6 Replies Latest reply on Jun 30, 2017 9:35 AM by jayh

    How to configure 1638 for Layer 2 PTP circuit

    diggly New Member

      Hi, another dumb question.  We have ordered a Layer 2 Trunked Ethernet Point-to-Point connection with copper/RJ45 handoff at each end.  My understanding is that these can be plugged directly into my 1638s at each site, but I'm not clear on port configuration or encryption.

       

      Site A has these subnets/VLANs:
      VLAN 1 - 10.101.0.0/24
      VLAN 115 - 10.115.0.0/24

       

      Site B has these:
      VLAN 1 - 10.101.1.0/24
      VLAN 115 - 10.115.1.0/24

       

      How would this be configured?  How is encryption done?

       

      Thanks for your help.
      Keith

        • Re: How to configure 1638 for Layer 2 PTP circuit
          jayh Hall_of_Fame

          diggly wrote:

           

          Site A has these subnets/VLANs:
          VLAN 1 - 10.101.0.0/24
          VLAN 115 - 10.115.0.0/24

           

          Site B has these:
          VLAN 1 - 10.101.1.0/24
          VLAN 115 - 10.115.1.0/24

           

          How would this be configured? How is encryption done?

           

          config t

           

          vlan 115

          exit

           

          interface [number of interface on switch at each end]

          switchport mode trunk

          switchport trunk allow vlan 1, 115

          no shutdown

           

          [ctrl-Z]

           

          write mem

           

          Encryption, if desired, would be done elsewhere such as at the endpoints.

            • Re: How to configure 1638 for Layer 2 PTP circuit
              diggly New Member

              Thanks jayh, makes sense.  Circuit goes live Monday, will let you know how it goes.

               

              Keith

              • Re: How to configure 1638 for Layer 2 PTP circuit
                diggly New Member

                jayh --- our ISP finally got the circuit up today, and initial attempts at connecting are unsuccessful.

                 

                I tried the config above with no success, but I'll try it again when things quiet down.  Note that the same VLAN numbers refer to different subnets on each switch.  Not sure how a reference to a Site B address (like 10.101.1.50) from a Site A address (like 10.101.0.50) would know to take the assigned port and not fall through to the default route to our firewall, which makes the connection over a site-to-site VPN tunnel.

                 

                Thanks again for your help.

                 

                Keith

                  • Re: How to configure 1638 for Layer 2 PTP circuit
                    jayh Hall_of_Fame

                    Closer reading shows that you have different subnets on the same VLAN at both sides, but you specified a layer 2 trunked connection. The configuration I suggested was for a layer 2 bridge connecting each VLAN on one side to its mate on the other.

                     

                    If you want a layer 2 setup work, hosts in a given VLAN should be in the same subnet on both sides of the link. No routing on the link.

                     

                    If in fact you want routing between the two sites it gets more complex and giving a complete configuration isn't possible without knowing more about your network topology such as any other networks connected to each VLAN, where the default routes are, any dynamic routing protocols in use, etc.

                      • Re: How to configure 1638 for Layer 2 PTP circuit
                        diggly New Member

                        Thanks again jayh, I thought that might be the case.

                         

                        To close the loop on this, the ISP did not in fact install a trunked circuit (which I don't really need but didn't but didn't know that when I ordered it), but gave me a single tagged VLAN to use.  Once I cleared that up, it turned out the circuit was not even up, but eventually we got connectivity going, and I'll just set up routing over the tagged VLAN.

                         

                        Keith

                          • Re: How to configure 1638 for Layer 2 PTP circuit
                            jayh Hall_of_Fame

                            diggly wrote:

                             

                            Thanks again jayh, I thought that might be the case.

                             

                            To close the loop on this, the ISP did not in fact install a trunked circuit (which I don't really need but didn't but didn't know that when I ordered it), but gave me a single tagged VLAN to use. Once I cleared that up, it turned out the circuit was not even up, but eventually we got connectivity going, and I'll just set up routing over the tagged VLAN.

                             

                            That works too! Most providers will offer Q-in-Q where the provider tag is stripped before the handoff to customer and you can add your own VLAN tag over the layer 2 circuit which is untagged at the customer handoff. This works transparently as long as the provider has sufficient MTU overhead within its network to support the customer VLAN tag.

                             

                            Or, as you've done, just route it.