Overview of VLAN Bridging Deployment VLAN Bridging Considerations VLAN Bridging Variations The term VLAN bridging refers to a network design in which both the LAN and WAN ports of a SteelHead's in-path interface are connected to a single switch or router. The switch or router is then configured so that traffic to be optimized must pass through the SteelHead—by forcing the traffic's Layer-2 path to or from the WAN to pass through the in-path interface.Figure 9‑22 shows the principles of VLAN bridging. An existing switch or router is divided into two separate VLANs, and the SteelHead's LAN and WAN interfaces are used as the Layer-2 bridge that connects the VLANs.Figure 9‑22. VLAN Bridging PrinciplesYou can use an 802.1Q trunk with VLAN bridging between multiple VLANs on the same in-path interface, but this requires switch-specific features. For information about multiple VLANs on the same in-path interface, see Multiple VLAN Bridging with VLAN Mapping.Use the same cables for the WAN and LAN interfaces—the same as you use for physical in-path deployments. The switch detects the same MAC addresses in two different VLANs. Because most switches have separate MAC address tables per VLAN (independent VLAN learning, or IVL), some older switches can have only one MAC table for all VLANs (shared VLAN learning). Use only switches that have IVL with VLAN bridging. Verify that the switch allows access to its management IP address from multiple VLANs. Avoid using a switch whose management IP is only reachable from the default VLAN, because this prevents managing the switch. Some switches assign their management IP address to the default VLAN, and cannot be altered—for example, the Cisco 2950 switch. Layer-2 VLAN Bridging Layer-3 VLAN Bridging Multiple VLAN Bridging with VLAN Mapping In a Layer-2 VLAN bridging deployment, the SteelHead is connected by VLANs on the Layer-2 switch. All traffic is bridged through the SteelHeads as it passes to and from the WAN routers. Figure 9‑23 shows a Layer-2 VLAN bridging deployment.Figure 9‑23. Layer-2 VLAN BridgingVLAN 100 and VLAN 200 are Layer-2 VLANs. The default gateway of the hosts on the LAN must point to the router interface IP address. VLAN 100 contains the switch ports of the hosts and the switch port connected to the lan0_0 interface of the SteelHead. VLAN 200 contains the switch ports, the router, and the wan0_0 interface of the SteelHead. The default gateway of the SteelHead is the IP address of the WAN router. In a Layer-3 VLAN bridging deployment, the SteelHead is connected across Layer-3 and Layer-2 VLANs on a Layer-2/Layer-3 switch. All traffic is switched through the SteelHead as it passes to and from the WAN router. Figure 9‑24 shows a Layer-3 VLAN bridging deployment.Figure 9‑24. Layer-3 VLAN BridgingHosts on the VLAN 100 must point to VLAN 100 IP address as the default gateway. VLAN 100 contains the switch ports of the hosts, and the switch port connected to the lan0_0 interface of the SteelHead. VLAN 200 contains the switch ports, the router, and the wan0_0 interface of the SteelHead connect to. The default gateway of the SteelHead is the IP address of the WAN router. To connect to multiple VLANs, you need a switch that supports VLAN mapping (also referred to as VLAN translation or VLAN normalization, depending on the switch vendor). VLAN mapping allows a trunk interface to change the 802.1Q tag. You must configure the switch with the mapping of one VLAN tag (used on the LAN side of the SteelHead) to another VLAN tag (used on the WAN side of the SteelHead) for packets to be sent or received. Figure 9‑25 shows multiple VLAN bridging with VLAN mapping deployment.Figure 9‑25. Multiple VLAN Bridging with VLAN MappingThe VLAN mapping function on a switch changes the VLAN tags. A SteelHead cannot do this. VLAN mapping takes 802.1Q tagged traffic from an incoming trunk switch-port and maps it to a different local VLAN.
![]() |