[c-nsp] QinQ on 3550 not working?
Simon Lockhart
simon at slimey.org
Thu Jan 20 06:13:17 EST 2011
All,
I've got a requirement for one of our customers to run two seperate networks
over the same ethernet based WAN. The WAN is provided by the carrier as single
VLAN per site, dot1q tagged at each end (both the customer site and our central
PoP). The customer sites are all live currently with a single network to each
site, and have either a 3560 or a 3550 running ipservices software images as
the layer 3 device for the site.
It would appear that QinQ is a good solution to this problem, and I've got it
working in the lab where the edge router is a 3560, but if I put the same
config onto a 3550, then it doesn't work - and I'm stumped as to why.
ASCII Network diagram:
+-------------------+
| Customer Site |
| switch (3560) |
+-------------------+
Fa0/24 |
| <------ dot1q trunk allowing only Vlan 310
Carrier WAN
|
Fa0/1 |
+-------------------+
| Central PoP |
| Aggregation Switch|
+-------------------+
Fa0/24 | | Fa0/2
| |
| +-------------------+
| | Central PoP |
| | Network 2 Router |
| +-------------------+
|
+-------------------+
| Central PoP |
| Network 1 Router |
+-------------------+
------------------------------------------------------------
Customer site switch config (relevant bits):
ip vrf network2
!
vlan 310
name CarrierUplink
!
vlan 500
name Network2Uplink
!
interface GigabitEthernet0/1
description Network 2 QinQ port (looped to Gig0/2)
switchport access vlan 310
switchport mode dot1q-tunnel
!
interface GigabitEthernet0/2
description Network 2 Uplink (looped to Gig0/1)
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 500
switchport mode trunk
!
interface GigabitEthernet0/24
description Carrier Uplink
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 310
switchport mode trunk
!
interface Vlan310
description Network1 P2P
ip address 172.30.1.2 255.255.255.252
!
interface Vlan500
description Network2 P2P
ip vrf forwarding network2
ip address 172.40.1.2 255.255.255.252
!
------------------------------------------------------------
Central PoP Aggregation Switch config:
vlan 310
name cust.site
!
interface FastEthernet0/1
description link to Carrier
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
description link to Network2 Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/48
description link to Network1 Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
------------------------------------------------------------
Central PoP Network1 Router config:
vlan 310
name cust.site
!
interface GigabitEthernet0/1
description link to Aggregation Switch
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan310
description cust.site
ip address 172.30.1.1 255.255.255.252
------------------------------------------------------------
Central PoP Network2 Router config:
interface FastEthernet0/0
description link to Aggregation Switch
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.500
encapsulation dot1Q 310 second-dot1q 500
ip address 172.40.1.1 255.255.255.252
ip ospf mtu-ignore
------------------------------------------------------------
When the Customer site switch is a 3560, I can "ping 172.30.1.1" and
"ping vrf network2 172.40.1.1" without problem.
When the Customer site switch is a 3550, I can "ping 172.30.1.1" fine, but
trying to "ping vrf network2 172.40.1.1" results in no replies.
On the 3550, the MAC address-table gets populated fine, occasionally I see
an ARP entry for 172.40.1.1, but can't ping.
Any suggestions on what's going wrong?
Is there a better way to acheieve what I'm trying to do?
Many thanks,
Simon
More information about the cisco-nsp
mailing list