VLAN tunnels
HI,
I have a bit of a strange problem. I am trying to tunnel a number of vlans across my network.
I have cisco 1841 router that has a number of vlans assigend to sub interfaces. and i need to get this traffic across the site. Rather than set up all these vlans on my live network I have chosen to tunnel them across using a dot1q tunnel.
so set up my tunnel ports to be vlan 21 and assigen them as dot1q tunnels, (and created vlan 21 on all switchs and insured its allowed on all trunks)
the port on the router tags all traffic as it is using sub interfaces. and the far end switch also is set to trunk.
LAstly I need to be able to acces the managemnt traffic, so the far end swith has a second trunk port that allows only vlan 900 (managemt) back on the to site network, and my desk top pc is connected to a port assigned to vlan 900..
(see digram)
my Problem is that I can telnet to the devices on this netowork (it the router and switch). however if I try to ftp to the router (copy a new IOS) or use SDM to connect to it. it starts working, but then after a few bytes of data it sundley stops! it looks from a packet captuer like the router stops responding, but I can still ssh jsut fine.
Any ideas what may be causing this? any one else had problems when running vlan tunnels?
tunnl-digram.jpg
I have a bit of a strange problem. I am trying to tunnel a number of vlans across my network.
I have cisco 1841 router that has a number of vlans assigend to sub interfaces. and i need to get this traffic across the site. Rather than set up all these vlans on my live network I have chosen to tunnel them across using a dot1q tunnel.
so set up my tunnel ports to be vlan 21 and assigen them as dot1q tunnels, (and created vlan 21 on all switchs and insured its allowed on all trunks)
the port on the router tags all traffic as it is using sub interfaces. and the far end switch also is set to trunk.
LAstly I need to be able to acces the managemnt traffic, so the far end swith has a second trunk port that allows only vlan 900 (managemt) back on the to site network, and my desk top pc is connected to a port assigned to vlan 900..
(see digram)
my Problem is that I can telnet to the devices on this netowork (it the router and switch). however if I try to ftp to the router (copy a new IOS) or use SDM to connect to it. it starts working, but then after a few bytes of data it sundley stops! it looks from a packet captuer like the router stops responding, but I can still ssh jsut fine.
Any ideas what may be causing this? any one else had problems when running vlan tunnels?
tunnl-digram.jpg
ASKER
its all ethernet
the site Im working on has about 30 odd buildings.
and the router has for various reasons to be installed in a completly different building to the switch/servers/PC connected to it. (when I say switch I am talking about the switch in the router network, imagen a line across the page deviding the top two devices from the bottom two)
So router connects to an ADSL line. while its ethernet port is routing several VLANS in a router on a stick configuration.
The switching infrstructure already on site (switchs at the bottom of digram/ ) is a completly seperate network and I want to have as little inpact on it as possible. so i am using a 802.1q tunnel to carry the traffic across site. (code and lines in red)
now I need one PC at my desk (I am in a completly different building from both router and switch) that can manage the router. So the Switch trunks one of the vlans that have been tunnled to it (in this case vlan 900) back out on to the main site network so I can pick it up at my desk.
so the idea being that there is a VLAN tunnel between router and switch.
then a normal vlan trunk between switch and site network.
I havea feeling the problem is frame size. doubble tagging the frames pushes them over the MTU limit.
I can see it stops working after the first FTP packet is sent of size 1514. this is max MTU but before its has the double vlan tag.
What will a switch do wih a over size frame? will it simple drop it? or will it fragrment?
the site Im working on has about 30 odd buildings.
and the router has for various reasons to be installed in a completly different building to the switch/servers/PC connected to it. (when I say switch I am talking about the switch in the router network, imagen a line across the page deviding the top two devices from the bottom two)
So router connects to an ADSL line. while its ethernet port is routing several VLANS in a router on a stick configuration.
The switching infrstructure already on site (switchs at the bottom of digram/ ) is a completly seperate network and I want to have as little inpact on it as possible. so i am using a 802.1q tunnel to carry the traffic across site. (code and lines in red)
now I need one PC at my desk (I am in a completly different building from both router and switch) that can manage the router. So the Switch trunks one of the vlans that have been tunnled to it (in this case vlan 900) back out on to the main site network so I can pick it up at my desk.
so the idea being that there is a VLAN tunnel between router and switch.
then a normal vlan trunk between switch and site network.
I havea feeling the problem is frame size. doubble tagging the frames pushes them over the MTU limit.
I can see it stops working after the first FTP packet is sent of size 1514. this is max MTU but before its has the double vlan tag.
What will a switch do wih a over size frame? will it simple drop it? or will it fragrment?
Still don't understand why you're worrying about tunneling. Q-in-Q tunneling is used when you want to trunk one VLAN database over an existing trunk that is using a separate VLAN database. And it has to be implemented at each end of the service.
I can't envision why this is needed here.
I can't envision why this is needed here.
ASKER
becasue that is exactly what I am doing.
the router and switch pairing are part of a completly different network to the main site network, I am simply using the site network inforstructure like an entended ethernet cable between the fastenterent interface of the router and the switch it needs to connect to.
image the router is drectly connect to a switch, and this switch is connected to servers and client PC's running several vlans and subnets. (A small office network set up). But I want to put my corprate network (seperate owneship) inbetween the router and the switch. ratehr than setting up all the vlan data base on my corprate network, it is much neater to tunnel the data across the corprate network. Just as you would if these where two different compynies.
maybe the attached digram makes it a bit clearer.
tunnl-digram2.jpg
the router and switch pairing are part of a completly different network to the main site network, I am simply using the site network inforstructure like an entended ethernet cable between the fastenterent interface of the router and the switch it needs to connect to.
image the router is drectly connect to a switch, and this switch is connected to servers and client PC's running several vlans and subnets. (A small office network set up). But I want to put my corprate network (seperate owneship) inbetween the router and the switch. ratehr than setting up all the vlan data base on my corprate network, it is much neater to tunnel the data across the corprate network. Just as you would if these where two different compynies.
maybe the attached digram makes it a bit clearer.
tunnl-digram2.jpg
I can't read any of the text in the diagram.
Where is the other end of the Q-in-Q tunnel defined? The intermediate devices will need to support 1526 byte frames. Otherwise reduce the MTU by 4 bytes.
Where is the other end of the Q-in-Q tunnel defined? The intermediate devices will need to support 1526 byte frames. Otherwise reduce the MTU by 4 bytes.
ASKER
I think this must be a problem with MTU
when looking at a trace it works fine untill i see a packet size 1514. Then it never replies. which makes sence.
if i incress the MTU on a physical interface I am assuming this also affect all sub interfaces as well.
I also noice I need to reboot the devices..
but what is the difference between system mtu and jumbo mtu? at the momemnt they are both set to 1500?
when looking at a trace it works fine untill i see a packet size 1514. Then it never replies. which makes sence.
if i incress the MTU on a physical interface I am assuming this also affect all sub interfaces as well.
I also noice I need to reboot the devices..
but what is the difference between system mtu and jumbo mtu? at the momemnt they are both set to 1500?
ASKER
ahh thats the way to do it!
reduce the mtu of the parasite network !!!
either side of the corporate network I have set up a port as a tunnel. so if you imagen the router at the top connecting to the corprate network in the middle, then the port on the corprate network it enters at is configured as a tunnel.
then the same at the bottom, the port the switch is connecting in to the corprate network on is again configured as a tunnel (I am talking about the port on the corprate network device being configured as a tunnel, the port on the switch is configured as a trunk)
dam all these switches sorry I really should have given them names..
reduce the mtu of the parasite network !!!
either side of the corporate network I have set up a port as a tunnel. so if you imagen the router at the top connecting to the corprate network in the middle, then the port on the corprate network it enters at is configured as a tunnel.
then the same at the bottom, the port the switch is connecting in to the corprate network on is again configured as a tunnel (I am talking about the port on the corprate network device being configured as a tunnel, the port on the switch is configured as a trunk)
dam all these switches sorry I really should have given them names..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for that last bit of info
All i needed to do was set the mtu on the router interface to 1450 (ok i sure it could be a bit higher but I will work that out in a bit)
Thank you so much for the comments, working like a dream now..
if only SDM would be as kind!! at least now im getting a jarva script error! think the versions to new.
once again thank for the help, sure it wont be the last time I am saying that to you
All i needed to do was set the mtu on the router interface to 1450 (ok i sure it could be a bit higher but I will work that out in a bit)
Thank you so much for the comments, working like a dream now..
if only SDM would be as kind!! at least now im getting a jarva script error! think the versions to new.
once again thank for the help, sure it wont be the last time I am saying that to you
ASKER
as said in the last post. Thank you once again for all the help.
Aaron
Aaron
How are the two sites connected? (serial link, ethernet, etc.)
What device is at the other end of the site-to-site link?