HPE Community
HPE Aruba Networking & ProVision-based
1830250 Members
2595 Online
110000 Solutions
New Discussion

Re: Remote LAN Routing Configuration

 
mcintoshs
Occasional Contributor

‎08-07-2012 11:16 AM

‎08-07-2012 11:16 AM

Remote LAN Routing Configuration

We are replacing Cisco router-terminated T1 WAN connections between our central hub site (A) and remote site (B) with 1Gbps fiber and plan to use 802.1q VLAN's to connect the sites using our existing HP ProCurve 5406zl "core" routing switches at both sites.

 

We have installed HP SFP+ J9538A modules and SFP+ transceivers J9151A on the routing switches at either end on which the fiber will terminate. It is the remote site setup that I am most concerned about. At remote site B, the existing Cisco router ethernet interface is 10.40.0.1/16 and serial address of 192.168.1.45/30. Client PC's at site B are assigned that router address as their default gateway via DHCP. Other non-routing HP switches are uplinked to the core switch at site B. The default VLAN on the 5406zl at site B has an ip address of 10.40.0.35/16.

 

We are running Active Directory DHCP for client computers with a scope of 10.40.0.0/16 and router interface of 10.40.0.1.

 

Is the following correct:

 

My plan is to reuse the existing Cisco serial interface addresses of hub and remote site in setting up the 802.1q VLAN connecting the two sites over fiber. Just prior to the connection of the fiber, I will shut down the Cisco router interfaces and make sure the 5406zl switches at both ends have the correct static routes.

 

I will create a VLAN numbered 1000 at site B named "Site A Connection" with an IP address of 192.168.1.45/30. I will untag the inter-connect port F1 for VLAN 1000 and tag port F1 for other two VLANS (default 1 and VLAN 2 for security cameras). I will create a VLAN numbered 1000 at site A named "Site B Connection" with an IP address of 192.168.1.46/30. I will untag the inter-connect port F1 for VLAN 1000 and tag port F1 for the other 8 VLAN's (Default 1 and others numbered 2-8).

 

Since the Cisco router with ethernet interface 10.40.0.1 at Site B is being de-commissioned concurrently with the establishment of the new gb fiber connection, I will need to modify the DHCP "router" value for client PC's from 10.40.0.1 to 10.40.0.35 (the HP 5406zl default VLAN ip address) and reboot the client PC's after the new connection has been made.

 

Have I got this right?

Thanks,

Scott

 

 

0 Kudos
3 REPLIES 3
paulgear
Esteemed Contributor

‎08-07-2012 03:43 PM

‎08-07-2012 03:43 PM

Re: Remote LAN Routing Configuration

Hi Scott,

I think the solution you've suggested will work, but it seems to me that it could be simpler than that. Is there some other requirement that makes you want to move from routing to tagged VLANs? I would just consider the fibre link as an exact replacement for the serial link, and leave the routing on either side of it exactly as is.

I would set up the fibre link (VLAN 1000) as you've described, make sure both switches are set for routing (with the correct static, RIP, or OSPF routes installed), then turn off the Cisco and change the IP address of the 5400 on site B the Cisco's address.

Then everything routes exactly as it did previously, and the PCs are none the wiser. Job done.

Paul
Regards,
Paul
0 Kudos
mcintoshs
Occasional Contributor

‎08-08-2012 06:58 AM

‎08-08-2012 06:58 AM

Re: Remote LAN Routing Configuration

Thanks for the reply, Paul.
We are a school district and are doing 802.1q to be consistent with practices by our Town IT Dept. on their Cisco switch platforms.


However, I am intrigued by your response. Just want to make sure I understand what you are suggesting.

If we proceed with 802.1q inter-site VLAN,are you saying that the plan I outlined will work exactly as outlined inclufing the tagging/untagging scheme?

 

If we use pure routing as you suggest, would the VLAN at the central hub site have no IP address and simply have the uplink port untagged in that VLAN with no tagging of ports on the numerous other VLAN's at the central hub site? And would the VLAN at the remote site have an IP address corresponding to the ethernet address of the old remote site Cisco router (10.x.0.1)? And would there be no use of the old serial interface addresses of the old /30 mini-network at all on either of the VLAN's?

What would be the pros and cons of using pure routing vs. 802.1q? What would we gain (and lose) by using pure routing?

Thanks,

Scott

0 Kudos
paulgear
Esteemed Contributor

‎08-12-2012 09:10 PM

‎08-12-2012 09:10 PM

Re: Remote LAN Routing Configuration

The routed setup i'm suggesting is simply substituting your ProCurve switch for your Cisco router (taking over both of its IP addresses), and substituting a single (untagged) VLAN for your serial link. Just think of that VLAN as a point-to-point connection (which contains only two untagged ports and nothing else), and you'll visualise it more easily.

The disadvantage of using tagging and doing routing at your central site is that broadcasts and non-IP traffic can (and do) cross the WAN link. You can reduce this by doing broadcast limits on each VLAN, but this affects all ports on the VLAN, not just the WAN link.

Using a routed setup means that your network is more likely to scale effectively in the future. Usually it's good to keep no more than 200-500 machines or so in a subnet no matter how widely distributed the VLAN is. Let's say it gets to 600 PCs and you decide you want to split it into three - then you would need to trunk the 3 VLANs across the link (including their broadcasts).

If you stick with routing, no matter how many new sites you bring on, there's no broadcast going across your WAN.

What you lose by doing pure routing is the ability to put machines in multiple sites on the same VLAN & subnet. This is presumably not a requirement at present (given that you're using a routed link), but might be in future.

I've done it both ways, and each solution is better at some things and worse at others, but i generally lean more towards routing where it's possible.
Regards,
Paul
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.