OTV-Extended VLAN Gateway

I am working on this design where the DC VLANs that need to be extended to DRC via OTV have their gateways as SVIs on a server agg VSS. So there is no FHRP in DC. The other side (DRC) server aggregation is a pair of VDCs on N7K. See figure for connectivity summary.
I need to maintain the gateway IP address on both sides for each extended VLAN. So for VLAN100 the gateway in DC is SVI-100 on the VSS pair with IP address 10.0.0.254 while in the DRC side it is an HSRP VIP address of 10.0.0.254. This is required to maintain the server network card configuration once it is moved from DC to DRC.
In order to avoid tromboning traffic destined across VLANs and prevent it from traversing the OTV link, what possible solutions are available? I have been reading OTV design and best practices documentation and I think FHRP isolation is irrelevant, or is it?

Although FHRP is not issue here, but you still need to block 'ARP for default gateway' and 'MAC address of default gateway' which is advertised by IS-IS.
you can refer this link for more details:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro.pdf

Similar Messages

OTV site vlan with multiple overlay interface

Hi,
I have an OTV multihoming sites. 2 sites. 2 otv edge device each site.
and with multiple overlay interface sharing 1 joint interface
otv edge device connected to multiple VDC.
each internal / downlink will forward different vlan for each vdc.
================================
example
int overlay 1
otv extends-vlan 10
int overlay 2
otv extends vlan 20
int eth 2/1
description trunk to VDC1
switchport trunk allowed vlan 10,100
int eth 2/2
description trunk to VDC2
switchport trunk allowed vlan 20,100
otv site-vlan 100
================================
i understand that i can only use 1 site vlan.
so in order for the failover to happen, both eth 2/1 and eth2/2 must fail?
what if only int eth2/1 fail? will the int overlay 1 failover to secondary otv device?
thanks,
ivan

"So when querying the adjacency server the ED then knows which other ED is within the same site?"
Yes for the first part of the question, using the site Vlan unique to each site.
Why do you need a routed link between ED's at local site? You dont need to connect those back-back over L3. Moreover if you want to use it for L3 ADJ over peer-link, you need to make sure that VLAN that you are using is not allowed on the VPC member ports, just on the peer-link, else VPC loop alrorithm will break your traffic.
Are you planning to use multicast or a Unicast deployment? I remember I tried testing the topology in a POC for one of my customer, things did not work as expected in multicast deployment mode and worked fine in Unicast Adjacency server mode. I need to go back and check my notes on this.
I would rather have the join-interface go back to a routed core at site rather than back-back connecivity as it opens up the tested Multicast deployment mode.
Cheers,
-amit singh

Concerning OTV and VLAN Assignments

I've been looking around but can't find any specific information...
When configuring OTV between data centers, is it required/advisable/best practice to have the VLANs that you need to extend from one DC to another have the same VLAN ID? Does that matter?
For example, VLAN 10 in New York DC is the 172.31.12.0/23 network. I want to extend the 172.31.12.0/23 network to the Los Angeles DC. Does the VLAN ID in the LA DC need to be VLAN 10 or can I use any VLAN ID in this case?
Thanks!

Hi Clay,
In my opinion it would be best practice to have the same VLAN numbering across the data centres you're extending VLANs, purely to keep things simple. Obviously if you translate from one VLAN number to another it will add some complexity and so complicate troubleshooting to some extent.
As far as whether having the same IP subnet assigned to different VLAN numbers is possible, I'm afraid you can't do this today. As of November 2012 Cisco were saying support for OTV VLAN translation would be available in the Nexus 7000 NX-OS 6.2 release. If you have Cisco Partner level access you can see the Nexus 7000 Roadmap Update presentation where this is discussed (see slide 11).
Regards

Unable to create extended vlan

Dear All,
Is there anyway to create extended vlan(from 1006 to 1010) on my cisco 7604? These are existing customer vlan which I planned to move to this 7604 but unfortunately cant. I believe only FDDI and Token ring vlan unable to remove. Expert please advice.
PBR#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s3223_rp Software (s3223_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF17, R
ELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by cisco Systems, Inc.
Compiled Fri 25-Sep-09 06:10 by ccai
Image text-base: 0x40101040, data-base: 0x42A509B0
ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
BOOTLDR: s3223_rp Software (s3223_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF17, R
ELEASE SOFTWARE (fc1)
PBR uptime is 11 weeks, 1 day, 21 hours, 33 minutes
Time since PBR switched to active is 11 weeks, 1 day, 21 hours, 33 min
utes
System returned to ROM by power cycle (SP by power on)
System image file is "sup-bootdisk:s3223-ipservices_wan-mz.122-18.SXF17.bin"
cisco CISCO7604 (R7000) processor (revision 2.0) with 458752K/65536K bytes of me
mory.
Processor board ID FOX1340GBXD
R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
18 Virtual Ethernet/IEEE 802.3 interfaces
57 Gigabit Ethernet/IEEE 802.3 interfaces
1915K bytes of non-volatile configuration memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
PBR#
PBR#sh vlan
VLAN Name Status Ports
1 default active Gi3/14, Gi3/44
2 HPeP_Terrestrial_Side active
3 HPeP_Satellite_Side active Gi3/23, Gi3/24
5 Management active Gi3/1, Gi3/2, Gi3/3, Gi3/4
Gi3/5, Gi3/6, Gi3/7, Gi3/8
Gi3/9, Gi3/12, Gi3/13, Gi3/15
Gi3/31, Gi3/35
6 Customer_Traffic active Gi3/11, Gi3/37, Gi3/38
8 GCU active Gi3/33, Gi3/34
20 SIME active
45 Petrofac active
51 140.176.51.0/24-client-vlan active
101 Internet_Connection active Gi1/1, Gi1/2, Gi3/16, Gi3/26
190 BUK_FVSB active
201 Customer_VLAN_201 active
202 GITNS2A active
203 Internet_Connection_New active Gi3/17, Gi3/48
204 Sports_Toto_Malaysia active
205 XOM_EXXONMOBIL active
206 PCSB active
990 Unused_Ports active Gi1/3, Gi1/4, Gi1/5, Gi1/6
Gi1/7, Gi1/8, Gi1/9
999 RSPAN active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
20 enet 100020 1500 - - - - - 0 0
45 enet 100045 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
190 enet 100190 1500 - - - - - 0 0
201 enet 100201 1476 - - - - - 0 0
202 enet 100202 1500 - - - - - 0 0
203 enet 100203 1500 - - - - - 0 0
204 enet 100204 1500 - - - - - 0 0
205 enet 100205 1500 - - - - - 0 0
206 enet 100206 1500 - - - - - 0 0
990 enet 100990 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
999
Primary Secondary Type Ports
PBR#
PBR# sh vlan internal usage
VLAN Usage
1006 online diag vlan0
1007 online diag vlan1
1008 online diag vlan2
1009 online diag vlan3
1010 online diag vlan4
1011 online diag vlan5
1012 PM vlan process (trunk tagging)
1013 Control Plane Protection
1014 L3 multicast partial shortcuts for VPN 0
1015 Egress internal vlan
1016 Multicast VPN 0 QOS vlan
1017 GigabitEthernet3/27
1018 GigabitEthernet3/47
1029 IPv6 Multicast Egress multicast
1030 L3 multicast partial shortcuts for VPN 1
1031 Multicast VPN 1 QOS vlan
1032 L3 multicast partial shortcuts for VPN 3
1033 Multicast VPN 3 QOS vlan
1034 L3 multicast partial shortcuts for VPN 5
1035 Multicast VPN 5 QOS vlan
1036 L3 multicast partial shortcuts for VPN 6
1037 Multicast VPN 6 QOS vlan
PBR#

As Cisco Freak said, those vlans are being allocated for internal use
Layer 3 LAN ports, WAN interfaces and subinterfaces, and some software features use internal VLANs in the extended range. You cannot use an extended range VLAN that has been allocated for internal use.
In order to use them, you will need to use a descending vlan allocation option, to start allocation from vlan 4094 and down, to do this you will need to apply the command:
vlan internal allocation policy descending
And then reboot your switch, so the internal vlans get reallocated
For more info refer to this configuration guide:
http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/vlans.html#pgfId-1038695

Extended Vlans matters on N5K

Hello there,
Looking for some help on extended vlans design. Customer is using 90% of extented VLANs as follows based on exclusive services:
1200-1499
1700-1999
1500-1799
Total of 897 VLANs.
First question is: Do you know if extentend VLANs count as active VLANs in the 512 limit or we should not worry as this limit is only for normal VLANs? The datasheet is not clear enough and does not say if this limit is for both.
Second question is: Supposing question 1 is ok, when allowing these vlans in the trunk, should we also create these VLANs or they are already active (according to conf guide), there is, should we need to issue "vlan 1200" in conf mode for instance?
Thank you!

This was a limitation with older VTP implementation(extended VLANs were not supported when VTP was first designed). With VTP version 3, extended VLANs are supported
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/vlans.htm#wp1090061

SRW2048 extended vlan support

We are looking to use some SRW2048 in replace of some 2960 switches. Do the SRW2048 support extended vlan ( 1-4094 )
Thanks,
Jason

Hi Jason,
The manual does state;
VLAN Management Tab - Create VLAN
The Create VLAN screen provides information and global parameters for configuring and working with VLANs.
VLAN ID (2-4094). Indicates the ID number of the VLAN being configured. Up to 256 VLANs can be created. This
field is used to add VLANs one at a time. To add the defined VLAN ID number, press the Add button.
VLAN Name.
Of course the default VLAN ( VLAN ID=1) is enabled by default on all ports.
Hope that helps
regards Dave

Extending vlan 301 through ASR 1006 (extending the broadcast domain)

Good evening everyone. My brain hurts trying to figure this out. I'm used to Layer 3 switches so this is different.
According to the documentation, this should be allowed using EVC and Bridge Domains. But there is one disclaimer in the documentation... if you've configured a channel-group on a physical ports, you can't have port-channels (or something like that).
I have configured multiple port-channels (for port redundancy), each port-channel having multiple sub-interfaces (for vlan creation on this beast). Each sub-interface has an ip address. Now it has come to my attention that there are two vlans that need to be extended from a remote office (via port-channel 3) to our Core (via port-channel 1). I want to be clear, I am trying to get this router to simply forward layer 2 traffic from port-channel 1 to port-channel 3. I tried the following:
example: vlans 300 and 301 need to be extended.
create additional sub-interfaces like this,...
int port-channel 1.300
encapsulation dot1q 300
int port-channel 1.301
encapsulation dot1q 301
int port-channel 3.300
encap dot1q 300
int port-channel 3.301
encap dot1q 3.301
But that didn't work. I tried evc and bdi but it's confusing as heck. Anyone got any ideas? Is this possible? Can you point me to a resource that can make it crystal clear for me?

Thank you Reza. I was worried about that.
So I have an opportunity to re-configure this entire beast because of this. If I need to make this work, is the ASR the wrong choice or am I just going about it wrong?
I've read that if I had two ASRs I could implement OTV. Does that make sense?
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-xe-3s-book/wan-otv-confg.html#GUID-DCB20ADF-1F8E-434B-AE97-54802879F34F

Extending VLAN across Data centers

I hope you can help, I have 2 data centers connected via a L3 10gb (dark fiber) now I have a few more fiber strands available between the 2 data centers; so for Disaster Recovery and server clustering (requiring same subnet) does it make sense to extend certain vlans across using these extra fiber strands or is it best practice to keep the layer 3 separation, thanks in advance!

Borman
It does make sense in terms of clustering. Not sure exactly what you mean in terms of disaster recovery, that really depends on your topology/addressing.
Basically i would route where you can and extend L2 when you have to. Be aware you are extending L2 between data centres and tha brings STP issues. Obvioulsy make sure you only allow the vlans you need on this link and route all else.
There are other ways to extend a L2 vlan across a L3 link - L2TPv3 springs to mind.
Jon

Extending VLANs across routed interfaces

Hello;
I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
Thanks in advance.

I realize this thread is 5+ years old, but I feel like commenting anyway.
If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces. You will need to use a layer 2 trunk(dot1q). Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP. In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
If you want fast fail over on a layer 2 link, well then, use Rapid STP. The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.

How to extend VLAN in 3rd and 4th 6513 switch with HSRP

Hi presently in One Data centre 02 Nos. of 6513 is configured in HSRP. Due to space constraint some servers need to be installed in other room and there 02 Nos of 6509 switches need to be configured in HSRP again.
One Data Vlan needs to be extended in expanded room. What should be the best practice for configuration in 6509 switches in HSRP. Please suggest.

Just as #1 and #2 are connected with (I would assume) trunking ports, similarly add connections to #3 and #4 Catalyst 6k. Define the layer 2 VLANs in the 6509 and assign access ports to those VLANs as required.
Personally I don't see much value to adding L3 interfaces (SVIs) for the VLANs (and adding them to the HSRP groups) on the 6509s. It depends in part on how your other connectivity into them is setup. If everything leaving the server VLAN goes to users, WAN, Internet etc. via the original pair of 6513s then keep the 6509s simple with only layer 2 VLANs.

1300 Bridge - Extending VLANs in Pt-to-Pt Mode

I need to set up 1300 series Wireless Bridges in a point-to-point mode, and I need to extend several VLANs from one building to the other.
On the 1231G/1242AG APs in AP mode, each SSID must be mapped to a unique VLAN ID. Is this also the case with the 1300 bridge?
Is there a good doc out there that explains how to config what I'm trying to do?

No its no the case, you can have several vlans going over one SSID.
Just create sub interfaces on the Dot1radio interface and Ethernet interface.
like this (this will pass the native vlan and vlan 2 and 3 ) -
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
There is a guide here
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr

OTV Site VLAN Configuration

Hi
I am implementing OTV between to sites using the ASR 1002X routers. My topology for one of the sites is attached. How do I go about configuring the site VLAN so both ASRs on this site can see each other. I have seen the following config but can't seem how they will still identify each other without a site VLAN running between then.
otv site bridge-domain 11
otv site-identifier 0000.0000.0011
Thanks

Ok so what I have found until now is i can use the above commands to define the site vlan in this case 11. This has to bee the same for all devices on the same site.
The site identifier can be different from the site vlan but has to be the same for all devices on the same vlan.
Then in on the internal interface we need a service instance that is basically trunk config to allow the site vlan down the link to the internal switch, that config is
Service instance 11
Encapsulation dot1q 11
Bridge-domain 11
Again only encap dot1q refers to the vlan but the others need to be unique so easier just to use the same number as the vlan no.
Finally on the internal switch just create clan 11 and allow it on the trunk to the asr.
I believe thats it for the site vlan, not put to the test yet though. Feel free to correct me if im wrong
HTH

VLAN gateway access???

Hi
My name is Chris and I’ve recently brought a SG 300-52 for my company with the main intention of using the L3 switching, I’ve recently gone on a 3day cisco course and came backing thinking i knew what i had to do but as always if you don’t have the experts next to you to answer the questions you soon have problems.
Hopefully this is a very simple question/solution for you guys
I have setup 3 VLANS, the switch is basically on its default settings and VLAN 1 connects straight to the router/gateway and on the internet but VLAN 2 and 3 do not, they are completely localy contained to their own Non DHCP networks...
…So the question is how do I get VLAN 2 and 3 on the internet and able to talk to each VLAN?
The keywords I’ve came across in my search are static routing between VLANs and InterVLAN, I’m assuming i need to do one of these???
I’m sorry if this seems simple... Please help
Regards

Ok…
Router (IP 81.187.174.129):
Rule - anything for 192.168.2.x (VLAN 2 network) send to 81.187.174.136 switches Gateway (router is physically connected to) for the Switch to then route the packet…. I’ve got that Loud and clear and all that is working.
I do understand honestly J
I’ve set the DHCP on the router so all DHCP clients have the 81.187.174.136 gateway (switch’s gateway instead of the routers) so that’s lovely and fine now, all traffic is going to the switch first…. Great just what I wanted.J
VLAN 2 can Ping the Router 81.187.174.129 from 192.168.2.69 through its local gateway of 192.168.2.1 The switch then takes the packet and sends it to the next hop 81.187.174.129 (the router) from the switch’s 81.187.174.136 interface, if this default route is taken out then the switch has NO WAY of getting to the router so I CANT remove this as the system will not ping the router for obvious reasons.
The route in the router states
VLAN2,
Direction ANY>LAN,
TARGET 192.168.2.x/24,
SEND to 81.187.174.136 (next hop)
So this all makes perfect sense surely.
The NIC on the PC connected to VLAN 2 is configured as follows…
IP 192.168.2.69/24
GW 192.168.2.1
DNS 81.187.174.129
This also makes perfect sense… hopefully
wait a tick........
IVE DONE IT!!!!!!! Haha
I’ve just configured another route in the router
LAN->WAN(WAN)
Any
Any->Any
Any
Any
81.187.173.141
NAT
Thank you guys for all your help, I would like to virtually shake your hands, I am so happy this has finally come to end…… for now.
You have all been so helpfully.
Thank you all and merry christmas!
JJJJJJJJJJJJJJJJJJ

Can I use Extreme with Time Capsule to extend my gateway router and still use Capsule as "external HD"?

Bought Airport Extreme with Time Capsule version 7.7.2 with 2 Terabytes Feb 2014. It was probably an expensive mistake, but after searching for weeks for a external hard drive, it seemed reasonably priced to just use the capsule as my external hard drive for the price I paid. Spend an hour with Apple Care to get it working-had to use ethernet cord to my iMac OS 10.8.5 processor 2.5 GHz Intel Core i5. I did not "need" the airport as we have a Winstream SAGEMCOM modem/router (Sagemfast 1704) But, I was desperate and about to lose my old external hard drive with literally had 3 computers worth of information on it. It had already "died" once, but got it back, so once I got the airport/capsule and was told I just paid for an expensive HD, I had no time to take it back to get something else-I had to transfer my info right then. We (Apple Care) could not get it to work as a HD wirelessly. It may be because it was being set up for the first time; I don't know. I was hoping I would get a transcript of all done so I could do it myself if needed later on, but when I looked at my email-they didn't do that. (Don't know if that is normal, I was used to other "techs" sending the email.) So now I really want to try to move my airport and "extend" our wifi as it said on the "box" that you could do...
Our Windstream router had to be placed in the lower level at the bottom of our stairs. The stairway is "open" (no door going down the steps). I want to place the Extreme at the top of the stairs so that we can use some things in our offices or not have Netflix on our TV lose connectivity when we all are on our computers.
I know I need an ethernet cord to connect directly with the modem/router to the Airport Extreme. I don't know what I will need to do after I connect it as it was so goofy when we set it up the first time (With the app it would disappear and not show up..) But my biggest concern is will I be able to still use the capsule as my hard drive and will I be able to do it wirelessly? (Even with it connected by ethernet, every day I have to re-connect to it before I can click on anything on the hard drive. It never shows up on it's own as my old HD did. That drives me nuts.) I do back up using the Time Capsule feature as well. I appreciate any help.

I am still willing to plug in the ethernet cord to the modem/router and try it IF I was able to get a step by step instructions..
Connecting the Time Capsule (TC) to the existing Winstream by Ethernet would be the basis for a roaming type network. This type of network allows you to basically "roam" with a wireless client and connect to either router. This, in essence, would provide you with an "extended" wireless network. The Apple routers can work with just about any manufacturers' routers in this fashion.
The keys to having a successful roaming network are as follows:
The routers must be interconnected by Ethernet.
Both routers will broadcast their own Wi-Fi network, but MUST use the same Network Name (or SSID), wireless security type (WPA or WPA2), and wireless password.
The TC MUST be reconfigured as a bridge.
Connect a single Ethernet cable between one of the Winstream's LAN ports and the WAN (circle of dots) port on the TC.
The basic steps are:
Power-down the Winstream.
Perform a "factory default" reset on the TC. Leave the TC powered-down after the reset has completed.
Connect the TC to the Winstream using an Ethernet cable.
Power-up the Winstream. Wait at least 10-15 minutes to allow it to initialize.
Power-up the TC. Wait at least 5 minutes to allow it to initialize. (Note: Since we just reset the TC it will be performing as a wireless router that will be broadcasting an unsecured Wi-Fi network with a Network Name of something like: Apple Network NNNNNN)
Connect your computer to the Winstream's Wi-Fi network.
Run the AirPort Utility. select the TC, and then, select Edit.
Go to the Network tab.
Change the Router Mode option to: Off (Bridge Mode)
Select the Wireless tab.
Verify that the Network Mode option is set to: Create a wireless network
For Wireless Network Name, enter the Wi-Fi network name used by the Winstream.
For Wireless Security, select the equivalent security type that is used by the Winstream. (Note: Use "WPA/WPA2 Personal" if the Winstream is using WPA/TKIP. Use "WPA2 Personal" is the Winstream is using WPA2/AES.
For Wireless Password, enter the same password used by the Winstream.
Select Update and allow the TC to restart.
As far as your external HD, yes you should still be able to use it as before.

Extending VLANs over an unmanaged switch

We have a network which consists of primarily Cisco 3560X switches and Meraki MR34 wireless access points. We have a handful of VLANs setup. In one instance, a WAP was plugged into an unmanaged SD100D-08 switch. I would have expected this to "break" our wireless access. However, it appears everything is working as we'd want.
The switchport on the 3560X that the unmanaged switch is connected to is configured as a trunk port with the default VLAN of 1. No matter which SSID/VLAN we connect to on the Meraki Access Points, we get assigned a proper IP in the VLAN that we'd expect. If we connect a computer to the unmanaged switch, it gets an IP from VLAN 1, just as we would have wanted.
Why is this working? I thought the unmanaged switch would drop all packets with VLAN headers?

Thanks for the quick response Jon. I have continued with my testing and connected two 3560X switches together with the same unmanaged switch in between them. I configured the 3560X ports as trunk ports and am able to pass all VLANs between the two 3560X switches with the unmanaged switch in between.
As you stated, it looks like the unmanaged switch is capable of handling the VLAN tagged frames and passing them out all connected ports.
Obviously this configuration is not best practice, but I guess it is pretty cool it's working that way.
Jason

OTV-Extended VLAN Gateway

Similar Messages

Maybe you are looking for