Can you please post the config of an ES port so that i can see how you are doing Q-in-Q, the config you have posted does not tell me anything, it is only an access port config. Please elaborate on what you are doing or achieving with this config?

Our switches are not connected via an MPLS backbone, but rather via dark fiber out their trunk ports - a pair of Gigabit Ethernets configured as a port-channel:

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

speed nonegotiate

The q-in-q is plug and play at the interface given the earlier config. Once it's encapsulated in the switch's VLAN tagging, any intermediate network should pass the traffic transparently. (The MTU may need to be adjusted or jumbo support turned on to account for the extra VLAN wrapper.)

i appreciate your help.

But i still do not understand, where is the other Q being tagged? and where does it get removed?

Thanks

The data comes into the access port with the customer's VLAN ID. The port is set for 802.1q tunneling ("q-in-q") so the switch knows to not change the customer's VLAN tag and replace it with its own, but rather to just encapsulate it. It uses the interface's native VLAN (103 in the port example I posted) to encapsulate the frame (including the customer's VLAN tag). When it comes out the other port(s) with that VLAN ID, the VLAN tag my switch had used is striped off (assuming those ports are likewise properly configured), leaving the customer's original tag intact for transmission on his network.

Awesome response!!!

So if i had 2 switches trunked with each other (metro series) and their configs looked like the following:

Switch A:

interface FastEthernet1/0/3

description ****

switchport access vlan 103

switchport mode dot1q-tunnel

duplex full

speed 100

no mdix auto

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

Switch 2:

interface FastEthernet1/0/3

description ****

switchport access vlan 103

switchport mode dot1q-tunnel

duplex full

speed 100

no mdix auto

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

And i had a switch connected to port 1/0/3 on both switches basically trunking multiple vlans. Vlans on noth these switches would be able to talk to each other as long as the hosts are in the same customer vlan, right?

what if i was running MPLS on the metro switches inplace of trunking? what would chance any ideas?

Correct -

I neglected to mention we also use the "VLAN dot1q tag native" global command.

From command reference (http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/cr/cli3.htm#wp2745865)

vlan dot1q tag native

Use the vlan dot1q tag native global configuration command on the switch stack or on a standalone switch to enable tagging of native VLAN frames on all IEEE 802.1Q trunk ports. Use the no form of this command to return to the default setting.

vlan dot1q tag native

no vlan dot1q tag native

Syntax Description

This command has no arguments or keywords.

Defaults

The IEEE 802.1Q native VLAN tagging is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.2(25)EA1

This command was introduced.

Usage Guidelines

When enabled, native VLAN packets going out all IEEE 802.1Q trunk ports are tagged.

When disabled, native VLAN packets going out all IEEE 802.1Q trunk ports are not tagged.

You can use this command with the IEEE 802.1Q tunneling feature. This feature operates on an edge switch of a service-provider network and expands VLAN space by using a VLAN-in-VLAN hierarchy and tagging the tagged packets. You must use IEEE 802.1Q trunk ports for sending packets to the service-provider network. However, packets going through the core of the service-provider network might also be carried on IEEE 802.1Q trunks. If the native VLANs of an IEEE 802.1Q trunks match the native VLAN of a tunneling port on the same switch, traffic on the native VLAN is not tagged on the sending trunk port. This command ensures that native VLAN packets on all IEEE 802.1Q trunk ports are tagged.

For more information about IEEE 802.1Q tunneling, see the software configuration guide for this release.

(related configuration guide, with excurciating detail: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/scg/swtunnel.htm)

The Metro switch guide (http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/12225ey/3750mscg/swtunnel.htm) appears to repeat the same information.

Folks,

Looking at the following config:

interface FastEthernet1/0/3

description ****

switchport access vlan 103

switchport mode dot1q-tunnel

duplex full

speed 100

no mdix auto

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

My understanding is that l2protocol has been replaced by xconnect command. If that is the case what options would i have to use along with xconnect command so that i can pass cdp,stp, and vtp traffic along with other traffic?

I have used similar configs as you have specified for tunneling CDP at the interface level on PEs that connect my CEs.

Example:

PE_TKY(config)# interface FastEthernet 1/1

PE_TKY(config-if)# l2protocol-tunnel cdp

PE_OSK(config)#interface FastEthernet 1/2

PE_OSK(config-if)#l2protocol-tunnel cdp

So I think you don't need further additional config specifically for tunneling CDP or for that matter STP or VTP. So in short you're right on track !!!

Was that useful?

Cheers

~sultan

Sultan,

Thanks for your help, but, i do not want to use these commands as i am using xconnect now. I do not want to mix and match many commands, but, want to only use the ones i need and i would prefer to stick with xconnect for right now.

Thanks

Hello NetPros, i'am posting this issue here because you are familiar with metro networks. I'll explain what I am tryin to do.

I have a siemens DSLAM that connects to my 6504-E Sup32 switch. I have configured dot1q-tunnel on the ingress interface where the dslam resides and aggregate the pppoe session at a 10008 PRE2 router. Everything works fine but we are trying to implement MPLS and need to avoid to add the double tag to some vlans according to a numbering plan already defined.

I want it to work like this if I receive fram with vlan 44 tag i have to double tag it with another vlan id (q-in-q) but if another frames arrives with a different vlan id I don't want it to be double taged, just leave the fram as is and terminate it in a vlan interfaces acting as the gateway of the CPE.

I need some coexistance of qinq and simple vlans.

As long as I know the siemens dslam supports 802.1q and q-in-q also.

Any help would be very helpfull. Thanks in advance.

Santiago Enciso http://www.infocenter.com.py

hi,

The default system MTU for traffic on Catalyst switches is 1500 bytes. Because the 802.1Q
tunneling (Q-in-Q) feature increases the frame size by 4 bytes when the extra tag is added, you
must configure all switches in the service-provider network to be able to process maximum frames
by increasing the switch system MTU size to at least 1504 bytes.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/config
uration/guide/swtunnel.html