I need some help in unterstanding in Bridging VLANS.
I’m getting over a trunked fiber connection two different VLANS. These are two VLAN-Connections from different Locations lets say (Location 1: Vienna and Location 2: Salzburg and my Location is Linz).
VLAN Tag Vienna 1100
VLAN Tag Salzburg 1200
My actual situation is that when Salzburg wants to Ping Vienna, they are routed over my Location in Linz. A direct connection between Salzburg and Vienna is not availiable.
How can I configure a bridge on the SFP Interface between the two VLANS 1100 and 1200 so I don’t need to route the two locations to eachother and all three locations are on the same /29 Network?
If you really want to join all 3 locations in single L2 broadcast domain (which generally is not a great idea, but some special use case may require it), then
create 2 vlan interfaces on the SFP interface with respective VLAN IDs
this will make all packets from both VLANs (remote locations) available as untagged
create a bridge, make both vlan interfaces as members
this will join both remote locations to same L2 broadcast domain
add whichever local interfaces to the same bridge to merge also local LAN to same broadcast domain
If you already have a bridge for local LAN (including gw address for internet access), then you can omit steps 2 and 3 and simply add VLAN interfaces, created in step 1, to the existing bridge.
If your router has L3 config for VLANs 1100 and 1200, you’ll have to remove all of it.
Do you have any other ideea how to have VLAN Salzburg and Linz as Layer 2 connection directly connectable to VLAN Vienna? Without changing something on the VLAN structure?
As I wrote, if you really want to L2-merge all 3 sites, then that’s the way to go. Personally I’d think about possibility to have 3 sites L2 separated (separate subnets) and let router do the job. Preferably the default GW for remote sites (Salzburg and Linz) would be physically present on remote sites to limit amount of traffic on the inter-site connection.
However, there are services that really depend on broadcasts (i.e. windows domain and others) and while you can make them work even in routed environment, benefits of routed scenario might not be worth the troubles …
If you want all of your sites to be able to communicate without being hair-pinned through a router at one site you need to purchase a WAN product that will facilitate that type of communication. This could be a traditional L3 MPLS with BGP or a L2 VPLS. Even “bridging” the 2 VLANs together and enabling proxy ARP doesn’t stop the traffic from having to ingress and egress your Linz location - although it would remove the “routing” CPU load if that’s the real problem.
In other words, call up your WAN provider(s) and get the correct type of circuits for what you’re trying to do.