VyOS-Cisco 802.1Q Trunk for multiple VLANs over L2TPv3

vyos-1-2
l2tp
vlan
tunnel

#1

Hello all,

This is on VyOS 1.2.0-rc9

My requirement is to extend a whole bunch of VLANs in a trunk over L3 between two sites. Switching equipment is Cisco, 3750X on both sides. I’ve successfully set up L2TPv3 pseudowire, so the two switches see each other as CDP neighbours. The switch ports on Cisco that connected to the L2 VyOS interfaces eth1/br0 are dot1q trunks. I am successfully able to communicate on VLAN1 VIF but seemingly not other VLANs… How could I make sure all the VLANs pass through so the clients on the other side acquire their IPs on their normal VLANs and can communicate through as normal. We are talking about a max of ~200 VLANs, but realistically about 20-80 will be at the remote site. I don’t require a VPN at this time, so it is a simple L2TPv3 over IP case. Kind of stuck. At HQ VLANs are defined and managed by a distinct VTP master, so all the IPs and subnets are defined there for all the VLANs that are desired to be trunked. Hence no IPs on bridge and VIF interfaces.

Any idea? I am sure there is just a bit I am missing somewhere.

HQ R1

Bridge, I need STP:

set interfaces bridge br0 aging '300'
set interfaces bridge br0 hello-time '2'
set interfaces bridge br0 max-age '20'
set interfaces bridge br0 priority '0'
set interfaces bridge br0 stp 'true'

L3 endpoint:

set interfaces ethernet eth0 address '<R1IP1>/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'

L2 interface:

set interfaces ethernet eth1 bridge-group bridge 'br0'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 1 description 'VLAN 1'
set interfaces ethernet eth1 vif 105 description 'VLAN 105'
...
set interfaces ethernet eth1 vif 113 description 'VLAN 113'

(VLAN 1 works; others don’t)

L2TPv3:

set interfaces l2tpv3 l2tpeth0 bridge-group bridge 'br0'
set interfaces l2tpv3 l2tpeth0 destination-port '10000'
set interfaces l2tpv3 l2tpeth0 encapsulation 'ip'
set interfaces l2tpv3 l2tpeth0 local-ip '<R1IP>'
set interfaces l2tpv3 l2tpeth0 mtu '1300'
set interfaces l2tpv3 l2tpeth0 peer-session-id '1'
set interfaces l2tpv3 l2tpeth0 peer-tunnel-id '1'
set interfaces l2tpv3 l2tpeth0 remote-ip '<R2IP>'
set interfaces l2tpv3 l2tpeth0 session-id '1'
set interfaces l2tpv3 l2tpeth0 source-port '10000'
set interfaces l2tpv3 l2tpeth0 tunnel-id '1'

REMOTE R2

Is configured identically, except the endpoint IPs are reversed. That is the configs on both ends are symmetrical. The packets do flow through, hosts on VLANs 100+ can’t access stuff in HQ nor acquire their IPs via DHCP (my dchp-relay is enabled, the DHCP server IPs are reachable from VyOS).


#2

A related post from … 2014: