Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2654
Views
0
Helpful
3
Replies

How to q-in-q and span on 3560?

Tibor Marchyn
Level 1
Level 1

‎06-30-2013 09:19 AM - edited ‎03-07-2019 02:09 PM

Hello,

I need to simulate traffic with double tagged vlan on internal LAN. For better describe attaching picture.

I have 2 phones, which make internal call between them. Both are connected to different switches. I need to duplicate traffic between phones, but in addition before duplicating I need to double tag vlan with q-in-q and then send double tagged traffic to server which is monitoring that traffic. I need to simulate this to have same result as customer which don't want provide configurations and we need to fix our product based on that.

Is q-in-q supported on 3560? documentation didn't tell me a much.

Could somebody help me with some sample configuration?

Thanks

q-in-q.png                  

Labels:
0 Helpful
3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

‎06-30-2013 11:52 AM

Hello Tibor,

The Catalyst 3560 does indeed support Q-in-Q. Regarding the configuration, ports between the Cat3560 switches will be configured as normal trunks using the switchport mode trunk command. Ports towards "clients" that send tagged frames themselves will be configured using the following commands:

switchport mode dot1q-tunnel

switchport access vlan S-VLAN

where the S-VLAN is the VLAN inside the service provider network used to encapsulate and carry all traffic of this customer.

It is also suggested to use the vlan dot1q tag native global configuration command to prevent Cat3560 from untagging any frames, possibly leading to VLAN leaking that can sometimes occur in Metro Ethernet environments under specific circumstances.

You may read more about the feature here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/15.0_2_se/configuration/guide/swtunnel.html

Performing a local SPAN session on trunk ports carrying double-tagged traffic is no different from doing any other SPAN session, however, remember to use the encapsulation replicate command when configuring the SPAN session, i.e.:

monitor session 1 source interface Fa0/23 ! suppose that Fa0/23 is the trunk port

monitor session 1 destination interface Fa0/24 encapsulation replicate ! Fa0/24 is the monitoring port

Also, it has been my observation that Windows have troubles showing any VLAN tags in received frames - this is caused by the NIC drivers. Linux usually has no problems with this.

Of course, you are welcome to ask further!

Best regards,

Peter

0 Helpful

Tibor Marchyn
Level 1
Level 1
In response to Peter Paluch

‎06-30-2013 12:42 PM

Thanks Peter,

i'm little bit confused from documentation - on every place is talking about service provider network. so if I understand correctly...?

Switch 1 with phone connected:

- phone port mode access with some vlan

- some port as mode trun and encapsulation dot1q

Swtich 2 with second phone connected:

- same as switch 1

Switch 3 - distribution:

- port for switch 1 mode dot1q-tunnel

- port for switch 2 mode dot1q-tunnel

but how to span... in between 3560 switches on 3750? span trunk ports as source?

how to double tag on dot1q-tunnel?

is for tagging enough just "mode dot1q-tunnel" and "switchport access vlan XY"?

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Tibor Marchyn

‎06-30-2013 01:58 PM

Hi Tibor,

Each your 3560 has two specific ports: one towards an IP phone, the other towards the 3750 distribution switch. I assume you want to see the voice traffic to be actually double-tagged on trunks between the 3560 and 3750. Am I correct here?

If yes then the port towards an IP phone shall be configured as follows:

switchport mode dot1q-tunnel

switchport voice vlan 7 ! the voice VLAN

switchport access vlan 77 ! the S-VLAN

cdp enable ! we need CDP for the voice VLAN autodiscovery

VLAN 77 here will be the S-VLAN.

Ports between the 3560 and 3750 switches shall be configured simply as:

switchport trunk encapsulation dot1q

switchport mode trunk

Monitoring will be performed using the monitor session commands I have indicated in my previous reply. You can monitor any trunk port, either on the 3560 or on the 3750. In any case, the monitoring PC must be connected to the switch where you perform the monitoring.

I do not understand, though, why do you need to perform the double tagging in the first place. What are you trying to accomplish here?

Best regards,

Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card