Equipment Support > Hardware By Brand > Cisco > How to maintain VLAN Tags across Routers

How to maintain VLAN Tags across Routers

Physical Topology

The quick answer is yes it is possible, using GRE or VPN tunnels setup between Routers 1 & 3 and using policy routing.
--
Domwilko - CCVP, CCNP, CCNA, CCDA

reply to firefox
Yes there are many ways to accomplish this.

In the real world, thats the scenario for a MPLS VPN. You would replace that middle router with MPLS L3 VPN service from a provider like verizon or AT&T, and run two different VRFs. One for each group of users at each site. That would be a true layer 3 solution to the problem and limit the complexity of the edge router config.

If a MPLS solution isnt possible, you can setup a L2TPv3 tunnel of your own and actually pipe the VLANs across the WAN side of the router.

Multiple GRE tunnels. Virtual routing and forwarding instances. Policy routing will also work. There are many ways to accomplish the goal with varying dagrees of functionality and complexity.

Edit: Since you're location is listed as "San Jose, CA" you could probablly stand on the street corner with that picture printed out. Some jobless CCIE laid off by cisco will probablly stumble up and offer to configure it for you ;P

Even without an MPLS cloud from a carrier, this could be accomplished with VRF lite within the existing routers. All it would do is provide logical segmentation within the common physical devices just like the other tunnel methodologies expressed earlier which are all valid alternatives.

Of course with any of these solutions you would be complicating your routing configuration. Not that its a huge deal, but it could throw some beginners off a little bit.

reply to firefox
To put more spice into this firefox , let me ask you this. Are you trying to have VLAN 10 PC on one end to be within the same broadcast domain as the VLAN 10 PC on the other end? Same question to VLAN 20 PCs.

If VLAN 10 PC on one end does not have to be within the same broadcast domain as the VLAN 10 PC on the other end, then you could implement MPLS VPN like nosx suggested. Basically you need to set the following

Left side:
* Segment Switch 1 into multiple VLAN (in your case, VLAN 10 and VLAN 20)
* Switch 1 trunk with Router 1
* Router 1 terminates Layer-3 VLAN interfaces of left side

Right side:
* Segment Switch 2 into multiple VLAN (in your case, VLAN 10 and VLAN 20)
* Switch 2 trunk with Router 3
* Router 3 terminates Layer-3 VLAN interfaces of right side

VRF:
* Set Router 1 and Router 3 as CE and Router 2 as PE
* Assign one VRF for VLAN 10 and another VRF for VLAN 20
* Router 2 will leak default route to the Internet to both VRF labels to allow Internet access for both networks.

Now if you do want to have VLAN 10 PC on one end to be within the same broadcast domain as the VLAN 10 PC on the other end and to have VLAN 20 PC on one end to be within the same broadcast domain as the VLAN 20 PC on the other end, the approach will be a little bit different.

To maintain such broadcast domain consistency, you could implement the L2TPv3 like what nosx suggested or you could still implement VRF (in this case VRF lite) with a little creativity.

Either solution will provide some kind of "Ethernet network extension" across WAN. With these approaches, the WAN will be transparent to both networks since from PC perspectives, PC on left side will see PC on right side to be within the same LAN (same broadcast domain) without routing or hops.

Personally I like the second solution (the VRF lite with little creativity) instead of L2TPv3 since L2TPv3 might not be supported in the 2801. With this second solution, you could even use older model like 2600 series routers.