Configuring 802.1 Tunneling Q-in-Q

qConfiguring 802.1 Tunneling Q-in-Q

I have the topology above. I  configured  Q-in-Q, however I cannot ping from R1 to R2 as it is supposed to.

R1#sh run  
Building configuration...

Current configuration : 1756 bytes
!
! Last configuration change at 15:08:00 CET Mon Mar 12 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!         
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!         
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.12
 encapsulation dot1Q 12
 ip address 192.168.12.1 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!         
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login    
 transport input none
!
!
end

R1#

Open in new window


R2#sh run 
Building configuration...

Current configuration : 1756 bytes
!
! Last configuration change at 15:09:35 CET Mon Mar 12 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.12
 encapsulation dot1Q 12
 ip address 192.168.12.2 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

R2#

Open in new window


SW1#sh run
Building configuration...

Current configuration : 1625 bytes
!
! Last configuration change at 15:34:04 CET Mon Mar 12 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1
!
ip cef
!
no ipv6 cef
!         
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
! 
!
!
!
!
!
interface Ethernet0/0
 switchport access vlan 123
 switchport mode dot1q-tunnel
 duplex auto
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex auto
!         
interface Ethernet0/2
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 no fair-queue
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
 shutdown
!
!
ip forward-protocol nd
no ip http server
!
!
!         
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
end

SW1# 

Open in new window



SW2#sh run
Building configuration...

Current configuration : 1625 bytes
!
! Last configuration change at 16:07:32 CET Mon Mar 12 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1
!
ip cef
!
no ipv6 cef
!         
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
! 
!
!
!
!
!
interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 123
 switchport mode dot1q-tunnel
 duplex auto
!         
interface Ethernet0/2
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 no fair-queue
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
 shutdown
!
!
ip forward-protocol nd
no ip http server
!
!
!         
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
end

SW2#

Open in new window



SW3#show running-config 
Building configuration...

Current configuration : 1669 bytes
!
! Last configuration change at 15:44:58 CET Mon Mar 12 2018
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1
!
ip cef
!
no ipv6 cef
!         
!         
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
! 
!
!
!
!
!
interface Ethernet0/0
 switchport access vlan 123
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 123
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex auto
!
interface Ethernet0/2
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
 shutdown
!
!
ip forward-protocol nd
no ip http server
!
!
!         
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
end

SW3#

Open in new window

jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
1. You are sending tagged packets from routers to access ports on switches - packets will be dropped a soon as they reach switch.
2. VLAN numbers don't match - routers are sending on VLAN 12 access ports on Switch are assigned to VLAN 123.
Router 1
interface Ethernet0/0.12
 encapsulation dot1Q 12
 ip address 192.168.12.1 255.255.255.0

Switch1
interface Ethernet0/0
 switchport access vlan 123
 switchport mode dot1q-tunnel
 duplex auto

QinQ requires that mtu size should be adjusted since packets will be baby jumbos (packet size 1504, but in some virtualization it is not configurable).

I would go with configuration below.
vlan dot1q tag native - command is used to avoid overlapping in native VLAN from ISP and Customer (it can lead to unpredictable results).
Other way would be to configure dot1q on routers as you did, but than you need to configure trunk on switch port where routers are connected. If you want multiple VLANs and there is a native VLAN present on customers ports there is a need to configure vlan dot1q tag native command and trunk to customer's device should be configured..

R1
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 no shut

Open in new window

R2
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 no shut

Open in new window

Switch1
system mtu 1504
!
vlan 500
 name ISPnativeVLAN
exit
!
vlan dot1q tag native
!
interface Ethernet0/0
 switchport mode access
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport mode trunk

Open in new window

Switch 3
system mtu 1504
!
vlan 500
 name ISPnativeVLAN
exit
!
vlan dot1q tag native
!
interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport mode trunk
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport mode trunk

Open in new window

Switch3
system mtu 1504
!
vlan 500
 name ISPnativeVLAN
exit
!
vlan dot1q tag native
!
interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport mode trunk
!
interface Ethernet0/1
 switchport mode access

Open in new window


After finishing configuration it may take time for spanning tree to reconverge, than ping should start to work)
0
jskfanAuthor Commented:
I was following this link for configuration.
It using VLAN 12 on Customers side (R1,R2), and VLAN 123 on Service Provider Network.
So the VLAN 12 is kind of tunneled through VLAN 123

per the Link, R1 and R2 can ping each other, but in my LAB I cannot.
0
jskfanAuthor Commented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

JustInCaseCommented:
Try to change MTU size to be higher than 1504 (you can configure bigger size). Frames are baby jumbo frames and with default packet size of 1500 access port will drop traffic..
0
jskfanAuthor Commented:
Mmm...
for some reason system mtu command is not recognized by this version of IOS 15.0
0
jskfanAuthor Commented:
Version 12.4 also does not support System MTU command
0
jskfanAuthor Commented:
which version of IOS have you used to find "System MTU" command ?
0
JustInCaseCommented:
One detail: I don't see that you created VLAN 123 on Switch 3. Other two switches will create vlan when access port is assigned to VLAN 123.
SW3
vlan 123
0
jskfanAuthor Commented:
even after I added it ..I still cannot ping between R1 and R2. I wonder which version of IOS support the command : System MTU

SW3#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/2, Et0/3, Et1/0, Et1/1
                                                Et1/2, Et1/3
123  VLAN0123                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
123  enet  100123     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SW3#

Open in new window

0
JustInCaseCommented:
My configuration above is not too useful, it will do exactly the same as general switching since untagged packets are entering interface, but it is the only simulation that can be done, since it looks like UNL does not support QinQ with Cisco images, but is working with Arista. But it looks like it is all that can be configured in UNL with Cisco images.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thanks Predrag,

I will try to Lab it sometime in real Switch
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.