802.1q Tunneling

By taking traffic that is already 802.1q tagged and adding another tag on top of it we can create an 802.1q, or Q-in-Q, tunnel. This is a handy feature that service providers may use in a metro ethernet.
802.1q tunneling allows service providers to use a single VLAN to support multiple VLANs of customers, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated.

Traffic from R1 enters SW1 with an 802.1q tag. SW1 adds another 802.1q tag and forwards the frame across the network. When the frame reaches SW4 it strips the outer 802.1q tag and leaves the inner one. When R4 receives the frame with the first 802.1q tag R4 processes the frame as if it came directly from R1. I have created a Layer 2 tunnel through the switches. From the routers perspective they are directly connected and will pass L2 traffic, like CDP. Here’s how the config looks for it

R1(config)#int fa0/0
R1(config-if)#no shut
R1(config-if)#int fa0/0.14
R1(config-if)#encapsulation dot1q 14
R1(config-if)#ip address 14.0.0.1 255.255.255.0
 
R4(config)#int fa0/0
R4(config-if)#no shut
R4(config-if)#fa0/0.14
R4(config-if)#encapsulation dot1q 14
R4(config-if)#ip address 14.0.0.4 255.255.255.0

With the routers setup and ready to send and receive 802.1q tagged traffic, let’s use vlan 100. So we will create the vlan and create trunks between the switches

SW1(config)#vlan 100
SW1(config-vlan)#int fa1/12
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
 
SW2(config)#vlan 100
SW2(config-vlan)#int fa1/12
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#int fa1/23
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
 
SW3(config)#vlan 100
SW3(config-vlan)#int fa1/23
SW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
SW3(config-if)#int fa1/34
SW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
 
SW4(config)#vlan 100
SW4(config-vlan)#int fa1/34
SW4(config-if)#switchport trunk encapsulation dot1q
SW4(config-if)#switchport mode trunk

Now let’s configure routers connections

SW1(config)#int fa1/0
SW1(config-if)#switchport access vlan 100
SW1(config-if)#switchport mode dot1q-tunnel
SW1(config-if)l2protocol-tunnel cdp
SW1(config-if)#no cdp enable
 
SW4(config)#int fa1/0
SW4(config-if)#switchport access vlan 100
SW4(config-if)#switchport mode dot1q-tunnel
SW4(config-if)#l2protocol-tunnel cdp
SW4(config-if)#no cdp enable

what we’ve done is :
–>access ports that connect to the routers we placed them in vlan 100
–>even though the router is already sending traffic with frames tagged with vlan 14, we are appending ( or adding on top) this new vlan.
–>We told the switches that these ports at the beginning and ending of an 802.1q tunnel.
–>we want to send cdp traffic across this tunnel.
–>we don’t want to send or receive cdp traffic on this interface. The cdp traffic can pass through the interface, but we aren’t participating in it.

Let’s see what the routers see.
R1#sho cdp neighbors
 Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
 S – Switch, H – Host, I – IGMP, r – Repeater
 
Device ID Local Intrfce Holdtme Capability Platform Port ID
 R4 Fas 0/0 135 R S I 3750 Fas 0/0

Enjoy!

Tom