[c-nsp] bridging to second-dot1 vlan

[Tony]

Hi all,

I have a situation where I would like to configure bridging on a 7609 from a normal VLAN interface to a double-tagged WAN interface.

Configuration is like this:

===
int gig7/7
switchport trunk encap dot1g
switchport trunk allowed vlan 202

int gig1/2/4.30570202
 encapsulation dot1Q 3057 second-dot1q 202
 bridge-domain 202 dot1q
===

Where gig7/7 is connected to a 3750 as a trunk and I then have a device connected to an access port on the 3750 that is in vlan 202.

The gig1/2/4 port is a SPA-5GE card in a SIP-400 and that port goes to a carrier that hands off services as tagged VLAN's (one outer VLAN for each service) and we then create a dot1q inner VLAN.

When I configure the bridging as above it would appear that the traffic works correctly in one direction, but that in the other direction (traffic inbound on the SPA to local LAN interface) only the OUTER dot1q tab is getting stripped off so that when the traffic gets to the end device is still has VLAN 202 on the frame instead of being a non-vlan frame. This shows up in a packet capture on the end device like this:

22:00:35 00:13:1a:e9:a3:44 > 00:17:c5:16:43:7a, ethertype 802.1Q (0x8100), length 64: vlan 202, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 (00:17:c5:16:43:7a) tell 192.168.2.11, length 46

Where the critical part is "ethertype 802.1Q (0x8100), length 64: vlan 202" which shows that the packet coming in still has the vlan 202 tag on it and so the device ignores it, because it doesn't do VLAN sub-ints.

Software is 12.2(33)SRD4. Hardware is as described above, Gig7/7 is just a "plain" LAN port (WS-X6516-GE-TX).



Any suggestions on whether what I'm trying to achieve is possible and what I might do to achieve it with the hardware/software at hand ?



Thanks,
Tony.