Cisco N7K-C7010 Configuration Guide - Page 279
Native VLAN Hazard
UPC - 882658174445
View all Cisco N7K-C7010 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 279 highlights
Chapter 9 Configuring Q-in-Q VLAN Tunnels Information About Q-in-Q Tunnels Send document comments to [email protected] The outer tag contains the customer's access VLAN ID (as assigned by the service provider), and the inner VLAN ID is the VLAN of the incoming traffic (as assigned by the customer). This double tagging is called tag stacking, Double-Q, or Q-in-Q as shown in Figure 9-2. Figure 9-2 Untagged, 802.1Q-Tagged, and Double-Tagged Ethernet Frames Source address Destination address Length/ EtherType DA SA Len/Etype Frame Check Sequence Data FCS Original Ethernet frame DA SA Etype Tag Len/Etype Data FCS 802.1Q frame from customer network DA SA Etype Tag Etype Tag Len/Etype Data FCS Double-tagged frame on trunk links between service provider network devices 79831 By using this method, the VLAN ID space of the outer tag is independent of the VLAN ID space of the inner tag. A single outer VLAN ID can represent the entire VLAN ID space for an individual customer. This technique allows the customer's Layer 2 network to extend across the service provider network, potentially creating a virtual LAN infrastructure over multiple sites. Note Hierarchical tagging, that is multi-level dot1q tagging Q-in-Q, is not supported. Native VLAN Hazard When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending out packets into the service-provider network. However, packets that go through the core of the service-provider network might be carried through 802.1Q trunks, ISL trunks, or non-trunking links. When 802.1Q trunks are used in these core switches, the native VLANs of the 802.1Q trunks must not match any native VLAN of the dot1q-tunnel port on the same switch because traffic on the native VLAN is not tagged on the 802.1Q transmitting trunk port. In Figure 9-3, VLAN 40 is configured as the native VLAN for the 802.1Q trunk port from Customer X at the ingress edge switch in the service-provider network (Switch B). Switch A of Customer X sends a tagged packet on VLAN 30 to the ingress tunnel port of Switch B in the service-provider network belonging to access VLAN 40. Because the access VLAN of the tunnel port (VLAN 40) is the same as the native VLAN of the edge-switch trunk port (VLAN 40), the 802.1Q tag is not added to tagged packets OL-23435-03 Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x 9-3