Hi All, Image for reference sake: http://www.savage.za.org/QinQ.png
We are currently working on a large scale overhaul of our production network, mainly consisting of 6500, 3750, and 3825 series Ciscos. Our provider will be providing us with Layer II interconnects between two separate data center locations, as well as provisioning internet services on these Layer II trunks. I'm a bit baffled as to how to piece this together after spending about 3 days trying to figure out the inner workings of QinQ... What we are getting: DC1 Location - Layer II Trunk Interface VLAN100 - Internet Services (Layer III connectivity) VLAN101 - Layer II Interconnect to Site A VLAN102 - Layer II Interconnect to Site B VLAN103 - Layer II Interconnect to DC2 (QinQ required) DC2 Location - Layer II Trunk Interface VLAN103 - Layer II Interconnect to DC1 (QinQ required) Now,up to here everything is fine. I have an trunk port configured in either DC location, and simply allow VLAN100-103 to pass through the trunk to my provider. As for VLAN101-102, it remains easy, I assign an IP on either side and I should, in theory, happily be able to communicate. The problem comes in with the Interconnect between DC01 and DC02. We require to extend our internal VLANs (10-30 in the diagram per example) across the different data centers. This will include cdp, vtp, spanning-tree, etc. From my understanding, QinQ should be able to accommodate this, but I am not sure about the configurations. Most configurations for QinQ that I've seen so far seems to indicate that your private vlans are encapsulated into another vlan associated with an access port - this is where I am running into issues. I need to encapsulate as follows: VLAN10 VLAN20 -> VLAN103 -> Provider Trunk VLAN30 Is this really as complicated as I am making it sound, or am I just missing something obvious? I am not understanding how VLAN100-103 can be used on the trunk port, whilst only encapsulating VLAN10-30 inside VLAN103, and not inside the entire trunk. As the three VLANs provisioned by the provider are completely different services and goes to completely different locations - it's imperative that the correct vlans are encapsulated into the correct provider vlans. I would -really- appreciate it if someone can perhaps give me a basic rundown of configurations to achieve this, as I am completely lost at this stage. Am I right in presuming: Int gi1/0 switchport mode trunk switchport trunk allowed vlans 100-103 Int gi1/1 switchport mode access switchport access vlan 100 Int gi1/2 switchport mode access switchport access vlan 101 Int gi1/3 switchport mode access switchport access vlan 102 Int gi1/4 switchport mode dot1q-tunnel switchport access vlan 10 Int gi1/5 switchport mode dot1q-tunnel switchport access vlan 20 Int gi1/6 switchport mode dot1q-tunnel switchport access vlan 30 Now what.. How do I get vlans 10-30 to be encapsulated inside vlan103 specifically? Documentation suggests Int gi1/0 (trunk port) to be configured as follows: Int gi1/0 switchport mode trunk switchport trunk allowed vlans 10,30-100-103 But how does this ensure that vlans 10-30 are encapsulated inside vlan 103 only? Many thanks, Chris. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
