cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7309
Views
0
Helpful
14
Replies

Help with second-dot1q interface on 4948

AndrewISPNET
Level 1
Level 1

Hi All,

I am replacing a 7204 router with a 4948 and am having trouble trying to replicate the config for the qnq Layer3 interface.

A bit of background - I am a service provider where  I have an interconnect with the carrier, who pass off WAN links to me as a standard VLAN Ids.  Some of these VLANs however I can do QnQ.

Currently I terminate all the WAN LInks as Subinterfaces on the 7204 - see below:

interface FastEthernet0/0.100

description Customer WAN Link 1 (No QnQ)

encapsulation dot1Q 100

ip address x.x.x.x x.x.x.x

Then on the QnQ services I can terminate this as the following

interface FastEthernet0/0.10150

description Customer WAN Link 2 (QnQ)

encapsulation dot1Q 100 second-dot1q 50

ip address x.x.x.x x.x.x.x

This all work fine - but now that I am trying to move these interfaces either to my 6500 or 4900 switch, I can't seem to find the right config so I can create these interfaces.

I have tried doing:

interface vlan 100

description Customer WAN Link 1 (No QnQ)

ip address x.x.x.x x.x.x.x

This works fine - but I can get the second-dot1q 50 command working properly

Is there another way I need to do this?

Any help would be much appreiciated.

Thanks

Andrew

14 Replies 14

Steven Clinton
Level 1
Level 1

Is this q-n-q tunneling (vlan trunk wrapped in a single tag) or is it just double tagging, What is the handoff from the carrier (layer2 or layer3, dot1q trunk or single tag)?

Sent from Cisco Technical Support iPhone App

It is handed to us as Layer 2 only.

So I am connected to 7 carriers, and have assigned a block of VLAN IDs to each carrier, so there is no overlap.

Trunk to the carrier with seperate VLAN ID for each site.

On the physical port (Switchport)  i would have VLAN 100, 101, 102, 103 etc  one of these may be a QnQ service so I can run my own internal Vlans accross it.  All this traffic will be encapsulated in VLAN 102 for example.

I then bridge that through to the router and assign the layer3 Currently on my end (Currently 7204).  Sorry just saw the code above - wasn't correct for the QnQ Interface - should have been:

interface FastEthernet0/0.10150

description Customer WAN Link 2 (QnQ)

encapsulation dot1Q 101 second-dot1q 50

ip address x.x.x.x x.x.x.

I need to move these to the 4948 Switch - The standard VLAN 100, 101 interfaces are fine - just the ones that have QnQ I can't figure out.

Steven Clinton
Level 1
Level 1

I don't believe that the 4948 can perform layer3 vlan stacking. Meaning you receive a tag from the carrier, then you add your second tag to pass across your core, then strip the tag when it reaches your PE (and the same in reverse). However, you would be able to dot1q-tunnel at a layer2 level, this allows you to receive a dot1q trunk and encapsulate it in a single tag. However this would have to remain layer 2 across your network, otherwise it will strip the tags completely and route it strictly at layer 3.

Another option with the 4948s and the dot1q-tunneling would be to use them for the CEs and then configure MPLS pseudowires across your routed network to connect the CEs


Sent from Cisco Technical Support iPhone App

Velimir Filipov
Level 1
Level 1

All you need to do is loop two ports of the switch and create the dot1q-tunnel there.

Here is sample configuration.

interface GigabitEthernet0/14

description ISP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100,101,102

switchport mode trunk

interface GigabitEthernet0/15

description LOOP-METRO-TAG

switchport access vlan 102

switchport mode dot1q-tunnel

switchport nonegotiate

no cdp enable

interface GigabitEthernet0/16

description LOOP-INNER-TAGS

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 50,60,70

switchport mode trunk

no cdp enable

This way inner vlans wil be put inside the metro tag and transmited to the provider as QinQ.

Then on the router, you create subinterfaces with just signle vlan-id of 50,60,70 etc, and on the switch they are put inside the outer (metro) tag and transmited to the ISP.

Best regards.

So is there no way to have the Layer 3 Subinterfaces on the switch rather than the router? I am trying to remove the 7200 from the network.

Or do I still need a router to create the subinterfaces on the 7200?

Also - with the loop is that a physical loop?  x-over or straight through?

No no, you can have the Layer 3 config on SVI interfaces on the switch.

I just thought that you would use is just for Layer2 functionality, and you still have a router.

For example.

interface vlan 50

description Customer WAN Link 2 (QnQ)

ip address x.x.x.x x.x.x.x

Yes, you have to loop 2 physical ports.

And for the cable - you can just go for a straight through as the modern ports are Auto-MDI, but if you want to be as correct as possible, go for X-over cable.

Steven Clinton
Level 1
Level 1

If the 4948 has the ability to do pseudowires/xconnects you can use L2 dot1q tunneling and a L2VPN across the routed portion of your network to preserve the tags.

Sent from Cisco Technical Support iPhone App

Steven Clinton
Level 1
Level 1

But if L2 traffic is going to traverse the L3 connection, without a L2 tunnel, it will strip the tags and traffic will drop

Sent from Cisco Technical Support iPhone App

I really can't understand what you try to say, but the config I suggested is working on 100%.

Steven Clinton
Level 1
Level 1

In your lab is the data ever routed over the routed ports? If your are just going from switch to switch over layer 2 interfaces and there is never a point where the data has to be routed layer3 across multiple switches, then you will be fine. But if any time in the data path that the data will have to pass from one switch to another, over a routed interface, it will strips the service provider dot1q tags, and ultimately the customer dot1q tags. This will result in a loss of connectivity for the customer vlans.

Hope that makes sense

Sent from Cisco Technical Support iPhone App

Thanks Guys,

So to Confirm, doing it this way just means I have to have unique Internal VLANs per customer?  Then I can just put the VLAN interface in the customer VRF and all should work OK?

interface GigabitEthernet0/14

description ISP Interconnect

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100,101,102

switchport mode trunk

interface GigabitEthernet0/15

description LOOP-METRO-TAG Customer 1

switchport access vlan 102

switchport mode dot1q-tunnel

switchport nonegotiate

no cdp enable

interface GigabitEthernet0/16

description LOOP-INNER-TAGS Customer 1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 60,70

switchport mode trunk

no cdp enable

interface GigabitEthernet0/17

description LOOP-METRO-TAG Customer 2

switchport access vlan 101

switchport mode dot1q-tunnel

switchport nonegotiate

no cdp enable

interface GigabitEthernet0/18

description LOOP-INNER-TAGS Customer 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 30,40

switchport mode trunk

no cdp enable

Interface Vlan 30

description Customer 2 Private Subnet

ip vrf forwarding Customer2

ip address 192.168.1.1 255.255.255.255

Interface Vlan 40

description Customer 2 Public Subnet

ip address x.x.x.x x.x.x.x.x (Public IP)

Interface Vlan 60

description Customer 1 Private Subnet

ip vrf forwarding Customer1

ip address 192.168.1.1 255.255.255.255

Interface Vlan 70

description Customer 1 Public Subnet

ip address x.x.x.x x.x.x.x.x (Public IP)

Interface Vlan 100

description Customer 3 Public Subnet

ip address x.x.x.x x.x.x.x.x (Public IP)

Yes, exactly.

You have to use unique inner vlan ids for each customer.

The config you posted seems perfect.

Thanks for your help - next question - Is there a way I can simulate this in dev before I put it into Production?

I have 2 x 3550 Switches, and the 4948

Have configured as follows - but am getting Encapsulation errors.

Physically:

Port 1 on each switch are connected via cross over

Port 2 and 3 are looped on each switch

All interfaces are UP UP

3550 Switch

interface FastEthernet0/1

description ISP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 102

switchport mode trunk

!

interface FastEthernet0/2

description LOOP-METRO-TAG Customer 1

switchport access vlan 102

switchport mode dot1q-tunnel

switchport nonegotiate

no cdp enable

spanning-tree bpdufilter enable

!

interface FastEthernet0/3

description LOOP-INNER-TAGS Customer 1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 60,70

switchport mode trunk

no cdp enable

!

interface Vlan60

description Customer 1 Private Subnet

ip address 10.0.60.2 255.255.255.0

!

interface Vlan70

description Customer 1 Private Subnet

ip address 10.0.70.2 255.255.255.0

4948 Switch

interface GigabitEthernet1/1

description ISP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 102

switchport mode trunk

!

interface GigabitEthernet1/2

description LOOP-METRO-TAG Customer 1

switchport access vlan 102

switchport mode dot1q-tunnel

switchport nonegotiate

no cdp enable

!

interface GigabitEthernet1/3

description LOOP-INNER-TAGS Customer 1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 60,70

switchport mode trunk

no cdp enable

!  

interface Vlan60

ip address 10.0.60.1 255.255.255.0

!

interface Vlan70

ip address 10.0.70.1 255.255.255.0

Where do you see those encapsulation errors ?

Have you created the vlans in the vlan database ?