Category:Cisco Systems -> Routing and Switching
Q-in-Q is a tunneling technology that allows to encapsulate 802.1q inside 802.1q. There’s a lot of description about this technology in the Internet so I won’t bother describing it again. I’ll just present here the actual configuration of how it traditionally looks like and how it is possible to tweak it so that instead of four switches we could use only two.
In the next diagram there is a traditional Q-in-Q approach as it is usually implemented by a service provider towards its clients. The configuration is done very simple:
Now as you can see there are 4 switches. Two switches are on the customer side and the other two are the SP edge switches that actually form the tunneling.
On the next diagram I’m going to show how to accomplish the same task using only two switches for Q-in-Q tunneling. It’s very important to know that only L3 switches allow Q-in-Q so we use Cisco Catalyst 3550. To form the necessary adjacencies we make a couple of physical loops using crossover cables simply because Auto-MDIX is not supported on 3550 switches.
And the real physical topology for the previous diagram is the following:
The configuration commands of Q-in-Q on both switches are the following:
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
!
interface FastEthernet0/12
switchport access vlan 739
switchport mode dot1q-tunnel
no cdp enable
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 739
switchport mode trunk
Right after turning Q-in-Q on you might see a warning message:
*Mar 1 00:01:29.823: %DOT1Q_TUNNELLING-4-MTU_WARNING:
System MTU of 1500 might be insufficient for 802.1Q tunneling.
802.1Q tunneling requires system MTU size of 1504 to handle maximum size ethernet frames.
So make necessary adjustments as the warning message says.
Now let’s go over to checking whether it works or not:
Switch#sh int fa0/12 switchport
Name: Fa0/12
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 739 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
And the host:
C:\Documents and Settings\sv>ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=1ms TTL=128
Reply from 10.10.10.1: bytes=32 time<1ms TTL=128
Ping statistics for 10.10.10.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milliseconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\sv>arp -a
Interface: 10.10.10.50 --- 0x4
Internet Address Physical Address Type
10.10.10.1 c8-60-00-19-3d-d7 dynamic
