Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
14
Helpful
11
Replies

QinQ - Breaking out in the ISP

jwilde
Level 1
Level 1

‎09-07-2006 06:02 PM

We are runnnig a qinq metro ethernet network with 3750 switches. We connect multiple sites and also offer Internet access. My question is if a client wants internet access also and wants to use that existing fiber, is there a way to break out of the qinq by using a default vlan and having the customer share that vlan. Say vlan 50 and I configure vlan50 as the default vlan on the qinq port and have an ip address aociated with 50. The client then has the other /30 address on their network. I know I can make this work if I was to run another connection to a switch that makes it look like an extention of their network. I don't want to use an extra port for every customer requesting Internet and would like to share the local port. I hope this makes sense.

Labels:
0 Helpful
11 Replies 11

swaroop.potdar
Level 7
Level 7

‎09-08-2006 03:36 AM

Hi Jeff,

Couple of questions.

1) Where is the QinQ being done. A small topology diagram would be helpful which also shows where is the BRAS or the IGW/proxy IGW located.

2) How are you providing services, a VLAN per service or VLAN per customer. Or something else.

3) Also mention the device make in the topology diagram.

HTH-Cheers,

Swaroop

0 Helpful

jwilde
Level 1
Level 1
In response to swaroop.potdar

‎09-08-2006 06:25 AM

I am going to try and explain this with the visual/I forgot to label the switches, but they are all 3750 EI (layer 3) devices. The service which I will paste an example config is a vlan per customer. I basically would like to configure an interface vlan if a customer would like to have internet besides having site to site connectivity. This would be normally 1 site with a directly attached firewall provided by them.

interface GigabitEthernet1/0/1

description Company A

switchport access vlan 5

switchport trunk encapsulation dot1q

switchport trunk native vlan 501

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet1/0/2

description Company B

switchport access vlan 6

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet1/0/3

description Company C

switchport access vlan 7

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet1/0/4

description Company C

switchport access vlan 7

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet2/0/1

description Company A

switchport access vlan 5

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet2/0/2

description Company B

switchport access vlan 6

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet2/0/3

description Company C

switchport access vlan 7

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface GigabitEthernet2/0/4

description Company C

switchport access vlan 7

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

no cdp enable

interface vlan 501

ip address xxx.xxx.xxx.xxx/30

ip route 0.0.0.0 0.0.0.0 internet.ip

Preview file
57 KB
0 Helpful

swaroop.potdar
Level 7
Level 7
In response to jwilde

‎09-08-2006 12:06 PM

Hi Jeff,

This can be done in two ways.

1) Vlan Stack Processing.

(But Since you dont have any device which supports that this option is out)

2) Routing for Native Vlan packets which are destined for Internet.

In the second method you can

a) Enable routing on the TunnelPort Access Vlan by creating an SVI. So only untagged packets received on the tunnel port would be processed by the Access Vlan SVI. And other tagged packets get double tagged and are sent at layer 2 without further processing.

b) Set the Trunk port native Vlan as the Vlan used by customer for Internet Access.

c) Now the customer on his side as well needs to set the native Vlan of the trunk as the internet access vlan.

HTH-Cheers,

Swaroop

0 Helpful

tiagocarrijo
Level 1
Level 1
In response to swaroop.potdar

‎09-11-2006 06:03 AM

But by doing this, the traffic with double tag will be switched to the internet port too, but ignored, right?

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to tiagocarrijo

‎09-11-2006 06:12 AM

Hi,

No in this case...only the untagged traffic received will be switched with the SVI.

And the tagged traffic will be catered by the Tunnel Tagging hence getting double tagged.

And if the native VLAN used by the customer side trunk happens to be your SVI vlan then no tagging will happen and all the traffic will be received with the customer vlan tag and flooded into the SP network.

HTH-Cheers,

Swaroop

0 Helpful

tiagocarrijo
Level 1
Level 1
In response to swaroop.potdar

‎09-11-2006 06:32 AM

I have this

Switch A - at the customer

Switch ISP - my 6509 switch

Switch M - switch for managemente

I connect an PC with Ciscoworks in the M switch, and connect trough a trunk link the M switch to the ISP switch

and

Connect A switch to the ISP switch using asymetrical link (q-in-q)

How can I take only the native VLAN from the Switch A and send to the switch M without sending another vlans double-tagged?

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to tiagocarrijo

‎09-11-2006 09:15 AM

Hi,

May be you want to try it like this.

Switch A -> Trunk Vlan 1-10, Native Vlan 5

ISP Switch ..> Trunk to Switch A Native Vlan 5. Tunnel Port Access Vlan 10.

Assign an IP address to SVI 10 and the corresponding subnet IP on Vlan 5 on Switch A.

DO similarly on Switch M and ISP Switch using another Vlan lets say 15.

Switch M -> Trunk Vlan 2-20, Native Vlan 15

ISP Switch ..> Trunk to Switch M Native Vlan 15. Tunnel Port Access Vlan 20.

Assign an IP address to SVI 20 and the corresponding subnet IP on Vlan 15 on Switch M.

Let me know if you are simulating it.

HTH-Cheers,

Swaroop.

0 Helpful

tiagocarrijo
Level 1
Level 1
In response to swaroop.potdar

‎09-11-2006 09:26 AM

I understood. But some questions

SVI you say is to setup an "interface vlan 10" "ip addr 1.1.1.1 255.255.255.0" ??

And I don't need the switch M to have an tunnep port on the ISP switch. The connection between then is a normal trunk and I want to send in this normal trunk de vlan 5.

And the vlan 5 will be the native vlan between switch A and ISP switch.

So the question is.. In the normal trunk connection between ISP and M I will have traffic from vlans 1-10 from switch A or just the traffic for vlan 5 ?

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to tiagocarrijo

‎09-11-2006 10:00 AM

If the Vlan 5 is Native Vlan between ISP & A Switch then Assign an IP to SVI 10 on ISP switch lets say 1.1.1.1/24 and assign an IP 1.1.1.2/24 to SVI vlan 5 on Switch A.

Now for your Switch M since its not on a tunnel port and pure trunk, you will have to assign a vlan for management lets assume its Vlan 20 or whatever VLan you are using

So on ISP switch you will have to assign an IP to SVI 20 or (MGMT VLAN you are using) and then have L3routing between them. COs you cannot extend the SVI 10 into your normal switching. As the Tunnel Port SVI can only be L3 routed not switched.

HTH-Cheers,

Swaroop

tiagocarrijo
Level 1
Level 1
In response to swaroop.potdar

‎09-11-2006 10:18 AM

Thanks.. if you can please post some configuration example for me..

Thanks again

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to tiagocarrijo

‎09-11-2006 11:33 AM

Hi,

please close this thread if this solves your query.

HTH-Cheers,

Swaroop.

======================================

ISP Switch#

!

interface GigabitEthernet2/1

description Trunk to MGMT Switch

switchport trunk encapsulation dot1q

switchport mode trunk

!

!

interface GigabitEthernet2/2

description Trunk to Switch A

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

switchport trunk native vlan 5

!

interface vlan 10

description Talks to Switch A

ip address 1.1.1.1 255.255.255.0

!

!

interface vlan 20

description Talks to MGMT Switch

ip address 2.2.2.1 255.255.255.0

!

Switch_MGMT#

! use any vlan where your host PC with Ciscoworks is located.

!

interface vlan 20

ip address 2.2.2.2 255.255.255.0

!

interface GigabitEthernet2/1

description Trunk to ISP Switch

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/2

description Connected to CIscoworks

switchport access vlan 20

switchport mode access

!

Switch_A#

!

interface vlan 5

ip add 1.1.1.2 255.255.255.0

!

interface GigabitEthernet2/1

description Trunk to ISP Switch

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 5

!

================================

Customers Also Viewed These Support Documents