Hello,
I have a Cisco Catalyst 4500-X connected to an ISP lan to lan link. This link does exclusively L2 transport.
As per my company needs, I have to transmit my local vlans to the remote sites located behind this L2 link. To do so we chose to use Q-in-Q over this link.
It means that I get one SVLAN (Service Provider VLAN) per remote site to transport 10 local vlans for each site (DATA vlan, TOIP vlan, WIFI vlan...)
Example :
For site A : vlans 1291 to 1299 get transport in Dot1Q Tunnel 3129 (SVLAN 3129). When it gets decapsulated at the remote site, the original dot1q frame is received and taken care of by a small cisco switch.
Normally, the architecture is simple ;
As a client to my ISP, I set up a trunk port and send him all the vlans I have. The ISP has a mapping table and does the encapsulation/decapsulation on its own devices. The ISP then delivers the original dot1q frame to my remote switch.
However, I have an ISP who insists that I should be doing encapsulation on my local site, before sending them the already-encapsulated frames to forward and they will decapsulate them.
I am very skeptical that it should work, but I still gave it a shot following Cisco documentation here :
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/configuration/guide/tunnel.html#wp1048758
To explain my problem, I have this configuration on the port connected to the ISP port :
interface TenGigabitEthernet1/1/14
description *** Interco LAN to LAN Completel ***
switchport access vlan 999 --> Native vlan in case the trunk fails
switchport trunk allowed vlan all --> for the sake of simplicity
switchport mode trunk
switchport nonegotiate
switchport vlan mapping 1291-1299 dot1q-tunnel 3129 --> Mapping 1291 to 1299 to SVLAN 3129
The ISP has this configuration on their port connected to my local switch :
dot1q pvc 3129 encapsulation 1qtunnel
description C8436-00011-001-C8667-00020-001
bind interface qiqpvc L2L_32461
bridge profile trunk
qos policy policing l2l-2Mbps-IN-6 inherit
qos policy metering l2l-2Mbps-OUT inherit
dot1q pvc transport 3129:1 through 4000
bridge profile trunk
bind interface qiqpvc L2L_32461
On the remote site I have a switch in vlan 1291 with an ip address. I try to ping it but it just won't work. I'm not seeing any MAC address either on my port.
My question is : should this configuration be working ? Is it normal that I should be the one doing the mapping? In my mind the ISP should be doing that...
I have another configuration example where I create a "dot1q tunnel" port on my switch but it doesn't work either way. What should I check or do ?
EDIT :
I ran a debug ip packets for my problem :; here is what I got :
*Oct 28 07:11:02.906: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if Vlan1291 nh none deag 1 chg_if 0 via fib 0 path type connected prefix
*Oct 28 07:11:02.906: FIBfwd-proc: packet routed to Vlan1291 p2p(0)
*Oct 28 07:11:02.906: FIBipv4-packet-proc: packet routing succeeded
*Oct 28 07:11:02.906: IP: tableid=0, s=10.129.1.254 (local), d=10.129.1.1 (Vlan1291), routed via FIB
*Oct 28 07:11:02.906: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if Vlan1291 nh none uhp 1 deag 0 ttlexp 0
*Oct 28 07:11:02.906: FIBfwd-proc: sending link IP ip_pak_table 0 ip_nh_table 65535 if Vlan1291 nh none uhp 1 deag 0 chgif 0 ttlexp 0 rec 0
SR-VDGDSIT-4500X-BB1#
*Oct 28 07:11:02.906: IP: s=10.129.1.254 (local), d=10.129.1.1 (Vlan1291), len 100, sending
*Oct 28 07:11:02.906: ICMP type=8, code=0
*Oct 28 07:11:02.907: IP: s=10.129.1.254 (local), d=10.129.1.1 (Vlan1291), len 100, encapsulation failed
Thanks for the help
Jeremy
