[AusNOG] Cisco Q-in-Q config on AAPT e-Line

Sean K. Finn sean.finn at ozservers.com.au
Thu Dec 13 13:49:50 EST 2012 

I know this will be frowned upon, but one way I managed to utilise this was to have three ports on a non QinQ C3750G handle it.

Port 1 for example, took the AAPT TRUNK, as it does, with the allowed VLAN, in your case, only allows VLAN 320.

Port 2, on my C3750G was again an ACCESS port, with Vlan320 the only allowed VLAN.

I then looped that back into PORT3 of the same cisco device, however this time set it up port 3 as a TRUNK port, but only allowed through all of my other VLAN's.

It's horrible, but, in a sandbox, worked well, and I still had access to the native / untagged Vlan 320.

You could just as easily do this with two different Cisco's, one taking the AAPT handoff as a Trunk, then delivering it to another device on your network as an ACCESS/TRUNK port combo.

Please don't shoot me, it worked well in practice, even if it did throw up some Native-Vlan-Mismatch errors. 

The point is it WORKS if you are in a pickle.

S


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Mcintosh
Sent: Thursday, December 13, 2012 11:20 AM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Cisco Q-in-Q config on AAPT e-Line

Hi Noggers,

I'm hoping one of the many smart people on the list can help me with my Q-in-Q issue on AAPT's e-Line (Ethernet).

We have an AAPT Ethernet Trunk Access at our core that terminates various customer Single Access services. Config on the trunk port that terminates the various single access services looks like so:

sh run interface GigabitEthernet1/0/21
Building configuration...

Current configuration : 217 bytes
!
interface GigabitEthernet1/0/21
 description AAPT Trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 215-218,320,321,398
 switchport mode trunk
 load-interval 30
end

Pretty standard stuff. However here's where it gets complicated (to me). VLAN 320 needs to do Q-in-Q, encapsulating 3 other VLAN's within it (VLAN 8, 91 and 22)

Quoting from the AAPT product definition:
 
"AAPT e-Line services delivered end-to-end on AAPT infrastructure support customer VLANs transparently. e-Line services are designed to allow customers to configure and run multiple VLANs without any need to co-ordinate with AAPT.


To enable multiple VLANs across an AAPT e-Line service where one end is an Ethernet Trunk Access and the other end is either Ethernet Single-Service Access, the customer should configure the CPE at the Ethernet Trunk Access end with 802.1QinQ encapsulation and the CPE at the other end with 802.1Q encapsulation."


So my question is, how do I get visibility on the core switch of VLAN 8, 91 and 22 which are encapsulated within VLAN 320?

Your help would be VERY much appreciated!


-James
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list