[c-nsp] QinQ on 3550 not working?

Tóth András diosbejgli at gmail.com
Fri Jan 21 17:51:26 EST 2011


Hi Simon,

Did you enable the extended routing SDM template on the 3550 switch?
Note that while on the 3560 it's only called routing, the 3550 has an
extended routing version, which has to be enabled for VRF to work.

Best regards,
Andras


On Thu, Jan 20, 2011 at 12:13 PM, Simon Lockhart <simon at slimey.org> wrote:
> All,
>
> I've got a requirement for one of our customers to run two seperate networks
> over the same ethernet based WAN. The WAN is provided by the carrier as single
> VLAN per site, dot1q tagged at each end (both the customer site and our central
> PoP). The customer sites are all live currently with a single network to each
> site, and have either a 3560 or a 3550 running ipservices software images as
> the layer 3 device for the site.
>
> It would appear that QinQ is a good solution to this problem, and I've got it
> working in the lab where the edge router is a 3560, but if I put the same
> config onto a 3550, then it doesn't work - and I'm stumped as to why.
>
> ASCII Network diagram:
>
>             +-------------------+
>             | Customer Site     |
>             |  switch (3560)    |
>             +-------------------+
>                Fa0/24 |
>                       |  <------ dot1q trunk allowing only Vlan 310
>                  Carrier WAN
>                       |
>                Fa0/1  |
>             +-------------------+
>             | Central PoP       |
>             | Aggregation Switch|
>             +-------------------+
>          Fa0/24 |            | Fa0/2
>                 |            |
>                 |         +-------------------+
>                 |         | Central PoP       |
>                 |         | Network 2 Router  |
>                 |         +-------------------+
>                 |
>             +-------------------+
>             | Central PoP       |
>             | Network 1 Router  |
>             +-------------------+
>
>
> ------------------------------------------------------------
> Customer site switch config (relevant bits):
>
> ip vrf network2
> !
> vlan 310
>  name CarrierUplink
> !
> vlan 500
>  name Network2Uplink
> !
> interface GigabitEthernet0/1
>  description Network 2 QinQ port (looped to Gig0/2)
>  switchport access vlan 310
>  switchport mode dot1q-tunnel
> !
> interface GigabitEthernet0/2
>  description Network 2 Uplink (looped to Gig0/1)
>  switchport trunk encapsulation dot1q
>  switchport trunk allowed vlan 500
>  switchport mode trunk
> !
> interface GigabitEthernet0/24
>  description Carrier Uplink
>  switchport trunk encapsulation dot1q
>  switchport trunk allowed vlan 310
>  switchport mode trunk
> !
> interface Vlan310
>  description Network1 P2P
>  ip address 172.30.1.2 255.255.255.252
> !
> interface Vlan500
>  description Network2 P2P
>  ip vrf forwarding network2
>  ip address 172.40.1.2 255.255.255.252
> !
>
> ------------------------------------------------------------
> Central PoP Aggregation Switch config:
>
> vlan 310
>  name cust.site
> !
> interface FastEthernet0/1
>  description link to Carrier
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
> !
> interface FastEthernet0/2
>  description link to Network2 Router
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
> !
> interface FastEthernet0/48
>  description link to Network1 Router
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
> !
>
> ------------------------------------------------------------
> Central PoP Network1 Router config:
>
> vlan 310
>  name cust.site
> !
> interface GigabitEthernet0/1
>  description link to Aggregation Switch
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
> !
> interface Vlan310
>  description cust.site
>  ip address 172.30.1.1 255.255.255.252
>
> ------------------------------------------------------------
> Central PoP Network2 Router config:
>
> interface FastEthernet0/0
>  description link to Aggregation Switch
>  no ip address
>  duplex auto
>  speed auto
> !
> interface FastEthernet0/0.500
>  encapsulation dot1Q 310 second-dot1q 500
>  ip address 172.40.1.1 255.255.255.252
>  ip ospf mtu-ignore
>
> ------------------------------------------------------------
>
> When the Customer site switch is a 3560, I can "ping 172.30.1.1" and
> "ping vrf network2 172.40.1.1" without problem.
>
> When the Customer site switch is a 3550, I can "ping 172.30.1.1" fine, but
> trying to "ping vrf network2 172.40.1.1" results in no replies.
>
> On the 3550, the MAC address-table gets populated fine, occasionally I see
> an ARP entry for 172.40.1.1, but can't ping.
>
> Any suggestions on what's going wrong?
>
> Is there a better way to acheieve what I'm trying to do?
>
> Many thanks,
>
> Simon
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list