[c-nsp] Re: Two different VTP-domains that interconnect with dot1q = no go?

Terje Bless link at pobox.com
Tue Apr 19 08:22:54 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roger Wiklund <copse at xy.org> wrote:

>So a company is renting point-to-point capacity through our network. At
>first only untagged traffic […] But now they want to seperate VoIP from
>Internet-traffic so they have ordered another VLAN. [They also have] a
>VTP-domain. So I noticed a VTP-domain mismatch when I configured a
>dot1q-trunk. So the result is that the […] trunk is not working.
>
>Is there a way to overcome this problem with two different VTP domains
>that connects with a dot1q-trunk? Can´t I use VTP-transparent mode on
>port level?

VTP should probably be disabled alltogether at the port to avoid the two VTP
domains from interfering with each other. Ditto with CDP, Root Guard, BPDU
Guard, etc.


One likely reason this isn't working is that the frames in the native VLAN of
the trunk are being misdirected or dropped (depending on the setup). You might
try the “dot1q all-tagged” feature to make sure frames in the trunk's native
vlan get tagged as well.


But if this is truly a point-to-point transit through your switchcloud, you
probably want a QinQ tunnel and Layer 2 Protocol Tunneling. This lets you
transport their traffic through your net as normal traffic on a single VLAN,
and they get to consider the transit as just a dumb cable. e.g. they can run
VTP, CDP, etc. over it without affecting your network; and you get to use just
a single VLAN for everything they want to push over there.

Look on CCO for the “Configuration Guide” for the version of CatOS or IOS
you're running, and read the chapter on “Configuring IEEE 802.1Q Tunneling and
Layer 2 Protocol Tunneling”.

There are a few caveats (DTP, you need one VLAN and one physical port per
trunk you want to tunnel, etc.), but nothing too major. QinQ works on 6500 and
3750 series switches at least; I haven't checked what other platforms it's
supported on.


MPLS-based solutions may also be an option but on that I'm way out of my
league so someone else will have to outline that.


- -- 
Terje, you are a sick and twisted individual, and I
think I speak for all of us when I say, "Thank you!"

               -- John Gruber <gruber at barebones.com>

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.2.2

iQA/AwUBQmT4HqPyPrIkdfXsEQI2jwCfTFVUfUTLr9WyCPu3bViqsqMbsFAAoM71
txERZF1oCrI6e/SwhKD7VLiV
=B5fx
-----END PGP SIGNATURE-----



More information about the cisco-nsp mailing list