All, I've got a requirement for one of our customers to run two seperate networks over the same ethernet based WAN. The WAN is provided by the carrier as single VLAN per site, dot1q tagged at each end (both the customer site and our central PoP). The customer sites are all live currently with a single network to each site, and have either a 3560 or a 3550 running ipservices software images as the layer 3 device for the site.
It would appear that QinQ is a good solution to this problem, and I've got it working in the lab where the edge router is a 3560, but if I put the same config onto a 3550, then it doesn't work - and I'm stumped as to why. ASCII Network diagram: +-------------------+ | Customer Site | | switch (3560) | +-------------------+ Fa0/24 | | <------ dot1q trunk allowing only Vlan 310 Carrier WAN | Fa0/1 | +-------------------+ | Central PoP | | Aggregation Switch| +-------------------+ Fa0/24 | | Fa0/2 | | | +-------------------+ | | Central PoP | | | Network 2 Router | | +-------------------+ | +-------------------+ | Central PoP | | Network 1 Router | +-------------------+ ------------------------------------------------------------ Customer site switch config (relevant bits): ip vrf network2 ! vlan 310 name CarrierUplink ! vlan 500 name Network2Uplink ! interface GigabitEthernet0/1 description Network 2 QinQ port (looped to Gig0/2) switchport access vlan 310 switchport mode dot1q-tunnel ! interface GigabitEthernet0/2 description Network 2 Uplink (looped to Gig0/1) switchport trunk encapsulation dot1q switchport trunk allowed vlan 500 switchport mode trunk ! interface GigabitEthernet0/24 description Carrier Uplink switchport trunk encapsulation dot1q switchport trunk allowed vlan 310 switchport mode trunk ! interface Vlan310 description Network1 P2P ip address 172.30.1.2 255.255.255.252 ! interface Vlan500 description Network2 P2P ip vrf forwarding network2 ip address 172.40.1.2 255.255.255.252 ! ------------------------------------------------------------ Central PoP Aggregation Switch config: vlan 310 name cust.site ! interface FastEthernet0/1 description link to Carrier switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/2 description link to Network2 Router switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/48 description link to Network1 Router switchport trunk encapsulation dot1q switchport mode trunk ! ------------------------------------------------------------ Central PoP Network1 Router config: vlan 310 name cust.site ! interface GigabitEthernet0/1 description link to Aggregation Switch switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan310 description cust.site ip address 172.30.1.1 255.255.255.252 ------------------------------------------------------------ Central PoP Network2 Router config: interface FastEthernet0/0 description link to Aggregation Switch no ip address duplex auto speed auto ! interface FastEthernet0/0.500 encapsulation dot1Q 310 second-dot1q 500 ip address 172.40.1.1 255.255.255.252 ip ospf mtu-ignore ------------------------------------------------------------ When the Customer site switch is a 3560, I can "ping 172.30.1.1" and "ping vrf network2 172.40.1.1" without problem. When the Customer site switch is a 3550, I can "ping 172.30.1.1" fine, but trying to "ping vrf network2 172.40.1.1" results in no replies. On the 3550, the MAC address-table gets populated fine, occasionally I see an ARP entry for 172.40.1.1, but can't ping. Any suggestions on what's going wrong? Is there a better way to acheieve what I'm trying to do? Many thanks, Simon _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/