cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
761
Views
0
Helpful
4
Replies

QinQ and Bridging

GarryGlendown
Level 1
Level 1

Hi,

 

on a multi-site installation, I've got some additional requirements to
implement. Currently, two site (CPE) have a tagged ethernet service to a
central site (PE). Now, apart from the L3 traffic, I need to bridge an
additional VLAN from site 2 to site 1 in order to provide a guest WLAN
which is terminated through a firewall at site 1.

Our PE currently is an ASR1000 series router (about to be replaced by ASR900
series), the CPEs are 1941 routers with Security IOS licenses and additional
4-port switching card. Configuring the QinQ as such works fine, e.g. with CPE
configured with this:

interface GigabitEthernet0/1.61400
encapsulation dot1Q 614 second-dot1q 201
ip address 10.99.98.2 255.255.255.0
bridge-group 201

and PE with

interface GigabitEthernet0/1.61400
encapsulation dot1Q 614 second-dot1q 201
ip address 10.99.98.1 255.255.255.0
bridge-group 201

IPs were only added to help debugging/analysis; doing a ping works fine,
therefore I'd expect the actual QinQ stuff working. I have another subinterface
with just the 614 tag, which also seems to work, but on that, all I do is L3 IP.

On the CPE (which I have set up in our lab on another 1941/SEC), I
have also configured (for testing purposes) one of the
switch interfaces on each site router as "switchport access vlan201" ,
then added the "int vlan 201" also into bridge-group 201. IRB is active,
bridge-group 201 is set to protocol IEEE on all routers. On the PE I have
configured the two QinQ subinterfaces also into the same bridge-group. Anyway,
none of the broadcasts or other L2 stuff seems to be transported between the
sites over the QinQ bridge broup.

I assume I'm just missing some minor thing here, but after checking docs
and examples, I'm sort of out of ideas ... none of the docs I found use
the combination of QinQ and bridge groups, so I'm not even sure if this
doesn't work by design ...

Any hints or ideas appreciated ...
4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

Gary,

Can you perhaps post the entire CPE configuration please?

In any case, the bridge-group is a virtual switch instance, and if there is to be a Layer3 (routed) interface in that entire bridge-group then it must be the interface BVI (e.g. BVI201). I am not sure if it permissible to put the bridge-group on an interface Vlan. There is an application of doing so; Cisco calls it Fallback Bridging, and it is intended purely for non-IP traffic. You can read more about it here:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/15-0_2_se/configuration/guide/scg3560/swfallbk.html

But I am not entirely sure what exactly is what you are trying to accomplish. Can you perhaps try to describe it once again, perhaps in an example or in different words?

Best regards,
Peter

Due to time constraints, I have decided to drop the QinQ config with bridging and instead configure PseudoWire to bridge the two vlans ... tested on the trial licenses and works like charm with three lines of config ;) Getting the data license is probably cheaper than sinking additional time into the QinQ stuff ...

I also tried the BVI stuff, did not seem to work either ...

Hi Garry,

Okay :) Did you use L2TPv3?

Best regards,
Peter

Yes ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: