#

Friday, September 13, 2019

Configuring Q-in-Q Tunneling

This method is used to tunnel layer 2 frames through another layer 2 network. This is used by service providers to give layer 2 extensions to customers who needs to connect their same LAN over the service provider network.

Name for this method came because this is done by encapsulating the existing 802.1Q frame with another 802.1Q frame. Anyhow an untagged frame can also be tunneled through a 802.1Q frame by using this technique.

Note that the SP-SW1 are not Cisco 2960 like L2 access switches as they will not support dot1q tunneling. Cisco 3750 will do the job and typically Metro Ethernet switches will be used by service providers.

Following is a typical scenario..

SP-SW1 and SP-SW2 must be configured like the following..

SP-SW1(config)#int e0/0
SP-SW1(config-if)#switchport mode dot1q-tunnel
SP-SW1(config-if)#switchport access vlan 100

 SP-SW2(config)#int e0/1
SP-SW2(config-if)#switchport mode dot1q-tunnel
SP-SW2(config-if)#switchport access vlan 100

VLAN 100 must be extended on interfaces connecting SP-SW1 + SP-CORE + SP-SW2 together. This is the underlay VLAN of the tunnel which goes through ISP network..

Links connecting customer switches and provider switches from customer end can be configured as access ports or as trunks . For this example, I am configuring them as access ports.

CS01(config)#int e0/0
CS01(config-if)#switchport mode access
CS01(config-if)#switchport access vlan 10

 CS02(config)#int e0/0
CS02(config-if)#switchport mode access
CS02(config-if)#switchport access vlan 10

If both the PC1 and PC2 are in VLAN 10, they can reach each other by now..
But Spanning-Tree for VLAN 10 will not be contiguous because the BPDUs will be be forwarded through the tunnel by default.. So both CS01 and CS02 will act as primary root bridges in this case.
Also show cdp neighbors will not give anything on customer switches..

Following is such a case.. (don't think about interfaces as this is taken from actual switches)


























In order to solve these layer 2 problems, we have to configure following commands on tunnel interfaces of SP-SW1 & SP-SW2..

SP-SW1(config-if)#l2protocol-tunnel stp
SP-SW1(config-if)#l2protocol-tunnel cdp

 SP-SW2(config-if)#l2protocol-tunnel stp
SP-SW2(config-if)#l2protocol-tunnel cdp
by at
Tags ,

3 comments:

  1. dianMay 26, 2020 at 3:41 PM

    what image u use? can u send me the image

    ReplyDelete
  2. Roshan ChampikaJuly 3, 2020 at 12:25 PM

    @dian,
    It's cisco iol, Cisco IOS would do the same.

    ReplyDelete
  3. KAZEEM YUSUFAugust 4, 2020 at 7:32 PM

    Roshan,I'm glad I finally got to this new blog. The old one seems lost.
    Which particular Cisco oil image is this. I have tried several ones, they cannot input the 'mtu 1540' for example under the interfaceq

    ReplyDelete

Subscribe to: Post Comments (Atom)