cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
diggly
New Contributor

How to configure 1638 for Layer 2 PTP circuit

Jump to solution

Hi, another dumb question.  We have ordered a Layer 2 Trunked Ethernet Point-to-Point connection with copper/RJ45 handoff at each end.  My understanding is that these can be plugged directly into my 1638s at each site, but I'm not clear on port configuration or encryption.

Site A has these subnets/VLANs:
VLAN 1 - 10.101.0.0/24
VLAN 115 - 10.115.0.0/24

Site B has these:
VLAN 1 - 10.101.1.0/24
VLAN 115 - 10.115.1.0/24

How would this be configured?  How is encryption done?

Thanks for your help.
Keith

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

Closer reading shows that you have different subnets on the same VLAN at both sides, but you specified a layer 2 trunked connection. The configuration I suggested was for a layer 2 bridge connecting each VLAN on one side to its mate on the other.

If you want a layer 2 setup work, hosts in a given VLAN should be in the same subnet on both sides of the link. No routing on the link.

If in fact you want routing between the two sites it gets more complex and giving a complete configuration isn't possible without knowing more about your network topology such as any other networks connected to each VLAN, where the default routes are, any dynamic routing protocols in use, etc.

View solution in original post

0 Kudos
6 Replies
jayh
Honored Contributor
Honored Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

diggly wrote:

Site A has these subnets/VLANs:
VLAN 1 - 10.101.0.0/24
VLAN 115 - 10.115.0.0/24

Site B has these:
VLAN 1 - 10.101.1.0/24
VLAN 115 - 10.115.1.0/24

How would this be configured? How is encryption done?

config t

vlan 115

exit

interface [number of interface on switch at each end]

switchport mode trunk

switchport trunk allow vlan 1, 115

no shutdown

[ctrl-Z]

write mem

Encryption, if desired, would be done elsewhere such as at the endpoints.

diggly
New Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

Thanks jayh, makes sense.  Circuit goes live Monday, will let you know how it goes.

Keith

diggly
New Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

jayh --- our ISP finally got the circuit up today, and initial attempts at connecting are unsuccessful.

I tried the config above with no success, but I'll try it again when things quiet down.  Note that the same VLAN numbers refer to different subnets on each switch.  Not sure how a reference to a Site B address (like 10.101.1.50) from a Site A address (like 10.101.0.50) would know to take the assigned port and not fall through to the default route to our firewall, which makes the connection over a site-to-site VPN tunnel.

Thanks again for your help.

Keith

jayh
Honored Contributor
Honored Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

Closer reading shows that you have different subnets on the same VLAN at both sides, but you specified a layer 2 trunked connection. The configuration I suggested was for a layer 2 bridge connecting each VLAN on one side to its mate on the other.

If you want a layer 2 setup work, hosts in a given VLAN should be in the same subnet on both sides of the link. No routing on the link.

If in fact you want routing between the two sites it gets more complex and giving a complete configuration isn't possible without knowing more about your network topology such as any other networks connected to each VLAN, where the default routes are, any dynamic routing protocols in use, etc.

0 Kudos
diggly
New Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

Thanks again jayh, I thought that might be the case.

To close the loop on this, the ISP did not in fact install a trunked circuit (which I don't really need but didn't but didn't know that when I ordered it), but gave me a single tagged VLAN to use.  Once I cleared that up, it turned out the circuit was not even up, but eventually we got connectivity going, and I'll just set up routing over the tagged VLAN.

Keith

jayh
Honored Contributor
Honored Contributor

Re: How to configure 1638 for Layer 2 PTP circuit

Jump to solution

diggly wrote:

Thanks again jayh, I thought that might be the case.

To close the loop on this, the ISP did not in fact install a trunked circuit (which I don't really need but didn't but didn't know that when I ordered it), but gave me a single tagged VLAN to use. Once I cleared that up, it turned out the circuit was not even up, but eventually we got connectivity going, and I'll just set up routing over the tagged VLAN.

That works too! Most providers will offer Q-in-Q where the provider tag is stripped before the handoff to customer and you can add your own VLAN tag over the layer 2 circuit which is untagged at the customer handoff. This works transparently as long as the provider has sufficient MTU overhead within its network to support the customer VLAN tag.

Or, as you've done, just route it.