cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2440
Views
5
Helpful
4
Replies

Troubleshoot Q in Q

roger perkin
Level 2
Level 2

I am looking at an issue where we have 2 x 3560's connected via a layer 2 connection between two sites.

I have been given a q in q config but I don't think it is right?

They have specified a different vlan on each side? - I thought the vlans had to match??

** SITE A **

interface GigabitEthernet0/23

description *** Q-in-Q Int f

switchport access vlan 3011

switchport mode dot1q-tunnel

** SITE B **

interface GigabitEthernet0/23

description *** Q-in-Q Int f

switchport access vlan 3010

switchport mode dot1q-tunnel

Also how can you troubleshoot this?

I was going to allow cdp over the tunnel with

l2protocol-tunnel cdp

then do a show cdp neighbors and hopefully see the remote switch

Thanks

Roger

4 Replies 4

andrew.prince
Level 10
Level 10

not personally done this, but I have read alot about it. And yes in my opinion the vlan tag I'd must match on both sides. The provider "preserves" the customer vlan I'd by adding an "extra" ethernet header with a provider tag I'd that allows it to traverse the provider layer 2 without clashing.

Huh.

hi

you must run follow command in 2X3560 :

conf t

system mtu 1504

Nandan Mathure
Level 1
Level 1

@Ebrahim...thats default mtu on 3560. Infact I think its 1508.

@Roger

As per your configuration, you have used vlan 3011 and vlan 3010 that makes it possible for 2 different customers to be connected. When you want a customer vlans to pass across your provider network you need to have same vlans on both the ends.

** SITE A **

vlan dot1q tag native

!

interface GigabitEthernet0/23

description *** Q-in-Q Int f

swithport trunk encap dot1q

switchport access vlan 3011

switchport mode dot1q-tunnel

l2protocol-tunnel

no cdp enable

** SITE B **

vlan dot1q tag native

!

interface GigabitEthernet0/23

description *** Q-in-Q Int f

swithport trunk encap dot1q

switchport access vlan 3011

switchport mode dot1q-tunnel

l2protocol-tunnel

no cdp enable

If you face issues some more details about implementation would be helpful.

Note:  

1]l2protocol-tunnel is like a macro it tunnels traffic for tree l2 protocols like STP, VTP and CDP.

2] If you want SP cloud to be transparent use "no cdp enable" on edge switches.

3] Access vlans on both the ends must be same for customer traffic to exit the required interface.

Thanks,

Nandan Mathure

EDIT: As Soroush mentioned you have to enter  "switchport trunk encap dot1q" as well so it will carry all the customer vlans as tagged QinQ.

I forgot adding that command in the given config earlier. So this will be the new config as we add command given by Soroush (+5 for him)

smehrnia
Level 7
Level 7

Hey Roger,

you need to add this command under both of the ACCESS interfaces (Gi0/23): switchport trunk encapsulation dot1q

and VLANs must be the same at both end.

HTH,

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco