Cisco 802.1Q Tunneling aka Q-in-Q
Q-in-Q is a feature often used by service provider as a layer 2 VPN.
The configuration is very simple, put a 802.1Q tag on interface that it receives from customer and on interface that it out to customer other side. A different VLAN tag for each customer can separate the traffic from different customers. Set dot1q tunnel on both edge of service provider.
One of benefit of this technique is that it’s easy to implement, you don’t need to run any routing protocols inside service provider and also between provider and customer. From customers perspective, it’s just like their sites are directly connected on layer 2.
You can use freelabnetworks to configure Q-in-Q.
The following example is like site-A direcly connected with site-B.
SW2 as Customer-site-A
SW3 as Customer-site-B
SW4 as Service-provider-cloud
Before Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 122 S I WS-C3550-2Fas 0/3
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 171 S I WS-C3550-2Fas 0/5
After Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW3 Fas 0/5 152 S I WS-C2950G-Fas 0/5
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW2 Fas 0/5 164 S I WS-C2950G-Fas 0/5
Q-in-Q configured on Service-provider-cloud (SW4) :
SW4#show running-config interface FastEthernet 0/3
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/3
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show running-config interface FastEthernet 0/5
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/5
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show interfaces FastEthernet 0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
SW4#show interfaces FastEthernet 0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
Q-in-Q is a feature often used by service provider as a layer 2 VPN.The configuration is very simple, put a 802.1Q tag on interface that it receives from customer and on interface that it out to customer other side. A different VLAN tag for each customer can separate the traffic from different customers. Set dot1q tunnel on both edge of service provider.
One of benefit of this technique is that it’s easy to implement, you don’t need to run any routing protocols inside service provider and also between provider and customer. From customers perspective, it’s just like their sites are directly connected on layer 2.
You can use freelabnetworks to configure Q-in-Q.
The following example is like site-A direcly connected with site-B.
SW3 as Customer-site-B
SW4 as Service-provider-cloud
Before Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 122 S I WS-C3550-2Fas 0/3
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 171 S I WS-C3550-2Fas 0/5
After Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW3 Fas 0/5 152 S I WS-C2950G-Fas 0/5
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW2 Fas 0/5 164 S I WS-C2950G-Fas 0/5
Q-in-Q configured on Service-provider-cloud (SW4) :
SW4#show running-config interface FastEthernet 0/3
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/3
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show running-config interface FastEthernet 0/5
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/5
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show interfaces FastEthernet 0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
SW4#show interfaces FastEthernet 0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
The configuration is very simple, put a 802.1Q tag on interface that it receives from customer and on interface that it out to customer other side. A different VLAN tag for each customer can separate the traffic from different customers. Set dot1q tunnel on both edge of service provider.
One of benefit of this technique is that it’s easy to implement, you don’t need to run any routing protocols inside service provider and also between provider and customer. From customers perspective, it’s just like their sites are directly connected on layer 2.
You can use freelabnetworks to configure Q-in-Q.
The following example is like site-A direcly connected with site-B.
SW3 as Customer-site-B
SW4 as Service-provider-cloud
Before Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 122 S I WS-C3550-2Fas 0/3
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/5 171 S I WS-C3550-2Fas 0/5
After Q-in-Q configured:
#Customer-site-A (SW2)
SW2#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW3 Fas 0/5 152 S I WS-C2950G-Fas 0/5
#Customer-site-B (SW3)
SW3#show cdp neighbors FastEthernet 0/5
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW2 Fas 0/5 164 S I WS-C2950G-Fas 0/5
Q-in-Q configured on Service-provider-cloud (SW4) :
SW4#show running-config interface FastEthernet 0/3
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/3
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show running-config interface FastEthernet 0/5
Building configuration...
Current configuration : 222 bytes
!
interface FastEthernet0/5
switchport access vlan 23
switchport mode dot1q-tunnel
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end
SW4#show interfaces FastEthernet 0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
SW4#show interfaces FastEthernet 0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 23 (QinQ)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
Recovery Password Cisco Router
If you have a problem with accessing Cisco router cause forgotten the password, hope this tutorial will help you to find out how to fix it.
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html
If you have a problem with accessing Cisco router cause forgotten the password, hope this tutorial will help you to find out how to fix it.- If you can access the router, type show version at the prompt, and record the configuration register setting.
- 0x2102 boots and loads your saved configuration.
0x2142 boots and by-passes the configuration and allows you to view/edit the save configuration if you need to do any kind of password recovery, etc. - Use the power switch in order to turn off the router, and then turn the router back on.
- Press Ctrl + Break on the terminal keyboard a couple of time after power up in order to put the router into ROMmon.
- If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
- Type confreg 0x2142
- rommon 1 > confreg 0x2142
- Type reset
- rommon 2 > reset
- Type no in the intial cofiguration dialog
- Would you like to enter the initial configuration dialog? [yes/no]: no
- Do not type copy running-config startup-config or write. These commands erase your startup configuration.
- If you really want to restore your existing configuration,
- Type copy startup-config running-config
- Router#copy startup-config running-config
- Type configure terminal.
- Type enable secret <password> in order to change the enable secret password.
- Type config-register 0x2102
- Type write memory or copy running-config startup-config in order to commit the changes.
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html
- If you can access the router, type show version at the prompt, and record the configuration register setting.
- 0x2102 boots and loads your saved configuration.
0x2142 boots and by-passes the configuration and allows you to view/edit the save configuration if you need to do any kind of password recovery, etc. - Use the power switch in order to turn off the router, and then turn the router back on.
- Press Ctrl + Break on the terminal keyboard a couple of time after power up in order to put the router into ROMmon.
- If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
- Type confreg 0x2142
- rommon 1 > confreg 0x2142
- Type reset
- rommon 2 > reset
- Type no in the intial cofiguration dialog
- Would you like to enter the initial configuration dialog? [yes/no]: no
- Do not type copy running-config startup-config or write. These commands erase your startup configuration.
- If you really want to restore your existing configuration,
- Type copy startup-config running-config
- Router#copy startup-config running-config
- Type configure terminal.
- Type enable secret <password> in order to change the enable secret password.
- Type config-register 0x2102
- Type write memory or copy running-config startup-config in order to commit the changes.
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html
Subscribe to:
Posts (Atom)