[c-nsp] Management VLAN and Bridge Domain on ME3600 Switch

Sikandar Ali sikandar at hotmail.co.uk
Tue Mar 18 08:50:19 EDT 2014


Thanks for the explanation Adam/Waris. 

I can confirm that this is now working and appreciate your detailed response. 

Many Thanks again for your help

Sikandar

> From: adam.vitkovsky at swan.sk
> To: sikandar at hotmail.co.uk
> CC: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Management VLAN and Bridge Domain on ME3600 Switch
> Date: Mon, 17 Mar 2014 08:36:15 +0000
> 
> Hi Sikandar,
> 
> Here's how it works. 
> 
> Management traffic is going to be double tagged on the link to/from service provider (+14B overhead). 
> That is: top-most service VLAN that service provider expects in order to carry traffic from this site + VLAN ID identifying your management traffic. 
> Once the particular frame arrives at your switch and is matched/accepted by the appropriate bridge-domain (management BD) both VLAN IDs needs to be removed as VLAN interface expects untagged frames for IP functions as Waris mentioned. 
> 
> Traffic for the particular customer is actually going to be triple tagged on the link to/from service provider (+18B overhead). 
> That is: top-most service VLAN that service provider expects in order to carry traffic from this site + VLAN ID identifying Customer-1 traffic + VLAN IDs that Customer-1 would like to be carried transparently/preserved. 
> Once the particular frame arrives at your switch and is matched/accepted by the appropriate bridge-domain (Customer-1 BD) both topmost VLAN IDs needs to be removed before the frame along with VLAN tag that customer expects is bridged over to the customer facing port. 
> 
> And vice versa happens in the direction form the customer to service provider. 
> Once you accept the frame at the customer facing port based on the customer's VLAN tags. You'll leave the VLAN tag on the frame untouched as you bridge the frame through the appropriate bridge-domain (Customer-1 BD) towards the egress port facing the service provider. 
> As the customer's frame along with its VLAN tag is transmitted out the egress port the switch adds two more VLAN tags to it. 
> One VLAN tag to identify that this frame belongs to Customer-1 and an appropriate top-most VLAN tag so that the frame is accepted by the service provider. 
> 
> adam
> > -----Original Message-----
> > From: Sikandar Ali [mailto:sikandar at hotmail.co.uk]
> > Sent: Sunday, March 16, 2014 8:04 PM
> > To: Vitkovský Adam
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Management VLAN and Bridge Domain on ME3600
> > Switch
> > 
> > Hi Adam
> > Thanks for the reply. It's much appreciated.
> > 
> > Just few questions:
> > 
> > 1. As you can see from my config I am doing double tagging as well but
> > difference is you are doing pop2 instead of pop1.I just would like to ask what
> > would be the benefit of doing pop2 on the port facing service provider?
> > 
> > 2. I tried configuring exactly the same configuration for management VLAN as
> > well but again the difference was I didn't do pop2. I am bit puzzled why it
> > didn't work with pop1 which is essentially taking the outer tag off and IP
> > address is configured on the second VLAN so in theory it should work
> > 
> > I will give it a go to your config and get back to you.
> > 
> > Many Thanks
> > 
> > Sikandar
> > 
> > Sent from my iPhone
> > 
> > On 16 Mar 2014, at 17:20, "Vitkovský Adam" <adam.vitkovsky at swan.sk>
> > wrote:
> > 
> > > Hi Ali,
> > >
> > > First of all I'd try to get a L2 transparent circuit from the provider not just a
> > single VLAN -might be available at the same price.
> > > If that's not an option than I'd try to double tag the frames on the uplink to
> > the provider as follows:
> > > (Please check whether there's enough MTU on the uplink)
> > >
> > > interface GigabitEthernet0/13
> > > mtu 1512
> > > service instance 25 ethernet
> > >  descript transport customer1
> > >  encapsulation dot1q 100 second-dot1q 10  rewrite ingress tag pop 2
> > > symmetric  bridge-domain 25 !
> > > service instance 20 ethernet
> > >  descript management
> > >  encapsulation dot1q 100 second-dot1q 20  rewrite ingress tag pop 2
> > > symmetric  bridge-domain 20
> > >
> > > interface vlan 20
> > > descript switch management interface
> > > vrf for mgmt
> > > ip add 10.0.0.1 255.255.255.252
> > >
> > >
> > >
> > > Interface GigabitEthernet0/19
> > > port-type nni
> > > switchport trunk allowed vlan none
> > > switchport mode trunk
> > > mtu 1504
> > > service instance 26 ethernet
> > >  descript to customer1
> > >  encapsulation dot1q 200,433,472
> > >  bridge-domain 25
> > >
> > >
> > > adam
 		 	   		  


More information about the cisco-nsp mailing list