Solved

Trunking VLANs over a Layer 3 network

Posted on 2007-04-01
16
1,168 Views
Last Modified: 2008-02-01
Trunking VLANs over Layer 3 OSPF links.

What is the best way to trunk a Layer 2 VLAN over a routed layer 3 network? I have a problem whereby the network is split up into 3 seperate sites, each site has a number of VLANS which are routed using OSPF and Cisco layer 3 switches.

There are 2 VLANS which need to span ALL sites and can not be split into different IP segments.

Is it possible to just Trunk the VLANS over the current Layer 3 links? We are using a mixture of Cisco 6500, 3550 and 3750 switches to do the switching and routing.

There is only 1 physical connection between the sites.
0
Comment
Question by:ian_chard
  • 8
  • 8
16 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18833726
Most likely, no.

What type of link is connecting the sites? T1? MPLS? Frame-Relay?
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18834704
It is a BT LES100 circuit, so on the switch the connection is actually a fast ethernet port on each end.

Surely if you make the port an access port AND a trunk port, and only allow the necessary VLANS over the trunk it will work?

We can use VLANS as the Layer 3 routing interfaces (SVI's) and make the same port an access port in this vlan?

Hmmmm, is a trinky one,
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835411
You can't have a physical port configured as an access port AND a trunk port at the same time.

If the carrier supports it, just trunk the link between the sites. For the VLANs you don't want on the trunk, remove those VLANs from the trunk.

0
 
LVL 6

Author Comment

by:ian_chard
ID: 18835695
I am pretty sure you can configure a physical port to be a trunk and an access port at the same time. The OS certainly supports it on both Cisco and HP networking equipment.

(Things like connecting PCs through VoIP phones require you to 'tag' and 'untag' the same port in different VLANs)

Hmmm, this is a perplexing one. In theory, i don't see why it won't work, but unfortunately i haven't got the time or equipment to fully test it!
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835755
I think you're confusing this with "native VLAN".

When you connect a phone that has a PC port on it, you are doing 802.1q trunking between the switch and the phone. The PC traffic is sent over the native VLAN and is untagged while the voice traffic is tagged with the voice VLAN ID. The link however is still classified as an 802.1q trunk.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18835816
Thats correct, but the PC traffic does not HAVE to be in the native VLAN does it? Otherwise you would only be able to have 1 voice VLAN per PC/Data VLAN?

In comparison to this, i want the routed VLAN traffic to be untagged and the Layer 2 VLAN Traffic to be tagged.

It is very confusing, but i cannot see why a physical ethernet port can not send some traffic 'untagged' (I.e to its own VLAN) and other traffic 'tagged' depending on where it has originated.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18835973
>Thats correct, but the PC traffic does not HAVE to be in the native VLAN does it?

Yes, it does. The PC doesn't send 802.1q trunk frames. The phone simply sends those frames to the switch and the switch on seeing an untagged frames assumes it to be in the native VLAN.

>In comparison to this, i want the routed VLAN traffic to be untagged and the Layer 2 VLAN Traffic to be tagged.

That's fine. Just make the routed traffic in the native VLAN and it will be untagged. But you won't be accomplishing anything by doing it that way as opposed to tagging all the traffic.

0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836097
Hello again,

I have configured similar things in the past and if my memory serves me correctly, the VoIP was always the 'Tagged' vlan and the PC the untagged.
So, if VLAN 200 was the VoIP Vlan and Vlan100 the Data Vlan the config (On a procurve device) would be something like:

VLAN 100
 name PC
 untagged 1

VLAN 200
 name VoIP
 tagged 1

I am guessing on Cisco, it would be something like (My cisco is pretty rusty on this!)

Int fa0/1
switchport mode trunk
switchport encap dot1q
switchport trunk allowed vlans 200 (???)
switchport access vlan 100

So, i don't want the PC to be sending 802.1q tagged frames, only the phones, which can do it. Does this make sense?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 50

Expert Comment

by:Don Johnston
ID: 18836129
>I am guessing on Cisco, it would be something like (My cisco is pretty rusty on this!)

Close. :-)

int fa0/1
switchport mode trunk
switchport trunk encap dot1q
switchport trunk native vlan 100

0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836225
Nice one, what effect does making an interface an access port AND a trunk port? I know that the IOS will accept the config, will it only act as either an access port OR a trunk port?

AND the bottm line is, there is no way to have a Layer 3 (Routed) connection between 2 switches and have 1 or 2 VLANS trunked over it as well? (I hope my boss takes this news well!!!)

Cheers


0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18836274
>Nice one, what effect does making an interface an access port AND a trunk port?

Like I said, you can't make an interface a trunk port AND an access port at the same time.

>AND the bottm line is, there is no way to have a Layer 3 (Routed) connection between 2 switches and have 1 or 2 VLANS trunked over it as well?

You can't have a single physical interface behave as a layer 2 and a layer 3 interface at the same time. However, you can have a routing protocol carried over one VLAN and user traffic over a different VLAN at the same time.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836594
Bearing this in mind, Can you see any possible solution to the problem i am having then?

You can use VLANs as the layer 3 interfaces can;t you? instead of making the interface itself a layer 3 interface, so in theory, in actual Physical interface would not be a Layer 2 and Layer 3 as all of the Layer 3 stuff would be done at the VLAN level?

0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 18836761
Here how you can do it.

Switch 1 has VLANs 10, 11, 13, 15, 17, 19 and 20
it has SVI's with ip addresses of 192.168.vlan.1
Running OSPF on all SVI's

Switch 2 has VLANs 10, 12, 14, 16, 18 and 20
it has SVI's with ip addresses of 192.168.vlan.2
Running OSPF on all SVI's

The link between the two switches is a trunk link with only VLANs 10 and 20 allowed.

Any traffic from the 11,12,13,14,15,16,17,18 or 19 VLAN's will have to be routed. However, VLAN 10 and 20 traffic will be able to cross between sites without any layer 3 processing.
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18836993
Excellent, you are a star. I am going to start planning this now...
0
 
LVL 6

Author Comment

by:ian_chard
ID: 18841811
Hi Don,

Taking into account the following :

VLANS 10,11,100,101,102,103 need to be trunked and the rest need to be routed, do the following commands fit?

Any help much appreciated!!!

Ip routing

Vlan 33
Description CV3750-NP3550
Ip address 172.16.10.14 255.255.255.252

Vlan 6
Description CVNetMan
Ip address 172.25.1.1 255.255.255.0

Vlan 7
Description CV Devices
IP address 172.25.2.1 255.255.255.0

Vlan 52
Description CVPrint
Ip address 172.25.4.1 255.255.252.0

Vlan 202
Description CVStaff
IP address 172.25.48.1 255.255.240.0

Vlan 302
Description CVStudents
IP address  172.25.64.1 255.255.240.0

Vlan 402
Description CVComp
Ip address 172.25.80.1 255.255.255.0

Vlan 412
Description CVInfoServ
Ip Address 172.25.81.1 255.255.255.0

Int fa1/0/48
Switchport mode trunk
Switchport trunk encap dot1q
Switchport trunk allowed vlans add 10 11 33 100 101 102 103

Router ospf 1
Network 172.25.1.0 0.0.0.255 area 0
Network 172.25.2.0 0.0.0.255 area 0
Network 172.25.4.0 0.0.3.255 area 0
Network 172.25.48.0 0.0.15.255 area 0
Network 172.25.64.0 0.0.15.255 area 0
Network 172.25.80.0 0.0.0.255 area 0
Network 172.25.81.0 0.0.0.255 area 0
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18842842
I assume the commands towards the top are for something other than a Cisco switch?

On the Cisco side, you'll need a VLAN interface for each VLAN that the switch is routing.

int VLAN 11
 ip address x.x.x.x 255.255.255.0
 no shutdown

Also, trunks carry all VLANs by default so there's no need to add them. That would only be necessary if you had previously removed them.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now