Tunneling a network between two Catalyst 6500's

Hello all,

Just wanted to see if anyone could help me with an idea I wanted to try and implement. I currently have two Cisco Catalyst 6500's on our corporate network, each with their own corporate IP address. Behind each 6500, I have private networks set up that get NATted as they leave the 6500's. So, for example, I have 6500_A with IP address xxx.yyy.220.62/26 and 6500_B with IP address xxx.yyy.220.126/26. Behind 6500_A I have the private network and behind

6500_B I have the private network I currently have a VPN tunnel set up between the external interfaces of 6500_A and 6500_B, and I am using ACL's to force traffic between the two private networks to not be NATted and to go through the tunnel. This is all working fine and dandy. What I would like to do is set up a tunnel configuration in such a way that I could have the private network behind both 6500's such that it looks like one network for machines behind either 6500. Basically, I'd like to implement a VLAN-like configuration that can span layer-3. I heard this is possible using GRE tunnels, but haven't had any luck finding documentation on it.

Does anyone know if this is possible?! Thanks in advance!

Reply to
Loading thread data ...

I think you have a couple of options and GRE wouldn't be one of them. GRE would allow you to tunnel traffic between different L3 networks, but wouldn't allow you to have the same L3 network on two different switches. You could either do a L2 trunk between the two switches so that the network resides on both switches. That would be the easiest solution but I don't think that's what you're after. If you need to have L3 separation between the two switches you could use L2TPv3 and tunnel the traffic between the two switches. Here's an article on L2TPv3 and how it works. Hope this helps.

formatting link


Reply to

I cannot help you with how to do this but would ask the question why you would want to? With a layer 2 (bridge) network you will have 1 broadcast domain and all the associated extra traffic. I cannot think of many reasons why this would be desirable and all of those possible reasons have alternative methods so that you can route (EG. using DNS for NetBIOS name resolution, IP helpers to allow a single DHCP server)

Dunno if that helps, but I've tried :)

Bryan wrote:

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.