Solved: Hello.You are running service

akashkumar.r1 · ‎12-21-2014

hi I have the following configuration:

interface Port-channel1
description SHN-AX1-1-2-CNRY
switchport trunk allowed vlan none
switchport mode trunk
load-interval 30
no keepalive
service instance 1 ethernet
encapsulation untagged
l2protocol peer lacp
bridge-domain 1
!
service instance 2 ethernet
description IDP_VLAN_2
encapsulation dot1q 2
bridge-domain 3998
!
service instance 3 ethernet
description BBR_VLAN
encapsulation dot1q 420
bridge-domain 3998
!
service instance 4 ethernet
description MGMT_VLAN
encapsulation dot1q 95
bridge-domain 3998
!
service instance 5 ethernet
description STATIC_VLAN
encapsulation dot1q 3641,3644,3777,3291
bridge-domain 3998
!
service instance 6 ethernet
description SME_VLAN
encapsulation dot1q 2098,2339
bridge-domain 3998
!
!
interface Port-channel1
description SHN-AX1-1-2-CNRY
switchport trunk allowed vlan none
switchport mode trunk
load-interval 30
no keepalive
service instance 1 ethernet
encapsulation untagged
l2protocol peer lacp
bridge-domain 1
!
service instance 2 ethernet
description IDP_VLAN_2
encapsulation dot1q 2
bridge-domain 3998
!
service instance 3 ethernet
description BBR_VLAN
encapsulation dot1q 420
bridge-domain 3998
!
service instance 4 ethernet
description MGMT_VLAN
encapsulation dot1q 95
bridge-domain 3998
!
service instance 5 ethernet
description STATIC_VLAN
encapsulation dot1q 3641,3644,3777,3291
bridge-domain 3998
!
service instance 6 ethernet
description SME_VLAN
encapsulation dot1q 2098,2339
bridge-domain 3998
!
!
interface GigabitEthernet0/1
switchport trunk allowed vlan none
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet0/2
switchport trunk allowed vlan none
switchport mode trunk
channel-group 1 mode on

!
interface Port-channel12
description SHN-AGG-BX1
switchport trunk allowed vlan 34,50,76,3998
switchport mode trunk
mtu 9000

!
interface GigabitEthernet0/23
switchport trunk allowed vlan 34,3998
switchport mode trunk
mtu 9000
channel-group 12 mode active
!
interface GigabitEthernet0/24
switchport trunk allowed vlan 34,3998
switchport mode trunk
mtu 9000
channel-group 12 mode active
!

the input interfaces are gigEth0/1 and gigEth0/2 and the output interfaces are gigEth0/23 and gigEth0/24.

the ingress traffic at the input port has a single tag and the ingress traffic at the output port has two tags.

please explain me, where tags would be pushed/popped and why??

thank you.

Vasilii Mikhailovskii · ‎12-24-2014

Hello.

You might have confused service instance configuration and usual switchport mode trunk.

Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html

>But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).

Also under Figure 11-2 we have following example:

QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:

Switch (config)# interface gigabitethernet0/1
Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 1-100
Switch (config-if-srv)# bridge-domain 30

Switch (config)# interface gigabitethernet0/2
Switch (config-if)# switchport mode trunk

Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30).

View solution in original post

Vasilii Mikhailovskii · ‎12-23-2014

Hello.

You are running service instances without rewrite\pop command, that is why original VLAN tag is kept intact.

You are running mode trunk on Po12, that is why you add additional tag of 3998.

PS: I see inconsistency between Po12 and G0/23-34 configuration.

akashkumar.r1 · ‎12-23-2014

Hi Vasilii,

say If traffic at the int 1 and 2 has a tag, what will be the sequence of operations and what role the service instance and bridge domain has to play there?

I also referred this document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html#wp1035924

now I am confused.

please suggest what should I configure under my scenario?

Vasilii Mikhailovskii · ‎12-24-2014

Hello.

Service instance creates EFP on the port (encapsulation configures matching rule), like

service instance 3 ethernet
description BBR_VLAN
encapsulation dot1q 420
bridge-domain 3998

Takes tagged packets with VLAN_ID=420 and connect this into bridge-domain 3998. As you have no rewrite ingress command, C-tag (420) is kept intact.

When you forward VL 3998 into some other trunk, it adds VLAN_ID=3998 on top => Q-in-Q.

akashkumar.r1 · ‎12-24-2014

hi,

but the document says that a trunk port always on ingress removes the outer tag, it then adds the VLAN tag of the broadcast domain, and then it does match a service instance.

Vasilii Mikhailovskii · ‎12-24-2014

Hello.

You might have confused service instance configuration and usual switchport mode trunk.

Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html

>But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).

Also under Figure 11-2 we have following example:

QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:

Switch (config)# interface gigabitethernet0/1
Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 1-100
Switch (config-if-srv)# bridge-domain 30

Switch (config)# interface gigabitethernet0/2
Switch (config-if)# switchport mode trunk

Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30).

akashkumar.r1 · ‎12-24-2014

hi,

so in that case the following configuration is incorrect:

interface GigabitEthernet0/1
switchport trunk allowed vlan none
switchport mode trunk
channel-group 1 mode on

the customer facing interfaces should not be in trunk mode, right??

Vasilii Mikhailovskii · ‎12-24-2014

I'm not an expert in 3800 (working with 7600), but I think the commands

Switch (config-if)# switchport mode trunk
Switch (config-if)# switchport allowed vlan none

are just a baseline to start EFP configuration:

You can configure a service instance only on trunk ports with no allowed VLANs. Any other configuration is not allowed. After you have configured a service instance on an interface, switchport commands are not allowed on the interface. You can also configure a service instance on an EtherChannel group.

akashkumar.r1 · ‎12-24-2014

ok. I have configured service instances on EtherChannel group.

So you mean to say that after creating a service instance on a EtherChannel, the switchport mode trunk command is not allowed on the interface.

Vasilii Mikhailovskii · ‎12-24-2014

Does it work for you?

akashkumar.r1 · ‎12-24-2014

surprisingly it is working.

Vasilii Mikhailovskii · ‎12-24-2014

It's magic. ;)

service instance and trunk ports