First things first Sean... Remember that trunking, access ports and
QinQ are done on switches not routers.
As far as your issue, let's say you had a set up like this:
CE1<-> (((PE1--CLOUD--PE2--))) <-> CE1B
Changing up your naming convention a bit, R1 will be referred to as
CE-1A, R2 will be referred to as PE-1, R3 will be referred to PE-2 and
R4 will be referred to as CE-1B
The Provider switches will be the devices to append the additional
metro tag to your customers traffic. Here is a basic sample
configuration:
CE-1A#Sh run | b 0/0
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
PE-1#sh run int g1/0/1
Building configuration...
Current configuration : 134 bytes
!
system mtu 1504
!
interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
vlan 100
exit
PE-1#sh vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
Gi1/0/6, Gi1/0/7, Gi1/0/8
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28
100 VLAN0100 active Gi1/0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
PE-2#sh run int g1/0/4
Building configuration...
Current configuration : 134 bytes
!
system mtu 1504
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
vlan 100
exit
PE-2#sh vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
Gi1/0/6, Gi1/0/7, Gi1/0/8
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28
100 VLAN0100 active Gi1/0/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CE-1B#sh run | b 0/0
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.10.4 255.255.255.0
Testing connectivity:
CE-1A#ping 10.10.10.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Verifying that l2tunneling is work:
CE-1A#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
CE-1B Fas 0/0 153 R S I 2811 Fas 0/0
I hope this helps.
Edwin
On 1/30/13, marc edwards <renorider_at_gmail.com> wrote:
> Routers???
>
> On Mon, Jan 28, 2013 at 8:13 AM, Sean Miller <smiller_at_intergence.com>
> wrote:
>> I have four routers connected in a row R1-R2-R3-R4.
>> R1 and R4 are "customer routers" configured with VLAN 10 (10.10.10.1 &
>> .4)
>> R2 and R3 are "Provider routers" configured with metro VLAN 100
>> (100.100.100.2 & .3)
>> The goal is to QinQ between R1 and R4 without either router having access
>> to vlan 100.
>>
>> With the interfaces on R1 and R4 configured as dot1q trunks this works
>> fine with the current config. I'm also L2-tunneling CDP so R1 views R4 as
>> a direct neighbor. R1 can ping R4 but not R2 or R3 - so far so good.
>>
>> However, if R1 and R4 (dodgy customer for instance) decides to reconfigure
>> R1 and R4's interfaces to access - R1 can still ping R4, but leakage
>> between VLAN 10 and 100 occurs so R1 can also ping R2 and R3...
>>
>> I have "vlan dot1q tag native" configured on R2 and R3.
>>
>> Is there a work around so access ports are also tagged with a dot1q
>> header?
>>
>> Many thanks
>> Intergence is a limited company registered in England and Wales.
>> Registered number: 04667187. Registered office: 3 Riverside, Granta Park,
>> Cambridge, CB21 6AD.
>>
>> The content of this message and any attached file are confidential and/or
>> privileged and are intended for the recipient only. If you are not the
>> intended recipient, any unauthorised review, use, re-transmission,
>> dissemination, copying, disclosure or other use of, or taking of any
>> action in reliance of this information is strictly prohibited. If you
>> receive this message in error please contact the sender immediately and
>> then delete this email from your system. Copyright in this email and
>> attachments created by us belongs to Intergence Ltd. Any attachment with
>> this message should be checked for viruses before it is opened. Intergence
>> Ltd cannot be held responsible for any failure by the recipient to test
>> for viruses before opening any attachments. Should you communicate with
>> anyone at Intergence Ltd by email you consent to us monitoring and reading
>> any such correspondence.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- "Nothing in the world can take the place of persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education alone will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent." Blogs and organic groups at http://www.ccie.netReceived on Wed Jan 30 2013 - 16:15:58 ART
This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:18 ART