802.1q tunneling from customer switch

Unanswered Question
Feb 26th, 2010

I haven't seen an example of 802.1q tunneling from the customer perspective.  Our service provider gives us a Gig ethernet link at each site.  This is a tagged vlan (vlan 2000).  Our Switches are Cisco 6504 with a sup32 standard IOS.  The SP fiber connects directly to a SFP on our Sup32.  Our service provider equipment (non-cisco) doesn't support QinQ or tunneling, but we would like to extend a couple of vlans between sites.  I know I can enable 802.1q tunnel on our interface facing the SP, but since these 6504's are also access layer devices, I'm unsure of how to attach our internal vlans to that tunnel.  Can this be done without adding a sperate device in front of our 6500?  I've already verified that our SP can increase the MTU to 1504.  Attached is a simple diagram, Building A & B are the 6504.

Thank you for your input.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcporter Fri, 02/26/2010 - 14:47

Hi Reza,

Thank you for your reply.  Unfortunately the provider isn't currently running MPLS.  I was doing some reading on l2tpv3 and pseudowire but it doesn't look my IOS supports this either.

Ganesh Hariharan Sat, 02/27/2010 - 22:36

I haven't seen an example of 802.1q tunneling from the customer perspective.  Our service provider gives us a Gig ethernet link at each site.  This is a tagged vlan (vlan 2000).  Our Switches are Cisco 6504 with a sup32 standard IOS.  The SP fiber connects directly to a SFP on our Sup32.  Our service provider equipment (non-cisco) doesn't support QinQ or tunneling, but we would like to extend a couple of vlans between sites.  I know I can enable 802.1q tunnel on our interface facing the SP, but since these 6504's are also access layer devices, I'm unsure of how to attach our internal vlans to that tunnel.  Can this be done without adding a sperate device in front of our 6500?  I've already verified that our SP can increase the MTU to 1504.  Attached is a simple diagram, Building A & B are the 6504.

Thank you for your input.

Hi,

As per the diagram you have already running 802.1q trunk between your SP and access layer switches, if you want other vlan to also send to other side just allow thos vlan over the trunk by the following command in cisco switch sideand ask your sp to do the same in non cisco device end.

Commands to configure in switch           Explanation

Configure Terminal                                Enter global configuration mode


Interface FastEthernet0/1                      Entering interface configuration for port 0/1. This is where you pick the port you want to trunk.


Switchport mode trunk                          Set port to trunking mode.


Switchport trunk encapsulation dot1q     Set trunk type to 802.1q. If your switch only supports either ISL or 802.1q, this command does not exist                                                                 because  there is nothing to specify. This command only works when you can choose between the two.

Switchport trunk allow vlan 10-15,20       Allow only VLANs 10 through 15 and VLAN 20. It is important that you restrict the VLANs to only the ones you                                                            need for security best practices.

Exit                                                     Exit interface

Hope to Help !!

Ganesh.H

marcporter Sun, 02/28/2010 - 08:43

ganeshh.iyer wrote:


Hi,

As per the diagram you have already running 802.1q trunk between your SP and access layer switches, if you want other vlan to also send to other side just allow thos vlan over the trunk by the following command in cisco switch sideand ask your sp to do the same in non cisco device end.


Here is where the problem is.  Yes, it is an 802.1q trunk, but the SP restricts the allowed vlans to only vlan 2000.  That is why I wanted to run something like QinQ.  If I want to put other vlans on that 802.1q trunk, I must pay an extra $75 per month per site to the SP.

Reza Sharifi Sun, 02/28/2010 - 08:57

Hi Marc,

Do you have to have L-2 connectivity between these 2 locations? Is this an application requirement to have L-2 connectivity between the sites?

If not then you may want to segment your networks and do 3 vlans on one site and 3 different ones on the other site and layer-3 connectivity from each site to your provider.

HTH

Reza

marcporter Sun, 02/28/2010 - 09:08

We do have L3 connectivity now, and it works well.  We use Vlan 2000 as a point to point link between the sites, and put a routed interface on that VLAN, as well as a routed interface on each private vlan.

We have some legacy 3com telephones that only operate over L2 that we would like to extend to remote sites, in an isolated vlan.  Also from time to time it would be nice to attach our lab workstations to the same L2 network as a remote site for testing and troubleshooting.

We can live without the L2 connectivity, I was just hoping someone had a solution without the need for additional equipment.  Thank you for your suggestions thus far.

Actions

This Discussion