"vlan dot1q tag native" end-to-end QoS switched network

Similar Messages

• 3750-x and vlan dot1q tag native command

  Hello,
  I have a 3750-X stack with the following HW & SW revisions:
  Cisco-3750-x-stack>show version
  Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9NPE-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  sCopyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Wed 26-Jun-13 01:47 by prod_rel_team
  ROM: Bootstrap program is C3750E boot loader
  BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
  Cisco-3750-x-stack uptime is 1 day, 6 hours, 56 minutes
  System returned to ROM by power-on
  System restarted at 20:27:32 UTC Tue Mar 29 2011
  System image file is "flash:/c3750e-universalk9npe-mz.150-2.SE4/c3750e-universalk9npe-mz.150-2.SE4.bin"
  License Level: lanbase
  License Type: Permanent
  Next reload license Level: lanbase
  cisco WS-C3750X-48P (PowerPC405) processor (revision A0) with 262144K bytes of memory.
  Processor board ID FDO1524K1J2
  Last reset from power-on
  2 Virtual Ethernet interfaces
  1 FastEthernet interface
  104 Gigabit Ethernet interfaces
  4 Ten Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address       :
  Motherboard assembly number     : 73-12553-05
  Motherboard serial number       : 
  Model revision number           : A0
  Motherboard revision number     : C0
  Model number                    : WS-C3750X-48P-L
  Daughterboard assembly number   : 800-32727-01
  Daughterboard serial number     : 
  System serial number            : 
  Top Assembly Part Number        : 800-31324-02
  Top Assembly Revision Number    : C0
  Version ID                      : V02
  CLEI Code Number                : 
  Hardware Board Revision Number  : 0x03
  Switch Ports Model              SW Version            SW Image
  *    1 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M
       2 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M
  Switch 02
  Switch Uptime                   : 1 day, 6 hours, 56 minutes
  Base ethernet MAC Address       : 
  Motherboard assembly number     : 73-12553-06
  Motherboard serial number       : 
  Model revision number           : A0
  Motherboard revision number     : A0
  Model number                    : WS-C3750X-48P-L
  Daughterboard assembly number   : 800-32727-03
  Daughterboard serial number     : 
  System serial number            : 
  Top assembly part number        : 800-31324-03
  Top assembly revision number    : B0
  Version ID                      : V03
  CLEI Code Number                : 
  License Level                   : lanbase
  License Type                    : Permanent
  Next reboot licensing Level     : lanbase
  Configuration register is 0xF
  I am trying to setup native vlan tagging using the command "vlan dot1q tag native".   I am entering this when I am in privileged exec mode, and then config mode.   When enter vlan ? it does not show dot1q as an option.   Any thoughts on what I might be missing?   What I am trying to achieve is all ingress untagged traffic (from my Meru controller) will be tagged with VLAN tag 101 as it progresses through my network, and any tagged traffic on vlan 101 which is destined for the port where my Meru controller is located will be delivered to the Meru controller untagged.   I can set this up in this manner on a SG300 Cisco switch, and I believe this is what "vlan dot1q tag native" will achieve if I am understanding correctly.
  I welcome suggestions on both why the "vlan dot1q tag native" won't work, and on what I am trying to accomplish.
  Thx
  Bryan

  Hi Aaron,
  Thank you for the quick reply.  
  The Meru controller uses untagged traffic to talk between the controller and the APs.   It also uses tagged traffic to talk between the controller and the VLANs which I have associated with each of the SSIDs.   I am trying to find a way to do what is normally done with an access port, but do that with an LACP group (801.Q trunk).   Where the untagged traffic entering the network from the controller gets tagged as VLAN 101 as it transits the network, and then traffic which is delivered to that 801.Q trunk on VLAN 101 has the tag removed, but all other traffic entering that port will be appropriately tagged, and the tagged traffic along with the tags well egress from that port to the Meru controller.    I have done this before on a Cisco SG300 switch, but not on the 3750-X core in my home.   If I can't make this work I can front end the Meru controller with an SG300 but now I will be introducing another potential point of failure.
  Also, do you have any idea why the "vlan dot1q tag native" would not be accepted by the IOS version on this switch stack?
  Thx
  Bryan

• WS-C3750X-48T-L and tag native vlan

  Hi guys,
  I have recently bought a new cisco switch : WS-C3750X-48T-L
  Switch Ports Model              SW Version            SW Image                 
  *    1 54    WS-C3750X-48       12.2(55)SE5           C3750E-UNIVERSALK9-M
  with this licence :
  Index 1 Feature: ipservices     
      Period left: 8  weeks 4  days
      License Type: Evaluation
      License State: Active, Not in Use, EULA not accepted
      License Priority: None
      License Count: Non-Counted
  Index 2 Feature: ipbase         
      Period left: 0  minute  0  second  
  Index 3 Feature: lanbase        
      Period left: Life time
      License Type: Permanent
      License State: Active, In Use
      License Priority: Medium
      License Count: Non-Counted
  I want to tag all native vlan traffic from this switch with the command :
  vlan dot1q tag native.
  I can't see this command on the command line interface. How can I reach this option ?
  Have I to pay something ?
  Thanks for your answers.

  Probably is a license limitation: "Each Cisco Catalyst 3750-E/3560-E or 3750-X/3560-X system is loaded with a universal Cisco IOS® Software image. Universal Cisco IOS Software images contain all Cisco IOS Software features. The level of Cisco IOS Software functionality available is determined by the combination of one (or more) licenses installed on the device."
  More info here: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-x-series-switches/white_paper_c11-579326.html
  You have a lan base license active and in use:
  Index 3 Feature: lanbase        
      Period left: Life time
      License Type: Permanent
      License State: Active, In Use
      License Priority: Medium
      License Count: Non-Counted
  You have an ip service test license but is not active:
  ndex 1 Feature: ipservices     
      Period left: 8  weeks 4  days
      License Type: Evaluation
      License State: Active, Not in Use, EULA not accepted
      License Priority: None
      License Count: Non-Counted
  For more informations about how activate a licence use this link:
  https://supportforums.cisco.com/document/69361/licensing-290035003700
  Regards.

• VLAN DOT1Q, SWITCHPORT TRUNK NATIVE VLAN, and VLAN1

  Hi All,
  L2 security documents suggest to avoid using vlan1 and tagging all frames with vlan IDs using the global configuration of vlan dot1q. Other Cisco non-security documents suggest using the switchport trunk native vlan # which removes any vlan tagging. It seems to me that the global vlan dot1q command and the interface switchport trunk native vlan # are contradictory; therefore, both should not be used. Furthermore, my understanding is to avoid using vlan 1 to tighten L2 security. When vlan 1 is removed from all trunked uplinks, user access ports are other than vlan 1, and no spanning-tree vlan 1 operations exists, what is the native vlan 1 actually used for?. The output of show interface gi0/1 trunk shows the native vlan as 1.
  Thanks,
  HC

  Hi HC,
  the command "switchport trunk native vlan" is used to define the native (untagged vlan) on a dot1q link. The default is 1, but you can change it to anyting you like. But it does only change the native vlan, all the others vlan on the trunk are of course tagged (and it only applies to dot1q, as ISL "taggs/encapsulates" all the vlans). The command "vlan dot1q tag native" is mostly used in dot1qindot1q tunnels, where you tunnel a dot1q trunk within a dot1q trunk. Thats something mostly service Providers offer to there customers. There it is important that there is no untagged traffic, as that would not work with dot1qindot1q. This command tagges the native vlan traffic, and drops all traffic which is not tagged.
  Whatfor is the native VLAN? Switches send control PDU such as STP,CDP or VTP over the native VLAN.
  If you don't happen to be a service Provider for L2 metropolitan Ethernet, you wan't need the "vlan dot1q tag native" command. For my part I'm trying not to use vlan 1 everywhere in my campus, because it gives a huge spanningtree topology and if you ever get a switch to blow a heavy load of traffic into it, you have your whole campus network degradet. I try to keep Vlan's a small as possible and to have as much L3 separaton as possible, that's good for the stability!
  Simon

• L2VPN on A9K: Egress Dot1q tagging

  Hello A9K Olympus inhabitants,
  I have some questions to you regarding the way the A9K deals with dot1q tag on the egress EFP:
  First scenario:
  The frame arrives the ingress EFP (port-mode, with no encap, only l2transport config) with a dotq1 tag of 100;
  The ingress EFP doesn't do any rewrite before entering the VLL EVC;
  The egress EFP (vlan-mode subinterface, with dot1q encap) is configured with a dot1q tag of 300;
  The egress EFP doesn´t do any rewrite on the frame;
  Which dot1q tag should arrive on the CE Switch ? Tag 100 or tag 300 ?
  Second scenario:
  The frame arrives the ingress EFP (port-mode, with no encap, only l2transport config) with NO dotq1 tag;
  The ingress EFP doesn't do any rewrite before entering the VLL EVC;
  The egress EFP (vlan-mode subinterface, with dot1q encap) is configured with a dot1q tag of 300;
  The egress EFP doesn´t do any rewrite on the frame;
  Which dot1q tag should arrive on the CE Switch ? Untagged frame or a framed tag with 300 ?
  Thank you all!
  David

  Hello David,
  A9K  always uses VC type 5 (VLAN) for VPLS. For both VPLS and VPWS, it will try VC type 5 as default first.
  With VC type 5 the frame is transported across the MPLS network as it looks like after the ingress VLAN manipulation.
  So if there is either no VLAN tag, a single tag (C-TAG) or two or more tags (e.g. S-TAG/C-TAG), all get transparently transported to the other far end.
  With VC type 4, ASR9k always add a dummy tag (tag 0)  which will get automatically removed by the egress ASR9K node when the packet is received on the MPLS interface.
  So if we assume both ends are ASR9k and they use the default VC5, then:
  Scenario 1 – we get tag 100 on the remote end
  Scenario 2 – no tag on the remote end.
  Regards,
  /A

• Why dot1Q doesn't tag native vlan?

  Why dot1Q doesn't tag native vlan?
  Is there any reason? Or Is there any advantage with this ?
  Regards,
  Chandu

  Chandu
  The native vlan is there to support connectivity to switches that do not support vlan tagging so that if the switch on the other end of the link cannot interpret frames with vlan tags added it can still process the non tagged native vlan packets.
  Nowadays most, if not all, switches do understand vlan tagging so it is very rare you need it for it's original purpose and you can in fact on a lot of Cisco switches actually tell the switch to tag the native vlan as well.
  Jon

• Newb VoIP End to End Qos Questions

  I'm at a site that has Layer 3 Cisco switches and routers end to end. Cisco IP phones plug directly into Layer 3 switches with various routers in the core.
  1) If all connections are Layer 3 do I need to concern myself with trusing COS? I would trust DSCP in this case yes?
  2) Cisco phones by default send voice rtp audio with DSCP marked as EF, is that correct? If not, I know how to create policy-maps and reclassify it. My thought was it is already classified as high as possible.
  3) I've read that QoS must be end to end or you don't really have a full implementation, as in the one device your traffic passes through that is not performing QoS will likely be running FIFO or WFQ, which do not give precedence to class based traffic. So in theory I need to implement CBWFQ or LLQ on every Layer 3 device end to end that RTP audio will touch. Do I have this correct?
  4) If the voice traffic has the potential to travel to most Layer 3 devices in the network as it travels between the Call Manager and phones, I need to apply QoS outbound on each Layer 3 interface that is likely to be in a voice path yes?
  Sorry, I'm a newb, I understand it in theory but I still hit the wall on occassion with my light saber while blindfolded.
  Thanks, Mike

  Hi
  1) Yep - no trunk (dot1q/ISL) = no CoS as it's in the trunk header, so use DSCP.
  2) Yep, traffic will be marked. You can trust it, or trust it conditionally in a service policy and police it.
  3) Yep, more or less. It's very important that on any switches that have QoS enabled, you have proper trust states set on all the ports, otherwise the DSCP will be remarked to 0. This is worse that not particularly prioritizing voice on a particular device, as no other devices further down the chain will see any DSCP markings to act on.
  4) Erm.. kind of. If it's a layer 3 link on a switch, then you don't configure it as you would on a router. The QoS is done in hardware, so your common/garden autoqos type config should see you right if you really don't know what you are doing. If you use auto qos voip trust, make sure you set it to mls qos trust dscp after as it will probably default to CoS. Best to keep it consistent...
  Regards
  Aaron
  Please rate helpful posts...

• QoS - End to End

  v\:* {behavior:url(#default#VML);}
  o\:* {behavior:url(#default#VML);}
  w\:* {behavior:url(#default#VML);}
  .shape {behavior:url(#default#VML);}
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  END to END QOS:
  There are two sites and we are going to implement end to end Qos.
  Site1: Avaya IP phones are connected (Users)
  Site2: IPT Servers are connected
  Bandwidth Requirement is 9.6 Mbps between two sites for Voice traffic.
  Below is the topology Detail:
  Avaya Phones are connected ----L2--àCisco 3750G ---L2---à Cisco 6509-----L3----->Cisco 7206--------àWAN ---------àCisco 7609-------àCisco 6509-------àCisco 3750G—Access link---------àIPT SERVERS
  As per above topology, what will be the configuration for End to End Quality of Service? And what configuration need to apply on Access Switches ports on which  Avaya phones are connected and  the ports on which Core switch are  connected?
  And Also what configuration need to apply on Core switches  on both side and what will be configuration on both routers?
  Appreciating providing configuration for end to end QOS.
  Thanks for Help.

  All networks can take advantage of aspects of QoS for optimum efficiency. ISPs require assured scalability and performance.
  For more information refer this link.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcintro.pdf

• Marque vlans voip with DSCP end-to-end

  Hello,
  I want to mark all vlan voip with  DSCP (value 46) end to end,could you plz tell me how i can do it?,
  SW:2960 or 3560
  SW_BB0:3570
  Router3800
  Phone type:Avaya
  Phone <-------->SW<-------->SW_BB0 <--------> RouterX <--------> RouterY <------> RouterZ <--------> Router-customer<-------->Phone
  Best regard

  Hi Paolo,
  So should I configure DSCP just on first Switch or router?
  And if you could please tell me the best place where I apply the config?
  James

• Encapulation dot1q X native

  interface f0/0.1
  encapulation dot1q X native
  x can be any number right?
  The actual number has no effect because the packet is native and thus has no tag!

  It is best to use some kind of scheme though to your addressing say the subnet is like 192.168.85.0 , it would be a lot easier to remember and troubleshoot if you made the vlan number like vlan 85 . Just makes it easier if there is some kind of commonality between the vlan number and the subnet number . If you are only dealing with a few vlans then it probably doesn't matter.

• Java.lang.NullPointerException in End-to-End monitoring

  Hi!
  When trying to start End-To-End monitoring over the RWB I get a NUllPointerException from 'JNet' as the applet tries to start up:
  Class com.sap.jnet.JNetApplet.class not found
  java.lang.ClassNotFoundException: com.sap.jnet.JNetApplet.class at sun.applet.AppletClassLoader.findClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.applet.AppletClassLoader.loadClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.applet.AppletClassLoader.loadCode(Unknown Source)
  at sun.applet.AppletPanel.createApplet(Unknown Source)
  at sun.plugin.AppletViewer.createApplet(Unknown Source)
  at sun.applet.AppletPanel.runLoader(Unknown Source)
  at sun.applet.AppletPanel.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
  caused by: java.io.IOException: open HTTP connection failed.
  at sun.applet.AppletClassLoader.getBytes(Unknown Source)
  at sun.applet.AppletClassLoader.access$100(Unknown Source)
  at sun.applet.AppletClassLoader$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  ... 10 more
  I'm using Java(TM) Plug-in: Version 1.4.2_08
  Can anyone help?
  Thanks,
  Fabian

  Hi Fabian,
  Have you done the step:
  Configuring End-to-End Message Monitoring
  from the XI configuration guide?
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/ac6de690-0201-0010-54ac-8923089dcc97
  Regards,
  michal

• End-to-end layer-2 link with CPE administration

  Dears
  I am working on a scenario to monitor a CPE in a layer-2 setup. The CPE is connected with the local PE across a last mile with a single vlan from the provider. The customer has purchased layer-2 end-to-end connection from local CPE to remote CPE. Within MPLS core, I have configured x-connect between local PE and remote PE to setup layer-2 link. Within the CPEs, I am bridging both the interfaces of the the router to handover end-to-end layer-2 link to customer. I also need to manage and monitor the CPE. What I am thinking of doing is that I have two PE routers within the local POP. On primary PE router, i will extend lastmile vlan from the switch and configure x-connect to remote PE. On the backup PE router, i will extend the same lastmile vlan from the switch and configure IP address on the PE vrf enabled interface to be imported in management network. On the CPE, the interface with lastmile connection is concurrently configured with bridge and IP configuration.
  I need to know if is this a standard setup of management for this type of solution and what could be the possible technical limitations/complications within this overall solution keeping in mind that it is a layer-2 end-to-end connection and what impact it can have on my core network.
  Regards

  Hi All,
  Can someone help me in this.
  Regards

• RFC Connection Error (for end-to-end Monitoring)

  Hi,
  I am configure End-to-End monitoring in XI 3.0 SP20, PMI does't show data in end-to-end monitoring... anyway!!! I check RFC connection PMI
  RFC destination name: PMIXQA90020080827
  in TEST connection I am getting an error: "Group PUBLIC not Found" where may I define that PUBLIC to solve this problem please let me know.... thanks
  and what is Group PUBLIC in RFC ??? what does it do???
  Is there any notes I can read for related issue, please help me out this
  Thanks a lot in advanced
  Edited by: issue2008 issue on Aug 28, 2008 10:03 AM

  Thanks for reply... SURE I can tell you
  Connection Type: 3 R/3 connection
  ScreenShot shows blow:
  http://www.flickr.com/photos/25222280@N03/2806290586/sizes/o/
  Thanks
  Edited by: issue2008 issue on Aug 28, 2008 10:20 AM

• End to End SSO to Database

  Hi All,
  We are using Business Objects XI R2 SP2  and were using Vintella End to End SSO SSO with SQL Server 2005 Database.
  Yesterday we created a new service account for SQL Server and ran the SetSpn with this account.
  We are able to SSO to Infoview but when we are running crystal report on demand we are getting error "The database logon information for this report is either incomplete or incorrect"
  If we schedule the report and give database logon credentials it works fine.
  Are there any other changes that need to be done.
  Please assist.
  Thanks in advance for your help.
  V.

  Since you didn't change your bo config the problem is probably with Microsoft. Open a case with them if you have to. You can try opening a case with us as well to make sure there are no options on the BO side.
  Try putting this http://support.microsoft.com/?id=262177 BO server and SQL server
  Regards,
  Tim

• Demo on SAP Transportation Management Overview + End to End Process Flow by Navin Nadpurohit-SAP TM Consultant - Krypt Inc-a Leading SAP Supply Chain Company

  Hello All,
  Attached is the link explaining SAP Transportation Management Overview and a system demonstration of End to End Process Flow.
  Link:
  TM Overview + End to End Process Flow - YouTube
  Thanks and best regards,
  Navin

  Very Good Demo Navin