Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Trunking VLANs over a Layer 3 network

Posted on 2007-04-01
16
Medium Priority
?
1,209 Views
Last Modified: 2008-02-01
Trunking VLANs over Layer 3 OSPF links.

What is the best way to trunk a Layer 2 VLAN over a routed layer 3 network? I have a problem whereby the network is split up into 3 seperate sites, each site has a number of VLANS which are routed using OSPF and Cisco layer 3 switches.

There are 2 VLANS which need to span ALL sites and can not be split into different IP segments.

Is it possible to just Trunk the VLANS over the current Layer 3 links? We are using a mixture of Cisco 6500, 3550 and 3750 switches to do the switching and routing.

There is only 1 physical connection between the sites.
0
Comment
Question by:ian_chard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18833726
Most likely, no.

What type of link is connecting the sites? T1? MPLS? Frame-Relay?
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18834704
It is a BT LES100 circuit, so on the switch the connection is actually a fast ethernet port on each end.

Surely if you make the port an access port AND a trunk port, and only allow the necessary VLANS over the trunk it will work?

We can use VLANS as the Layer 3 routing interfaces (SVI's) and make the same port an access port in this vlan?

Hmmmm, is a trinky one,
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835411
You can't have a physical port configured as an access port AND a trunk port at the same time.

If the carrier supports it, just trunk the link between the sites. For the VLANs you don't want on the trunk, remove those VLANs from the trunk.

0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 6

Author Comment

by:ian_chard
ID: 18835695
I am pretty sure you can configure a physical port to be a trunk and an access port at the same time. The OS certainly supports it on both Cisco and HP networking equipment.

(Things like connecting PCs through VoIP phones require you to 'tag' and 'untag' the same port in different VLANs)

Hmmm, this is a perplexing one. In theory, i don't see why it won't work, but unfortunately i haven't got the time or equipment to fully test it!
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835755
I think you're confusing this with "native VLAN".

When you connect a phone that has a PC port on it, you are doing 802.1q trunking between the switch and the phone. The PC traffic is sent over the native VLAN and is untagged while the voice traffic is tagged with the voice VLAN ID. The link however is still classified as an 802.1q trunk.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18835816
Thats correct, but the PC traffic does not HAVE to be in the native VLAN does it? Otherwise you would only be able to have 1 voice VLAN per PC/Data VLAN?

In comparison to this, i want the routed VLAN traffic to be untagged and the Layer 2 VLAN Traffic to be tagged.

It is very confusing, but i cannot see why a physical ethernet port can not send some traffic 'untagged' (I.e to its own VLAN) and other traffic 'tagged' depending on where it has originated.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835973
>Thats correct, but the PC traffic does not HAVE to be in the native VLAN does it?

Yes, it does. The PC doesn't send 802.1q trunk frames. The phone simply sends those frames to the switch and the switch on seeing an untagged frames assumes it to be in the native VLAN.

>In comparison to this, i want the routed VLAN traffic to be untagged and the Layer 2 VLAN Traffic to be tagged.

That's fine. Just make the routed traffic in the native VLAN and it will be untagged. But you won't be accomplishing anything by doing it that way as opposed to tagging all the traffic.

0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836097
Hello again,

I have configured similar things in the past and if my memory serves me correctly, the VoIP was always the 'Tagged' vlan and the PC the untagged.
So, if VLAN 200 was the VoIP Vlan and Vlan100 the Data Vlan the config (On a procurve device) would be something like:

VLAN 100
 name PC
 untagged 1

VLAN 200
 name VoIP
 tagged 1

I am guessing on Cisco, it would be something like (My cisco is pretty rusty on this!)

Int fa0/1
switchport mode trunk
switchport encap dot1q
switchport trunk allowed vlans 200 (???)
switchport access vlan 100

So, i don't want the PC to be sending 802.1q tagged frames, only the phones, which can do it. Does this make sense?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18836129
>I am guessing on Cisco, it would be something like (My cisco is pretty rusty on this!)

Close. :-)

int fa0/1
switchport mode trunk
switchport trunk encap dot1q
switchport trunk native vlan 100

0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836225
Nice one, what effect does making an interface an access port AND a trunk port? I know that the IOS will accept the config, will it only act as either an access port OR a trunk port?

AND the bottm line is, there is no way to have a Layer 3 (Routed) connection between 2 switches and have 1 or 2 VLANS trunked over it as well? (I hope my boss takes this news well!!!)

Cheers


0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18836274
>Nice one, what effect does making an interface an access port AND a trunk port?

Like I said, you can't make an interface a trunk port AND an access port at the same time.

>AND the bottm line is, there is no way to have a Layer 3 (Routed) connection between 2 switches and have 1 or 2 VLANS trunked over it as well?

You can't have a single physical interface behave as a layer 2 and a layer 3 interface at the same time. However, you can have a routing protocol carried over one VLAN and user traffic over a different VLAN at the same time.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836594
Bearing this in mind, Can you see any possible solution to the problem i am having then?

You can use VLANs as the layer 3 interfaces can;t you? instead of making the interface itself a layer 3 interface, so in theory, in actual Physical interface would not be a Layer 2 and Layer 3 as all of the Layer 3 stuff would be done at the VLAN level?

0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 18836761
Here how you can do it.

Switch 1 has VLANs 10, 11, 13, 15, 17, 19 and 20
it has SVI's with ip addresses of 192.168.vlan.1
Running OSPF on all SVI's

Switch 2 has VLANs 10, 12, 14, 16, 18 and 20
it has SVI's with ip addresses of 192.168.vlan.2
Running OSPF on all SVI's

The link between the two switches is a trunk link with only VLANs 10 and 20 allowed.

Any traffic from the 11,12,13,14,15,16,17,18 or 19 VLAN's will have to be routed. However, VLAN 10 and 20 traffic will be able to cross between sites without any layer 3 processing.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836993
Excellent, you are a star. I am going to start planning this now...
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18841811
Hi Don,

Taking into account the following :

VLANS 10,11,100,101,102,103 need to be trunked and the rest need to be routed, do the following commands fit?

Any help much appreciated!!!

Ip routing

Vlan 33
Description CV3750-NP3550
Ip address 172.16.10.14 255.255.255.252

Vlan 6
Description CVNetMan
Ip address 172.25.1.1 255.255.255.0

Vlan 7
Description CV Devices
IP address 172.25.2.1 255.255.255.0

Vlan 52
Description CVPrint
Ip address 172.25.4.1 255.255.252.0

Vlan 202
Description CVStaff
IP address 172.25.48.1 255.255.240.0

Vlan 302
Description CVStudents
IP address  172.25.64.1 255.255.240.0

Vlan 402
Description CVComp
Ip address 172.25.80.1 255.255.255.0

Vlan 412
Description CVInfoServ
Ip Address 172.25.81.1 255.255.255.0

Int fa1/0/48
Switchport mode trunk
Switchport trunk encap dot1q
Switchport trunk allowed vlans add 10 11 33 100 101 102 103

Router ospf 1
Network 172.25.1.0 0.0.0.255 area 0
Network 172.25.2.0 0.0.0.255 area 0
Network 172.25.4.0 0.0.3.255 area 0
Network 172.25.48.0 0.0.15.255 area 0
Network 172.25.64.0 0.0.15.255 area 0
Network 172.25.80.0 0.0.0.255 area 0
Network 172.25.81.0 0.0.0.255 area 0
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18842842
I assume the commands towards the top are for something other than a Cisco switch?

On the Cisco side, you'll need a VLAN interface for each VLAN that the switch is routing.

int VLAN 11
 ip address x.x.x.x 255.255.255.0
 no shutdown

Also, trunks carry all VLANs by default so there's no need to add them. That would only be necessary if you had previously removed them.
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question