QinQ configuration

Answered Question
Aug 4th, 2008
User Badges:

Hi guys,


can someone explain to me, how to configure QinQ on 6509 with Sup720, WS-X6748 with IOS 12.2(18)SXE6a.


I'm not shure, but I think there is something missing in the cisco-docs.


I found that I have to set the "switchport mode" to dot1q-tunnel, but how does the switch know where the "tunnel" starts and where it ends?


by Dirk

Correct Answer by Edison Ortiz about 8 years 7 months ago

interface fx/x

switchport mode do1tq-tunnel

switchport access-vlan 10



On the ingress and egress interfaces on the switches.


Make sure to allow vlan 10 on the 802.1q trunks.


The external Vlans will not be known to your switches. Your switches only care about Vlan 10.


A configuration example is provided in the Cat6500 QinQ configuration.


I don't have the hardware to do a customer duplication example, per your config.


HTH,


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Edison Ortiz Mon, 08/04/2008 - 12:22
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Any interface with the switchport mode dot1q-tunnel and the customer Vlan is part of the tunnel.


802.1Q tunneling is not restricted to point-to-point tunnel configurations. Any tunnel port in a tunnel VLAN is a tunnel entry and exit point. An 802.1Q tunnel can have as many tunnel ports as are needed to connect customer switches.


HTH,


__


Edison.



Dirk Woellhaf Mon, 08/04/2008 - 12:48
User Badges:

Thanks for the reply,


I my case, I have to span the L2 infrastructure over two buildings.


My idea is/was:


I've got external vlan-id's 70-260, wanna encapsulate them into my internal vlan 10, transport them over my internal L2 (802.1q-trunk) infra to the other building remove the vlan-id 10, and forward the frame to the external devices.


Maybe, you can provide me with a configuration-example.


Dirk


Correct Answer
Edison Ortiz Mon, 08/04/2008 - 13:52
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

interface fx/x

switchport mode do1tq-tunnel

switchport access-vlan 10



On the ingress and egress interfaces on the switches.


Make sure to allow vlan 10 on the 802.1q trunks.


The external Vlans will not be known to your switches. Your switches only care about Vlan 10.


A configuration example is provided in the Cat6500 QinQ configuration.


I don't have the hardware to do a customer duplication example, per your config.


HTH,


__


Edison.

cisfajorin Tue, 08/05/2008 - 03:08
User Badges:

if am correct are you trying to span the vlans 70-260 and then encapsulate them in vlan ten to another device on the next building for inspection or something.

cisfajorin Tue, 08/05/2008 - 06:23
User Badges:

well I think you will need more than just QinQ if you even need it at all.but am sure span port configuration will make your work easier, look into this doc and see if it might help, I am also reading it cause as a security person it will be of good use in deploying IPS. http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#descp

Edison Ortiz Tue, 08/05/2008 - 06:29
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Careful.


The original poster mentioned 'span' in term of 'extending' the Vlan


NOT


Span the switchport for traffic analysis.


The 2 concepts are very different.


__


Edison.

guruprasadr Tue, 08/05/2008 - 06:46
User Badges:
  • Gold, 750 points or more

HI, [Pls RATE if HELPS]


I have implemented a Scenario as below:


Base Station - A

=================


Metro Edge Switch Config:

int Gi 0/46

switchport access vlan 402 >> OuterVLAN in QnQ

switchport mode dot1q-tunnel

description X-Connect to BaseStation-LAN


Base Satation LAN Switch Config:

int GI 0/45

description X-connection to Metro Edge

switchport trunk encapsulation dot1q

switchport mode trunk


Bast Station - B

=================


Metro Edge Switch Config:

int GI 0/46

switchport access vlan 401 >> OuterVlan in QnQ

switchport mode dot1q-tunnel

description X-connect to Bast Station LAN


Base Station LAN Switch Config:

int GI 0/45

description X-Connect to Metro Edge

switchport trunk encapsulation dot1q

switchport mode trunk


NOC:

====


Metro Head end Switch Config:

int GI 0/45

description to X-Connect to Provider Edge

switchport mode dot1q-tunnel

switchport mode trunk


Provider Edge Router Config:

int Gi 0/1.402100

encapsulation dot1q 402 second-dot1q 100

!! 402 is the OuterVLAN and 100 is Customer VLAN

ip address 10.100.0.101 255.255.255.252

description Customer Bast Station - A



int Gi 0/1.401100

encapsulation dot1q 401 second-dot1q 100

!! 401 is the OuterVLAN and 100 is Customer VLAN

ip address 10.100.0.101 255.255.255.252

description Customer Bast Station - B


In the above Config the QnQ is enabled in the Metro Edge & provider edge routers encapsulation function will be carried out by the edge metro switches and PE Routers. By this way the VLAN's are duplicated are in Metro network itself also making the VLAN allocation locally.


Hope I am Informative.


PLS RATE if HELPS


Best Regards,


Guru Prasad R


Actions

This Discussion