Cisco configuration on L2 WAN links

Hi Guys

We recently have a layer 2 service put in between multiple sites.

We have setup a range on the router (eg. Router 1 -, Router 2 -, Router 3 - etc)

At the main site, we have set to (This is the cisco device, our core switch).

We are not able to ping each other for some reason. Unsure if this is the configuration issue or our WAN provider.

Can anyone advise?

Who is Participating?
Daniel SheppardConnect With a Mentor Network Administrator/Engineer/ArchitectCommented:
As you are saying Layer 2 (without defining exactly what service your ISP is providing: MPLS, VPLS, Metro Ethernet) here are a couple of questions:

- Is it a straight VLAN (You may need to tag all traffic on that VLAN) or is it QinQ?
- Check your MTU with your ISP, ping should work but when using QinQ I did have to drop the MTU by about 8 bytes (for one site only due to a third party backhaul for the ISP).
- Not strictly related to this, but when configuring our private MPLS, I ran into a problem with Multicast traffic being blocked (EIGRP would start the handshake but not fully come up).  Again, not strictly related but something to ensure.

If you only have a straight VLAN, it may be expecting the "native" VLAN (untagged traffic) or a specific tagged VLAN.  If this is the case, get your ISP to migrate to Q-in-Q (VLAN tunnelling).
AkinsdNetwork AdministratorCommented:
You may want to check with your ISP.

What type of connection do you have between the sites?

The only way your setup will work is if you have direct layer 2 connection between the sites (Ethernet Handoff)
If not, you will need layer 3 switches or routers, but then you'll have to use separate vlans at each site
Predrag JovicNetwork EngineerCommented:
Of course that does not work. ISP must block any private IP on internet - it is mandatory. Check with your ISP for possibilities.

Maybe you can use Cisco L2 over L3
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

goraekAuthor Commented:
We have a Layer 2 connection between sites. Its basically an ethernet handoff.
There's no routing, so long we have a vlan setup and route them, we should be able to see it.

We have checked with them, and they say they can see MAC addresses flowing.

We have a Sonicwall at remote site, and a Cisco core switch. Obviously theres the NTU for bridging.

Unsure whats going on. Could be configuration issue? But cant seem to track it.
AkinsdConnect With a Mentor Network AdministratorCommented:
Does VTP work? (Are the vlans propagated to the switches or did you create them manually on all switches)
What is allowed on the trunk ports?

It's also possible that what you have is Private Transport.
The ISP assigns a VLAN (transparent to your devices but configured on the firewall or edge router) for traffic redirection.
You will need a L3 switch at the remote sites for this though.

Check with your ISP and they can tell you if your setup can work or not.
If VTP does not work, then you will need separate vlans at remote sites
goraekAuthor Commented:
Cool thanks, I've contacted the ISP, and its been escalated to their network engineer.

I'll keep you guys posted.
goraekAuthor Commented:
There was an issue with the ISP, VLAN wasnt configured at their end.
goraekAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for goraek's comment #a40714351

for the following reason:

Resolved, ISP end.
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
I pointed him to the ISP...
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
Rather both myself and Akinsd pointed towards the ISP.  For differing reasons, but still points should be awarded.
All Courses

From novice to tech pro — start learning today.