[c-nsp] Restricting VLANs on 802.1q Tunnel Port
Allan Eising
allan.eising at gmail.com
Thu Oct 30 08:36:34 EDT 2008
You cannot control what vlans are allowed on a QinQ interface as the
dot1q-tunnel port does not see those vlans. It only pushes a vlan tag
on the outside of the ethernet frame, with no regard to the already
existing vlan tags. It can be considered an access port that does not
override the existing vlan tags.
You would have to do that filtering on the trunk port on the other
side of the QinQ tunnel.
Regards
Allan
On Thu, Oct 30, 2008 at 10:47 AM, FAHAD ALI KHAN
<fahad.alikhan at gmail.com> wrote:
> Guys
>
> Consider a scenario, if im using 802.1q tunnel service to carry customer
> VLANs and want to allow only 10, 11 & 12 VLANs from CE (by restricting it on
> UPE port). Is this possible on ME3400 with Merto Access IOS?
>
> While there is a command available (that we usually used on trunk port) i.e.
>
>
> interface FastEthernet0/5
> switchport access vlan 264
> switchport mode dot1q-tunnel
> * switchport trunk allowed vlan 10-12*
>
> But this doesnt work.
>
> Is there any workarround available?
>
> Regards
>
> Fahad
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list