06-30-2013 09:19 AM - edited 03-07-2019 02:09 PM
Hello,
I need to simulate traffic with double tagged vlan on internal LAN. For better describe attaching picture.
I have 2 phones, which make internal call between them. Both are connected to different switches. I need to duplicate traffic between phones, but in addition before duplicating I need to double tag vlan with q-in-q and then send double tagged traffic to server which is monitoring that traffic. I need to simulate this to have same result as customer which don't want provide configurations and we need to fix our product based on that.
Is q-in-q supported on 3560? documentation didn't tell me a much.
Could somebody help me with some sample configuration?
Thanks
06-30-2013 11:52 AM
Hello Tibor,
The Catalyst 3560 does indeed support Q-in-Q. Regarding the configuration, ports between the Cat3560 switches will be configured as normal trunks using the switchport mode trunk command. Ports towards "clients" that send tagged frames themselves will be configured using the following commands:
switchport mode dot1q-tunnel
switchport access vlan S-VLAN
where the S-VLAN is the VLAN inside the service provider network used to encapsulate and carry all traffic of this customer.
It is also suggested to use the vlan dot1q tag native global configuration command to prevent Cat3560 from untagging any frames, possibly leading to VLAN leaking that can sometimes occur in Metro Ethernet environments under specific circumstances.
You may read more about the feature here:
Performing a local SPAN session on trunk ports carrying double-tagged traffic is no different from doing any other SPAN session, however, remember to use the encapsulation replicate command when configuring the SPAN session, i.e.:
monitor session 1 source interface Fa0/23 ! suppose that Fa0/23 is the trunk port
monitor session 1 destination interface Fa0/24 encapsulation replicate ! Fa0/24 is the monitoring port
Also, it has been my observation that Windows have troubles showing any VLAN tags in received frames - this is caused by the NIC drivers. Linux usually has no problems with this.
Of course, you are welcome to ask further!
Best regards,
Peter
06-30-2013 12:42 PM
Thanks Peter,
i'm little bit confused from documentation - on every place is talking about service provider network. so if I understand correctly...?
Switch 1 with phone connected:
- phone port mode access with some vlan
- some port as mode trun and encapsulation dot1q
Swtich 2 with second phone connected:
- same as switch 1
Switch 3 - distribution:
- port for switch 1 mode dot1q-tunnel
- port for switch 2 mode dot1q-tunnel
but how to span... in between 3560 switches on 3750? span trunk ports as source?
how to double tag on dot1q-tunnel?
is for tagging enough just "mode dot1q-tunnel" and "switchport access vlan XY"?
06-30-2013 01:58 PM
Hi Tibor,
Each your 3560 has two specific ports: one towards an IP phone, the other towards the 3750 distribution switch. I assume you want to see the voice traffic to be actually double-tagged on trunks between the 3560 and 3750. Am I correct here?
If yes then the port towards an IP phone shall be configured as follows:
switchport mode dot1q-tunnel
switchport voice vlan 7 ! the voice VLAN
switchport access vlan 77 ! the S-VLAN
cdp enable ! we need CDP for the voice VLAN autodiscovery
VLAN 77 here will be the S-VLAN.
Ports between the 3560 and 3750 switches shall be configured simply as:
switchport trunk encapsulation dot1q
switchport mode trunk
Monitoring will be performed using the monitor session commands I have indicated in my previous reply. You can monitor any trunk port, either on the 3560 or on the 3750. In any case, the monitoring PC must be connected to the switch where you perform the monitoring.
I do not understand, though, why do you need to perform the double tagging in the first place. What are you trying to accomplish here?
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: