dumb question on VTP Domains

itdaddyitdaddy Senior MemberMember Posts: 2,089 ■■■■□□□□□□
hey this is I am sure a dumb question but I just have never seen it.

Say you have a 4 site wan with T1 lines between branch offices.
and you have say 2 or 3 switches at each branch office respectively.

if you create a VTP domain can and will the VTP domain include all 4 branch office switches? and do BDPUs get transmitted to and from each switch for elections? I have never messed with VTP domains on switches accross t1 lines? thanksicon_study.gif or do i set up VTP domains at each site seperately?

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    itdaddy wrote: »
    I have never messed with VTP domains on switches accross t1 lines?
    How are you connecting the T1 lines to the switches?
    :mike: Cisco Certifications -- Collect the Entire Set!
  • hexemhexem Member Posts: 177
    VTP uses multicast, router's wont foward that accross a t1 line.
    ICND1 - Passed 25/01/10
    ICND2 - Passed 9/03/10

    Studying CCNA:S
  • xwesleyxwillisxxwesleyxwillisx Member Posts: 158
    VTP domains are only locally significant. Because VLANs are layer 2 any of the remote sites will have no knowledge to their numbering at the other sites and thus makes VTP insignificant.

    I will say for consistency and sanity's sake it is still best practice to implement a consistent VLAN scheme and VTP domain setup at each site.

    My 2 cents.
  • chrisonechrisone Senior Member Member Posts: 2,210 ■■■■■■■■■□
    answer is no, remember not to mix your layer 2 with your layer 3. Even if you had one router separating two lan segments and you had switches on both sides you still cannot run VTP over the router. The router doesn't even know what VTP is, so the VTP chain is broken.

    switches
    router
    switches

    |________________________|

    You would need this link for VTP to work. Also main other reason is that VTP only works over trunks.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained)
  • hexemhexem Member Posts: 177
    I know this is probably not relevant, but is there any chance it's possible with dot1q tunneling, probably restricted to unicast traffic, maybe im thinking wrong here :)
    ICND1 - Passed 25/01/10
    ICND2 - Passed 9/03/10

    Studying CCNA:S
  • Ryan82Ryan82 Member Posts: 428
    If you wanted this work, I believe you would have to implement 802.1q tunneling.

    Here is a document that talks about it a little bit:

    802.1Q Tunneling | CCNP Recertification

    EDIT: hexem got to it first!
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Ryan82 wrote: »
    If you wanted this work, I believe you would have to implement 802.1q tunneling.

    Here is a document that talks about it a little bit:

    802.1Q Tunneling | CCNP Recertification

    EDIT: hexem got to it first!

    QinQ doesn't work over a T1 (technically you can get it to work with some MPLS magic, but thats outside of the scope of this thread). QinQ, or 802.1q tunneling how ever you want to call it, is basically just a way to stack 802.1q headers on a frame. The L2 info still wouldn't be forwarded over the WAN.
    An expert is a man who has made all the mistakes which can be made.
  • hexemhexem Member Posts: 177
    Maybe not over a T1, but it's possible.

    Service providers do not have to assign a unique VLAN ID number to each individual customer VLAN, which quickly consumes the 4094-ID VLAN space supported by Ethernet’s 802.1Q technology. In this way, encapsulating multiple customer 802.1Q VLANs into a single service provider 802.1Q VLAN (thus the name, “Q in Q”) affords service providers a scalable approach to offering Ethernet services. To transport not only customers’ data traffic but also customers’ Layer 2 control traffic (such as Spanning Tree, Cisco Discovery Protocol, and VLAN Trunking Protocol), service providers must configure on 802.1Q tunneling ports Cisco Layer 2 Protocol Tunneling, a separate feature that is available in the same Cisco IOS® Software release.
    ICND1 - Passed 25/01/10
    ICND2 - Passed 9/03/10

    Studying CCNA:S
  • networker050184networker050184 Mod Posts: 11,962 Mod
    hexem wrote: »
    Maybe not over a T1, but it's possible.

    Service providers do not have to assign a unique VLAN ID number to each individual customer VLAN, which quickly consumes the 4094-ID VLAN space supported by Ethernet’s 802.1Q technology. In this way, encapsulating multiple customer 802.1Q VLANs into a single service provider 802.1Q VLAN (thus the name, “Q in Q”) affords service providers a scalable approach to offering Ethernet services. To transport not only customers’ data traffic but also customers’ Layer 2 control traffic (such as Spanning Tree, Cisco Discovery Protocol, and VLAN Trunking Protocol), service providers must configure on 802.1Q tunneling ports Cisco Layer 2 Protocol Tunneling, a separate feature that is available in the same Cisco IOS® Software release.

    Spare me the copy/paste from Cisco's website icon_wink.gif. QinQ works in the same situations a regular dot1q trunk would. It isn't some special way to have ethernet over a non ethernet circuit. Basically its just adding another dot1q tag on top of an existing dot1q tag. The frame will not be transmitted over anything extra just because of the exrta tags. I just redid our customer QinQ design not too long ago so I had to do plenty of research on the subject.
    An expert is a man who has made all the mistakes which can be made.
  • chrisonechrisone Senior Member Member Posts: 2,210 ■■■■■■■■■□
    From a design and security perspective this idea is horrible and you would never want to broadcast your internal LANs over anything public. Be it, that its just VLAN IDs either or its a bad move, "itdaddy" remove this concept/idea from your brain lol
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained)
  • hexemhexem Member Posts: 177
    Spare me the copy/paste from Cisco's website icon_wink.gif. QinQ works in the same situations a regular dot1q trunk would. It isn't some special way to have ethernet over a non ethernet circuit. Basically its just adding another dot1q tag on top of an existing dot1q tag. The frame will not be transmitted over anything extra just because of the exrta tags. I just redid our customer QinQ design not too long ago so I had to do plenty of research on the subject.

    no offense meant..i'm learning just as everyone else, so where would you see this in production? so this is used over MAN's between customer sites through an ISP or what?
    ICND1 - Passed 25/01/10
    ICND2 - Passed 9/03/10

    Studying CCNA:S
  • networker050184networker050184 Mod Posts: 11,962 Mod
    hexem wrote: »
    no offense meant..i'm learning just as everyone else, so where would you see this in production? so this is used over MAN's between customer sites through an ISP or what?

    No offense taken or meant here either (sometimes hard to convey with type only). QinQ would be useful if you are offering customers an ethernet WAN product. They can have multiple Vlans for instance 5, 6 and 7. Another customer might also have Vlans 6, 7 and 8. Rather than having the customers renumber their Vlans, you would use QinQ to slap Vlan 2 on top of the first customers frames and Vlan 3 on top of the second customers frames. Then every switch in your network will only see Vlan 2 and Vlan 3. It cuts down on the number of Vlans needed to one per customer regardless of the amount of Vlans they use. The best way to think about it is like label stacking in MPLS.

    If you want to start tunneling those ethernet frames over a non ethernet infastructure you will need to look into something like VPLS.
    An expert is a man who has made all the mistakes which can be made.
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    itdaddy did post this in the CCNP forum, so....

    1. he either has some sort of media converter using the T1's to connect the sites.....

    2. he has routers in there he didn't mention that could be configured to bridge the network segments....

    3. he forget what he learned in the CCNA about routers being layer 3 devices and breaking up the network into broadcast domains -- and the vtp domain from a switch attached to one router interface is NOT the same vtp domain as another switch attached to another interface on the same router -- even if it has the same name. That leads into the entire CCNA thing of "don't attach a switch with a higher revision number from another network (vtp domain) to an existing network or you could overwrite your vlan info yada yada yada...

    Edit: I'm leaning towards #3 since they drink lots of beer drunken_smilie.gif up in Wisconsin icon_lol.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • hexemhexem Member Posts: 177
    No offense taken or meant here either (sometimes hard to convey with type only). QinQ would be useful if you are offering customers an ethernet WAN product. They can have multiple Vlans for instance 5, 6 and 7. Another customer might also have Vlans 6, 7 and 8. Rather than having the customers renumber their Vlans, you would use QinQ to slap Vlan 2 on top of the first customers frames and Vlan 3 on top of the second customers frames. Then every switch in your network will only see Vlan 2 and Vlan 3. It cuts down on the number of Vlans needed to one per customer regardless of the amount of Vlans they use. The best way to think about it is like label stacking in MPLS.

    If you want to start tunneling those ethernet frames over a non ethernet infastructure you will need to look into something like VPLS.

    thanks, makes alot more sense now.

    He did mention it might be a dumb question :P altho there are no dumb question's, just answers...;]
    ICND1 - Passed 25/01/10
    ICND2 - Passed 9/03/10

    Studying CCNA:S
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    mikej

    you crack me up. hahahahah

    and thanks guys for an in depth response. I do understand layer 2 and layer 3 but wasn't sure how it could traverse WANs if at all. My nieve view still; I don't want to assume. I will lab it up and do my wireshark thing to watch what is going on. That is cool. Okay, I have the T1 csu/dsu setup with 1760s and 2950s/3550 behind each 1760(t1 csu/dsu) and just wanted to understand if VTP Domains traversed T1 WAN in say an enterprise system. That is what experience is about..I just was wondering maybe some how maybe a Cisco t1 csu/dsu could do that and allow some kind of communication L3 type. I am thinking like an MS domain type setup but yeah that is layer 3/4 stuff but didn't know if I could do that..wow thanks for the great insight...so vlans and VTP domains and elections are only a local LAN type thing and not ever across a WAN setup ?

    beer funny ;) I have been really good! ;) 1 beer once a month for reals!
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    chrisone and mikej

    these are dedicated T1s not out to nowhere land they are dedicated t1s csu/dsu not public t1s if there is a difference. they are supose to be site to site and secure right?

    i wish i worked for an ISP that would be awesome!
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    You can bridge your network segments across the router interfaces (and even run STP on your router's bridged interfaces if necessary) -- but normally your VTP domain is contained in your broadcast domain.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    mikej412 wrote: »
    You can bridge your network segments across the router interfaces.....
    Oh -- I forgot to mention that while you CAN do it, it would be quite silly if you actually did do it (other than for learning purposes in a lab environment).
    :mike: Cisco Certifications -- Collect the Entire Set!
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    mikej

    Hey thanks a lot...that really helps all of us understand. What a cool discusion this was and how intereting to see what people actually think compared to those who have done it. wow thanks great topic...
    again thanks... icon_cheers.gif
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Never ask on a networking forum "can this be done" the answer 99% of the time is yes. ;) I am always amazed at the creative approaches people come up with to solve issues. At the physical layer networks are all 0 and 1 no matter what they are running on, and if you know what you are doing it seems you can pretty much achieve anything.

    The question you want to ask is "should this be done like this, in this situation" ;)

    But the word "can't" does not appear very often in networking..
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • SysAdmin4066SysAdmin4066 Member Posts: 443
    I would agree with Devil, the idea of can I or cant I, is irrelevant. You can do just about anything. VTP domains should remain confined to your broadcast domain.
    In Progress: CCIE R&S Written Scheduled July 17th (Tentative)

    Next Up: CCIE R&S Lab
Sign In or Register to comment.