Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
46
Views
0
Helpful
0
Replies

Q-in-q issues with 93180-YC-FX

espendal
Level 1
Level 1

‎06-26-2024 06:41 AM

Hello! I am having issues with q-in-q between a C93180YC-FX and a C93180YC-FX3 running NXOS 9.3(11). The switches are leafs in a VXLAN spine-leaf fabric.

Basically, some of the mac addresses make it through the tunnel, some don't. After tweaking the configuration I see that the "faulty" mac addresses are actually received untagged on the other side of the q-in-q tunnel.

I read the guide thoroughly and started out with a plain configuration:

switchport
switchport mode dot1q-tunnel
spanning-tree port type edge
switchport access vlan 3011
mtu 9216
no shutdown

 In vlan 3011, i could see the mac addresses on both of the 93180s:

3011 xxxx.xxxx.c549 dynamic 0 F F Eth1/27
3011 xxxx.xxxx.c7bd dynamic 0 F F Eth1/27

Both of these mac addresses enter on the 93180YC-FX tagged as vlan 1031 and seem to be mapped correctly.

However, when they leave the 93180YC-FX3, only one of them are visible in the receiving mac address table.

I then change to a selective q-in-q trunked configuration:

switchport
switchport mode trunk
switchport vlan mapping 1031 dot1q-tunnel 3011
switchport trunk allowed vlan 1,1031,3011
spanning-tree bpdufilter enable
mtu 9216
no shutdown

After changing this I can see that the "faulty" mac address is actually recieved untagged on the other side of the tunnel exiting the 93180YC-FX3 (the tunneled native vlan is 1). The other mac address remains in the right vlan.

1031 xx:xx:xx:xx:C5:49 0/25 25 Learned
1    xx:xx:xx:xx:C7:BD 0/25 25 Learned

I am puzzled by this. There is no communication of vlan1031 frames throughout the VXLAN fabric. Also, the mac address behavior is always the same. The same mac addresses are always not working, others are always working well.

I read in the guide that

The system dot1q-tunnel transit (...) are required on Cisco Nexus 9300-EX/FX/FX2/FX3/GX switches and 9500 switches with 9700-EX/FX/GX line cards if the device is configured with Q-in-Q

I have not enabled system dot1q-tunnel transit yet. I believe that would require a big change order in our system and I don't want to start that process without assurance that it would actually make a difference. Also, the fact that it is kind of working makes me wonder that there is something else going on.

Any pointers?

Also, this is my first post here, so let me know if I have not included enough information.

Regards

Espen

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents