QinQ setup, first time

perpaal · ‎05-07-2013

Hi

I have some 3750 switches in a network, where I need to transport a QinQ connection between them.

SwitchA <-> SwitchB <-> SwitchC <-> SwitchD

Need the QinQ from switchA port 11 and to SwitchD port 9.

Betveen the switches interfaces are in standard 082.1Q trunk mode.

What do I need to configure to make this happend?

I need to make sure that the VLANs in and out of these interfaces do not conflict with the rest of the network, as some VLANs will overlap.

schaef350 · ‎05-07-2013

There are a lot of writeups on it out there on the internet. Here is one that may be useful:

http://technologyordie.com/802-1q-tunneling-aka-qinq

- Be sure to rate all helpful posts

antonio.guirado · ‎05-08-2013

Hello,

QinQ lets add a second tag (provider tag). 802.1q tunneling let apply "special" BPDU (CDP, STP...) for L2 protocols.

Administrative mode "switch mode dot1q-tunnel" do the QinQ. After you need a special command for each L2 protocol

you need "transport" in the QinQ tunnel.

VERY IMPORTANT!!!. You also need change the MTU in all switches because now you MTU needs 4 bytes else (the new 802.1q tag). Use the command "system mtu 1504". It could be needed a reboot to apply the command.

Regards.

paul driver · ‎05-08-2013

Hello

Below is a configuration steps as posted by Antonio.

1) Configure all switches with mtu of 1504 and power cycle

2) SwitchA <-> SwitchB <-> SwitchC <-> SwitchD - Configure trunks between

3) make sure vtp domain is configured and all vlans have propergated throught the switches -

vtp domain xx

SwitchA port 1

SwitchD port 9

swtchport vlan access xx
switch mode dot1q-tunnel
l2protocol-tunnel cdp (vtp/stp)

clear cdp table

sh l2protocol-tunnel summary

sh dot1q-tunnel

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

antonio.guirado · ‎05-08-2013

Hello again,

notice that MAC-learning is active and all switch will see the users MAC. This is an issue to be considered because

threre is a limit in the number of MAC a switch can learn. If there is non-redundancy topology and each switch has

2 interfaces in the VLAN that made the tunnel, you can disable the MAC-learning without problems to bypass this

issue.

Regards.

antonio.guirado · ‎05-13-2013

Hello,

do not be worried about security. QinQ is as secured as VLAN are. The can have scalability issues as MAC limit or

broadcast storms. Notice that broadcast (and multicast) affect CPU so you must control this packets. You can use

IF-MIB and snmp to measure it . 100 pps are a good limit. We have 15K users a huge VLANs and broadcast are under this threshold. You can also use the following link to control broadcast storms:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swtrafc.html#wp1063295

Regards.

perpaal · ‎05-13-2013

Thank you all for pinching in here

My main concern here, is this safe?

I mean, I`m transporting this QinQ for another company.

This means I have no control over VLANs they transport etc...

Can I be sure this does not interfere with my network?

perpaal · ‎05-22-2013

Another question here. Must VTP be used, why?

I rather not if I do not have to.

perpaal · ‎05-24-2013

Bumping again.

Setting up at test setup here, having some trouble.

Must VTP be used, or is it sufficient to use a VLAN that exists on all switches, and use it?