10-14-2011 12:54 AM - edited 03-04-2019 01:56 PM
I am looking at an issue where we have 2 x 3560's connected via a layer 2 connection between two sites.
I have been given a q in q config but I don't think it is right?
They have specified a different vlan on each side? - I thought the vlans had to match??
** SITE A **
interface GigabitEthernet0/23
description *** Q-in-Q Int f
switchport access vlan 3011
switchport mode dot1q-tunnel
** SITE B **
interface GigabitEthernet0/23
description *** Q-in-Q Int f
switchport access vlan 3010
switchport mode dot1q-tunnel
Also how can you troubleshoot this?
I was going to allow cdp over the tunnel with
l2protocol-tunnel cdp
then do a show cdp neighbors and hopefully see the remote switch
Thanks
Roger
10-14-2011 04:18 AM
not personally done this, but I have read alot about it. And yes in my opinion the vlan tag I'd must match on both sides. The provider "preserves" the customer vlan I'd by adding an "extra" ethernet header with a provider tag I'd that allows it to traverse the provider layer 2 without clashing.
Huh.
06-30-2012 11:26 PM
hi
you must run follow command in 2X3560 :
conf t
system mtu 1504
07-01-2012 01:30 AM
@Ebrahim...thats default mtu on 3560. Infact I think its 1508.
@Roger
As per your configuration, you have used vlan 3011 and vlan 3010 that makes it possible for 2 different customers to be connected. When you want a customer vlans to pass across your provider network you need to have same vlans on both the ends.
** SITE A **
vlan dot1q tag native
!
interface GigabitEthernet0/23
description *** Q-in-Q Int f
swithport trunk encap dot1q
switchport access vlan 3011
switchport mode dot1q-tunnel
l2protocol-tunnel
no cdp enable
** SITE B **
vlan dot1q tag native
!
interface GigabitEthernet0/23
description *** Q-in-Q Int f
swithport trunk encap dot1q
switchport access vlan 3011
switchport mode dot1q-tunnel
l2protocol-tunnel
no cdp enable
If you face issues some more details about implementation would be helpful.
Note:
1]l2protocol-tunnel is like a macro it tunnels traffic for tree l2 protocols like STP, VTP and CDP.
2] If you want SP cloud to be transparent use "no cdp enable" on edge switches.
3] Access vlans on both the ends must be same for customer traffic to exit the required interface.
Thanks,
Nandan Mathure
EDIT: As Soroush mentioned you have to enter "switchport trunk encap dot1q" as well so it will carry all the customer vlans as tagged QinQ.
I forgot adding that command in the given config earlier. So this will be the new config as we add command given by Soroush (+5 for him)
07-01-2012 03:31 AM
Hey Roger,
you need to add this command under both of the ACCESS interfaces (Gi0/23): switchport trunk encapsulation dot1q
and VLANs must be the same at both end.
HTH,
plz Rate if it helped,
Soroush.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: