Skip to main content
Start a Conversation

Unsolved

L

lugcxl

4 Posts

1315

July 3rd, 2020 05:00

Q-in-Q on N4032F

Hello,
First of all, I would like to briefly outline my scenario. We have four different VLANs running, from 3 different customers. These VLANs come from our router, which packs the packets into the right VLAN depending on the network range. All packets are tagged and sent to the N4032F on port Te1/0/23. Port 1/0/1 is tagged with VLAN 10 and 11, port 1/0/2 is untagged in dot1q-tunnel mode with VLAN 100.
At port Te1/0/24 the VLANs 12,13 and 100 drop out, where 12 and 13 are normally tagged, and in VLAN 100 the Q-in-Q-tagged packets, i.e. those for VLAN 10 and 11, are dropped out.
The provider for the different connections then routes the packets to the different customers depending on the VLAN tag. But we don't have access to that anyway, the important thing is that everything is tagged at port Te1/0/24 as planned. For the explanation, I have now only considered the data traffic from our router to the customer, but the way back is of course the same.


lugcxl_0-1593778690806.png

 

Here is the configuration how the whole thing is planned:

Spoiler
configure
vlan 10-13,100
exit
vlan 10
name "Customer-A-10"
exit
vlan 11
name "Customer-A-11"
exit
vlan 12
name "Customer-B"
exit
vlan 13
name "Customer-C"
exit
vlan 100
name "Cst-A-Q-in-Q"
exit
!
interface Te1/0/1
description "Customer-A"
switchport mode general
switchport general allowed vlan add 10-11 tagged
exit
!
interface Te1/0/2
description "Cst-A-Q-in-Q"
switchport mode dot1q-tunnel
switchport access vlan 100
exit
!
interface Te1/0/23
description "UPLINK-Router"
switchport mode general
switchport general allowed vlan add 10-13 tagged
exit
!
interface Te1/0/24
description "UPLINK-ISP"
switchport mode trunk
switchport trunk allowed vlan 12-13,100
exit








































configurevlan 10-13,100exitvlan 10name "Customer-A-10"exitvlan 11name "Customer-A-11"exitvlan 12name "Customer-B"exitvlan 13name "Customer-C"exitvlan 100name "Cst-A-Q-in-Q"exit!interface Te1/0/1description "Customer-A"switchport mode generalswitchport general allowed vlan add 10-11 taggedexit!interface Te1/0/2description "Cst-A-Q-in-Q"switchport mode dot1q-tunnelswitchport access vlan 100exit!interface Te1/0/23description "UPLINK-Router"switchport mode generalswitchport general allowed vlan add 10-13 taggedexit!interface Te1/0/24description "UPLINK-ISP"switchport mode trunkswitchport trunk allowed vlan 12-13,100exit

Can it work like this? I ask, because the documentation for Q-in-Q is very poor, unfortunately I can't find a more recent manual than the one for the firmware version 6.5.2.x, but the switch is already on the 6.5.4.12, I hope that nothing has changed in the time.

Unfortunately I have little or no possibilities to test the whole thing, because the ISP cannot switch connections all the time. Therefore I would like to have the configuration checked here by someone who already has experience with Q-in-Q.

many thanks in advance

DELL-Sam L

Moderator

 • 

6.9K Posts

July 3rd, 2020 15:00

Hello lugcxl,

Here is a link to the latest admin guide. https://dell.to/3gqkCNG

lugcxl

4 Posts

July 6th, 2020 01:00

Hi @DELL-Sam L,

 

thanks for your reply, but I'm pretty sure 6.3.x is older than 6.5.x, if not, the version numbering is pretty confusing

(here's the link for 6.5.2.x https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/networking-n4000-series_user%27s-guide10_en-us.pdf I don't know if there are any differences in 6.5.4.x)

Nevertheless, there are some things which are still unclear after reading the manual, like is it possible to send double tagged and single tagged traffic both via Te1/0/24 like in my initial post.

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 6th, 2020 10:00

Page 792 https://dell.to/2O1jRys

It looks like the port is either doing QinQ or not, not being able to do both.

lugcxl

4 Posts

July 8th, 2020 23:00

Hi @DELL-Josh Cr, I was talking about Te1/0/24 - which is just a regular trunk port. (It's all in the config I posted...)

lugcxl

4 Posts

July 10th, 2020 01:00

After some more hours of testing I can tell - the Q-in-Q config works.

What doesn't work is the uplink from Te1/0/1 to Te1/0/2.

 

If I go from another switch to Te1/0/2 directly the tagged frames are getting a second tag.

So, I guess some protocol detects a loop?

 

Spoiler
switchport dot1q ethertype vman
!
interface Te1/0/1
switchport general pvid 500
switchport general allowed vlan add 500 tagged
switchport access vlan 500
exit
!
interface Te1/0/2
spanning-tree tcnguard
spanning-tree guard root
switchport mode dot1q-tunnel
switchport access vlan 1000
exit
!
switchport dot1q ethertype vman!interface Te1/0/1switchport general pvid 500switchport general allowed vlan add 500 taggedswitchport access vlan 500exit!interface Te1/0/2spanning-tree tcnguardspanning-tree guard rootswitchport mode dot1q-tunnelswitchport access vlan 1000exit!

Just for testing purposes I use VLAN 500 as inner VLAN, and 1000 as outer vlan (q-in-q).

Does anyone have any idea why the tagged packets from Te1/0/1 do not get to Te1/0/2?

DELL-Josh Cr

Moderator

 • 

8.5K Posts

July 10th, 2020 09:00

Do the spanning tree logs show that it is putting the port in a blocking state?

View More

View All

No Events found!

Top