cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2697
Views
4
Helpful
4
Replies

Dual-tag processing on a Cisco switch

amit.bhagat
Level 1
Level 1

Hi All,

I have ran into an interesting issue. Consider the following simple topology-

R1 ------ Switch ------- R2

R1 is configured to send dual-tagged packets to R2. The configurations of R1 and R2 are as follows-

R1-

interface fa 1/0.100

encapsulation dot1q 10 second-dot1q 100

ip address 10.1.100.1 255.255.255.0

!

R2-

interface fa 1/0.100

encapsulation dot1q 10 second-dot1q 100

ip address 10.1.100.2 255.255.255.0

!

Now, I can ping between R1 and R2. But when I check the mac address-table on the switch, all the traffic is classified to VLAN 1 (native vlan). So, if I want to separate traffic on this switch based on the outer-tag, I am not able to do it. In other words, this switch considers all the traffic as untagged. So the question is - how does a switch process dual-tagged frames?

If I remove VLAN 1 or force the switch to tag native vlan frames, the communication between R1 and R2 stops.

Any information would be appreciated.

Thanks.

Amit.

4 Replies 4

James D Hensley
Cisco Employee
Cisco Employee

Hi Amit,

I have a few questions. 

- Can you provide me the switch config and show version?

- what interfaces are conneting the routers?

Unless it is configured to create a tunnel or is a metro switch with service instances the switch will only look at the outer tag.  

Hi James,

I just fixed this issue a minute ago. There were 2 things that were overlooked-

1. We did not create any VLANs on the switch (Cisco 6504, IOS s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXJ). In the example above, the outer VLAN 10.

2. The Ethertype value. By default, Cisco switch has ethertype 0x8100 for both tags (weird!!!). However, the routers were using 0x88a8 for the outer-tag.

The issue I was seeing earlier was that the switch was considering all traffic as un-tagged and did not look at the outer tag due to the ethertype value. So, for all "trunk" ports, it required VLAN 1. In a way, flooding all ports for unknown MAC address.

So, I configured the VLAN natively on the switch. I also changed the ethertype value to 0x88a8 using the command "switchport dot1q ethertype 88a8" (mentioning here for others' reference).

Somehow, your comment helped me. Thanks for replying.

Best regards,

Amit.

Hi Amit,

I hit the same issue. Could you pl share me the exact configuration you done on both ports of cisco

R1----(port1)Cisco(port2)----R2

I am sending packet from R1 to R2 with vlan say 1700:29 (outer tag tpid 88a8 and innter it is 8100. I am just using cisco as a switch  based on the vlans.

Thanks,

Janardhan

Hi Janardhan,

I did exactly what I have mentioned in my comment above. Create the vlan locally (enable/disable STP as required) and configured appropriate ethertype. Here's the sample config-

interface GigabitEthernet4/1

switchport

switchport trunk encapsulation dot1q

switchport dot1q ethertype 88A8

switchport trunk allowed vlan 1-100,300-1000,1233-1235

switchport mode trunk

mtu 9216

mls qos trust cos

end

Hope this helps.

Best Regards,

Amit.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco