04-10-2013 04:05 PM - edited 03-04-2019 07:33 PM
Hi All,
I am replacing a 7204 router with a 4948 and am having trouble trying to replicate the config for the qnq Layer3 interface.
A bit of background - I am a service provider where I have an interconnect with the carrier, who pass off WAN links to me as a standard VLAN Ids. Some of these VLANs however I can do QnQ.
Currently I terminate all the WAN LInks as Subinterfaces on the 7204 - see below:
interface FastEthernet0/0.100
description Customer WAN Link 1 (No QnQ)
encapsulation dot1Q 100
ip address x.x.x.x x.x.x.x
Then on the QnQ services I can terminate this as the following
interface FastEthernet0/0.10150
description Customer WAN Link 2 (QnQ)
encapsulation dot1Q 100 second-dot1q 50
ip address x.x.x.x x.x.x.x
This all work fine - but now that I am trying to move these interfaces either to my 6500 or 4900 switch, I can't seem to find the right config so I can create these interfaces.
I have tried doing:
interface vlan 100
description Customer WAN Link 1 (No QnQ)
ip address x.x.x.x x.x.x.x
This works fine - but I can get the second-dot1q 50 command working properly
Is there another way I need to do this?
Any help would be much appreiciated.
Thanks
Andrew
04-10-2013 11:00 PM
Is this q-n-q tunneling (vlan trunk wrapped in a single tag) or is it just double tagging, What is the handoff from the carrier (layer2 or layer3, dot1q trunk or single tag)?
Sent from Cisco Technical Support iPhone App
04-10-2013 11:14 PM
It is handed to us as Layer 2 only.
So I am connected to 7 carriers, and have assigned a block of VLAN IDs to each carrier, so there is no overlap.
Trunk to the carrier with seperate VLAN ID for each site.
On the physical port (Switchport) i would have VLAN 100, 101, 102, 103 etc one of these may be a QnQ service so I can run my own internal Vlans accross it. All this traffic will be encapsulated in VLAN 102 for example.
I then bridge that through to the router and assign the layer3 Currently on my end (Currently 7204). Sorry just saw the code above - wasn't correct for the QnQ Interface - should have been:
interface FastEthernet0/0.10150
description Customer WAN Link 2 (QnQ)
encapsulation dot1Q 101 second-dot1q 50
ip address x.x.x.x x.x.x.
I need to move these to the 4948 Switch - The standard VLAN 100, 101 interfaces are fine - just the ones that have QnQ I can't figure out.
04-11-2013 12:05 AM
I don't believe that the 4948 can perform layer3 vlan stacking. Meaning you receive a tag from the carrier, then you add your second tag to pass across your core, then strip the tag when it reaches your PE (and the same in reverse). However, you would be able to dot1q-tunnel at a layer2 level, this allows you to receive a dot1q trunk and encapsulate it in a single tag. However this would have to remain layer 2 across your network, otherwise it will strip the tags completely and route it strictly at layer 3.
Another option with the 4948s and the dot1q-tunneling would be to use them for the CEs and then configure MPLS pseudowires across your routed network to connect the CEs
Sent from Cisco Technical Support iPhone App
04-11-2013 12:32 AM
All you need to do is loop two ports of the switch and create the dot1q-tunnel there.
Here is sample configuration.
interface GigabitEthernet0/14
description ISP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,101,102
switchport mode trunk
interface GigabitEthernet0/15
description LOOP-METRO-TAG
switchport access vlan 102
switchport mode dot1q-tunnel
switchport nonegotiate
no cdp enable
interface GigabitEthernet0/16
description LOOP-INNER-TAGS
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50,60,70
switchport mode trunk
no cdp enable
This way inner vlans wil be put inside the metro tag and transmited to the provider as QinQ.
Then on the router, you create subinterfaces with just signle vlan-id of 50,60,70 etc, and on the switch they are put inside the outer (metro) tag and transmited to the ISP.
Best regards.
04-11-2013 01:08 AM
So is there no way to have the Layer 3 Subinterfaces on the switch rather than the router? I am trying to remove the 7200 from the network.
Or do I still need a router to create the subinterfaces on the 7200?
Also - with the loop is that a physical loop? x-over or straight through?
04-11-2013 01:20 AM
No no, you can have the Layer 3 config on SVI interfaces on the switch.
I just thought that you would use is just for Layer2 functionality, and you still have a router.
For example.
interface vlan 50
description Customer WAN Link 2 (QnQ)
ip address x.x.x.x x.x.x.x
Yes, you have to loop 2 physical ports.
And for the cable - you can just go for a straight through as the modern ports are Auto-MDI, but if you want to be as correct as possible, go for X-over cable.
04-11-2013 01:19 AM
If the 4948 has the ability to do pseudowires/xconnects you can use L2 dot1q tunneling and a L2VPN across the routed portion of your network to preserve the tags.
Sent from Cisco Technical Support iPhone App
04-11-2013 01:24 AM
But if L2 traffic is going to traverse the L3 connection, without a L2 tunnel, it will strip the tags and traffic will drop
Sent from Cisco Technical Support iPhone App
04-11-2013 01:36 AM
I really can't understand what you try to say, but the config I suggested is working on 100%.
04-11-2013 06:25 AM
In your lab is the data ever routed over the routed ports? If your are just going from switch to switch over layer 2 interfaces and there is never a point where the data has to be routed layer3 across multiple switches, then you will be fine. But if any time in the data path that the data will have to pass from one switch to another, over a routed interface, it will strips the service provider dot1q tags, and ultimately the customer dot1q tags. This will result in a loss of connectivity for the customer vlans.
Hope that makes sense
Sent from Cisco Technical Support iPhone App
04-11-2013 09:59 PM
Thanks Guys,
So to Confirm, doing it this way just means I have to have unique Internal VLANs per customer? Then I can just put the VLAN interface in the customer VRF and all should work OK?
interface GigabitEthernet0/14
description ISP Interconnect
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,101,102
switchport mode trunk
interface GigabitEthernet0/15
description LOOP-METRO-TAG Customer 1
switchport access vlan 102
switchport mode dot1q-tunnel
switchport nonegotiate
no cdp enable
interface GigabitEthernet0/16
description LOOP-INNER-TAGS Customer 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60,70
switchport mode trunk
no cdp enable
interface GigabitEthernet0/17
description LOOP-METRO-TAG Customer 2
switchport access vlan 101
switchport mode dot1q-tunnel
switchport nonegotiate
no cdp enable
interface GigabitEthernet0/18
description LOOP-INNER-TAGS Customer 2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30,40
switchport mode trunk
no cdp enable
Interface Vlan 30
description Customer 2 Private Subnet
ip vrf forwarding Customer2
ip address 192.168.1.1 255.255.255.255
Interface Vlan 40
description Customer 2 Public Subnet
ip address x.x.x.x x.x.x.x.x (Public IP)
Interface Vlan 60
description Customer 1 Private Subnet
ip vrf forwarding Customer1
ip address 192.168.1.1 255.255.255.255
Interface Vlan 70
description Customer 1 Public Subnet
ip address x.x.x.x x.x.x.x.x (Public IP)
Interface Vlan 100
description Customer 3 Public Subnet
ip address x.x.x.x x.x.x.x.x (Public IP)
04-12-2013 12:24 AM
Yes, exactly.
You have to use unique inner vlan ids for each customer.
The config you posted seems perfect.
04-17-2013 11:00 PM
Thanks for your help - next question - Is there a way I can simulate this in dev before I put it into Production?
I have 2 x 3550 Switches, and the 4948
Have configured as follows - but am getting Encapsulation errors.
Physically:
Port 1 on each switch are connected via cross over
Port 2 and 3 are looped on each switch
All interfaces are UP UP
3550 Switch
interface FastEthernet0/1
description ISP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 102
switchport mode trunk
!
interface FastEthernet0/2
description LOOP-METRO-TAG Customer 1
switchport access vlan 102
switchport mode dot1q-tunnel
switchport nonegotiate
no cdp enable
spanning-tree bpdufilter enable
!
interface FastEthernet0/3
description LOOP-INNER-TAGS Customer 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60,70
switchport mode trunk
no cdp enable
!
interface Vlan60
description Customer 1 Private Subnet
ip address 10.0.60.2 255.255.255.0
!
interface Vlan70
description Customer 1 Private Subnet
ip address 10.0.70.2 255.255.255.0
4948 Switch
interface GigabitEthernet1/1
description ISP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 102
switchport mode trunk
!
interface GigabitEthernet1/2
description LOOP-METRO-TAG Customer 1
switchport access vlan 102
switchport mode dot1q-tunnel
switchport nonegotiate
no cdp enable
!
interface GigabitEthernet1/3
description LOOP-INNER-TAGS Customer 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60,70
switchport mode trunk
no cdp enable
!
interface Vlan60
ip address 10.0.60.1 255.255.255.0
!
interface Vlan70
ip address 10.0.70.1 255.255.255.0
04-18-2013 08:41 AM
Where do you see those encapsulation errors ?
Have you created the vlans in the vlan database ?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide