Home » Cisco Manuals » Hubs & Switches » Cisco N7K-C7010 » Manual Viewer

Cisco N7K-C7010 Configuration Guide - Page 279

Native VLAN Hazard

UPC - 882658174445

Add to My Manuals
Save this manual to your list of manuals

Page 279 highlights

Chapter 9 Configuring Q-in-Q VLAN Tunnels Information About Q-in-Q Tunnels Send document comments to [email protected] The outer tag contains the customer's access VLAN ID (as assigned by the service provider), and the inner VLAN ID is the VLAN of the incoming traffic (as assigned by the customer). This double tagging is called tag stacking, Double-Q, or Q-in-Q as shown in Figure 9-2. Figure 9-2 Untagged, 802.1Q-Tagged, and Double-Tagged Ethernet Frames Source address Destination address Length/ EtherType DA SA Len/Etype Frame Check Sequence Data FCS Original Ethernet frame DA SA Etype Tag Len/Etype Data FCS 802.1Q frame from customer network DA SA Etype Tag Etype Tag Len/Etype Data FCS Double-tagged frame on trunk links between service provider network devices 79831 By using this method, the VLAN ID space of the outer tag is independent of the VLAN ID space of the inner tag. A single outer VLAN ID can represent the entire VLAN ID space for an individual customer. This technique allows the customer's Layer 2 network to extend across the service provider network, potentially creating a virtual LAN infrastructure over multiple sites. Note Hierarchical tagging, that is multi-level dot1q tagging Q-in-Q, is not supported. Native VLAN Hazard When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending out packets into the service-provider network. However, packets that go through the core of the service-provider network might be carried through 802.1Q trunks, ISL trunks, or non-trunking links. When 802.1Q trunks are used in these core switches, the native VLANs of the 802.1Q trunks must not match any native VLAN of the dot1q-tunnel port on the same switch because traffic on the native VLAN is not tagged on the 802.1Q transmitting trunk port. In Figure 9-3, VLAN 40 is configured as the native VLAN for the 802.1Q trunk port from Customer X at the ingress edge switch in the service-provider network (Switch B). Switch A of Customer X sends a tagged packet on VLAN 30 to the ingress tunnel port of Switch B in the service-provider network belonging to access VLAN 40. Because the access VLAN of the tunnel port (VLAN 40) is the same as the native VLAN of the edge-switch trunk port (VLAN 40), the 802.1Q tag is not added to tagged packets OL-23435-03 Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x 9-3

Section	Page
Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x	1
New and Changed Information	13
Preface	15
Audience	15
Document Organization	15
Obtaining Documentation and Submitting a Service Request	17
Overview	19
Information About Interfaces	19
Ethernet Interfaces	20
Access Ports	21
Trunk Ports	21
Private VLAN Hosts and Promiscuous Ports	21
Routed Ports	21
Management Interface	21
Port-Channel Interfaces	22
vPCs	22
Subinterfaces	22
VLAN Network Interfaces	22
Loopback Interfaces	22
Tunnel Interfaces	22
Virtualization Interfaces	23
High Availability for Interfaces	23
Licensing Requirements for Interfaces	23
Configuring Basic Interface Parameters	25
Information About the Basic Interface Parameters	26
Description	26
Beacon	26
MDIX	27
Debounce Timer	27
Error Disabled	27
Rate Mode	28
Speed Mode and Duplex Mode	28
Flow Control	29
Port MTU Size	30
Bandwidth	31
Throughput Delay	31
Administrative Status	31
Unidirectional Link Detection Parameter	31
UDLD Overview	32
Default UDLD Configuration	33
UDLD Aggressive and Nonaggressive Modes	33
Carrier Delay	34
Port-Channel Parameters	34
Port Profiles	34
Time Domain Reflectometry Cable Diagnostics	36
Licensing Requirements	36
Guidelines and Limitations	37
Default Settings	38
Configuring the Basic Interface Parameters	38
Specifying the Interfaces to Configure	39
Configuring the Description	40
Configuring the Beacon Mode	41
Changing the Bandwidth-Rate Mode	43
Dedicating Bandwidth to One Port	43
Sharing the Bandwidth Among a Port Group	44
Configuring the Error-Disabled State	46
Enabling the Error Disable Detection	46
Enabling the Error-Disabled Recovery	47
Configuring the Error-Disabled Recovery Interval	48
Configuring the MDIX Parameter	49
Configuring the Debounce Timer	50
Configuring the Interface Speed and Duplex Mode	52
Configuring the Flow Control	54
Configuring the MTU Size	55
Configuring the Interface MTU Size	56
Configuring the System Jumbo MTU Size	57
Configuring the Bandwidth	58
Configuring the Throughput Delay	60
Shutting Down and Activating the Interface	61
Configuring the UDLD Mode	63
Configuring the Carrier Delay Timer	65
Configuring Port Profiles	67
Creating a Port Profile	67
Entering Port-Profile Configuration Mode and Modifying a Port Profile	68
Assigning a Port Profile to a Range of Interfaces	69
Enabling a Specific Port Profile	70
Inheriting a Port Profile	71
Removing a Port Profile from a Range of Interfaces	72
Removing an Inherited Port Profile	74
Performing TDR Cable Diagnostics	75
Configuring Rate Limits for Packets that Reach the Supervisor	76
Verifying the Basic Interface Parameters	78
Monitoring the Interface Counters	78
Displaying Interface Statistics	78
Clearing Interface Counters	80
Additional References	80
Related Documents	81
Standards	81
Feature History for Configuring Basic Interface Parameters	81
Configuring Layer 2 Interfaces	83
Information About Access and Trunk Interfaces	84
Information About Access and Trunk Interfaces	85
IEEE 802.1Q Encapsulation	86
Access VLANs	87
Native VLAN IDs for Trunk Ports	88
Tagging Native VLAN Traffic	88
Allowed VLANs	88
High Availability	89
Virtualization Support	89
Default Interfaces	89
SVI Autostate Exclude	89
Licensing Requirements for Layer 2 Port Modes	90
Prerequisites for Layer 2 Interfaces	90
Guidelines and Limitations	90
Default Settings	91
Configuring Access and Trunk Interfaces	91
Guidelines for Configuring Access and Trunk Interfaces	92
Configuring a LAN Interface as a Layer 2 Access Port	92
Configuring Access Host Ports	93
Configuring Trunk Ports	95
Configuring the Native VLAN for 802.1Q Trunking Ports	96
Configuring the Allowed VLANs for Trunking Ports	98
Configuring a Default Interface	99
Configuring SVI Autostate Exclude	100
Configuring the Device to Tag Native VLAN Traffic	102
Changing the System Default Port Mode to Layer 2	103
Verifying the Interface Configuration	104
Monitoring the Layer 2 Interfaces	105
Example Configurations for Access and Trunk Ports	105
Additional References	106
Related Documents	106
Standards	106
MIBs	107
Feature History for Configuring Layer 2 Interfaces	107
Configuring Layer 3 Interfaces	109
Information About Layer 3 Interfaces	109
Routed Interfaces	110
Subinterfaces	110
VLAN Interfaces	111
Loopback Interfaces	112
Tunnel Interfaces	112
High Availability	112
Virtualization Support	113
Licensing Requirements for Layer 3 Interfaces	113
Prerequisites for Layer 3 Interfaces	113
Guidelines and Limitations	113
Default Settings	114
Configuring Layer 3 Interfaces	114
Configuring a Routed Interface	114
Configuring a Subinterface	116
Configuring the Bandwidth on an Interface	117
Configuring a VLAN interface	118
Configuring Inband Management in the Nexus Chassis	120
Configuring a Loopback Interface	122
Assigning an Interface to a VRF	123
Verifying the Layer 3 Interfaces Configuration	124
Monitoring Layer 3 Interfaces	125
Configuration Examples for Layer 3 Interfaces	126
Related Topics	126
Additional References	126
Related Documents	127
MIBs	127
Standards	127
Feature History for Configuring Layer 3 Interfaces	127
Configuring Bidirectional Forwarding Detection	129
Information About BFD	129
Asynchronous Mode	130
BFD Detection of Failures	130
Distributed Operation	131
BFD Echo Function	131
Security	132
High Availability	132
Virtualization Support	132
Licensing Requirements for BFD	132
Prerequisites for BFD	132
Guidelines and Limitations	133
Default Settings	134
Configuring BFD	134
Configuration Hierarchy	135
Task Flow for Configuring BFD	135
Enabling the BFD Feature	135
Configuring Global BFD Parameters	136
Configuring BFD on an Interface	137
Configuring BFD on a Port Channel	139
Configuring BFD Echo Function	140
Optimizing BFD on Subinterfaces	141
Configuring BFD Support for Routing Protocols	142
Configuring BFD on BGP	143
Configuring BFD on EIGRP	144
Configuring BFD on OSPF	146
Configuring BFD on IS-IS	147
Configuring BFD on HSRP	148
Configuring BFD on VRRP	149
Configuring BFD on PIM	150
Configuring BFD on Static Routes	151
Configuring BFD on MPLS TE Fast Reroute	152
Disabling BFD on an Interface	152
Verifying the BFD Configuration	153
Monitoring BFD	153
Configuration Examples for BFD	154
Additional References	154
Related Documents	155
RFCs	155
Feature History for BFD	155
Configuring Port Channels	157
Information About Port Channels	157
Port Channels	159
Port-Channel Interfaces	159
Basic Settings	160
Compatibility Requirements	161
Load Balancing Using Port Channels	162
LACP	164
LACP Overview	164
Port-Channel Modes	165
LACP ID Parameters	166
LACP Marker Responders	167
LACP-Enabled and Static Port Channels Differences	167
LACP Compatibility Enhancements	168
LACP Port-Channel MinLinks and MaxBundle	168
LACP Offload to Fabric Extenders	169
LACP Fast Timers	169
Virtualization Support	169
High Availability	169
Licensing Requirements for Port Channeling	170
Prerequisites for Port Channeling	170
Guidelines and Limitations	170
Default Settings	171
Configuring Port Channels	171
Creating a Port Channel	172
Adding a Layer 2 Port to a Port Channel	173
Adding a Layer 3 Port to a Port Channel	175
Configuring the Bandwidth and Delay for Informational Purposes	177
Shutting Down and Restarting the Port-Channel Interface	178
Configuring a Port-Channel Description	180
Configuring the Speed and Duplex Settings for a Port-Channel Interface	181
Configuring Flow Control	182
Configuring Load Balancing Using Port Channels	183
Enabling LACP	185
Configuring LACP Port-Channel Port Modes	186
Configuring LACP Port-Channel MinLinks	187
Configuring the LACP Port-Channel MaxBundle	188
Configuring the LACP Fast Timer Rate	190
Configuring the LACP System Priority	190
Configuring the LACP Port Priority	191
Disabling LACP Graceful Convergence	192
Reenabling LACP Graceful Convergence	194
Disabling LACP Suspend Individual	195
Reenabling LACP Suspend Individual	196
Verifying the Port-Channel Configuration	198
Monitoring the Port-Channel Interface Configuration	199
Example Configurations for Port Channels	199
Additional References	200
Related Documents	201
Standards	201
MIBs	201
Feature History for Configuring Port Channels	201
Configuring vPCs	203
Information About vPCs	204
vPC Overview	204
vPC Terminology	207
vPC Peer Links	208
vPC Peer Link and I/O Modules Support	209
vPC Peer Link Overview	210
Features That You Must Manually Configure on the Primary and Secondary Devices	212
Configuring Layer 3 Backup Routes on a vPC Peer Link	213
Peer-Keepalive Link and Messages	213
vPC Peer-Gateway	214
vPC Domain	215
vPC Topology	216
Compatibility Parameters for vPC Interfaces	217
Configuration Parameters That Must Be Identical	218
Configuration Parameters That Should Be Identical	219
Consequences of Parameter Mismatch	220
vPC Number	220
Moving Other Port Channels into a vPC	220
Configuring vPC Peer Links and Links to the Core on a Single Module	221
vPC Interactions with Other Features	222
vPC and LACP	223
vPC Peer Links and STP	223
vPC Peer Switch	225
vPC and ARP or ND	225
vPC Multicast-PIM, IGMP, and IGMP Snooping	225
vPC Peer Links and Routing	227
CFSoE	228
vPC and Orphan Ports	229
Virtualization Support	229
vPC Recovery After an Outage	229
Restore on Reload	230
Autorecovery	230
vPC Peer Roles After Recovery	230
High Availability	230
Licensing Requirements for vPCs	231
Guidelines and Limitations	231
Default Settings	232
Configuring vPCs	232
Enabling vPCs	233
Disabling vPCs	234
Creating a vPC Domain and Entering the vpc-domain Mode	235
Configuring the vPC Keepalive Link and Messages	236
Creating the vPC Peer Link	238
Configuring the vPC Peer-Gateway	240
Configuring a Graceful Consistency Check	241
Checking the Configuration Compatibility on a vPC Peer Link	242
Moving Other Port Channels into a vPC	243
Manually Configuring a vPC Domain MAC Address	244
Manually Configuring the System Priority	246
Manually Configuring the vPC Peer Device Role	247
Configuring the Tracking Feature on a Single-Module vPC	248
Configuring for Recovery After an Outage	250
Configuring Reload Restore	250
Configuring Autorecovery	252
Configuring the Suspension of Orphan Ports	254
Configuring the vPC Peer Switch	255
Configuring a Pure vPC Peer Switch Topology	255
Configuring a Hybrid vPC Peer Switch Topology	257
Verifying the vPC Configuration	258
Monitoring vPCs	259
Configuration Examples for vPCs	259
Additional References	261
Related Documents	262
Standards	262
MIBs	262
Feature History for Configuring vPCs	262
Configuring IP Tunnels	265
Information About IP Tunnels	265
IP Tunnel Overview	265
GRE Tunnels	266
Path MTU Discovery	267
Virtualization Support	267
High Availability	267
Licensing Requirements for IP Tunnels	267
Prerequisites for IP Tunnels	268
Guidelines and Limitations	268
Default Settings	268
Configuring IP Tunnels	268
Enabling Tunneling	269
Creating a Tunnel Interface	269
Configuring a GRE Tunnel	271
Enabling Path MTU Discovery	272
Assigning VRF Membership to a Tunnel Interface	272
Verifying the IP Tunnel Configuration	274
Configuration Examples for IP Tunneling	274
Additional References	275
Related Documents	275
Standards	275
Feature History for Configuring IP Tunnels	275
Configuring Q-in-Q VLAN Tunnels	277
Information About Q-in-Q Tunnels	277
Q-in-Q Tunneling	277
Native VLAN Hazard	279
Information About Layer 2 Protocol Tunneling	280
Licensing Requirements for Q-in-Q Tunnels	283
Guidelines and Limitations	283
Configuring Q-in-Q Tunnels and Layer 2 Protocol Tunneling	283
Creating a 802.1Q Tunnel Port	284
Changing the EtherType for Q-in-Q	285
Enabling the Layer 2 Protocol Tunnel	287
Configuring Global CoS for L2 Protocol Tunnel Ports	288
Configuring the Rate Limit for Layer 2 Protocol Tunnel Ports	289
Configuring Thresholds for Layer 2 Protocol Tunnel Ports	290
Verifying the Q-in-Q Configuration	292
Configuration Examples for Q-in-Q and Layer 2 Protocol Tunneling	292
Feature History for Q-in-Q Tunnels and Layer 2 Protocol Tunneling	293
IETF RFCs supported by Cisco NX-OS Interfaces	295
IPv6 RFCs	295

Match case Limit results 1 per page

Send document comments to [email protected]

9-3

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x

OL-23435-03

Chapter 9

Configuring Q-in-Q VLAN Tunnels

Information About Q-in-Q Tunnels

The outer tag contains the customer’s access VLAN ID (as assigned by the service provider), and the

inner VLAN ID is the VLAN of the incoming traffic (as assigned by the customer). This double tagging

is called tag stacking, Double-Q, or Q-in-Q as shown in

Figure 9-2

Untagged, 802.1Q-Tagged, and Double-Tagged Ethernet Frames

By using this method, the VLAN ID space of the outer tag is independent of the VLAN ID space of the

inner tag. A single outer VLAN ID can represent the entire VLAN ID space for an individual customer.

This technique allows the customer’s Layer 2 network to extend across the service provider network,

potentially creating a virtual LAN infrastructure over multiple sites.

Note

Hierarchical tagging, that is multi-level dot1q tagging Q-in-Q, is not supported.

Native VLAN Hazard

When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending out

packets into the service-provider network. However, packets that go through the core of the

service-provider network might be carried through 802.1Q trunks, ISL trunks, or non-trunking links.

When 802.1Q trunks are used in these core switches, the native VLANs of the 802.1Q trunks must not

match any native VLAN of the dot1q-tunnel port on the same switch because traffic on the native VLAN

is not tagged on the 802.1Q transmitting trunk port.

Figure 9-3

, VLAN 40 is configured as the native VLAN for the 802.1Q trunk port from Customer X

at the ingress edge switch in the service-provider network (Switch B). Switch A of Customer X sends a

tagged packet on VLAN 30 to the ingress tunnel port of Switch B in the service-provider network

belonging to access VLAN 40. Because the access VLAN of the tunnel port (VLAN 40) is the same as

the native VLAN of the edge-switch trunk port (VLAN 40), the 802.1Q tag is not added to tagged packets

Double-tagged

frame on trunk

links between

service provider

network devices

802.1Q frame from

customer network

Original Ethernet frame

Destination

address

Length/

EtherType

Frame Check

Sequence

Source

address

Len/Etype

Data

FCS

Len/Etype

Data

Etype

Tag

FCS

Len/Etype

Data

Etype

Tag

Etype

Tag

FCS

79831