Cisco dot1q-tunnel - Native VLAN.

Заметил, что инженеры часто не понимают проблемы связанной с dot1q-tunnel и Native VLAN в trunk-ах между коммутаторами провайдера. В документации все очень доходчиво и коротко описано.

Catalyst 3560 Software Configuration Guide, Release 12.2(58)SE > Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling > Native VLANs:

When configuring IEEE 802.1Q tunneling on an edge switch, you must use IEEE 802.1Q trunk ports for sending packets into the service-provider network. However, packets going through the core of the service-provider network can be carried through IEEE 802.1Q trunks, ISL trunks, or nontrunking links. When IEEE 802.1Q trunks are used in these core switches, the native VLANs of the IEEE 802.1Q trunks must not match any native VLAN of the nontrunking (tunneling) port on the same switch because traffic on the native VLAN would not be tagged on the IEEE 802.1Q sending trunk port.

These are some ways to solve this problem:

• Use the vlan dot1q tag native global configuration command to configure the edge switch so that all packets going out an IEEE 802.1Q trunk, including the native VLAN, are tagged. If the switch is configured to tag native VLAN packets on all IEEE 802.1Q trunks, the switch accepts untagged packets, but sends only tagged packets.
• Ensure that the native VLAN ID on the edge-switch trunk port is not within the customer VLAN range. For example, if the trunk port carries traffic of VLANs 100 to 200, assign the native VLAN a number outside that range.

Все просто, и логично. Допустим ваш Provider Edge коммутатор помещает весь пользовательский трафик в VLAN 10, т.е. nontrunking (tunneling) port на этом коммутаторе имеет конфиг:

system mtu 1504

interface gigabitethernet0/1
 switchport access vlan 10
 switchport mode dot1q-tunnel

При этом НЕЛЬЗЯ чтобы на trunk интерфейсах коммутаторов устанавливать VLAN 10 как Native VLAN. В таком случае внешний 10ый тег для QinQ трафика будет срезаться и трафик может попасть в провайдерский VLAN 10 если таковой имеется.

Также интересна следующая фраза:

If the switch is configured to tag native VLAN packets on all IEEE 802.1Q trunks, the switch accepts untagged packets, but sends only tagged packets.

Тесты показали, что, к примеру, 3750 с “vlan dot1q tag native” в транке НЕ принимает нетегированные пакеты и НЕ воспринимает входящий нетегированный трафик как трафик для своего Native VLANа, что противоречит документации. Это просто нужно знать.

  1. mobile legends hack ios

    Saturday, November 2, 2019 - 19:52:36

    Good post. I learn something new and challenging on sites I stumbleupon every day.
    It will always be helpful to read through content from other authors and practice a little something from other web sites.

  2. mobile legends hack 1 shot

    Monday, November 4, 2019 - 21:19:57

    Touche. Solid arguments. Keep up the amazing work.

  3. rules of survival hack android no root

    Saturday, November 23, 2019 - 19:50:28

    Very nice post. I just stumbled upon your blog and wanted to mention that I have truly loved surfing around your
    weblog posts. After all I will be subscribing in your rss feed and I’m hoping
    you write once more soon!

  4. black mamba shirt

    Tuesday, January 28, 2020 - 13:07:44

    Simply wanna comment that you have a very nice website,
    I like the style and design it actually stands out.

  5. fleck 5600 sxt metered water softener

    Wednesday, February 12, 2020 - 02:29:52

    With havin so much content and articles do you ever run into any problems of plagorism or copyright violation? My site has a lot of exclusive content
    I’ve either authored myself or outsourced but it seems a
    lot of it is popping it up all over the internet without my authorization. Do you know any solutions
    to help stop content from being stolen? I’d definitely appreciate it.

Add comment

Fill out the form below to add your own comments

User data





Add your comment


Admin area