802.1Q Tunneling - IEWB Vol. 1 Version 5

Yesterday I started the IEWB Vol. 1 Version 5  Bridging & Switching section, a very nice part of it was about 802.1Q Tunnels.

I´ve saw it on theory, but never tried in real equipment. Nice, the task goal was to make R1 and R4 neighbors (when you perform a show cdp neighbors at any of those two routers they should display the other as a neighbor and not the switch directly attached!).

Some care must be taken, because the 802.1Q frame will be "double" tagged, first with the original VLAN ID information when exiting the router, and the second time when it enters the switch connected using the tunnel VLAN ID as a tag (called Metro Tag). By that, the frame will be increased in 4 bytes (802.1Q Metro Tag), and we must change the system MTU to match this new requirements in "all" switches were the frame is supposed to cross. This is accomplished with the global configuration command: system mtu 1504 in all switches in the path.

To simplify things, here follows a picture I´ve made about this particularly task:

Configuration done to perform that:

R1 interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.14 encapsulation dot1Q 14 ip address 14.0.0.1 255.255.255.0 ! interface FastEthernet0/0.41 encapsulation dot1Q 41 ip address 41.0.0.1 255.255.255.0

 

SW1 system mtu 1504 ! interface FastEthernet0/1 switchport access vlan 100 switchport mode dot1q-tunnel l2protocol-tunnel cdp no cdp enable ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk

 

SW2 system mtu 1504 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk

 

SW3 system mtu 1504 ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk

 

SW4 system mtu 1504 ! interface FastEthernet0/4 switchport access vlan 100 switchport mode dot1q-tunnel l2protocol-tunnel cdp no cdp enable ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk

 

R4 interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.14 encapsulation dot1Q 14 ip address 14.0.0.4 255.255.255.0 ! interface FastEthernet0/1.41 encapsulation dot1Q 41 ip address 41.0.0.4 255.255.255.0

And off course, the result:

R1 Rack20R1#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID  Local Intrfce  Holdtme   Capability  Platform  Port ID Rack20R3   Ser 0/1         131       R S I      2611XM   Ser 1/2 Rack20R4   Fas 0/0         148       R S I      2611XM   Fas 0/1 Rack20R1#ping 14.0.0.4 size 1500 df-bit Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 14.0.0.4,timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5),round-trip min/avg/max=4/6/8ms Rack20R1#ping 41.0.0.4 size 1500 df-bit Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 41.0.0.4,timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5),round-trip min/avg/max= 4/5/8ms

 

R4 Rack20R4#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID  Local Intrfce  Holdtme  Capability  Platform  Port ID Rack20SW2    Fas 0/0       131      R S I      WS-C3560- Fas 0/4 Rack20R1     Fas 0/1       136      R S I      2611XM    Fas 0/0 Rack20R5     Ser 0/1       139      R S I      2611XM    Ser 0/1 Rack20R4#ping 14.0.0.1 size 1500 df-bit Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 14.0.0.1,timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5),round-trip min/avg/max=4/5/8ms Rack20R4#ping 41.0.0.1 size 1500 df-bit Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 41.0.0.1,timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5),round-trip min/avg/max= 4/4/8ms

More information can be found at Cisco´s Website.

Here you can find the path at the DocCD for this:

DocCD  -> Catalyst 3560 -> Catalyst 3560 Switches, Rel. 12.2(44)SE, January 2008 -> Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(44)SE -> Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

If you preffer, here follows the direct link to the page:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtunnel.html#wp1008908