We help IT Professionals succeed at work.
Get Started

encapsulating Cisco vlan trunking across 3rd party WAN using 802.1q VLANs

Last Modified: 2013-11-10

We have several large sites that use Cisco Vlan trunking to keep a complex network environment humming along.  This works well for us.

Between sites we have gigabit metro ethernets providing WAN services, over which we are using layer 3 and EIGRP.  This works well for us.

On several campuses, we have gigabit fibers linking buildings together, with VLAN trunking across those Gig links.  Works great.

We have one campus that has building on two sides of a highway, and we were not able to secure a fiber right-of-way to do our customary gig link.  So instead we used a Metro ethernet provided by one of our Metri-E vendors.  This is not working so well for us.

Things work fine in the native VLAN, and for the trunked VLANs, most things work fine as well.  However we are having problems with some very specific areas involving Authentication.  Several different systems are failing to authenticate across trunked vlans.  The WAN is using 802.1q vlan tagging, this is managed by the WAN vendor.  As long as we don't use any VLANs, the affected applications work fine.  As soon as we trunk a vlan across the link, and put the systems in that vlan, they work for everything except secure authentication.

The 802.1q vlan over the WAN is invisible to us, the vendor is telling us we should treat the connection as if it were dark fiber.  However we are finding that this is not the case.    The vendor uses Cisco gear, and they opened a TAC case when we had problems, however they came back telling us that Cisco has blessed their configuration as being transparent to anything we should be able to do.  

We are convinced that this is almost true, however secure authentication systems fail on anything other than the native vlan.

We are a health-care system, and have many unrelated vendors using the network for data that must be kept secure, so isolating the vendors and applications on their own vlan segments is a requirement for our environment.

What do we need to do to make Cisco Vlan trunking work correctly across a third party 802.1q vlan?
Watch Question
This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE