05-03-2010 11:24 AM - edited 03-06-2019 10:55 AM
Hi,
Have a number of receiving vlans (t) on an interface, all of them should be tunneled with dot1q expect one vlan.
This vlan is for multicast and therefor should not have an additional tag.
Have only found solutions where the entire interface is tunneled.
Can I use native vlan any way?
Has anyone any ideas?
Configuration example?
Thanks Niklas
Solved! Go to Solution.
05-04-2010 09:18 AM
Hello Niklas,
if the Vlan simply does not need to be propagated just use the allowed vlan list on CE side to skip it.
if you want the vlan to be propagated but without double tagging I would use a separate link for this.
I think it is safer and also easier to troubleshoot.
Note also that you have linked an ME 3400 configuration guide and your customer has a C4500.
see
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/tunnel.html
there are restrictions about the type of supervisor and image feature set
Edit:
however, the use of native vlan for L3 services could be possible:
>> IP routing is not supported on a VLAN that includes 802.1Q ports. Packets received from a tunnel port are forwarded based only on Layer 2 information. If routing is enabled on a switch virtual interface (SVI) that includes tunnel ports, untagged IP packets received from the tunnel port are recognized and routed by the switch. Customers can access the Internet through the native VLAN. If this access is not needed, you should not configure SVIs on VLANs that include tunnel ports.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/tunnel.html
the only limit you can only handle one vlan in this way. if later another vlan should be propagated without double 802.1Q tag you will a second link that is not an 802.1Q tunnel.
Hope to help
Giuseppe
05-03-2010 11:46 AM
Hello Niklas,
generally speaking filtering on Vlan-id is not possible.
However, with some specific platform and recent IOS this would be possible.
see
selective QinQ mapping on Me 3400
>>This example shows how to configure selective QinQ mapping on the port so that traffic with a C-VLAN ID of 1 to 5 enters the switch with an S-VLAN ID of 100. The traffic of any other VLAN IDs is dropped.
Switch(config)# interface gigabiethernet0/1
Switch(config-if)# switchport vlan mapping 1-5 dot1q-tunnel 100
Switch(config-if)# switchport vlan mapping drop default
Switch(config-if)# exit
and on C3750 ME
these features allows also to map a specific customer vlan to a service provider vlan and this would allow to use a single port as an 802.1Q tunnel for some vlans and as a "normal" port for other vlan(s)
if you don't have these platforms you should deploy two links:
one with dot1q tunnel with the list of permitted vlans tuned on CE side to deny the vlan of the multicast traffic.
a dedicated link for the multicast traffic vlan not configured as a tunnel dot1q
Hope to help
Giuseppe
05-04-2010 07:42 AM
Hi,
Thanks for the response.
The customer has c4500 hw, and if I have understood right vlan-mapping is not supported on this platform.
The following document talk about using native vlan to solve this problem, maybe I have completely wrong.
Have tried following config:
incoming interface
interface GigabitEthernet1/0/10
switchport access vlan 1000
switchport trunk native vlan 40
switchport mode dot1q-tunnel
load-interval 30
srr-queue bandwidth share 25 25 25 20
priority-queue out
mls qos trust dscp
no cdp enable
tunnel interface:
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
switchport trunk allowed vlan 32,40,102,1000,2388
switchport mode trunk
load-interval 30
srr-queue bandwidth share 25 25 25 20
priority-queue out
mls qos trust dscp
no cdp enable
BR Niklas
05-04-2010 09:18 AM
Hello Niklas,
if the Vlan simply does not need to be propagated just use the allowed vlan list on CE side to skip it.
if you want the vlan to be propagated but without double tagging I would use a separate link for this.
I think it is safer and also easier to troubleshoot.
Note also that you have linked an ME 3400 configuration guide and your customer has a C4500.
see
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/tunnel.html
there are restrictions about the type of supervisor and image feature set
Edit:
however, the use of native vlan for L3 services could be possible:
>> IP routing is not supported on a VLAN that includes 802.1Q ports. Packets received from a tunnel port are forwarded based only on Layer 2 information. If routing is enabled on a switch virtual interface (SVI) that includes tunnel ports, untagged IP packets received from the tunnel port are recognized and routed by the switch. Customers can access the Internet through the native VLAN. If this access is not needed, you should not configure SVIs on VLANs that include tunnel ports.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/tunnel.html
the only limit you can only handle one vlan in this way. if later another vlan should be propagated without double 802.1Q tag you will a second link that is not an 802.1Q tunnel.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide