×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Dual-tag processing on a Cisco switch

Unanswered Question
Nov 23rd, 2011
User Badges:

Hi All,


I have ran into an interesting issue. Consider the following simple topology-


R1 ------ Switch ------- R2


R1 is configured to send dual-tagged packets to R2. The configurations of R1 and R2 are as follows-


R1-

interface fa 1/0.100

encapsulation dot1q 10 second-dot1q 100

ip address 10.1.100.1 255.255.255.0

!


R2-

interface fa 1/0.100

encapsulation dot1q 10 second-dot1q 100

ip address 10.1.100.2 255.255.255.0

!


Now, I can ping between R1 and R2. But when I check the mac address-table on the switch, all the traffic is classified to VLAN 1 (native vlan). So, if I want to separate traffic on this switch based on the outer-tag, I am not able to do it. In other words, this switch considers all the traffic as untagged. So the question is - how does a switch process dual-tagged frames?


If I remove VLAN 1 or force the switch to tag native vlan frames, the communication between R1 and R2 stops.


Any information would be appreciated.


Thanks.


Amit.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
James D Hensley Wed, 12/21/2011 - 11:49
User Badges:
  • Cisco Employee,

Hi Amit,


I have a few questions. 


- Can you provide me the switch config and show version?

- what interfaces are conneting the routers?


Unless it is configured to create a tunnel or is a metro switch with service instances the switch will only look at the outer tag.  

amit.bhagat Wed, 12/21/2011 - 17:50
User Badges:

Hi James,


I just fixed this issue a minute ago. There were 2 things that were overlooked-


1. We did not create any VLANs on the switch (Cisco 6504, IOS s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXJ). In the example above, the outer VLAN 10.


2. The Ethertype value. By default, Cisco switch has ethertype 0x8100 for both tags (weird!!!). However, the routers were using 0x88a8 for the outer-tag.


The issue I was seeing earlier was that the switch was considering all traffic as un-tagged and did not look at the outer tag due to the ethertype value. So, for all "trunk" ports, it required VLAN 1. In a way, flooding all ports for unknown MAC address.


So, I configured the VLAN natively on the switch. I also changed the ethertype value to 0x88a8 using the command "switchport dot1q ethertype 88a8" (mentioning here for others' reference).


Somehow, your comment helped me. Thanks for replying.


Best regards,

Amit.

janardhan632 Fri, 03/23/2012 - 14:59
User Badges:

Hi Amit,


I hit the same issue. Could you pl share me the exact configuration you done on both ports of cisco


R1----(port1)Cisco(port2)----R2


I am sending packet from R1 to R2 with vlan say 1700:29 (outer tag tpid 88a8 and innter it is 8100. I am just using cisco as a switch  based on the vlans.


Thanks,

Janardhan

amit.bhagat Sun, 03/25/2012 - 15:05
User Badges:

Hi Janardhan,


I did exactly what I have mentioned in my comment above. Create the vlan locally (enable/disable STP as required) and configured appropriate ethertype. Here's the sample config-


interface GigabitEthernet4/1

switchport

switchport trunk encapsulation dot1q

switchport dot1q ethertype 88A8

switchport trunk allowed vlan 1-100,300-1000,1233-1235

switchport mode trunk

mtu 9216

mls qos trust cos

end


Hope this helps.


Best Regards,

Amit.

Actions

This Discussion