asked on
802.1Q Tunneling (Q-in-Q)
Q&Q Tunnelling
I am trying to setup Dot1q tunnelling between an “A” end and “B” end over a Vodafone NTE
Both A and B ends are Cisco catalysts 3750s
Here is the configuration for the A end side.
interface FastEthernet0/24
description trunk to Vodafone NTE
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 400,2000-2003
switchport mode trunk
switchport no negotiate
interface Vlan2000
description Customer 1
ip address 123.123.123.0 255.255.255.254
interface Vlan2001
description Customer 2
ip address 123.123.123.6 255.255.255.254
interface Vlan2002
description Customer 3
ip address 123.123.123.4 255.255.255.254
interface Vlan2003
description Customer 4
ip address 123.123.123.2 255.255.255.254
So everything is currently trunked to the Vodafone NTE
Here is the configuration for the B end side
interface GigabitEthernet1/0/1
description Customer 1
ip address 123.123.123.1 255.255.255.254
interface GigabitEthernet1/0/2
description Customer 2
ip address 123.123.123.7 255.255.255.254
interface GigabitEthernet1/0/3
description Customer 3
ip address 123.123.123.5 255.255.255.254
interface GigabitEthernet1/0/4
description Customer 4
ip address 123.123.123.3 255.255.255.254
LAB Vodafone NTE
interface FastEthernet0/1
description Customer 1
switchport access vlan 2000
switchport mode access
interface FastEthernet0/2
description Customer 2
switchport access vlan 2001
switchport mode access
interface FastEthernet0/3
description Customer 3
switchport access vlan 2002
switchport mode access
interface FastEthernet0/4
description Customer 4
switchport access vlan 2003
switchport mode access
So at the moment I have 3 switches the A end is trunked to the Vodafone NTE
The B end is connected to the NTE with 4 access ports one per customer.
I basically want to have a layer 2 tunnel over the NTE. I have found configurations but none which match this setup.
I know the following needs to be applied
switchport mode dot1q-tunnel
vlan dot1q tag native
But not sure how this sits with my setup.
Any assistance would be greatly appreciated.
I am trying to setup Dot1q tunnelling between an “A” end and “B” end over a Vodafone NTE
Both A and B ends are Cisco catalysts 3750s
Here is the configuration for the A end side.
interface FastEthernet0/24
description trunk to Vodafone NTE
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 400,2000-2003
switchport mode trunk
switchport no negotiate
interface Vlan2000
description Customer 1
ip address 123.123.123.0 255.255.255.254
interface Vlan2001
description Customer 2
ip address 123.123.123.6 255.255.255.254
interface Vlan2002
description Customer 3
ip address 123.123.123.4 255.255.255.254
interface Vlan2003
description Customer 4
ip address 123.123.123.2 255.255.255.254
So everything is currently trunked to the Vodafone NTE
Here is the configuration for the B end side
interface GigabitEthernet1/0/1
description Customer 1
ip address 123.123.123.1 255.255.255.254
interface GigabitEthernet1/0/2
description Customer 2
ip address 123.123.123.7 255.255.255.254
interface GigabitEthernet1/0/3
description Customer 3
ip address 123.123.123.5 255.255.255.254
interface GigabitEthernet1/0/4
description Customer 4
ip address 123.123.123.3 255.255.255.254
LAB Vodafone NTE
interface FastEthernet0/1
description Customer 1
switchport access vlan 2000
switchport mode access
interface FastEthernet0/2
description Customer 2
switchport access vlan 2001
switchport mode access
interface FastEthernet0/3
description Customer 3
switchport access vlan 2002
switchport mode access
interface FastEthernet0/4
description Customer 4
switchport access vlan 2003
switchport mode access
So at the moment I have 3 switches the A end is trunked to the Vodafone NTE
The B end is connected to the NTE with 4 access ports one per customer.
I basically want to have a layer 2 tunnel over the NTE. I have found configurations but none which match this setup.
I know the following needs to be applied
switchport mode dot1q-tunnel
vlan dot1q tag native
But not sure how this sits with my setup.
Any assistance would be greatly appreciated.
Network OperationsSwitches / HubsNetwork Architecture
Last Comment
Daniel Sheppard
I'd avoid use of subnet zero (255.255.255.254 mask) until you have your vlan trunking resolved.
ASKER
Hi Daniel,
Thanks for the prompt responce.
I can confirm A end is the hub site where we termintate all our customers connectivity. In most cases customers have a vlan at the A end and are RAW at the B end. In this case we have one customer who requires connectivity to private services on vlan 200 so I need to provide 2 vlans 1 for public internet and one for private connectivity. The carrier does not support dot1q trunking so i need to implement q in q for this one customer.
I hope this clarifys the configuration requirement.
Thanks for the prompt responce.
I can confirm A end is the hub site where we termintate all our customers connectivity. In most cases customers have a vlan at the A end and are RAW at the B end. In this case we have one customer who requires connectivity to private services on vlan 200 so I need to provide 2 vlans 1 for public internet and one for private connectivity. The carrier does not support dot1q trunking so i need to implement q in q for this one customer.
I hope this clarifys the configuration requirement.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Are VPNs or GRE tunnels not an option?
A VPN would be an option, however you would need to segregate every customer to a specific VPN otherwise you would have all routes available to all customers.
Since it is Cisco, I would recommend using VRF for the segregation
Since it is Cisco, I would recommend using VRF for the segregation
The reason I didn't mention VPNs was he did not ask about VPNs. He specifically asked about Q-in-Q
On your "lab" switch, you would set your dot1q-tunnel on all customer access ports.
On the customer switch, you would trunk any ports going to Vodafone.
I am assuming you are a third party and are trying to enable a vpls like service? Basically, Vodaphone itself has to provide the Q-in-Q tunnel in *most* circumstances. Unless I am completely misreading what you are trying to do here.
Just to confirm:
- "A" is at site 1
- "B" is at site 2
- "NTE" is at the "Service Provider" (Lab)
- You want to trunk VLANs from site 1 to site 2 over NTE
If that is correct, you would want:
"A"
(1) Trunk to Vodaphone with all VLAN's tagged
(4) Access Ports for your customers
"B"
(1) Trunk to Vodaphone with all VLAN's tagged
(4) Access Ports for your customers
"LAB" (Vodaphone)
(2) Dot1Q Tunnels with "switchport access vlan <your SP assigned VLAN>"
If you want to deploy this in real-life, you will unfortunately not be able to. Vodaphone would have to initiate the dot1q-tunnel on their end as they take the VLAN's tags, preserve them, and add their own tag in front.