A QinQ VLAN tunnel enables a service provider (SP) to segregate the traffic of different customers in their infrastructure, while still giving the customer a full range of VLANs for their internal use by adding a second 802.1Q VLAN tag to an already tagged frame.
So let us assume for example that an SP exists which needs to offer L2 connectivity to two corporations, “X” and “Y”, that have campuses located in both “A”, “B”. All campuses run Ethernet LANs, and the customers intend to connect through the SP’s L2 VPN network so that their campuses are in the same LAN (L2 network). Hence, it would be desirable for “X”, “Y” to have a single LAN each in both “A”, “B” which could easily exceed the VLAN limit of 4096 of the 802.1Q specification.
QinQ Operation Modes
QinQ can be enabled on a port or according to predefined conditions.
C-VLAN is the VLAN tag assigned to the ingress traffic of a QinQ-enabled interface.
S-VLAN is the VLAN tag assigned to the egress traffic of a QinQ-enabled interface.
- ACL-mode: Adding and removing S-VLAN is determined by an ACL-dependent action
- Port-mode: All ingress traffic to a specific QinQ-enabled interface is tagged with an additional VLAN 802.1Q tag (also known as S-VLAN). The S-VLAN ID is equal to that interface’s PVID (access VLAN).
The S-VLAN tag is added regardless of whether the traffic is tagged or untagged. Traffic coming out from this port, has the S-VLAN stripped from it.
Configuring QinQ
Create the C-VLAN. Run:
switch (config) # vlan 200 switch (config vlan 200) # exit
Enter the configuration mode of an Ethernet, LAG, or MLAG interface. Run:
switch (config) # interface port-channel 100
Change the switchport mode of the interface to enable QinQ. Run:
switch (config interface port-channel 100) # switchport mode dot1q-tunnel
Change its port VLAN ID (PVID). This configures the S-VLAN. Run:
switch (config interface port-channel 100) # switchport access vlan 200
Verify the configuration. Run:
switch (config interface port-channel 100) # show interface port-channel 100 Po100 Admin state: Enabled Operational state: Up Description: N\A Mac address: 00:00:00:00:00:00 MTU: 1500 bytes(Maximum packet size 1522 bytes) lacp-individual mode: Disabled Flow-control: receive off send off Actual speed: 1 X 40 Gbps Width reduction mode: disabled Switchport mode: dot1q-tunnel QoS mode: uniform MAC learning mode: Enabled Last clearing of "show interface" counters : Never 60 seconds ingress rate: 0 bits/sec, 0 bytes/sec, 0 packets/sec 60 seconds egress rate: 0 bits/sec, 0 bytes/sec, 0 packets/sec Rx 0 packets 0 unicast packets 0 multicast packets 0 broadcast packets 0 bytes 0 error packets 0 discard packets Tx 0 packets 0 unicast packets 0 multicast packets 0 broadcast packets 0 bytes 0 discard packetsVerify the configuration. Run:
switch (config interface port-channel 100) # show interfaces switchport Interface Mode Access vlan Allowed vlans ------------------------------------------------------------------------- Eth1/1 access 1 Eth1/2 access 1 Eth1/3 access 1 Eth1/4 access 1 Eth1/5 access 1 Eth1/6 access 1 ... Eth1/27 access 1 Eth1/33 access 1 Eth1/34 access 1 Eth1/35 access 1 Eth1/36 access 1 Po400 dot1q-tunnel 200
QinQ Commands
switchport dot1q-tunnel qos-mode
switchport dot1q-tunnel qos-mode {pipe | uniform} Assigns QoS to the service provider’s traffic. | ||
Syntax Description | pipe | Gives the service provider’s traffic the same QoS as the customer’s traffic |
uniform | Gives the service provider’s traffic QoS 0 | |
Default | pipe | |
Configuration Mode | config interface ethernet | |
History | 3.4.3000 | |
Example | switch (config interface ethernet 1/1) # switchport dot1q-tunnel qos-mode uniform | |
Related Commands | show vlan | |
Notes | ||
