Network Topology

QnQ

This is a sample configuration on how QinQ work, Here we have a Service Provider Network which provide a transparent link between R1 and R4, SW1 – SW4 are not visible to the customer routers.

On this setup VLAN 14 and 41 (User VLAN) are passing thru the providers switches even thought those two VLAN are not configured on the provider switches instead those VLAN are being encapsulation and assign to VLAN 100 (ISP VLAN Assign to user for Tunnel) which the provider network has configured.

For Further reference.

Configuring QnQ

Layer 2 Protocol Tunneling (L2PT)

 


Configuration

R1

interface FastEthernet0/0
no ip address
no shut
!
interface FastEthernet0/0.14
encapsulation dot1Q 14
ip address 14.0.0.1 255.255.255.0
!
interface FastEthernet0/0.41
encapsulation dot1Q 41
ip address 41.0.0.1 255.255.255.0

R2

interface FastEthernet0/1
no ip address
no shut
!
interface FastEthernet0/1.14
encapsulation dot1Q 14
ip address 14.0.0.4 255.255.255.0
!
interface FastEthernet0/1.41
encapsulation dot1Q 41
ip address 41.0.0.4 255.255.255.0

SW1

VLAN 100

interface FastEthernet0/1
switchport access vlan 100 ! Assign user traffic to ISP vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable 
 
interface FastEthernet0/13 
switchport trunk encapsulation dot1q
switchport mode trunk

SW2

VLAN 100

interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk

interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk

 


SW3

Vlan 100

interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk

interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk

 


SW4

Vlan 100
 
 interface FastEthernet0/4
switchport access vlan 100 ! Assign user traffic to ISP vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
 
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk

 


Verification

Arp Tables

R1#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  14.0.0.1                -   001a.e206.a4c8  ARPA   FastEthernet0/0.14
Internet  41.0.0.1                -   001a.e206.a4c8  ARPA   FastEthernet0/0.41
R2#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  14.0.0.4                -   0014.a9f2.5070  ARPA   FastEthernet0/0.14
Internet  41.0.0.4                -   0014.a9f2.5070  ARPA   FastEthernet0/0.41

MAC Addresses Entries

SW1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1    0019.aafe.f48f    DYNAMIC     Fa0/13
100    0014.a9f2.5071    DYNAMIC     Fa0/13
100    0019.aafe.f48f    DYNAMIC     Fa0/13
100    001a.e206.a4c8    DYNAMIC     Fa0/1

 
SW2#show mac address-table           Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1    000d.29cc.f510    DYNAMIC     Fa0/16
1    001f.9d2c.700f    DYNAMIC     Fa0/13
100    000d.29cc.f510    DYNAMIC     Fa0/16
100    0014.a9f2.5071    DYNAMIC     Fa0/16
100    001a.e206.a4c8    DYNAMIC     Fa0/13
SW3#show mac address-table           Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1    0009.e8e2.fc13    DYNAMIC     Fa0/19
1    0019.aafe.f492    DYNAMIC     Fa0/16
100    0009.e8e2.fc13    DYNAMIC     Fa0/19
100    0014.a9f2.5071    DYNAMIC     Fa0/19
100    001a.e206.a4c8    DYNAMIC     Fa0/16
SW4#show mac address-table
Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1    000d.29cc.f513    DYNAMIC     Fa0/19
100    0014.a9f2.5071    DYNAMIC     Fa0/4
100    001a.e206.a4c8    DYNAMIC     Fa0/19

 

CDP Entries

R1#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R2               Fas 0/0            132         R S I     2811      Fas 0/1
R2#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R1               Fas 0/1            132         R S I     2811      Fas 0/0
SW1#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
SW2                 Fas 0/13              142            S I      WS-C3560-2Fas 0/13
SW2#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
SW1                 Fas 0/13               132           S I      WS-C3550-2Fas 0/19
SW3                 Fas 0/16               178           S I      WS-C3560-2Fas 0/16
SW3#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
SW4                 Fas 0/19              131            S I      WS-C3550-2Fas 0/19
SW2                 Fas 0/16              178            S I      WS-C3560-2Fas 0/16
SW4#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
SW3                 Fas 0/19              172            S I      WS-C3550-2Fas 0/19

Trunk Status

SW1#show int trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/13      1-4094
Port        Vlans allowed and active in management domain
Fa0/13      1,100
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/13      1,100
SW2#show int trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/16      on           802.1q         trunking      1
Fa0/13      on           802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/16      1-4094
Fa0/13      1-4094
Port        Vlans allowed and active in management domain
Fa0/16      1,100
Fa0/13      1,100
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/16      1,100
Fa0/13      1,100
SW3#show int trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/16      on           802.1q         trunking      1
Fa0/19      on           802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/16      1-4094
Fa0/19      1-4094
Port        Vlans allowed and active in management domain
Fa0/16      1,100
Fa0/19      1,100
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/16      1,100
Fa0/19      1,100
SW4#show int trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/19      on           802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/19      1-4094
Port        Vlans allowed and active in management domain
Fa0/19      1,100
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/19      1,100

As you can see, SW2 and SW3 has minimal configuration; On those switches we are only configuring the trunk for the vlan to pass but for the SW1/SW4 QinQ configuration are set which make all of these work.

On our verification; we notice that on the switches the router mac address are visible but not on the user configured vlan but on the ISP vlan which in effect make the ISP not to worry on conflicting VLAN assignment from there end.

We also verified that the user router only see the other router interface even thou it is connected directly the SW1/SW4 of the ISP network..

 


QinQ – 802.1q Tunneling
Tagged on:         

Leave a Reply

%d bloggers like this: