20 November 2009

Dot1q Tunneling on IOS Switch




Vlans 1-3 are encapsulated into VLAN 10 between Switch A to Switch C.



Switch A config:

interface g0/1
description Trunk of VLAN 1, 2, 3
switchport access vlan 10
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel vtp
spanning-tree bpdufilter enable

interface g0/2
description Access Port for VLAN 10
switch mode access
switch access vlan 10


Switch B config:

interface g0/1
description Access Port for VLAN 10
switch mode access
switch access vlan 10

interface g0/2
description Trunk with VLAN 10 inside
switch mode trunk


Switch C config:

inter g0/1
description Trunk of VLAN 1, 2, 3
switchport access vlan 10
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel vtp
spanning-tree bpdufilter enable

interface g0/2
description Trunk with VLAN 10 inside
switch mode trunk

Command Reference:






Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Enter interface configuration mode and the interface to be configured as a tunnel port. This should be the edge port in the service-provider network that connects to the customer switch. Valid interfaces include physical interfaces and port-channel logical interfaces (port channels 1 to 64).
Step 3
switchport access vlan vlan-id
Specify the default VLAN, which is used if the interface stops trunking. This is VLAN ID specific to the particular customer.
Step 4
switchport mode dot1q-tunnel
Set the interface as an 802.1Q tunnel port.
Step 5
exit
Return to global configuration mode.
Step 6
vlan dot1q tag native
(Optional) Set the switch to enable tagging of native VLAN packets on all 802.1Q trunk ports. When not set, if a customer VLAN ID is the same as the native VLAN, the trunk port does not apply a metro tag, and packets might be sent to the wrong destination.
Step 7
end
Return to privileged EXEC mode.
Step 8
show dot1q-tunnel
Display the tunnel ports on the switch
Step 9
show vlan dot1q tag native
Display 802.1Q native VLAN tagging status.
Step 10
copy running-config startup-config
(Optional) Save your entries in the configuration file.



Verifications:

sh dot1q tunneling
sh l2protocol-tunneling

Additional References:

2 comments:

  1. I don't think this would work. Dot1q needs to be enabled on SP edge port. How will packets be double tagged. They're not double tagged on egressing the dot1q tunnel

    ReplyDelete
  2. Depending on the switch you're using, dot1q will be enabled by default. The double tagging occurs when the packets enter Switch B (from Switch A).

    Before egressing Gi0/2 of Switch B, the packets only contain VLAN tags from the CE trunk (VLAN 1,2,3).

    ReplyDelete