I am connecting a multilink site to a client. I am using qinq stacking and assigning them a vlan based off that stack. The problem come when adding another service such as Internet connectivity. I was going to assign an ip to the vlan i am using as the extra tag, but that presents a problem with possible security. If they have untagged trafic going through my stack, it will get the default vlan and present a problem. The only thing I can think of doing is having two vlans for both services:
1) to connect their sites
2) for their Internet traffic that is shared through one of their sites.
Anyone have any thoughts on if this is the way it should be done or have another opinion? Thank you!
802.1Q tunneling* (QinQ), also known as tag stacking, allows the deployment of secure TLS by building on the standard capabilities of the IEEE 802.1Q protocol (please see reference 2) that is included on all Cisco switches. In particular, 802.1Q tunneling or tag stacking enables service providers to offer "virtual private LANs" that appear as a logical wire or pipe to their customers. Although some customers use overlapping VLAN ranges, traffic remains isolated from one customer to another customer. Point-to-point and point-to-multipoint topologies are possible and easy to deploy. With the introduction of Layer 2 Protocol Tunneling (L2PT), resilient network designs can be implemented. See the following sections for more details on L2PT.
The main advantage of 802.1Q tunneling is that it enables service providers to segregate traffic from different size (enterprise, medium, or small) customers in their infrastructure, while significantly reducing the number of VLANs required to support individual customer connections. Multiple customer VLANs can be transparently carried inside a single provider VLAN configured on a Cisco Catalyst 6500 Series without losing their unique VLAN IDs. In addition, the number of VLANs required to support 802.1Q tunnels in the service provider network can be reduced significantly, while the aggregate number of available VLANs can jump from 4096 up to a theoretical maximum of more than 16 million (= 40962). By using these Layer 2 tunnels, it is possible to deliver enterprise-scale connectivity deployed on a shared infrastructure with the same security, prioritization, reliability, and manageability of a private network
Can you tell me what sections you are talking about? Also, my question was more in regard to services offered. I know how to segregate the traffic, but my question is to break the qinq with internet traffic. My feeling is you need to have a separate vlan for the Internet traffic vs. the network connectivity vlan.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...