I’ve got a problem. Our school is expanding, and we’re constantly hiring people. We’re hiring so many people that they won’t actually fit in the building we’re in. Because of that, we’re having to expand outside of the building we’ve been in for years. Part of that expansion is extending my networks across campus (and in some cases, farther).

The network that I run is really old. Like, it actually predates the network at the central university. I’ve got around 50 VLANs, and now that we’re growing outside of this physical environment, I’ve got to extend those layer 2 broadcast domains to the other buildings. I have a good relationship with the central network folks, and although most of my VLAN IDs collide with theirs, they assigned us some IDs that we can use on their infrastructure. Now, I just have to translate my VLAN IDs to their VLAN IDs.

My network core is a pair of Cisco Nexus 5548s. When I was planning this migration, I didn’t worry at all, because the documentation clearly declared that the switchport vlan mapping command was supported. The only weird thing was, when I went to set up the VLAN translation, the command wasn’t found. It was in the docs, but not in the CLI. Weird, right?

So I did what you do when you pay ungodly amounts of money for Cisco support: I opened a ticket with the TAC.

I had been operating under the assumption that my device would be able to perform VLAN ID mapping on an interface, but I can’t figure out how to do it. Is it possible to map VLAN IDs across a link? I have a trunk to my provider across which I need to send several vlans, but my IDs collide with those in use there. I was hoping to use the equivalent of “switchport vlan mapping”, but it doesn’t appear to be in my release. Can you please advise me? Thanks, Matt

I got back what may be the best response from tech support ever. Emphasis my own:

Hi Matt, My name is XXXXXXX and I will be assisting you with the Service Request 633401489. I am sending this e-mail as an initial point of contact and so that you can contact me if you need to.



Problem Description

As I have understood it, “switchport vlan mapping” command does not exist in 5548



>>

If you look at the release notes of Nexus5500

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/

sw/release/notes/7x/Nexus5500_Release_Notes_7x.html#pgfId-530160



States:

VLAN Translation

Allows for the merging of separate Layer 2 domains that might reside in a two data centers that are connected through some form of Data Center Interconnect (DCI).



So I can understand why you were under the impression that this platform supports this feature however I must state that the document is incorrect here.



I have verified with the Technical Marketing Engineers and it has been confirmed that there are no plans to support vlan mapping / translation on Nexus5500 platforms however as of today; Nexus5672, Nexus 6000 and Nexus7000 do support this feature in 7.x release.





Please let me know if there is anything else I may assist you with .

…

So that was, you know, less than helpful. And I still need to get those VLANs over there. How are we going to do this?

For now, I’m doing it the old fashioned way. Crossover cables.

Normally, when you move VLAN traffic around, you use a dot1q trunk. Each layer 2 frame gets a header when it leaves a switch that tells the remote device (usually a switch) what VLAN the packet belongs to. So, VLAN ID 10 gets a header that says “this frame goes to VLAN ID 10”, which allows traffic from VLAN 10 and VLAN 20 to be sent over the same physical link and still be kept separate.

Since the VLAN ID is encoded in the frame, it’ll cause problems if the VLAN ID I’m using means something else to the other network. But, since the only thing the other end cares about is the VLAN ID, if I can send my traffic over to the other network on the proper VLAN ID, then they’re happy. To do that, I need to bridge the networks. The easiest way I know how to do that is to take an access port on VLAN A, and an access port on VLAN B, and plug a single cable into both of them (after disabling spanning tree, of course). Yes, this sounds insane. Yes, it might actually be insane. But this is how I did it, and it worked the first time.

The bad part is that I’m currently burning two physical ports for every VLAN I need to translate, and this isn’t tenable over the long-run. Fortunately, the Juniper switches on the remote side of the network link support translation, so I believe that we should be able to do it the “right way”. The sooner the better, because I feel dirty.