Thanks Eric, We have no visibility into the remote end, but I have setup the following on one of our ME's (Test service, that has supposedly been configured by carrier, and remote end)
Vlans are: 940 (outer) 941 (Inner) Both vlans have been created on the ME, and only vlan 940 on the 4500X that connects to carrier: ME3600 conf interface GigabitEthernet0/24 <- Connects to 4500X service instance 940 ethernet description description Inner_outer_tag_test_Outer_940_Inner_941 encapsulation dot1q 940 second-dot1q 941 rewrite ingress tag pop 2 symmetric bridge-domain 941 interface Vlan941 description INNER_OUTER_TAG_TEST mtu 9100 ip address xxx.xxx.xxx.xxx 255.255.255.252 no ip proxy-arp Im unable to ping remote end, nor am I seeing any dynamic Macs for bridge domain 941 - Is there any additional commands I can run to "see" if we are indeed receiving the Outer and Inner Tags on the ME? The only MAC I am learning on the 4500X is from the ME3600 #sh mac address-table dynamic vlan 940 Unicast Entries vlan mac address type protocols port ---------+---------------+--------+---------------------+------------------------- 940 3462.882a.4640 dynamic ip,ipx,assigned,other TenGigabitEthernet1/1/3 cheers ________________________________________ From: Erik Sundberg <esundb...@nitelusa.com> Sent: Tuesday, 2 February 2016 10:10 PM To: CiscoNSP List; cisco-nsp@puck.nether.net Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans You are probably better using a service instance for each vlan. Then you can send each VLAN where ever. service instance 800 ethernet description description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 second-dot1q 10 rewrite ingress tag pop 2 symmetric bridge-domain 10 service instance 801 ethernet description description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 second-dot1q 20 rewrite ingress tag pop 2 symmetric bridge-domain 20 -------------------------------------------------------------------------- Another way of doing it is the following If you have two tag come in, only POP 1 Tag. Then your CTag are put in to the Bridge Domain. Int G0/1 service instance 800 ethernet description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 rewrite ingress tag pop 1 symmetric bridge-domain 800 Then on your Egress port you can set it as untagged, C Tags of 10,20, 30 will be in the bridge domain and will be passed on egress. Int G0/2 Description to 4500x service instance 400 ethernet description 4500X encapsulation dot1q untagged bridge-domain 800 If you need to pull one CTag out for something else you can do that like so. Int G0/1 service instance 804 ethernet description Go Somewhere else encapsulation dot1q 800 second-dot1q 40 rewrite ingress tag pop 1 symmetric bridge-domain 40 -----Original Message----- From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com] Sent: Tuesday, February 02, 2016 4:01 AM To: Erik Sundberg <esundb...@nitelusa.com>; cisco-nsp@puck.nether.net Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans Thanks for the quick reply - We use service instances quite a bit, but only popping first tag, then creating vlan int (for vrf), or PW....so fairly basic stuff :) In this circumstance, where we would receive vlan 800 as outer tag, and we want to access inner vlans 10,20,30 how would this look under a service instance? ie. Something like? service instance 800 ethernet description description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 second-dot1q 10,20,30 rewrite ingress tag pop 2 symmetric bridge-domain ? or a separate service instance and pop inner vlans on each one? service instance 800 ethernet description description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 second-dot1q 10 rewrite ingress tag pop 2 symmetric bridge-domain 10 service instance 801 ethernet description description LINK_TO_CARRIER_X_VIA_4500X encapsulation dot1q 800 second-dot1q 20 rewrite ingress tag pop 2 symmetric bridge-domain 20 Cheers ________________________________________ From: Erik Sundberg <esundb...@nitelusa.com> Sent: Tuesday, 2 February 2016 8:40 PM To: CiscoNSP List; cisco-nsp@puck.nether.net Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf You must do switchport commands Services Instance is just a number, we keep it the same as the VLAN Id Under the Service Instance you specify the VLAN ID with endcapsulation dot1q x Rewrite ingress Tag POP 1 symmetric -- This removes the first VLAN Tag on in incoming frame, if you do pop 2, it removes the 2 VLAN Tags. First Example is VPLS with Bridge Domains. Bridge domain ID does not have to the same as the VLAN Id Second Example is EoMPLS XConnect VPLS ------ l2 vfi VPLS1 manual vpn id 41 bridge-domain 41 neighbor 1.2.3.4 encapsulation mpls interface GigabitEthernet0/19 switchport trunk allowed vlan none switchport mode trunk mtu 9180 !VPLS Example service instance 41 ethernet encapsulation dot1q 41 rewrite ingress tag pop 1 symmetric bridge-domain 41 !EoMPLS Example service instance 117 ethernet encapsulation dot1q 117 rewrite ingress tag pop 1 symmetric xconnect 3.4.5.6 275 encapsulation mpls pw-class L2VPN xconnect <Remote router IP> <Unique ID in the AS> I hope this helps. -----Original Message----- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP List Sent: Tuesday, February 02, 2016 3:28 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans Hi Everyone, We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has multiple customer vlans for p-t-p eth services. A service they have released will allow us to connect to azure/office 365 via QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the carrier, and they create QinQ tunnel to azure/office 365...then multiple inner vlan tags are agreed to between us/azure for various services over this QinQ tunnel. My question is this: With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag the outer vlan for the carrier to use for the QinQ tunnel to azure...this is fine, but for us to be able to "access" the inner vlans, Im hoping we can trunk this outer vlan to an ME3600, and then pop each inner vlan, and use them as needed.....Is this possible? ie will the "inner" tags be maintained going through the 4500X, and if so, if someone could point me in the direction of ME3600 docco that details how to pop the individual inner vlans, it would be greatly appreciated. Eg. Carriers outer vlan is 800 Inner tags from azure are 10,20,30 Cheers _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
