[c-nsp] Unable to transmit tagged frames over q-in-q tunnel

Gökhan Gümüş ggumus at gmail.com
Fri Oct 28 04:59:36 EDT 2011 

Dear all,

Thank you very much for your all comments.
I would like to give you some additional information.
I am using Juniper MX240 routers as a PE router.

Please see config details on the links between Customer Edge Switch and PE
routers below;


Customer Edge Switch A ------------------------------------------------- PE
router-A

A#sh run interface gi0/27
Building configuration...

Current configuration : 251 bytes
!
interface GigabitEthernet0/27
 description PE router-A
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,9,1101,1102,*1106*
 switchport mode trunk
 switchport nonegotiate
end


PE router-A> show configuration interfaces ge-2/2/2

description "Customer Edge Switch A";
flexible-vlan-tagging;
mtu 1998;
encapsulation flexible-ethernet-services;
gigether-options {
    no-auto-negotiation;
}

}
unit 1106 {
    encapsulation vlan-ccc;
    vlan-id 1106;
    family ccc;


----------------------------------------------------------------------------------------------------------

Customer Edge Switch B ------------------------------------------------- PE
router-B

Customer Edge Switch B#sh run interface gi5/13
Building configuration...

Current configuration : 298 bytes
!
interface GigabitEthernet5/13
 description PE router-B
 mtu 2000
 load-interval 30
 speed nonegotiate
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1101,1102,*1106*
 switchport mode trunk
 no cdp enable
end


PE router-B> show configuration interfaces ge-2/3/3

description "Customer Edge Switch B";
flexible-vlan-tagging;
mtu 1998;
encapsulation flexible-ethernet-services;
gigether-options {
    no-auto-negotiation;

unit 1106 {
    encapsulation vlan-ccc;
    vlan-id 1106;
    family ccc;



Your helps would be really appreciated.

Thanks and regards,
Gokhan Gumus





On Thu, Oct 27, 2011 at 9:14 PM, Ivan <cisco-nsp at itpro.co.nz> wrote:

> Hi,
>
> It would be useful to see your PE configuration and have details of the
> hardware and OS versions.
>
> I recently came across an issue like this when using ASR1001s as PEs. As
> far as I could tell the ASRs wouldn't match up a double tagged packet to an
> interface defined to match a single tag.  Eventually an IOS upgrade fixed
> this problem.  You can easily test by reconfiguring the PE interface to
> "encapsulation dot1Q xxx second‐dot1q any" then you may be able to pass the
> double tagged traffic but no longer the traffic in the native vlan (single
> SVID only).
>
> asr1000rp1‐advipservicesk9.03.**04.01.S.151‐3.S1.bin fixed the issue for
> me.  (I had trouble with asr1000rp1-advipservicesk9.03.**03.01.S.151‐2.S1.bin
> and asr1001‐universalk9.03.02.00.**S.151‐1.S.bin
>
> Ivan
>
>
> On 28/Oct/2011 5:28 a.m., Gökhan Gümüş wrote:
>
>> Dear folks,
>>
>> I have an issue with one of our customer service.
>>
>>                                 Gi0/5
>> Gi0/27
>> Gi5/13                                      Fa3/13
>> Customer SW ---------------- Customer Edge Switch-A ----------------PE1
>> ----------MPLS Core --------------PE 2--------------Customer Edge Switch-B
>> --------------Customer SW
>>
>> I am using q-in-q tunneling to enable customer traffic. Before, customer
>> port on Customer SW facing our edge switch was in ACCESS mode and it was
>> working.
>> Now they have decided to configure this interface as a TRUNK to transmit
>> multiple VLANs over the trunk. But they can not.
>> Currently ports are configured as trunk and customer can only transmit
>> traffic when they do not tag frames ( native-vlan config )
>>
>> For note, i am not using " vlan dot1q tag native " command which is also
>> double-tagging native vlans.
>> MTU is fine and above 1504 bytes.
>>
>> Please see our configs on Customer Edge Switch below;
>>
>>
>> *Customer Edge Switch A;*
>>
>> A#sh run interface Gigabit Ethernet0/5
>> Building configuration...
>>
>> Current configuration : 337 bytes
>> !
>> interface GigabitEthernet0/5
>>  switchport access vlan 1106
>>  switchport mode dot1q-tunnel
>>  switchport nonegotiate
>>  load-interval 60
>>  speed 100
>>  duplex full
>>  l2protocol-tunnel cdp
>>  l2protocol-tunnel stp
>>  l2protocol-tunnel vtp
>>  no cdp enable
>> end
>>
>> A#sh run interface GigabitEthernet0/27
>> Building configuration...
>>
>> Current configuration : 251 bytes
>> !
>> interface GigabitEthernet0/27
>>  switchport trunk encapsulation dot1q
>>  switchport trunk allowed vlan 1,9,1101,1102,1106
>>  switchport mode trunk
>>  switchport nonegotiate
>> end
>>
>> ------------------------------**------------------------------**
>> ---------------------
>>
>> *Customer Edge Switch B;*
>>
>> B#sh run interface fa3/13
>> Building configuration...
>>
>> Current configuration : 366 bytes
>> !
>> interface FastEthernet3/13
>>  mtu 2000
>>  load-interval 60
>>  switchport
>>  switchport access vlan 1106
>>  switchport mode dot1q-tunnel
>>  switchport nonegotiate
>>  l2protocol-tunnel cdp
>>  l2protocol-tunnel stp
>>  l2protocol-tunnel vtp
>>  no cdp enable
>>  spanning-tree bpdufilter enable
>> end
>>
>> B#sh run interface gi5/13
>> Building configuration...
>>
>> Current configuration : 298 bytes
>> !
>> interface GigabitEthernet5/13
>>  mtu 2000
>>  load-interval 30
>>  speed nonegotiate
>>  switchport
>>  switchport trunk encapsulation dot1q
>>  switchport trunk allowed vlan 1101,1102,1106
>>  switchport mode trunk
>>  no cdp enable
>> end
>>
>>
>> Is there anybody who had such issue before?
>>
>> Thanks and regards,
>> Gokhan Gumus
>> ______________________________**_________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
>> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>>
>

More information about the cisco-nsp mailing list