7600 second-dot1q & vlan tag manipulation

Similar Messages

• Transport dot1q vlan tagging over wan link

  Hi,
  I would like to transport 802.1Q vlan tagging over a wan link, is it possible ?
  I heard about l2tp V3...
  Best regards

  Hi,
  You would have to use a technology such as Ethernet over MPLS (EoMPLS) or VPLS. This technology is referred to as Layer 2 VPNs. You can get more info on this at the following locations:
  EoMPLS (part of the Cisco Any Transport over ATM suite):
  http://www.cisco.com/en/US/products/ps6646/products_ios_protocol_option_home.html
  VPLS:
  http://www.cisco.com/en/US/products/ps6648/products_ios_protocol_option_home.html
  Hope that helps - pls rate the post if it does.
  Regards,
  Paresh

• EVC and second-dot1q problem.

  Hi all,
  I'm trying to configure a interface with two dot1q tags but I can't do it.
  I think thats is because my line card doesn't support it but I can't find any doc to confirm it.
  I have a 7606-S chassis with two WS-SUP32-GE-3B, one WS-X6548-RJ-45 and one WS-X6516A-GBIC.
  When I try to configure a subinterface in any line module with the command "encapsulation dot1Q X second-dot1q Y" the router doesn't accept second-dot1q part of the command,
  Router(config-subif)#do sh run interface GigabitEthernet2/1.2
  Building configuration...
  Current configuration : 38 bytes
  interface GigabitEthernet2/1.2
  end
  Router(config-subif)#interface GigabitEthernet2/1.2
  Router(config-subif)#encapsulation dot1Q 3 ?
    native  Make this as native vlan
    <cr>
  I tried it in a interface of each module and always is the same output.
  After, I have tried to use service instance but I can't set encasulation under service instance configuration part,
  Router(config)#interface GigabitEthernet6/5
  Router(config-if)#service instance 1 ethernet
  Router(config-if-srv)#?
  Ethernet EFP configuration commands:
    default      Set a command to its defaults
    description  Service instance specific description
    ethernet     ethernet
    exit         Exit from ETHER EFP configuration mode
    ipv6         IPv6 interface subcommands
    mac          Commands for MAC Address-based features
    no           Negate a command or set its defaults
    shutdown     Take the Service Instance out of Service
    snmp         Modify SNMP service instance parameters
  The easy way is upgrade hardware but is not a choice now...
  Anybody know if it's possible do it with my hardware config?
  Thanks in advance.
  David.

  Hello.
  Yes, this kind of MPLS configuration is supported on SIP400, ES20/ES40 LC, but ES20/40 requires SUP720, so SIP400 is your only chose.
  If you configure xconnect under service instance, you need SIP400 V2 SPA; if you configure under sub-interface -> just SIP400. In this case SIP400 is customer-facing LC.
  Also you have an option to configure xconnect under interface VLAN -> SIP400 should be CORE-facing LC.

• Vlan tag issue with Nexus 4001 in IBM Blade Centre

  Hi
  I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
  I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
  The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
  My Nexus 4001 interface configuration is below
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 999
    switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
    spanning-tree port type edge trunk
    speed auto
  The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
  I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
  Thanks
  Greg

  Your configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
  My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
  Regards,
  jerry

• Can a Catalyst switch terminate a QinQ (double vlan tagged) connection on an SVI?

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

• Span & wireshark to see p-bits and vlan tags

  Problem:
  I do not see 802.1Q tags nor do I see p-bits (COS) in my wireshark captures. My setup is not working and I have no way to verify (sniff) that the 6509 is setting the p-bits to 3. I need to see them to troubleshoot effectively. Help!
  Setup:
  I am port mirroring off of my 6509. Port 1/16 should be tagging and setting the p-bits to a value of 3. How can I confirm?
  interface GigabitEthernet1/16
  description DonkX
  no ip address
  load-interval 30
  mls qos cos 3       ! I've tried my tests with and without this command
  mls qos cos trust      ! I've tried my tests with and without this command
  switchport
  switchport access vlan 941
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 941
  switchport mode trunk
  no cdp enable
  end
  sho mon
  Session 1
  Type                   : Local Session
  Source Ports           :
      Both               : Gi1/16
  Destination Ports      : Gi8/47
  Port G1/16 is the GE uplink to DonkX
  Port G8/47 is the Windows 2003 Server with wireshark.
  Port G8/9 is my RH4 Linux box with TCPdump.
  Steps taken to resolve the problem:
  I have followed this document to set this up correctly on my windows box with a Intel Proset 1000MT. I have updated the drivers and made the registry changes with no captures showing tagging/cos information.
  http://www.intel.com/support/network/sb/CS-005897.htm
  Regardless of my settings, this document says I shouldn't have to worry about drivers:
  http://wiki.wireshark.org/CaptureSetup/VLAN
  "You'll definitely see the VLAN tags, regardless of what OS the independent system is running or what type of network adapter you're using."
  Details:
  I am testing a new GPON access product (DonkX) that uplinks via GigE using trunking and setting p-bits. To prioritize my video the new DonkX sets the p-bits to 3 and it instantly ceases that traffic. I have only unidirectional traffic at this point so I can no longer arp, icmp, ftp, tftp, noth'n. The 6509 sends back a response to DonkX but I believe it is dropped because the p-bit is not set to 3. If I remove the priority from 3 to 0 on the DonkX system then it works correctly but without QoS of course.
  -JGR

  Alright, the saga continues. I saw tagged frames last week but began troubleshooting again this morning and can't see tagged frames!
  If I remove the span then I can see tagged traffic on g8/47 (Windows 2003 Server 802.1q not configured on NIC). If I turn on monitoring I see no tagged traffic. I also tried this on a laptop running Fedora 12 (on g8/47) and had the same results. Any ideas?
  I've mirrored another trunk port that is in production passing tagged traffic to an 3560 trunked and going to an ASA. The port to the 3560 and ASA (g3/7) requires tagging and works properly; however, I cannot see tags on this port either. Do you see anything obvious here or is this looking like a tac case?
  interface GigabitEthernet1/16
  description DonkX
  no ip address
  load-interval 30
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 941
  switchport mode trunk
  no cdp enable
  end
  interface GigabitEthernet8/47
  no ip address
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  no cdp enable
  end
  conf t
  no mon sess 1
  mon sess 1 sourc int g1/16
  mon sess 1 dest int g8/47
  sho mon
  Session 1
  Type                   : Local Session
  Source Ports           :
      Both               : Gi1/16
  Destination Ports      : Gi8/47
  Unit details:
  WS-C6509 Version 12.2(18)SXD4
  NAME: "1", DESCR: "WS-X6516A-GBIC SFM-capable 16 port 1000mb GBIC Rev. 4.2"
  PID: WS-X6516A-GBIC
  NAME: "8", DESCR: "WS-X6748-GE-TX CEF720 48 port 10/100/1000mb Ethernet Rev. 2.3"
  PID: WS-X6748-GE-TX
  NAME: "6", DESCR: "WS-SUP720-BASE 2 ports Supervisor Engine 720 Rev. 3.1"
  PID: WS-SUP720-BASE
  NAME: "msfc sub-module of 6", DESCR: "WS-SUP720 MSFC3 Daughterboard Rev. 2.3"
  PID: WS-SUP720
  NAME: "switching engine sub-module of 6", DESCR: "WS-F6K-PFC3A Policy Feature Card 3 Rev. 2.4"
  PID: WS-F6K-PFC3A

• Native VLAN tagging work-around?

  Good Day!
  Story here is that I am upgrading my 6500 Metro Ethernet core switch from CatOS to IOS and implementing several security components - one in question is implementing 'vlan dot1q tag native' global command on core switch. Most of my PE switches are 3550 series and are compatible with this configuration. The problem is that I also have several remote legacy 3508G switches that I need to support, and they will not accept this command.
  Is anyone aware of a work-around config for these 3508s? So far have not found any help on CCO...
  Thanks!

  Don't know if you can do this on a Cat6500 running IOS, but here's my idea:
  Set the native VLAN on the 3508G end of the 802.1Q trunk to a VLAN that is not going to be used anywhere for access, and match the native VLAN specification on your 6500's corresponding interface. Then, remove that VLAN from the trunk at both ends.
  The way I read it, on the 6500 the "vlan dot1q tag native" command would tag outgoing traffic on the native VLAN; and would drop all incoming traffic on the native VLAN that wasn't tagged. But none of that will matter, because removing that one VLAN from the allowed VLAN list on the trunk will leave you with only tagged VLAN traffic on the trunk from the 3508G. CDP will see that the native VLAN is set the same at each end (if you use CDP), so it won't flag any mismatches there. You just won't use the native VLAN on the trunk.
  I'm doing something similar with CatOS on a 6509 and 2950G access switches. Setting native VLAN to 1 (the default) on both ends, which makes it untagged; and then removing VLAN 1 from the trunk on both sides, leaving me with only tagged traffic on the trunk.
  Now, VLAN 1 is a special case, you can't remove it completely from the allowed VLAN list on a 2950G. The documentation refers to it as "minimizing" VLAN 1: CDP and VTP traffic will still pass over it, as will a couple of other Cisco-centric things; but no user traffic, and no STP BPDUs. Testing it today, I verified the CDP and VTP traffic work in both directions after I cleared VLAN 1 from the trunk and had only one customer VLAN, tagged, on it.
  In your situation, you can't remove VLAN 1 at all from a 3508G XL trunk. So just pick another VLAN to throw away as the native VLAN that you remove from the trunk, and transmit VLAN1 tagged across it.
  I think DTP uses the native VLAN; so the only drawback to my idea is that you have to manually set the trunk mode rather than letting the switches negotiate it out. (No problem for me, I set them all manually anyway.)
  Hope this helps.

• Q-in-Q w/o Native VLAN tag question

  Let's assume that we have Q-in-Q setup between 2 service provider switches.  To run Q-in-Q we want to terminate a trunk into each tunnel port and enable native VLAN tagging to ensure that all customer VLAN's are tagged.  In some cases we may have a customer that wants to connect their own equipment into the tunnel port on our switch, so it wouldn't actually be a trunk - it would be an access port.  If this occurs then there is no inner VLAN tag, only an outer VLAN tag.  Will tunnelling still function properly in this scenario?

  actually this is not true... sorry Kishore 
  Tunneling still works and traffic within the SP core will be singled tagged (with the SP tag only).
  However when you do this you need to be extremely careful specially if you use dot1q trunks in the core with native vlan within the customer range. You might end up in unexpected result in this case.
  See an exmple of a possible issue you might see in this case:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_58_se/configuration/guide/swtunnel.html#wp1008635
  The solution would be to tag native vlan in the SP core or use ISL trunks or use native vlans outside customer range or (logically) use trunk ports on CE device (still paying attention to native vlan though).
  Riccardo

• VLAN Tagging on the ACE 4710 Appliance

  Hello all,
  I have a quick question. How does the ACE 4710 Appliance works with VLAN tagging? I have virtual servers that I am trying to configure behind ACE. The VMs support VLAN tagging. Can I just trunk to link to my core switch and allow the ACE vlans to pass through?
  Your help is greatly appreciated.

  ACE 4710 support dot1q trunkning.
  Configure the interface between 4710 and core switch as a trunk.
  Same between your VMS and core switch.
  Gilles

• Mesh Ethernet Bridging with VLAN Tagging Issue

  Hi all.
  I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again.
  Has anyone else seen this? I can't find any relevant bugs.
  Justin

  Hi Saravanan,
  It is one RAP and three MAPs. After a TAC call and 30 hours of monitoring, my VLANs have remained registered. I think the issue was mismatched VLANs to bridge groups an it looks like the mesh bridge may be stable for now. Here is what I was seeing on the RAP and MAPs when the VLANs were deregistering unexpectedly. Notice how VLANs 2 and 10 are mapped to opposite bridge groups on the RAP and MAP:
  After I removed all the VLAN IDs from the Trunk configuration on the MAPs (through each AP's Mesh tab -- Ethernet Bridging config) and then rebuilt the VLAN IDs, I ran the same commands and now see this:
  My very unscientific theory here is that the mismatching was causing consistency checks to fail, so the RAP was just tearing down the registrations after getting bogus or non- responses from the MAPs during the periodic VLAN registration maintenance checks (debug mesh ethernet registration).
  If I have continued issues, I'll post back with updates.
  Thanks for the response!
  Justin

• Does Cisco7200VXR support feature Q-in-Q VLAN tag termination?

  There is only 10000ESR platform support announced in feature guide and no information in Feature Navigator tool...
  http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a.html

  Hi there,
  Well.. it seems this feature has several names:
  "Cisco IOS Software Releases 12.3 T - IEEE 802.1Q-in-Q VLAN Tag Termination"
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a.html
  "Cisco IOS Software Releases 12.0 S - Stacked VLAN Processing"
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008021b9ee.html
  But I can't find any reference to the 7200 having support for it... though many others has it.. mainly switches.. not too surprising.. :)
  Did it help?

• Vlan tag preservation span monitoring

  Hi
  I am spanning multiple vlans as source with the destination as a single ethernet port, though I am able to see the traffic from the VLANs, I am not able to see the VLAN tag in the packet which is a key requirement for me for monitoring.
  Does anyone know why the VLAN tagging is stripped or how to preserve it in the monitor session?
  Your help is much appreciated.
  - Balaji

  While I appreciate your response Najaf, we have been monitoring the SVIs on our current CAT6500 switches without any problems as we can "preserve" the vlan tags on the destination monitoring port.
  However, we have found a way to see the VLAN tags on the monitoring destination port but we are still carrying out some tests to confirm our findings.
  Will keep this thread updated.
  -Balaji

• Installing OVM X86 3.1.1 with Trunk VLAN tag for ovm management network

  Hi Guys
  Can anyone help with network config on the OVM server 3.1.1 basically we need to use vlan tags on trunk port... so i have a subnet from following *(Trunk Allowed VLAN XXX)* from which i need to allocate IP for the OVM server component so that the ovm manager can find the OVM server instance...
  Can you use vlan tags, on trunk port with OVM server 3.1.1???
  Thanks

  Your right there as i later found out the engineers weren't selecting the vlan option when installing the vm server...

• How to get vlan tag programe with mac book air

  how to get vlan tag programe with mac book air,i'm using the usb ethernet adapter

  For prompt help contact TATA.
  For more on this: https://discussions.apple.com/thread/3680625?tstart=270

• VLAN tagging for Desktops

  I have a test VDI 3.1.1 system set up and I have to say, I'm quite impressed. In about a day, I was able to serve Windows 7 desktops, something we can't do with our current VMware View setup. One apparent limitation I have run into, however, is 802.1q VLAN tagging support for Desktop NICs. I have created a 2-way aggregate on nxge0 and nxge1. The portchannel these are connected to is set up for 802.1q tagging, and Solaris is plumbed with aggr13001 to tag its packets with VLAN 13, for example. However, traffic from Desktops is not so tagged, so its packets go nowhere. Is there any way to define a VLAN for a given Desktop Pool? This is important for us, as we tend to keep server systems on campus-only subnets, while desktops get Internet-routed addresses.
  Thanks,
  Charles

  Aggregation shouldn't have any adverse effect here. You need to configure VDI to use the correct VLANs on a per Pools basis. In the VDI Manager first navigate to the Desktop Provider -> Networks tab and 'Refresh' the networks. This will scan all VirtualBox hosts in the provider for currently plumbed interfaces, each of which will be listed by their subnet.
  After all networks are detected navigate to the Pool -> Settings tab and select 'Host Networking' followed by the required subnet(s). The primary subnet listed here is used for RDP connections.