Bridging a VPN Tunnel

[makemorebeer]

before i push to hard on this solution i'd liek to get some feedback on if it's even possible. the setup is an 1811 router with a single ADSL line coming in. we want to run two tunnels out to our remote offices. one will need to run spanning tree across it which i beleive will require bridging. the other i do not want bridged. any ideas if this can be done. these two tunnels are intended to be backup links for our two remote sites. one has a redundant switch topology that requires spanning tree.

 

[brianinms]

No, spanning tree won't propagate across a VPN.

 

[dtrtel]

You're trying to tunnel layer 2 over a tcp connection. There is one thing that pops into my mind, but it's not cisco. There is a small company in Latvia, called Mikrotik. I've met the guys at several ISP conferences and they are very sharp and their english is quite good.

Anyway, they have a feature in their RouterOS that can create an "Ethernet over IP" tunnel. It simply encapsulates the ethernet frames into IP packets, sends them across, and unencapsulates them onto the remote ethernet. It should pass spanning tree bridge pdu's if anything will, though I have never tried it.

http://www.mikrotik.com/testdocs/ros/2.9/guide/specs.php

You can download and try before you buy and the pricing is very good.


--jeff

http://linkedin.com/in/JeffLynch

 

[makemorebeer]

drtel, good call on the microtiks. i've got a little experiance with them. more so with their "Dude" network monitoring and mapping software. however i'm restricted to using the cisco 1811 routers i've got. so given that scenario is there any way to take two cisco 1811 routers, and an ADSL connection and pass spanning-tree across it. if not how owuld you creat a completely automatic back up link with the following layout.

 

[makemorebeer]

well that didn't work like i hoped it would

lets try ASCII art.

main office
Core switch-----switch1----switch2----1400bridge-->
|
|
|
switch3----cisco 1811-->


remote site
<--1400bridge2---offsite1-----offsite2
|
|
<--cisco18112----offsite3

So there is a bridged wireless connection between the two cisco 1400 bridges, and the two cisco's will have an ADSL link. how can i use this setup to pass spanning-tree. if it can't be done how could i set it up to make an automatic failover path should one link or the other go down?

 

[burtsbees]

You just need spanning-tree per site, not necessarily to go across to the other site.---so you want failover between links in case one goes down, with both sites always operational? Just point to the preferred route (assuming it's the wireless connection, and adsl is the backup) with a default route, and point all subnets to the secondary link (backup) with a default route but with a metric of 50 at the end...let's say the wireless is 10.1.1.0 and the adsl is 10.2.2.0
ip route 0.0.0.0 0.0.0.0 10.1.1.2
the 10.1.1.2 represents the next hop...
and also
ip route 0.0.0.0 0.0.0.0 10.2.2.2 50

Burt

 

[dtrtel]

Have the remote site(s) connect to the main site via IPSEC tunnel on the ADSL side(s) so you'll have an alternate path to the main site besides the wireless bridge. Then you can set the metric lower on the preferred route between sites as Burt points out. I also agree that you don't need spanning tree between sites since you appear to have only 1 layer 2 path (the wireless bridge) between the sites anyway. The backup link is IP only.


--jeff

http://linkedin.com/in/JeffLynch

 

[makemorebeer]

i gues si've been working so hard on getting two layer 2 paths up that i didn't even think of the differences at work here. it was originally supposed to be two layer 2 bridges, and we had a third party fall through on us.

so what i need to do then is setup my tunnel, and assign two default routes. so whcih device is my next hop though. is it the 1400 bridge, or the switch right before that?