[AusNOG] Cisco Q-in-Q config on AAPT e-Line
Luke Iggleden
luke+ausnog at sisgroup.com.au
Thu Dec 13 14:10:57 EST 2012
Bandaids are a great temporary fix. It's all good until someone elses
bandaid lands on your face as your getting out of the swimming pool though
On 13/12/12 2:00 PM, Matthew Maxwell wrote:
> +1 to the ugly external loop back stories. I've had to physically loop
> ports in separate VRFs to get an OSPF adjacency.
>
> Sent from my iPhone
>
> On 13/12/2012, at 12:55, David Hughes <David at hughes.com.au> wrote:
>
>>
>> There are many cases on Cisco hardware based platforms where "external loopback" is a valid if ugly solution. I deployed the same thing to trunk vlans over a port based EoMPLS pw from a Cat6K. There wasn't anything else with an mpls capable "port" to plug into so we looped back to another port on the same box. Worked, but was ugly, and was only temporary to facilitate migration of services between datacentres.
>>
>> David
>> ...
>>
>>
>> On 13/12/2012, at 12:49 PM, Sean K. Finn wrote:
>>
>>> I know this will be frowned upon, but one way I managed to utilise this was to have three ports on a non QinQ C3750G handle it.
>>>
>>> Port 1 for example, took the AAPT TRUNK, as it does, with the allowed VLAN, in your case, only allows VLAN 320.
>>>
>>> Port 2, on my C3750G was again an ACCESS port, with Vlan320 the only allowed VLAN.
>>>
>>> I then looped that back into PORT3 of the same cisco device, however this time set it up port 3 as a TRUNK port, but only allowed through all of my other VLAN's.
>>>
>>> It's horrible, but, in a sandbox, worked well, and I still had access to the native / untagged Vlan 320.
>>>
>>> You could just as easily do this with two different Cisco's, one taking the AAPT handoff as a Trunk, then delivering it to another device on your network as an ACCESS/TRUNK port combo.
>>>
>>> Please don't shoot me, it worked well in practice, even if it did throw up some Native-Vlan-Mismatch errors.
>>>
>>> The point is it WORKS if you are in a pickle.
>>>
>>> S
>>>
>>>
>>> -----Original Message-----
>>> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Mcintosh
>>> Sent: Thursday, December 13, 2012 11:20 AM
>>> To: ausnog at lists.ausnog.net
>>> Subject: [AusNOG] Cisco Q-in-Q config on AAPT e-Line
>>>
>>> Hi Noggers,
>>>
>>> I'm hoping one of the many smart people on the list can help me with my Q-in-Q issue on AAPT's e-Line (Ethernet).
>>>
>>> We have an AAPT Ethernet Trunk Access at our core that terminates various customer Single Access services. Config on the trunk port that terminates the various single access services looks like so:
>>>
>>> sh run interface GigabitEthernet1/0/21
>>> Building configuration...
>>>
>>> Current configuration : 217 bytes
>>> !
>>> interface GigabitEthernet1/0/21
>>> description AAPT Trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 215-218,320,321,398
>>> switchport mode trunk
>>> load-interval 30
>>> end
>>>
>>> Pretty standard stuff. However here's where it gets complicated (to me). VLAN 320 needs to do Q-in-Q, encapsulating 3 other VLAN's within it (VLAN 8, 91 and 22)
>>>
>>> Quoting from the AAPT product definition:
>>>
>>> "AAPT e-Line services delivered end-to-end on AAPT infrastructure support customer VLANs transparently. e-Line services are designed to allow customers to configure and run multiple VLANs without any need to co-ordinate with AAPT.
>>>
>>>
>>> To enable multiple VLANs across an AAPT e-Line service where one end is an Ethernet Trunk Access and the other end is either Ethernet Single-Service Access, the customer should configure the CPE at the Ethernet Trunk Access end with 802.1QinQ encapsulation and the CPE at the other end with 802.1Q encapsulation."
>>>
>>>
>>> So my question is, how do I get visibility on the core switch of VLAN 8, 91 and 22 which are encapsulated within VLAN 320?
>>>
>>> Your help would be VERY much appreciated!
>>>
>>>
>>> -James
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list