Hello Asif,
I believe you might have already done some reading on Q-in-Q. So, i will add some more things which can make it feel simpler.
- QinQ is a feature which you may require incase you need to transport your VLANs over a service provider network (from a customer's point of view).
- Usually this feature would be used on links like Metroethernet (where service providers will place a switch at customer's premises, you may find that in your MUX room).
Now, from your point (as a customer), you need to extend your Layer 2 backbone from Site-A to Site-B.
If you were to send across your VLAN onto the service provider's network, there would have been a chance of leaking out your VLANs into other customers network. How would you securely transport your VLANs between Site-A & Site-B. So, there come Ethernet QinQ tunneling. You basically create a Layer 2 ethernet tunnel between Site-A & B to transport your VLANs.
How it works
- Two levels of VLAN frame tagging happens - Outer tag & Inner Tag (Multiple tagging of your .1q frames)
- Outer Tag is the service provider tag - This is required because each customer can be uniquely identified or else as i mentioned above, you could end up leaking your VLANs into other customer's network.
- Inner Tag is the customer;s (i.e your) own VLAN tag. You DO NOT need to talk to service provider to decide what VLAN schema you need to use.
- Next what happens, Your tagged / untagged frames enter to the service provider switch (The port where the frame is received is called Tunnel Port). When it receives a tagged frame, it will not strip off the VLAN tag, it will just add a 2-byte ethertype field which contains CoS & VLAN ID. So, the service provider re-tags your original VLAN tag.
- Now, that your frame has been tagged with service-provider tag. It is carried across in the .1q tunnel of the service provider, traversing multiple paths within their cloud.
- Finally when the frame is delivered to the other end of Service provider switch, the switch strips off the outermost tag & transmits the original 802.1Q tag (the one you originated) to the customer switch (i.e your switch at Site-B)
Now, lets do the configuration (I will pretend to be a customer as well as a service provider). Lets assume your topology is something like this :
CUSTOMER_SITEA -->SERVICE-PROVIDER-SW1-A --> SERVICE-PROVIDER-SW1-B -->CUSTOMER_SITEB
On your SITEA switch your configuration is same as you configure a trunk port
interface fas 1/0
description ###Connecting to Service-Provider###
switchport trunk encapsulation dot1q
switchport mode trunk
On the service provider switch A
interface fas0/24
description ###Connecting to Customer-SiteA###
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp <--- if you need to transport CDP & STP over tunnel
l2protocol-tunnel stp
On the service provider switch B
interface fas0/24
description ###Connecting to Customer-SiteB###
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
On the Customer Site-B
interface fas 1/0
description ###Connecting to Service-Provider###
switchport trunk encapsulation dot1q
switchport mode trunk
So, lets replay whats happening here now. You notice the configuration of your customer switches? They are configured to be trunk ports whereas the service provider side is access vlan. What happens is, customer will send out all tagged frames (as its a trunk) & service provider switch will receive the same & add a VLAN tag of 100 over it.
Hope i tried to write up neat If it helps, please do rate.
Thanks
Vivek
