Configuring Q-in-Q on Cisco switches

Cisco switch Q-IN-Q configuration

Q-in-Q is a method for ISPs to create a Layer 2 VPN between two remote locations without using MPLS. There are only switches in the model.

Mode 1: Customer uses router

Packets from router KH1 to KH2 will be wrapped in ISP vlan, on client side you can use any vlan, So many customers using the same IP/VLAN will not be affectedjust encapsulate each customer in a different ISP vlan.

The router needs to configure subinterfaces

Integer e0/0

Do not shut down

Exit. Exit

Integer e0/0.50

Package dot1q 50

IP address 10.1.2.1 255.255.255.0

Do not shut down

Exit. Exit

sw ISP side configuration:

=> Customer Connection Portal:

Interface Ethernet 0/2

Switch port access VLAN 60

Switch port mode dot1q-tunnel

end

=> Port to connect to core:

VLAN 60

Interface Ethernet 0/0

Switch port trunking allows VLAN 60 ##vlan wrapper

Switch port trunk encapsulation dot1q

switch port mode trunking

Test again:

R1#ping 10.1.2.2

Enter an escape sequence to abort.

Send 5 100-byte ICMP Echos to 10.1.2.2 with a timeout of 2 seconds:

!!!!

100% success rate (5/5), round trip min/avg/max = 1/1/1 ms

When capturing packets from ISP, you will see two vlan tags 50 and 60:

To enable other protocols such as CDP, VTP… go to the port connected to the customer:

Interface Ethernet 0/2

l2 protocol tunnel ?

We also need to pay attention to the MTU:

When pinging 1496bytes data packet, it is still possible

R1#ping 10.1.2.2 size 1496

Enter an escape sequence to abort.

Send 5 1496 byte ICMP Echos to 10.1.2.2 with a timeout of 2 seconds:

!!!!

100% success rate (5/5), round trip min/avg/max = 1/1/3 ms

But larger packets will be dropped because the default MTU of the switch is 1500 bytes, adding 1 vlan tag will increase it by 4 bytes.

R1#ping 10.1.2.2 size 1497 df-bit (df-bit to prevent packet fragmentation)

Enter an escape sequence to abort.

Send 5 1497 byte ICMP Echos to 10.1.2.2 with a timeout of 2 seconds:

Success rate 0% (0/5) => fails because the packet size is now (1497+4=1501 bytes > MTU)

R1#

So we need to adjust the new MTU to 1504

Use the command on the switch System MTU 1504

Mode 2: Customer uses the switch

For the ISP part, we keep the configuration unchanged

The KH switch part only needs to declare trunk allowed vlan 50