = broadcast domain, what if you take a simple 4 port unmanaged switch and plug two PCs into it, that's a broadcast domain as well, now assign one PC with ip 192.168.0.1 /24 and the other with 192.168.1.1 /24, why can't they communicate? What restricts one VLAN to one subnet? How does the subnet restrict the broadcast domain?

You can already see how this can fall apart. A VLAN is basically a logical grouping of switchports in a layer 2 forwarding segment, the IP subnetting, or the broadcast restrictions in practice have very little to do with the operation of a vlan.

In regards to your question about the "same" segment between two different routers, please see:
http://www.cisco.com/en/US/tech/tk331/tk660/technologies_tech_note09186a0080094471.shtml#ex3

The above contains examples for bridging over T1 or Frame relay networks.

btw, there are all sorts of good case studies and white papers from Cisco, Juniper, Nortel, IBM and many other vendors which talks about this sort of "overlapping" ethernet segments; Countless consultants, engineers, and administrators battle these problems every time there's a company merger or corporate restructuring. Personally, I think out of those lessons, authors and technical writers came up with this rule of VLAN=subnet=broadcast domain as to avoid future problems in newer networks. BUT, the important fact of the matter is that the rule should come with its connotations and reasoning.

I bet you'll never think about a VLAN the same way?

JavonR

bighornsheep wrote:

I bet you'll never think about a VLAN the same way?

Haha, you got that right. Thanks for the tidbit