Guest

Support

IEEE 802.1Q Tunneling (QinQ) and L2PT on L2 Ports

  • Viewing Options

  • PDF (266.5 KB)
  • Feedback
IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 Ports

Table Of Contents

IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 Ports

Finding Feature Information

Contents

Prerequisites for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Restrictions for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Information About IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Benefits of IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

How to Implement IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Configuring IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Prerequisites

Restrictions

Configuration Examples for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Example: EoMPLS static Pseudowires under SVI (VLAN) Interface

Example: EoMPLS

Where to Go Next

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Glossary


IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 Ports


Revised: November 11, 2011, OL-20468-01
First Published: November 11, 2011
Last Updated: November 11, 2011

This feature provides Layer 2 Tunneling support for QnQ and Layer 2 Protocol Tunneling (L2PT) on Integrated Services Router Generation 2 (ISR G2). User interface will be aligned to the service provider module or switch to support QnQ and L2PT on ISR G2 Layer 2 Port. This enables service providers to run Layer 2 Ethernet services and provide transparent LAN services over a metropolitan Ethernet infrastructure to customers.

To achieve this, the following features are implemented:

L2PT on Layer 2 ports

Switch port mode dot1q-tunnel QnQ on Layer 2 Ethernet port

Customizable L2PT tunneling MAC address

Port-based PW on Layer 2 ports

EoMPLS PW over GRE with Static Label

EoMPLS xconnect on SVI


Note This IOS release runs on a variety of switches and modules. For a complete list, see the release notes for this feature.


Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Information About IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports" section.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Restrictions for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Information About IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

How to Implement IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Configuration Examples for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Where to Go Next

Additional References

Feature Information for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports


Note In this documentation, the term platform refers to a switching platform within a router and not a physical router.


Prerequisites for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Customers are connected across a service-provider network that are connected to various Layer 2 protocols. To make changes to the existing deployments, Cisco L2PT MAC address must be configurable and must be set it as the default MAC address.

Ensure that you have the appropriate Cisco routers and switches. This feature supports the following hardware:

(Required) Integrated Series Router Generation 2 (ISR G2) platforms with EHWIC-4/8ESG

Cisco 8xx ISR G2

Cisco 19xx ISR G2

Cisco 29xx ISR G2

Cisco 39xx ISR G2

This feature supports Release 15.2(2)T and later releases.

Restrictions for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Configuration through SNMP/MIB is not supported.

This guide does not provide all the procedures for configuring your switch. For detailed configuration procedures, see Switch Virtual Interface for Cisco Integrated Services Routers. Also, for more information about IEEE 802.1Q and L2PT configuration, see Catalyst 3550 Multilayer Switch Software Configuration Guide.

Information About IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Benefits of IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Benefits of IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Simpler Architecture and Lower Operational Cost

Today, Layer 2 Ethernet services are offered as a specific service based on pure Ethernet access. End-to-end Ethernet services have simpler architechture with lower operational cost.

Scalability

The objectives of these enhancements are to enable the service providers to extend Layer 2 Ethernet services over any access technology and provide transparent LAN services over a metropolitan Ethernet infrastructure to customers.

Because QnQ uses a double-tagged frame technique, it doubles the theoretical frame size limit of the IEEE 802.1Q, which is sufficient to accomodate network growth for several years.

Efficiency

These enhancements will also enable service providers to run both IP and non-IP traffic under the same Customer Premises Equipment (CPE).

How to Implement IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Configuring IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Prerequisites

Restrictions

Configuring IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Service providers offer different specifications for VLAN IDs and the number of VLANs to be supported for each business customers. To provide these services, QnQ and L2PT must be implemented on ISR G2 Layer 2 port. These features are already implemeneted on multiple Cisco products but the code base and user interface may vary.

QnQ is an amendment to IEEE standard IEEE 802.1Q. It used to only allow a single VLAN header to be inserted into an Ethernet frame but now it can allow multiple VLAN headers.

To configure QnQ and Layer 2 Protocol Tunneling, perform the following steps:

SUMMARY STEPS

DETAILED STEPS

For more information about QnQ, see the "Understanding IEEE 802.1Q Tunneling" section in Catalyst 3550 Multilayer Switch Software Configuration Guide.

Customers at different sites connected across a service-provider network need to use various Layer 2 protocols to scale their topologies to include all remote sites, as well as local sites. Configuring Layer 2 Protocol Tunneling (L2PT) destination MAC address to default to Cisco L2PT MAC is the solution.

For more information about L2PT, see the "Understanding Layer 2 Protocol Tunneling" section in Catalyst 3550 Multilayer Switch Software Configuration Guide.

Prerequisites

When configuring IEEE 802.1Q tunneling on an edge switch, you must use IEEE 802.1Q trunk ports for sending packets into the service-provider network.

Because the IEEE 802.1Q tunneling feature increases the frame size by 4 bytes when the metro tag is added, you must configure all switches in the service-provider network to be able to process larger frames by increasing the switch system MTU size to at least 1504 bytes.

Spanning Tree Protocol (STP) must run properly, and every VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network.

Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites.

VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.


Note The maximum allowable system Maximum Transmission Unit (MTU) for Catalyst 3550 Gigabit Ethernet switches is 2000 bytes and the maximum system MTU for Fast Ethernet switches is 1546 bytes.


Restrictions

When IEEE 802.1Q trunks are used in the core switches, the native VLANs of the IEEE 802.1Q trunks must not match any native VLAN of the nontrunking (tunneling) port on the same switch because traffic on the native VLAN would not be tagged on the IEEE 802.1Q sending trunk port.

A tunnel port cannot be a routed port.

IP routing is not supported on a VLAN that includes IEEE 802.1Q ports. Packets received from a tunnel port are forwarded based only on Layer 2 information. If routing is enabled on a switch virtual interface (SVI) that includes tunnel ports, untagged IP packets received from the tunnel port are recognized and routed by the switch. Customers can access the internet through its native VLAN.

If this access is not needed, you should not configure SVIs on VLANs that include tunnel ports.

Fallback bridging is not supported on tunnel ports. Because all IEEE 802.1Q-tagged packets received from a tunnel port are treated as non-IP packets, if fallback bridging is enabled on VLANs that have tunnel ports configured, IP packets would be improperly bridged across VLANs. Therefore, you must not enable fallback bridging on VLANs with tunnel ports.

Tunnel ports do not support IP access control lists (ACLs).

EtherChannel port groups are compatible with tunnel ports as long as the IEEE 802.1Q configuration is consistent within an EtherChannel port group.

Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) are not supported.

Dot1q tunnel port local switching is not supported.

Dynamic Trunking Protocol (DTP) is not compatible with IEEE 802.1Q tunneling because you must manually configure asymmetric links with tunnel ports and trunk ports.

Loopback detection is supported on IEEE 802.1Q tunnel ports.

When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) is automatically disabled on the interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface interface-id

4. switchport mode access
or
switchport mode dot1q-tunnel

5. l2protocol-tunnel [cdp | stp | vtp]

6. end

7. show l2protocol

8. copy running-config startup-config (Optional)

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface interface-id

Example:

Router(config)# interface FastEthernet3

Enters interface configuration mode, and enter the interface to be configured as a tunnel port. This should be the edge port in the service-provider network that connects to the customer switch. Valid interfaces can be physical interfaces and port-channel logical interfaces (port channels 1 to 64).

Step 4 

switchport mode access

or

switchport mode dot1q-tunnel

Example:

Router(config-if)# switchport mode access

Configures the interface as an access port or as an IEEE 802.1Q tunnel port.

Step 5 

l2protocol-tunnel [cdp | stp | vtp]

Example:

Router(config-if)# l2protocol-tunnel cdp

Enables protocol tunneling for the desired protocol. If no keyword is entered, tunneling is enabled for all three Layer 2 protocols.

Step 6 

end

Example:

Router(config-if)# end

Returns to privileged EXEC mode.

Step 7 

show l2protocol

Example:

Router# show l2protocol

Displays the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters.

Step 8 

copy running-config startup-config

Example:

Router# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configuration Examples for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Example: EoMPLS static Pseudowires under SVI (VLAN) Interface

The following example shows the relevant configuration for EoMPLS under SVI for a single PE:

mpls label range 2000 16000 static 16 1999
mpls label protocol ldp
!
pseudowire-class test
 encapsulation mpls
 protocol none
!
interface Loopback1
 description *** Loopback Interface ***
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet3
 description * PW Attachment Circuit *
 switchport access vlan 100
 switchport mode dot1q-tunnel
!
interface Vlan100
 description **L2VPN Customer**
 no ip address
 xconnect 1.1.1.2 100 encapsulation mpls manual pw-class test
  mpls label 100 150
!
mpls ldp router-id Loopback1
!
end

Example: EoMPLS

The following example shows how to configure EoMPLS over GRE:

Sample Topology

Figure 1

EoMPLS Over GRE Topology

CE1 Configuration

CE1# show running-config interface gigabitEthernet 0/1
Building configuration...
 
Current configuration : 123 bytes
!
interface GigabitEthernet0/1
 ip address 30.1.1.1 255.255.255.0
 duplex auto
 speed auto
end
CE1#
 
   

PE1 Configuration

Current configuration : 4000 bytes
!
! Last configuration change at 14:59:33 PDT Wed Aug 10 2011
! NVRAM config last updated at 15:00:18 PDT Wed Aug 10 2011
! NVRAM config last updated at 15:00:18 PDT Wed Aug 10 2011
version 15.2
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname uu1-890
!
boot-start-marker
boot system flash:c890-universalk9-mz-rd8
boot system flash:c890-universalk9-mz.152-1.3.T
boot-end-marker
!
no logging console
!
no aaa new-model
!
memory-size iomem 10
clock timezone PDT -7 0
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
mpls label range 2000 16000 static 16 1999
mpls label protocol ldp
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FHK1302218W
license accept end user agreement
!
!
archive
 log config
  hidekeys
!
pseudowire-class test
 encapsulation mpls
 protocol none
!
interface Loopback1
 description *** Loopback Interface ***
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel1
 description *** Tunnel Interface to PE2 ***
 ip unnumbered Loopback1
 load-interval 30
 mpls ip
 tunnel source GigabitEthernet0
 tunnel destination 22.0.0.2
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 description * PW Attachment Circuit, connected to CE1 *
 switchport access vlan 100
 switchport mode dot1q-tunnel
 no ip address
 load-interval 30
 l2protocol-tunnel cdp
 l2protocol-tunnel lldp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 l2protocol-tunnel point-to-point udld
 no cdp enable
!
interface FastEthernet4
 no ip address
!
interface FastEthernet5
 no ip address
!
interface FastEthernet6
 no ip address
!
interface FastEthernet7
 no ip address
!
interface FastEthernet8
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0
ip address 21.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 no ip address
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface Vlan1
 ip address no ip address
!
interface Vlan100
 description **L2VPN Customer**
 no ip address
 load-interval 30
 xconnect 1.1.1.2 100 encapsulation mpls manual pw-class test
  mpls label 100 150
!
interface Async1
 no ip address
 encapsulation slip
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 21.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 1.1.1.2 255.255.255.255 Tunnel1
!
mpls ldp router-id Loopback1
!
control-plane
!
line con 0
 exec-timeout 0 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler max-task-time 5000
!
end
uu1-890#
 
   

IP Core Configuration

interface GigabitEthernet0/0
 ip address 22.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 21.0.0.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
router ospf 1
 network 21.0.0.0 0.0.0.255 area 0
 network 22.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end
ipcore#
 
   

PE2 Configuration

uu2-2951# show running-config 
 
   
Building configuration...
Current configuration : 3534 bytes
!
! Last configuration change at 14:49:05 PDT Wed Aug 10 2011
! NVRAM config last updated at 14:49:22 PDT Wed Aug 10 2011
! NVRAM config last updated at 14:49:22 PDT Wed Aug 10 2011
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname uu2-2951
!
boot-start-marker
boot system flash0:c2951-universalk9-mz.SSA-rd8
boot-end-marker
!
no logging console
!
no aaa new-model
!
clock timezone PDT -7 0
!         
crypto pki token default removal timeout 0
!
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
ip inspect WAAS flush-timeout 10
ip cef
!
multilink bundle-name authenticated
!
mpls label range 2000 16000 static 16 1999
mpls label protocol ldp
!
voice-card 0
!
license udi pid CISCO2951/K9 sn FHK1441F0WW
license boot module c2951 technology-package securityk9
license boot module c2951 technology-package uck9
license boot module c2951 technology-package datak9
!
redundancy
!
pseudowire-class test
 encapsulation mpls
 protocol none
!
interface Loopback1
 description ***loopback interface***
 ip address 1.1.1.2 255.255.255.255
!
interface Tunnel1
description ***Tunnel Int to PE1***
 bandwidth 10
 ip unnumbered Loopback1
 load-interval 30
 mpls ip
 tunnel source GigabitEthernet0/0
 tunnel destination 21.0.0.1
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description *** BB interface ***
 ip address 22.0.0.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0/2
 ip address no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1/0
 no ip address
!
interface GigabitEthernet0/1/1
 no ip address
!
interface GigabitEthernet0/1/2
 no ip address
!
interface GigabitEthernet0/1/3
 description * PW Attachment Circuit, connected to CE1 
 switchport access vlan 100
 no ip address
 l2protocol-tunnel cdp
 l2protocol-tunnel lldp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 l2protocol-tunnel point-to-point udld
 no cdp enable
!
interface Vlan1
 no ip address
!
interface Vlan100
 description **L2VPN Customer**
 no ip address
 load-interval 30
 mpls label protocol ldp
 xconnect 1.1.1.1 100 encapsulation mpls manual pw-class test
  mpls label 150 100
!
router ospf 1
 network 1.1.1.2 0.0.0.0 area 0
 network 22.0.0.0 0.0.0.255 area 0
!         
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 Tunnel1
!
mpls ldp router-id Loopback1
control-plane
!
gatekeeper
 shutdown
!
line con 0
 exec-timeout 0 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end
 
   

CE2 Configuration

CE2# show running-config interface gigabitEthernet 0/1
 
   
Building configuration...
 
Current configuration : 150 bytes
!
interface GigabitEthernet0/1
 ip address 30.1.1.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
end

Where to Go Next

For more information about Cisco G.SHDSL Ethernet first mile, see Configuring Cisco G.SHDSL EFM HWICs in Cisco Routers.

Additional References

Related Documents


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
Title

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html


Feature Information for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.


Table 1 Feature Information for IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

Feature Name
Releases
Feature Information

IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 ports

15.2(2)T

This feature enables service providers to run Layer 2 Ethernet services and provide transparent LAN services over a metropolitan Ethernet infrastructure to customers.


Glossary

ACLs—access control lists

CDP—Cisco Discovery Protocol

DTP—Dynamic Trunking Protocol

L2PT—Layer 2 Protocol Tunneling

PAgP—Port Aggregation Protocol

VTP—VLAN Trunking Protocol