Guest

Cisco IOS Software Releases 12.0 S

Stacked VLAN Processing

  • Viewing Options

  • PDF (358.8 KB)
  • Feedback
Stacked VLAN Processing

Table Of Contents

Stacked VLAN Processing

Contents

Prerequisites for Stacked VLAN Processing

Restrictions for Stacked VLAN Processing

Information About Stacked VLAN Processing

Stacked VLANs

Benefits of Using Stacked VLANs

Using Stacked VLANs: Example

Stacked VLAN Header Format in Ethernet Packets

Configuring Stacked VLAN Processing

Configuring a Gigabit Ethernet Subinterface for Stacked VLAN Processing

Configuration Examples for Stacked VLAN Processing

Configuring Stacked VLAN Processing on Ethernet Subinterfaces: Examples

Displaying Stacked VLAN Processing on an Ethernet Subinterface: Example

Displaying a Stacked VLAN Configuration: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

dot1q tunneling ethertype

encapsulation dot1q second-dot1q

show vlan dot1q gigabitethernet

show vlan dot1q second-dot1q

Glossary


Stacked VLAN Processing


The Stacked VLAN Processing feature supports the encapsulation of IEEE 802.1Q VLAN tags within a second layer of 802.1Q tag on provider edge (PE) routers to allow service providers to use a single VLAN to support customers who have multiple VLANs. The core service-provider network carries traffic with double-tagged, stacked VLAN (802.1Q-in-Q) headers of multiple customers while maintaining the VLAN and Layer 2 protocol configurations of each customer and without impacting the traffic of other customers. The Stacked VLAN Processing feature preserves VLAN IDs and keeps traffic in different customer VLANs segregated.

Feature History for Stacked VLAN Processing

Release
Modification

12.0(28)S

This feature was introduced on 4-Port Gigabit Ethernet ISE line cards on the Cisco 12000 Series Internet Router.

12.0(28)S2
12.0(30)S

The restrictions on the behavior of Layer 2 EoMPLS tunnels on Stacked VLAN interfaces have changed.

12.3(7)XI7

This feature was integrated into Cisco IOS Release 12.3(7)XI7 and implemented on the Cisco 10000 series router.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for Stacked VLAN Processing

Restrictions for Stacked VLAN Processing

Information About Stacked VLAN Processing

Configuring Stacked VLAN Processing

Configuration Examples for Stacked VLAN Processing

Additional References

Command Reference

Glossary

Prerequisites for Stacked VLAN Processing

The Cisco 12000 Series Ethernet subinterface on which stacked VLAN processing is enabled must be connected to an Ethernet device in provider edge (PE) customer location equipment (CLE) that supports stacked VLAN tag imposition and disposition or switching.


Note On Cisco 7500 Series Routers, stacked VLAN processing is known as "IEEE 802.1Q-in-Q VLAN tag termination."


As shown in Figure 1, the PE-CLE device in each service-provider access network performs the stacked VLAN tag imposition and disposition. The Stacked VLAN Processing feature allows a Cisco 12000 Series Internet Router used as a PE router to process customer traffic with stacked VLAN headers and transmit the traffic across the service-provider network.

Restrictions for Stacked VLAN Processing

A subinterface on a Cisco 12000 Series Ethernet line card configured for stacked VLAN processing does not support the configuration of a Gigabit EtherChannel link bundle. For information about the Link Bundling feature, refer to Link Bundling on Cisco 12000 Series Internet Routers.

A Cisco 12000 Series Ethernet subinterface configured for stacked VLAN processing supports the match vlan command only on the service-provider VLAN ID, the outer 802.1Q tag in stacked VLAN processing. The match vlan command configures a Quality of Service (QoS) policy on a group of VLAN subinterfaces. For more information, refer to Quality of Service on Aggregate VLAN Traffic.

The encapsulation dot1q second-dot1q any command is supported only on a subinterface configured for Layer 2 (EoMPLS) tunneling. If you use the encapsulation dot1q second-dot1q any command on a subinterface not configured for EoMPLS tunneling, all incoming packets are dropped without generating an error message.

Use the xconnect peer-ip-address vcid encapsulation mpls command to bind an 802.1Q VLAN attachment circuit to an Any Transport over MPLS (AToM) pseudowire for EoMPLS tunneling.

Ethernet over MPLS works by encapsulating Ethernet PDUs in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as a single packet. For information about how to configure and use EoMPLS tunneling on the Cisco 12000 Series Internet Router, refer to Any Transport over MPLS.

The VLAN ID rewrite feature on Ethernet subinterfaces allows you to use VLAN interfaces with different VLAN IDs at each end of an EoMPLS tunnel. However, the VLAN ID rewrite feature is not supported on stacked VLAN subinterfaces.

When you configure an EoMPLS tunnel on stacked VLAN subinterfaces, the SP-VLAN ID is removed from the frame at the ingress interface. The remote PE router will add (if required) the SP-VLAN ID configured on its egress subinterface before forwarding the frame. For more information about VLAN ID Rewrite, see the Configuring Ethernet over MPLS: VLAN ID Rewrite section in Any Transport over MPLS.

In a Layer 2 EoMPLS tunnel configuration, if you configure an Ethernet subinterface on one end of the virtual circuit for stacked VLAN processing, you must configure the customer VLAN ID (ce-vlan-id) on the subinterface of the remote peer device with the same CE-VLAN ID value as configured on the ingress subinterface. The SP-VLAN ID (sp-vlan-id) can be configured with any SP-VLAN ID value.

If the subinterface on the remote end of an EoMPLS tunnel is not configured with the same customer VLAN ID (ce-vlan-id), all incoming packets are dropped and no error messages are generated.

In a Layer 2 EoMPLS tunnel configuration, if you use the encapsulation dot1q second-dot1q any command to configure the subinterface on one end of the virtual circuit for stacked VLAN processing, you must also configure the remote peer device with the same command. If the subinterface on the remote end of an EoMPLS tunnel is not configured to perform stacked VLAN processing for all other customer VLANs not specified in a separate encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command on another subinterface, all incoming packets are dropped and no error messages are generated.

In a Layer 2 EoMPLS tunnel configuration, an Ethernet subinterface configured for stacked VLAN processing on an imposition PE router maps the 802.1P class-of-service (CoS) value in the SP-VLAN ID of customer packets to an MPLS experimental (EXP) value in the EoMPLS tunnel label. However, the disposition EoMPLS PE router does not re-map the EXP value to the 802.1P CoS value in a new SP-VLAN tag.

In order for an Ethernet subinterface configured for stacked VLAN processing on a disposition PE router to correctly re-map an MPLS EXP value to the 802.1P CoS value in an outgoing SP-VLAN ID, you must create a quality-of-service (QoS) policy and attach it to each egress Ethernet subinterface configured for stacked VLAN processing.

In the QOS policy, you must use the following commands:

match mpls experimental
Specifies the value of the EXP field to be matched in incoming EoMPLS packets.

set cos
Configures the Layer 2 CoS value in the 802.1P bit of outgoing VLAN packets.

For detailed information about how to configure a quality-of-service policy, refer to Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.3, and Cisco IOS Quality of Service Solutions Command Reference, Release 12.3.

Information About Stacked VLAN Processing

To configure the Stacked VLAN Processing feature, you should understand the following concepts:

Stacked VLANs

Benefits of Using Stacked VLANs

Using Stacked VLANs: Example

Stacked VLAN Header Format in Ethernet Packets

Stacked VLANs

Business customers of service providers often have specific requirements for VLAN IDs and the number of VLANs to be supported. The VLAN ranges required by different customers in the same service-provider network might overlap, and traffic of customers through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer configurations and could easily exceed the VLAN limit of 4096 of the 802.1Q specification.

With stacked VLANs, service providers can use a unique VLAN (called a service-provider VLAN ID, or SP-VLAN ID) to support customers who have multiple VLANs. Customer VLAN IDs (CE-VLAN IDs) are preserved and traffic from different customers is segregated within the service-provider infrastructure even when they appear to be on the same VLAN.

Stacked VLANs expand the VLAN space by using a VLAN-in-VLAN hierarchy. Another layer of 802.1Q tag (SP-VLAN ID) is added to the 802.1Q-tagged (CE-VLAN ID) packets that enter the service-provider network.

The expanded VLAN space allows a service provider to provide certain services, such as Internet access on specific VLANs for specific customers, while providing other types of services to other customers on other VLANs.

A double-tagged, stacked VLAN frame is terminated or tunneled on an Ethernet subinterface by using the encapsulation dot1q second-dot1q command that specifies the two VLAN ID tags: an outer SP-VLAN ID and an inner CE-VLAN ID.

Benefits of Using Stacked VLANs

The primary benefit for a service provider is a reduced number of VLANs supported for the same number of customers. Other benefits of this feature include:

Customers can safely assign their own VLAN IDs on subinterfaces because these subinterface CE-VLAN IDs are encapsulated within a unique service-provider SP-VLAN ID assigned to each customer.

In a service-provider network, VLAN IDs of one customer can overlap with the VLAN IDs of another customer because the PE-CLE device assigns a unique SP-VLAN ID to each customer and adds this tag to each customer packet transmitted across the network.

When deploying Metro Ethernet (ME) and EoMPLS services with stacked VLAN processing between an access network and a core service-provider network, you can use a User-Network Interface (UNI) with the entire EoMPLS/VLAN for a specific customer, or a network-to-network subinterface configured for stacked VLAN processing in which the outer SP-VLAN ID represents the customer and the inner CE-VLAN ID represents the virtual circuit (VC) ID.

The Stacked VLAN Processing feature is simpler than the 802.1Q tunneling feature implemented on Catalyst 6500 Series switches or the Catalyst 3550 and Catalyst 3750 switches. Whereas switches require 802.1Q tunnels on interfaces to carry double-tagged 802.1Q-in-Q traffic, routers need only encapsulate 802.1Q VLAN tags within another level of 802.1Q tags for the packets to arrive at the correct destination.

Enabling stacked VLAN support on a PE router allows a service provider to apply a service policy based on the class of service (CoS) bits in the service-provider 802.1Q tag (SP-VLAN ID) assigned to a customer. For more information about how to configure and use class-based QoS, refer to Enhanced Packet Marking.

Using Stacked VLANs: Example

Figure 1 shows an example of how to use stacked VLANs. Peer Ethernet subinterfaces on Cisco 12000 Series Internet Routers are configured for the stacked VLAN processing of two customers' VLANs. Each customer is assigned a unique service-provider VLAN: SP-VLAN 50 for Customer A and SP-VLAN 100 for Customer B. The Cisco 12000 Series Internet Routers are configured as provider edge (PE) routers in two points of presence (POPs) in the service-provider network.

Customer traffic is received from a Catalyst 3500 Multilayer Switch in each service-provider access network. The switch functions as a provider edge (PE) device in customer location equipment (CLE) that encapsulates both 802.1Q-tagged VLAN and untagged packets for transmission over the service-provider network.

The PE-CLE switch interface does not strip the received customer edge 802.1Q tag from the header, but instead adds another layer of 802.1Q tag known as the SP-VLAN tag: SP-VLAN 50 for Customer A and SP-VLAN 100 for Customer B in Figure 1. The SP-VLAN tag is unique to each customer.

The original 802.1Q tag is preserved in the encapsulated packet. As shown in Figure 1, VLAN IDs from one customer (Customer A VLAN 10) can overlap with the VLAN IDs of another customer (Customer B VLAN 10).

Figure 1 Stacked VLAN Processing on Cisco 12000 Series Internet Routers in a Service-Provider Network

You configure stacked VLAN processing on a per-subinterface basis. An IP interface in a service-provider network is defined by the uniqueness of two VLAN headers and the route underlying IP datagrams.

To keep traffic from different customers separate, you must configure traffic received from each customer on the PE-CLE device with a unique SP-VLAN tag that supports all of a customer's VLANs. For more information, refer to the "Configuring 802.1Q and Layer 2 Protocol Tunneling" chapter in the Catalyst 3550 Multilayer Switch Software Configuration Guide.

When a Cisco 12000 Series Internet Router configured for stacked VLAN processing in the PE-POP receives packets from a switch in the PE-CLE, packets in customer traffic may contain:

Double-tagged VLAN headers with both an inner customer edge 802.1Q (CE-VLAN) tag and an outer SP- VLAN ID (also known as stacked VLAN 802.1Q-in-Q headers)

Single-tagged VLAN headers, if a customer device sent an untagged packet to the PE-CLE switch.

When receiving double-tagged VLAN customer traffic, the ingress side of a Cisco 12000 Series Ethernet subinterface examines packets to see what action to apply to a packet and how many VLAN tags to remove from a packet header. Packets can be transmitted for Layer 2 tunneling or Layer 3 forwarding as follows:

In Layer 2 tunneling, packets are tunneled to the peer PE router with both CE-VLAN and SP-VLAN tags. This tunneling is also known as stacked VLAN tunneling.

In Layer 3 forwarding, both the CE-VLAN and SP-VLAN tags are removed from double-tagged VLAN headers. The Layer 3 data is forwarded to the peer PE router. Layer 3 forwarding is performed if the subinterface is not configured for Layer 2 tunneling.

When transmitting VLAN traffic, the egress side of a Cisco 12000 Series Ethernet subinterface adds one 802.1Q VLAN tag, two 802.1Q-in-Q VLAN tags, or no tag to an Ethernet packet header as follows:

If the subinterface is configured for 802.1Q tunneling, only one 802.1Q VLAN tag is added to a packet header.

If the subinterface is configured for stacked VLAN processing, two 802.1Q VLAN tags (an outer SP-VLAN ID and an inner CE-VLAN ID) are added.

If the subinterface is configured for Layer 2 EoMPLS tunneling, no VLAN tag is added because the ingress subinterface on the PE-POP router does not remove a VLAN tag from packet headers.

For information about how to configure an Ethernet subinterface for stacked VLAN processing, see Configuring Stacked VLAN Processing.

Stacked VLAN Header Format in Ethernet Packets

Figure 2 shows the double-tagged, stacked VLAN header used in Ethernet packets processed by the Stacked VLAN Processing feature on a Cisco 12000 Series Ethernet subinterface.

Figure 2 Stacked VLAN Header Format in Ethernet Packets


Note Only stacked VLAN frames with a maximum of two 802.1Q tags in the header are supported.


For example, in Figure 1, Customer A uses VLANs 10 and 20; Customer B also uses VLAN 10. Packets entering the PE-CLE switch with 802.1Q tags are double-tagged for stacked VLAN processing and forwarded to the PE-POP router in the service-provider core network. An outer SP-VLAN tag is applied: 50 for Customer A and 100 for Customer B. The original inner CE-VLAN tag (for example, 10 or 20) is preserved in the encapsulation.

Although both Customers A and B have VLAN 10 in their networks, the traffic remains segregated within the service-provider network because the outer SP-VLAN tag is different. With stacked VLAN tunneling, each customer controls its own VLAN numbering space, which is independent of the VLAN numbering space used by other customers and the VLAN numbering space used by the service-provider network.


Note In the double-tagged stacked VLAN frame format shown in Figure 1, the first (from the left) EtherType tag may have different values (for example, 0x8100 or 0x9100) depending on the PE-CLE device to which the Cisco 12000 Series Internet Router is connected. To configure the EtherType value to 0x9100 to allow a Cisco PE-POP router to interoperate with a non-Cisco PE-CLE device, use the dot1q tunneling ethertype command.


Configuring Stacked VLAN Processing

This section contains the following procedure:

Configuring a Gigabit Ethernet Subinterface for Stacked VLAN Processing (required)

Configuring a Gigabit Ethernet Subinterface for Stacked VLAN Processing

To configure and verify stacked VLAN processing on a Cisco 12000 Series Gigabit Ethernet subinterface, follow these steps:

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type slot/port.subinterface-number

4. encapsulation dot1q sp-vlan-id second-dot1q {ce-vlan-id | any}

5. Repeat Step 4 to configure stacked VLAN processing for another customer VLAN or all other customer VLANs not specified in an encapsulation dot1q second-dot1q command on another subinterface.

6. end

7. show vlan dot1q gigabitethernet slot/port.subinterface-number

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type slot/port.subinterface-number

Example:

Router(config)# interface gigabitethernet 1/0.2

Enters subinterface configuration mode to configure the Ethernet subinterface.

Step 4 

encapsulation dot1q sp-vlan-id second-dot1q {ce-vlan-id | any}

Example:

Router(config-subif)# encapsulation dot1q 10 second-dot1q 100

Enables stacked VLAN processing on incoming Ethernet packets, which have the specified SP-VLAN ID and CE-VLAN ID in their headers.

The range of valid CE-VLAN IDs is from 1 to 4095.

Use the any keyword to enable stacked VLAN processing on packets with customer VLAN IDs not specified in a separate encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command on another subinterface.


Note When you use the encapsulation dot1q sp-vlan-id second-dot1q any command, if EoMPLS is not configured on the subinterface, all Ethernet packets from customer VLAN IDs specified by any are dropped. See Step 5 for an example of how to configure EoMPLS.


Step 5 

Configure additional software features on the Ethernet subinterface.

Example:
Router(config-subif)# xconnect 1.2.1.2 100 
encapsulation mpls

(Optional) Configures other software features (for example, EoMPLS or Layer 2 protocol tunneling) to be applied to incoming Ethernet packets with the CE-VLAN ID and SP-VLAN ID configured in Step 4.

The example shows how to configure EoMPLS on an Ethernet subinterface.

Step 6 

ip address ip-address ip-address-mask

Example:

Router(config-subif)# ip address 192.000.000.001 255.255.255.252


(Optional) Configures an IP address on the subinterface.

Step 7 

end

Example:

Router(config-subif)# end


Exits subinterface configuration mode and returns to privileged EXEC mode.

Step 8 

show dot1q gigabitethernet slot/port.subinterface-number

Example:

Router# show dot1q 10 gigabitethernet 1/0.2

(Optional) Displays information about all stacked VLAN 802.1Q-in-Q configurations on a specified Gigabit Ethernet subinterface.

Configuration Examples for Stacked VLAN Processing

This section provides the following configuration examples:

Configuring Stacked VLAN Processing on Ethernet Subinterfaces: Examples

Displaying Stacked VLAN Processing on an Ethernet Subinterface: Example

Displaying a Stacked VLAN Configuration: Example

Configuring Stacked VLAN Processing on Ethernet Subinterfaces: Examples

The following example shows how to configure 802.1Q-in-Q encapsulation for stacked VLAN processing on a Gigabit Ethernet subinterface configured for Layer 2 EoMPLS tunneling:

Router> enable
Router# configure terminal
Router(config)# interface gigabitethernet3/0.1
Router(config-subif)# encapsulation dot1q 50 second-dot1q 10
Router(config-subif)# xconnect 4.4.4.4 100 encapsulation mpls

The next example shows how to configure stacked VLAN processing on a Gigabit Ethernet subinterface that is not configured for Layer 2 tunneling and forwards Layer 3 data to a peer device without stacked VLAN headers:

Router(config)# interface gigabitethernet3/0.2
Router(config-subif)# encapsulation dot1q 50 second-dot1q 20
Router(config-subif)# ip address 5.5.5.5 255.255.255.0

The following example shows how to configure stacked VLAN processing for all customer VLANs not already configured for stacked VLAN processing on other subinterfaces:

Router(config)# interface gigabitethernet3/0.3
Router(config-subif)# encapsulation dot1q 50 second-dot1q any
Router(config-subif)# xconnect 4.4.4.4 200 encapsulation mpls

The next example shows how to configure stacked VLAN processing and Layer 2 tunneling on another Gigabit Ethernet interface for a different customer, using a different service-provider VLAN ID:

Router(config)# interface gigabitethernet3/0.4
Router(config-subif)# encapsulation dot1q 100 second-dot1q 10
Router(config-subif)# xconnect 4.4.4.4 100 encapsulation mpls

Displaying Stacked VLAN Processing on an Ethernet Subinterface: Example

The following example shows how to display summary information about stacked VLAN processing created on a Gigabit Ethernet subinterface, including counters for the number of packets transmitted through 802.1Q (IP) and 802.1Q-in-Q (MPLS) tunneling across the MPLS service-provider network:

Router# show vlan dot1q gigabitethernet 3/0.1

GigabitEthernet3/0.1 (10/5)
   1000 packets, 1500 bytes input
   1000 packets, 1500 bytes output

Displaying a Stacked VLAN Configuration: Example

The following example shows how to display statistics for a specified stacked VLAN (802.1Q-in-Q) configuration:

Router# show vlan dot1q 50 second-dot1q 10

Total statistics for Outer/Inner VLAN 50/10:
   0 packets, 0 bytes input
   0 packets, 0 bytes output

Additional References

The following sections provide references related to the Stacked VLAN Processing feature:

Related Documents

Related Topic
Document Title

Interface commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS Switching Services Configuration Guide, Release 12.3
Cisco IOS Switching Services Command Reference, Release 12.3

Description of software functionality and commands supported on the 4-Port Gigabit Ethernet ISE line card

4-Port Gigabit Ethernet ISE Line Card for Cisco 12000 Series Internet Router

Description of VLANs based on 802.1Q and 802.1Q-in-Q

Cisco Metro Ethernet Access Services

VLAN routing

Routing Between Virtual LANs Overview

Procedure for configuring VLANs for routing using 802.1Q VLAN encapsulation

"Configuring 802.1Q VLAN Encapsulation" section in Configuring Virtual LAN Encapsulation

Procedure for configuring 802.1Q tunnels on a PE-CLE switch and description of single-tagged and double-tagged 802.1Q Ethernet packet formats

"Configuring 802.1Q and Layer 2 Protocol Tunneling" chapter in the Catalyst 3500 Multilayer Switch Software Configuration Guide

Procedure for configuring 802.1Q double-tagged VLANs on Cisco 7500 Series Ethernet subinterfaces

IEEE 802.1Q-in-Q VLAN Tag Termination

Procedure for configuring EoMPLS and VLAN ID Rewrite on an Ethernet subinterface

Any Transport over MPLS

Description of how to configure and use the Layer 2 Protocol Tunneling feature

Layer 2 Protocol Tunneling and PDU Filtering


Standards

Standards
Title

IEEE 802.1Q


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

This section only documents new and modified commands.

dot1q tunneling ethertype

encapsulation dot1q second-dot1q

show vlan dot1q gigabitethernet

show vlan dot1q second-dot1q

dot1q tunneling ethertype

To allow an Ethernet subinterface on a PE-POP Cisco 12000 Series Internet Router to connect to a non-Cisco PE-CLE switch that supports an EtherType value that is different from the default Cisco EtherType value (0x8100), use the dot1q tunneling ethertype command in interface configuration mode. Use the no form of this command to reset the supported EtherType value to the default 0x8100 value used on Cisco networking devices.

dot1q tunneling ethertype value

no dot1q tunneling ethertype value

Syntax Description

value

EtherType value in the SP-VLAN tag supported by the PE-CLE device that performs stacked VLAN encapsulation and to which the Cisco 12000 Series Ethernet subinterface is connected. The valid values are 0x8100 and 0x9100.


Defaults

The default EtherType field supported by an Ethernet subinterface is 0x8100.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(28)S

This command was introduced on Cisco 12000 Series 4-Port Gigabit Ethernet ISE line cards.

12.3(7)XI7

This command was integrated into Cisco IOS Release 12.3(7)XI7 and implemented on the Cisco 10000 series router.


Usage Guidelines

The EtherType value supported on Cisco routers and switches is 0x8100. The networking devices of some other vendors support EtherType 0x9100.

Use the dot1q tunneling ethertype command to configure support for EtherType 0x9100 on the Cisco 12000 Series Ethernet interface connected to a non-Cisco PE-CLE device that performs stacked VLAN encapsulation with EtherType 0x9100 at the edge of a service-provider network (see Figure 1).

The dot1q tunneling ethertype command is applied only to the main Ethernet interface (rather than subinterface) connected to a PE-CLE switch. After you enter the dot1q tunneling ethertype command, all entries in the Address Resolution Protocol (ARP) table of the interface are deleted.

After you use this command, only stacked VLAN packets with the specified EtherType value in the SP-VLAN tag of the packet header are received on Cisco 12000 Series Ethernet subinterfaces under the main interface.

The new EtherType value is used in the SP-VLAN tag of all stacked VLAN packets sent from all Ethernet subinterfaces (under the main interface) to the PE-CLE switch, except if EoMPLS is configured on the main interface or a subinterface. If EoMPLS is configured, all traffic received on an EoMPLS interface (or subinterface) is sent to the PE-CLE switch as it was received from the peer PE router, without the new EtherType value. For more information about Layer 2 EoMPLS, refer to Any Transport over MPLS.

Examples

The following example shows how to configure an EtherType field of 0x9100 for connection with non-Cisco PE-CLE devices that support stacked VLAN processing:

Router# interface gigabitethernet3/0
Router(config-if)# dot1q tunneling ethertype 0x9100
Router(config-if)# exit
Router# interface gigabitethernet3/0.1
Router(config-subif)# encapsulation dot1q 50 second-dot1q 10
Router(config-subif)# xconnect 1.2.1.2 100 encapsulation mpls

Related Commands

Command
Description

encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id

Enables stacked VLAN processing on an Ethernet subinterface.

show vlan dot1q sp-vlan-id second-dot1q ce-vlan-id

Displays information about a specific 802.1Q-in-Q configuration for stacked VLAN processing.


encapsulation dot1q second-dot1q

To enable stacked VLAN (802.1Q-in-Q) processing of customer VLAN traffic on an Ethernet subinterface, use the encapsulation dot1q second-dot1q command in subinterface configuration mode.

encapsulation dot1q sp-vlan-id second-dot1q {ce-vlan-id | any}

no encapsulation dot1q sp-vlan-id second-dot1q {ce-vlan-id | any}

Syntax Description

sp-vlan-id

Virtual LAN identifier of the unique service-provider VLAN used in 802.1Q-in-Q encapsulation of Ethernet traffic from the VLANs of a customer. The valid values are from 1 to 4095.

ce-vlan-id

Virtual LAN identifier of a customer VLAN encapsulated with the service-provider VLAN ID specified by sp-vlan-id in stacked VLAN (802.1Q-in-Q) processing. The valid values are from 1 to 4095. This argument is the inner VLAN tag in 802.1Q-in-Q headers (see Figure 2).

any

Configures stacked VLAN processing for all customer VLAN IDs encapsulated with the specified service-provider VLAN ID that are not specified in a separate encapsulation dot1q second-dot1q command on another subinterface.


Defaults

This command has no default settings.

Command Modes

Subinterface configuration

Command History

Release
Modification

12.0(28)S

This command was introduced on Cisco 12000 Series 4-Port Gigabit Ethernet ISE line cards.

12.3(7)XI7

This command was integrated into Cisco IOS Release 12.3(7)XI7 and implemented on the Cisco 10000 series router.


Usage Guidelines

The encapsulation dot1q second-dot1q command allows an Ethernet subinterface to support stacked VLAN processing of double-tagged 802.1Q-in-Q Ethernet packets received from customers.

Use the encapsulation dot1q second-dot1q command to enable stacked VLAN processing on a pair of Ethernet subinterfaces on PE routers located in the point of presence (POP) of a service-provider network. The PE-POP routers must be connected to a PE device in the customer location equipment (CLE) that supports 802.1Q-in-Q encapsulation, such as the Catalyst 3500 Multilayer Switch, for stacked VLAN processing to occur.

To enable stacked VLAN tunneling in a service-provider network, you must enter the encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command once for each customer VLAN ID tag encapsulated in the service-provider VLAN (SP-VLAN) tag assigned to a customer. While in subinterface configuration mode, you can configure other software features (for example, EoMPLS or Layer 2 Protocol tunneling) to be applied to incoming Ethernet packets with the CE-VLAN ID and SP-VLAN ID in the encapsulation dot1q second-dot1q command.

To configure stacked VLAN processing for all customer VLANs not specified in a separate encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command on another subinterface, use the encapsulation dot1q sp-vlan-id second-dot1q any command.


Note When you use the encapsulation dot1q sp-vlan-id second-dot1q any command, if EoMPLS is not configured on the subinterface, all Ethernet packets from customer VLAN IDs specified by any are dropped.


For information about the restrictions for using stacked VLAN processing with EoMPLS and VLAN ID Rewrite, see "Restrictions for Stacked VLAN Processing" section.

Examples

The following example shows how to configure stacked VLAN processing on a Gigabit Ethernet subinterface configured for EoMPLS:

Router# interface gigabitethernet3/0.1
Router(config-subif)# encapsulation dot1q 50 second-dot1q 10
Router(config-subif)# ip address 1.1.1.1 255.255.255.0
Router(config-subif)# xconnect 3.2.1.2 10 encapsulation mpls

The next example shows how to configure stacked VLAN processing on another Gigabit Ethernet subinterface for all customer VLANs not already configured for stacked VLAN processing on other subinterfaces under the main interface 3/0:

Router# interface gigabitethernet3/0.2
Router(config-subif)# encapsulation dot1q 50 second-dot1q any

Related Commands

Command
Description

dot1q tunneling ethertype

Configures the type of EtherType field used by the peer PE router in stacked VLAN processing.

show vlan dot1q gigabitethernet slot/port.subinterface-number

Displays information about all stacked VLAN (802.1Q-in-Q) configurations on a Gigabit Ethernet subinterface.

show vlan dot1q sp-vlan-id second-dot1q ce-vlan-id

Displays information about a specific stacked VLAN configuration.


show vlan dot1q gigabitethernet

To display statistics about stacked VLAN processing configured on a Gigabit Ethernet subinterface, use the show vlan dot1q gigabitethernet command in privileged EXEC mode.

show vlan dot1q gigabitethernet slot/port.subinterface-number

Syntax Description

slot/port.subinterface-number

Slot, port, and subinterface numbers of an Ethernet subinterface.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(28)S

This command was introduced on Cisco 12000 Series 4-Port Gigabit Ethernet ISE line cards.

12.3(7)XI7

This command was integrated into Cisco IOS Release 12.3(7)XI7 and implemented on the Cisco 10000 series router.


Usage Guidelines

Use the show vlan dot1q gigabitethernet command to display the status of all stacked VLAN processing configured on a specified Gigabit Ethernet subinterface.

To display information about a specific stacked VLAN configuration, use the encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command.

Examples

The following example shows how to display information about all 802.1Q-in-Q configurations for stacked VLAN processing on a Gigabit Ethernet subinterface:

Router# show vlan dot1q gigabitethernet 3/0.1

GigabitEthernet3/0.1 (50/10)
   0 packets, 0 bytes input
   0 packets, 0 bytes output
GigabitEthernet3/0.1 (100/20)
   0 packets, 0 bytes input
   0 packets, 0 bytes output

Table 1 describes the significant fields shown in the display.

Table 1 show vlan dpt1q gigabitethernet Field Descriptions 

Field
Description

Packets, bytes input

Number of packets and bytes received through the subinterface.

Packets, bytes output

Number of packets and bytes transmitted through the subinterface.


Related Commands

Command
Description

encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id

Enables stacked VLAN processing on an Ethernet subinterface.

show vlan dot1q sp-vlan-id second-dot1q ce-vlan-id

Displays information about a specific stacked VLAN configuration.


show vlan dot1q second-dot1q

To display statistics about stacked VLAN processing for a specific 802.1Q-in-Q configuration, use the show vlan dot1q sp-vlan-id second-dot1q ce-vlan-id command in privileged EXEC mode.

show vlan dot1q sp-vlan-id second-dot1q ce-vlan-id

Syntax Description

sp-vlan-id

Virtual LAN identifier of the service-provider VLAN used in stacked VLAN (802.1Q-in-Q) processing on an Ethernet subinterface. The valid values are from 1 to 4095.

ce-vlan-id

Virtual LAN identifier of a customer VLAN used in stacked VLAN (802.1Q-in-Q) processing on an Ethernet subinterface and encapsulated with the service-provider VLAN specified by sp-vlan-id. The valid values are from 1 to 4095.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(28)S

This command was introduced on Cisco 12000 Series 4-Port Gigabit Ethernet ISE line cards.

12.3(7)XI7

This command was integrated into Cisco IOS Release 12.3(7)XI7 and implemented on the Cisco 10000 series router.


Usage Guidelines

Use the encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id command to display information about stacked VLAN processing for a specific 802.1Q-in-Q configuration.

To display the status of all 802.1Q-in-Q configurations for stacked VLAN processing created on a specified Gigabit Ethernet subinterface, use the show vlan dot1q gigabitethernet command.

Examples

The following example shows how to display statistics about the stacked VLAN processing performed for an 802.1Q-in-Q configuration: SP-VLAN 100 (outer VLAN tag) and CE-VLAN 10 (inner VLAN tag):

Router# show vlan dot1q 100 second-dot1q 10

Total statistics for Outer/Inner VLAN 100/10:
   0 packets, 0 bytes input
   0 packets, 0 bytes output

Table 2 describes the significant fields shown in the display.

Table 2 show vlan dot1q second-dot1q Field Descriptions 

Field
Description

Packets, bytes input

Number of packets and bytes received in the stacked VLAN configuration.

Packets, bytes output

Number of packets and bytes transmitted in the stacked VLAN configuration.


Related Commands

Command
Description

encapsulation dot1q sp-vlan-id second-dot1q ce-vlan-id

Enables stacked VLAN processing on an Ethernet subinterface.

show vlan dot1q gigabitethernet slot/port.subinterface-number

Displays information about all stacked VLAN (802.1Q-in-Q) configurations on a Gigabit Ethernet subinterface.


Glossary

802.1Q—IEEE 802.1Q protocol used to interconnect multiple switches and routers, and for defining VLAN topologies.

802.1Q-in-Q—Support for double-tagged VLAN Ethernet packets in which an 802.1Q tag from a customer VLAN (called a CE-VLAN ID) is encapsulated in a second 802.1Q tag from a service-provider network (called an SP-VLAN ID).

ARP—Address resolution protocol. ARP is a protocol for mapping IP address to physical addresses in the local network.

CE router—Customer edge router. A router that is part of a customer network and that interfaces to a provider edge (PE) router.

CE-VLAN—Customer edge VLAN.

encapsulation—Wrapping of data in a particular protocol header. For example, Ethernet data is wrapped in a specific Ethernet header before network transit. See also tunneling.

EoMPLS—Ethernet over Multiprotocol Label Switching (MPLS). A tunneling mechanism that allows a service provider to tunnel customer Layer 2 traffic though a Layer 3 MPLS network. EoMPLS is a point-to-point solution only. EoMPLS is also known Layer 2 tunneling.

ISE—IP Services Engine. ISE line cards for Cisco 12000 Series Internet Routers provide enhanced Layer 3 capabilities for high-speed customer aggregation, backbone connectivity, and peering solutions. These line cards are available in both concatenated and channelized versions.

Layer 2 Tunnel Protocol (L2TP)—An Internet Engineering Task Force (IETF) standards track protocol defined in RFC 2661 that provides tunneling of PPP. Based upon the best features of L2F and PPTP, L2TP provides an industry-wide interoperable method of implementing VPDN.

Layer 3 Switching—An Internet Engineering Task Force (IETF) standards track protocol defined in RFC 2661 that provides tunneling of PPP. Based upon the best features of L2F and PPTP, L2TP provides an industry-wide interoperable method of implementing VPDN.

MIB—Management Information Base. Database of network management information that is used and maintained by a network management protocol such as SNMP. The value of a MIB object can be changed or retrieved using SNMP commands, usually through a network management system (NMS). MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.

MPLS—Multiprotocol Label Switching. MPLS forwards IP traffic using a label. This label instructs the routers and switches in the network where to forward the packets based on pre-established IP routing information.

packet—Logical grouping of information that includes a header containing control information and (usually) user data. Packets most often are used to refer to network layer units of data.

PE router—Provider edge router. A router that is part of a service provider's network and is connected to a customer edge (CE) router.

POP—Point of presence. In an Operations Support System (OSS), a physical location where an interexchange carrier installed equipment to interconnect with a local exchange carrier (LEC).

SP-VLAN—Service-provider VLAN.

tunneling—Architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. See also encapsulation.

VLAN—Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

VPN— Virtual Private Network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses tunnels to encrypt all information at the IP level.


Note Refer to Internetworking Terms and Acronyms for terms not included in this glossary.