802.1Q VLAN tagging over a WAN?

I posted this on Experts Exchange, but I never received a response worth anything. Maybe someone here can help me out.

I am curious regarding an issue I face, but haven't personally dealt with before.

I have two sites which are linked together with a couple T1's. Each site contains 3Com switches with the ability to tag voice ports automatically by looking at the OUI of the MAC address. The switches simply tag the ports as being in the "Voice VLAN" when it sees a source MAC with an OUI of a telephone.

The main site contains the actual 3Com NBX V3001 telephone system, while the other site will only contain phones. Within the system, you specify what number the Voice VLAN is, I assume so it can tag it's frames accordingly.

Anyway, my situation is this: If my NBX telephone system is looking for frames that are tagged as being in the Voice VLAN, how will traffic sourced from the secondary site make it to the NBX since the data link header and trailer (and I am assuming the 802.1q tag that is inserted) are stripped at the router to be passed across the WAN link?
Would this be a special function of the routers themselves? As in, would I need to look to 3Com for a specific solution that would tag packets with a destination IP of the NBX phone system?

But a more general question is, is there ever a need to pass traffic over a WAN link while retaining the 802.1q VLAN tag? If so, how is this accomplished?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

networker050184

When the main site gets the ip packet from the remote site it will need to forward it out to the final destination. If that destination is on a vlan the router will either pass it to the switch who will tag it or tag it itself depending on the setup. So you really shouldn't have to do anything fancy to get this working.

There are technologies availbe to allow you to carry vlan tags across the WAN such as metro ethernet.

/usr

If the ports on the switch tagged frames automatically, this wouldn't be an issue. However, these 3Com switches tag frames based on the source MAC address. Since the source MAC gets removed at the router before crossing the T1 link and the source MAC at the other end after crossing the T1 link will be the router's ethernet interface, the switch at the main site will never know the traffic is coming from a phone, thus will not tag the frame.

So despite the fact that the traffic will make it to the NBX unit based on the destination IP address, I'm not sure how the unit will handle the traffic based on the fact that it's not in the same VLAN.

rossonieri#1

hi /usr,

If the ports on the switch tagged frames automatically, this wouldn't be an issue. However, these 3Com switches tag frames based on the source MAC address. Since the source MAC gets removed at the router before crossing the T1 link and the source MAC at the other end after crossing the T1 link will be the router's ethernet interface, the switch at the main site will never know the traffic is coming from a phone, thus will not tag the frame.

IMHO, you need to create some kind of IP-based vlan to do that.
AFAIK, nortel switches also has this MAC-based and IP-based nor port-based VLAN-tagging, i've forgot what they called it.

local sw0 --- [X] --- IP --- [X] --- sw1 --- PBX

so after the packet get routed - the L3-based vlan mapping on sw1 takes the turn to re-tagging the frame.

HTH.