Information About IEEE 802.1ad
To configure IEEE 802.1ad support, you should understand the following concepts:
How Provider Bridges Work
Provider bridges pass the network traffic of many customers, and each customer's traffic flow must be isolated from one another. For the Layer 2 protocols within customer domains to function properly, geographically separated customer sites must appear to be connected through a LAN, and the provider network must be transparent.
The IEEE has reserved 33 Layer 2 MAC addresses for customer devices operating Layer 2 protocols. If a provider bridge uses these standard MAC addresses for its Layer 2 protocols, the customers' and service provider's Layer 2 traffic will be mixed together. Provider bridges solve this traffic-mixing issue by providing Layer 2 protocol data unit (PDU) tunneling for customers using a provider bridge (S-bridge) component and a provider edge bridge (C-bridge) component. Figure 53-1 shows the topology.
Figure 53-1 Layer 2 PDU Tunneling
S-Bridge Component
The S-bridge component is capable of inserting or removing a service provider VLAN (S-VLAN) for all traffic on a particular port. IEEE 802.1ad adds a new tag called a Service tag (S-tag) to all the ingress frames from a customer to the service provider.
The VLAN in the S-tag is used for forwarding the traffic in the service provider network. Different customers use different S-VLANs, which results in each customer's traffic being isolated. In the S-tag, provider bridges use an Ethertype value that is different from the standard 802.1Q Ethertype value, and do not understand the standard Ethertype. This difference makes customer traffic tagged with the standard Ethertype appear as untagged in the provider network so customer traffic is tunneled in the port VLAN of the provider port. The 802.1ad service provider user network interfaces (S-UNIs) and network to network interfaces (NNIs) implement the S-bridge component.
For example, a VLAN tag has a VLAN ID of 1, the C-tag Ethertype value is 8100 0001, the S-tag Ethertype value is 88A8 0001, and the class of service (CoS) is zero.
C-tag S-tag
------------------------------------------------------- -----------------------------------------------
0x8100 | Priority bits | CFI | C-VLAN-ID 0x88A8 | Priority bits | 0 | S-VLAN-ID
------------------------------------------------------- -----------------------------------------------
C-Bridge Component
All the C-VLANs entering on a UNI port in an S-bridge component are provided the same service (marked with the same S-VLAN). Although, C-VLAN components are not supported, a customer may want to tag a particular C-VLAN packet separately to differentiate between services. Provider bridges allow C-VLAN packet tagging with a provider edge bridge, called the C-bridge component of the provider bridge. C-bridge components are C-VLAN aware and can insert or remove a C-VLAN 802.1Q tag. The C-bridge UNI port is capable of identifying the customer 802.1Q tag and inserting or removing an S-tag on the packet on a per service instance or C-VLAN basis. A C-VLAN tagged service instance allows service instance selection and identification by C-VLAN. The 802.1ad customer user network interfaces (C-UNIs) implement the C-component.
MAC Addresses for Layer 2 Protocols
Customers' Layer 2 PDUs received by a provider bridge are not forwarded, so Layer 2 protocols running in customer sites do not know the complete network topology. By using a different set of addresses for the Layer 2 protocols running in provider bridges, IEEE 802.1ad causes customers' Layer 2 PDUs entering the provider bridge to appear as unknown multicast traffic and forwards it on customer ports (on the same S-VLAN). Customers' Layer 2 protocols can then run transparently.
Table 53-1 shows the Layer 2 MAC addresses reserved for the C-VLAN component.
Table 53-1 Reserved Layer 2 MAC Addresses for a C-VLAN Component
|
|
Bridge Group Address |
01-80-c2-00-00-00 |
IEEE Std 802.3 Full Duplex PAUSE operation |
01-80-c2-00-00-01 |
IEEE Std. 802.3 Slow_Protocols_Multicast address |
01-80-c2-00-00-02 |
IEEE Std. 802.1X PAE address |
01-80-c2-00-00-03 |
Reserved for future standardization - media access method-specific |
01-80-c2-00-00-04 |
Reserved for future standardization - media access method- specific |
01-80-c2-00-00-05 |
Reserved for future standardization |
01-80-c2-00-00-06 |
Reserved for future standardization |
01-80-c2-00-00-07 |
Provider Bridge Group Address |
01-80-c2-00-00-08 |
Reserved for future standardization |
01-80-c2-00-00-09 |
Reserved for future standardization |
01-80-c2-00-00-0a |
Reserved for future standardization |
01-80-c2-00-00-0b |
Reserved for future standardization |
01-80-c2-00-00-0c |
Provider Bridge GVRP Address |
01-80-c2-00-00-0d |
IEEE Std. 802.1AB Link Layer Discovery Protocol multicast address |
01-80-c2-00-00-0e |
Reserved for future standardization |
01-80-c2-00-00-0f |
Table 53-2 shows the Layer 2 MAC addresses reserved for an S-VLAN component. These addresses are a subset of the C-VLAN component addresses, and the C-bridge does not forward the provider's bridge protocol data units (BPDUs) to a customer network.
Table 53-2 Reserved Layer 2 MAC Addresses for an S-VLAN Component
|
|
IEEE Std 802.3 Full Duplex PAUSE operation |
01-80-c2-00-00-01 |
IEEE Std. 802.3 Slow_Protocols_Multicast address |
01-80-c2-00-00-02 |
IEEE Std. 802.1X PAE address |
01-80-c2-00-00-03 |
Reserved for future standardization - media access method specific |
01-80-c2-00-00-04 |
Reserved for future standardization - media access method specific |
01-80-c2-00-00-05 |
Reserved for future standardization |
01-80-c2-00-00-06 |
Reserved for future standardization |
01-80-c2-00-00-07 |
Provider Bridge Group Address |
01-80-c2-00-00-08 |
Reserved for future standardization |
01-80-c2-00-00-09 |
Reserved for future standardization |
01-80-c2-00-00-0a |
Guidelines for Handling BPDU
The general BPDU guidelines are listed here:
UNI-C Ports
The guidelines pertaining to UNI-C ports are:
- VLAN-aware L2 protocols can be peered, tunneled, or dropped.
- Port L2 protocols can either be peered or dropped. They cannot be tunneled.
Table 53-3 shows the Layer 2 PDU destination MAC addresses for customer-facing C-bridge UNI ports, and how frames are processed.
Table 53-3 Layer 2 PDU Destination MAC Addresses for Customer-Facing C-Bridge UNI Ports
|
|
Significance on C-UNI Port
|
|
01-80-C2-00-00-00 |
Bridge Group Address (End-to-End BPDUs) |
BPDU |
Peer |
01-80-C2-00-00-01 |
802.3X Pause Protocol |
BPDU |
Drop |
01-80-C2-00-00-02 |
Slow Protocol address: 802.3ad LACP, 802.3ah OAM, CDP Pagp, VTP, DTP, UDLD |
BPDU |
Peer |
01-80-C2-00-00-03 |
802.1X |
BPDU |
May peer |
01-80-C2-00-00-04 |
Reserved for future media access method |
None |
Drop |
01-80-C2-00-00-05 |
Reserved for future media access method |
None |
Drop |
01-80-C2-00-00-06 |
Reserved for future bridge use |
None |
Drop |
01-80-C2-00-00-07 |
Reserved for future bridge use |
None |
Drop |
01-80-C2-00-00-08 |
Provider STP (BPDU) |
None |
Drop |
01-80-C2-00-00-09 |
Reserved for future bridge use |
None |
Drop |
01-80-C2-00-00-0A |
Reserved for future bridge use |
None |
Drop |
01-80-C2-00-000-0B |
Reserved for future S-bridge purpose |
None |
Drop |
01-80-C2-00-00-0C |
Reserved for future S-bridge purpose |
None |
Drop |
01-80-C2-00-00-0D |
Provider Bridge GVRP address |
None |
Drop |
01-80-C2-00-00-0E |
802.1ab-LLDP |
BPDU |
May peer |
01-80-C2-00-00-0F |
Reserved for future C-bridge or Q-bridge use |
None |
Drop |
01-80-C2-00-00-10 |
All bridge addresses |
Read Data |
Snoop if implemented. Else, discard |
01-80-C2-00-00-20 |
GMRP |
Data/BPDU |
May peer |
01-80-C2-00-00-21 |
GVRP |
Data/BPDU |
May peer |
01-80-C2-00-00-22 – 2F |
Other GARP addresses |
Data/BPDU |
May peer |
01-00-0C-CC-CC-CC |
Cisco’s CDP DTP VTP PagP UDLD (End-to-End) |
BPDU |
Peer |
01-00-0C-CC-CC-CD |
Cisco’s PVST(End-to-End) |
BPDU |
May peer |
UNI-S Ports
The guidelines pertaining to UNI-S ports are:
- Packets with C-Bridge addresses (00 - 0F) that are not part of S-Bridge addresses (01 - 0A) are treated as data packet (tunneled).
- VLAN-aware L2 protocols cannot be peered because the port is not C-VLAN aware. They can only be tunneled or dropped.
- Port L2 protocols can be peered, tunneled, or dropped.
Table 53-4 shows the Layer 2 PDU destination MAC addresses for customer-facing S-bridge UNI ports, and how frames are processed.
Table 53-4 Layer 2 PDU Destination MAC Addresses for Customer-Facing S-Bridge UNI Ports
|
|
Significance on S-UNI Port
|
|
01-80-C2-00-00-00 |
Bridge Group Address (BPDUs) |
Data |
Data |
01-80-C2-00-00-01 |
802.3X Pause Protocol |
BPDU |
Drop |
01-80-C2-00-00-02 |
Slow Protocol address: 802.3ad LACP, 802.3ah |
BPDU |
Peer |
01-80-C2-00-00-03 |
802.1X |
BPDU |
Peer |
01-80-C2-00-00-04 |
Reserved for future media access method |
BPDU |
Drop |
01-80-C2-00-00-05 |
Reserved for future media access method |
BPDU |
Drop |
01-80-C2-00-00-06 |
Reserved for future bridge use |
BPDU |
Drop |
01-80-C2-00-00-07 |
Reserved for future bridge use |
BPDU |
Drop |
01-80-C2-00-00-08 |
Provider STP (BPDU) |
BPDU |
Drop (peer on NNI) |
01-80-C2-00-00-09 |
Reserved for future bridge use |
BPDU |
Drop |
01-80-C2-00-00-0A |
Reserved for future bridge use |
BPDU |
Drop |
01-80-C2-00-00-0B |
Reserved for future bridge use |
Data if not implemented |
Drop |
01-80-C2-00-00-0C |
Reserved for future bridge use |
Data if not implemented |
Treat as data until implemented |
01-80-C2-00-00-0D |
Reserved for future GVRP address |
Data if not implemented |
Treat as data until implemented |
01-80-C2-00-00-0E |
802.1ab-LLDP |
BPDU |
May peer |
01-80-C2-00-00-0F |
Reserved for future C-bridge or Q-bridge use |
Data |
Data |
01-80-C2-00-00-10 |
All bridge addresses |
Data |
Data |
01-80-C2-00-00-20 |
GMRP |
Data |
Data |
01-80-C2-00-00-21 |
GVRP |
Data |
Data |
01-80-C2-00-00-22 – 2F |
Other GARP addresses |
Data |
Data |
01-00-0C-CC-CC-CC |
Cisco’s CDP DTP VTP PagP UDLD |
Data |
Data |
01-00-0C-CC-CC-CD |
Cisco’s PVST |
Data |
Data |
NNI Ports
The Dot1add NNI ports behave in the same way as the customer facing S-bridge ports, with the following exceptions:
- On NNI ports, frames received with DA 01-80-C2-00-00-08 contain STP BPDU. The frames are received and transmitted. On S-UNI ports, any such frames that are received are dropped, and none are sent. Starting with Cisco IOS Release 15.4(3)S, on NNI ports, frames received with DA 01-80-C2-00-00-08 include PVST BPDU.
- On NNI ports, frames received with DA 01-80-C2-00-00-02 include CDP Pagp, VTP, DTP, and UDLD protocols.
- Starting with Cisco IOS Release 15.4(3)S, on NNI ports, frames received with DA 01-80-C2-00-00-03 include LLDP protocol.
7600 Action Table
Table 53-5 lists the actions performed on a packet when the packet is received with a specified destination MAC address.
Table 53-5 7600 Action Table
|
|
|
|
|
01-80-C2-00-00-00 |
Bridge Group Address (BPDUs) |
Peer |
Data |
Data |
01-80-C2-00-00-01 |
802.3X Pause Protocol |
Drop |
Drop |
Drop |
01-80-C2-00-00-02 |
Slow Protocol address: 802.3ad LACP, 802.3ah |
Peer |
Peer |
Peer |
01-80-C2-00-00-03 |
802.1X |
May peer |
May peer |
May peer |
01-80-C2-00-00-04 |
Reserved |
Drop |
Drop |
Drop |
01-80-C2-00-00-05 |
Reserved |
Drop |
Drop |
Drop |
01-80-C2-00-00-06 |
Reserved |
Drop |
Drop |
Drop |
01-80-C2-00-00-07 |
Reserved |
Drop |
Drop |
Drop |
01-80-C2-00-00-08 |
Provider STP (BPDU) |
Drop |
Drop |
Peer |
01-80-C2-00-00-09 |
Reserved for future bridge use |
Drop |
Drop |
Drop |
01-80-C2-00-00-0A |
Reserved for future bridge use |
Drop |
Drop |
Drop |
01-80-C2-00-00-0B |
Reserved for future bridge use |
Drop |
Data |
Data |
01-80-C2-00-00-0C |
Reserved for future bridge use |
Drop |
Data |
Data |
01-80-C2-00-00-0D |
Reserved for future GVRP address |
Drop |
Data |
Data |
01-80-C2-00-00-0E |
802.1ab-LLDP |
May peer |
Data |
Data |
01-80-C2-00-00-0F |
Reserved for future C-bridge or Q-bridge use |
Drop |
Data |
Data |
01-80-C2-00-00-10 |
All bridge addresses |
Snoop if implemented. Else drop |
Data |
Data |
01-80-C2-00-00-20 |
GMRP |
May peer |
Data |
Data |
01-80-C2-00-00-21 |
GVRP |
May peer |
Data |
Data |
01-80-C2-00-00-22 – 2F |
Other GARP addresses |
May peer |
Data |
Data |
01-00-0C-CC-CC-CC |
Cisco’s CDP DTP VTP PagP UDLD |
Peer |
Data |
Data |
01-00-0C-CC-CC-CD |
Cisco’s PVST |
May peer |
Data |
Data |
Interoperability of QinQ and Dot1ad
The interoperability of QinQ and Dot1ad network enables the exchange of data frames between the networks. The 802.1Q network outer tag VLANs are mapped to the provider S-VLANs of the 802.1ad network.
Figure 53-2 illustrates the interoperability of a Dot1ad network and a QinQ network.
Figure 53-2 Interoperability of Dot1ad Network and a QinQ Network
How to Configure IEEE 802.1ad
This section contains the information about following procedures:
Configuring a Switchport
A switchport can be configured as a UNI-C port, UNI-S port, or NNI port.
UNI-C Port
A UNI-C port can be configured as either a trunk port or an access port. Perform the following tasks to configure a UNI-C port as an access port for 802.1ad.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. switchport
6. switchport mode {access | trunk}
7. switchport access vlan vlan-id
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-C port. |
Step 5 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 6 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode access |
Sets the interface type. In this example, it is Access. |
Step 7 |
switchport access vlan vlan-id Example: Router(config-if)# switchport access 1000 |
Sets the VLAN when an interface is in access mode. In this example, the VLAN is set to 1000. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure a UNI-C port as a trunk port for 802.1ad.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. switchport
6. switchport mode {access | trunk}
7. switchport trunk allowed vlan vlan-list
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-C port. |
Step 5 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 6 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 7 |
switchport trunk allowed vlan vlan-list Example: Router(config-if)# switchport trunk allowed vlan 1000, 2000 |
Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
UNI-S Port
On a UNI-S port, all the customer VLANs that enter are provided with the same service. The port allows only access configuration. In this mode, the customer’s port is configured as a trunk port. Therefore, the traffic entering the UNI-S port is tagged traffic.
Perform the following tasks to configure a UNI-S port as an access port for 802.1ad.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport
5. switchport mode {access | trunk}
6. ethernet dot1ad {nni | uni {c-port | s-port}}
7. switchport access vlan vlan-id
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 5 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode access |
Sets the interface type. In this example, it is Access. |
Step 6 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni s-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-S port. |
Step 7 |
switchport access vlan vlan-id Example: Router(config-if)# switchport access 999 |
Sets the VLAN when an interface is in access mode. In this example, the VLAN is set to 999. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
NNI Port
NNI port allows only trunk configuration. On an NNI port, the frames received on all the allowed VLANs are bridged to the respective internal VLANs.
Perform the following tasks to configure an NNI port as a trunk port for 802.1ad.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport
5. switchport mode {access | trunk}
6. ethernet dot1ad {nni | uni {c-port | s-port}}
7. switchport trunk allowed vlan vlan-list
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 5 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 6 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad nni |
Configures a dot1ad NNI port or UNI port. In this example, it is an NNI. |
Step 7 |
switchport trunk allowed vlan vlan-list Example: Router(config-if)# switchport trunk allowed vlan 999 |
Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure a UNI-C port as an access port. In this example, all the frames that are received are bridged to one internal VLAN 1000. The transmitted frames do not have the access VLAN Dot1q tag.
Router# configure terminal
Router(config)# interface gig2/1
Router(config-if # ethernet dot1ad uni c-port
Router(config-if)# switchport
Router(config-if)# switchport mode access
Router(config-if)# switchport access vlan 1000
The following example shows how to configure a UNI-C port as a trunk port. In this example, all the frames that are received on all allowed VLANs (1000 and 2000) are bridged to the respective internal VLANs. The transmitted frames have the respective internal VLAN Dot1q tag.
Router# configure terminal
outer(config)# interface gig2/1
Router(config-if)# ethernet dot1ad uni c-port
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport access vlan 1000, 2000
The following example shows how to configure a UNI-S port. In this example, all the frames that are received are bridged to one internal VLAN (999). The transmitted frames do not have the access VLAN Dot1q tag.
Router# configure terminal
Router(config)# interface gig2/1
Router(config-if)# switchport
Router(config-if)# switchport mode access
Router(config-if)# ethernet dot1ad uni s-port
Router(config-if)# switchport access vlan 999
The following example shows how to configure an NNI port. Only trunk configuration is allowed on an NNI port. In this example, all the frames that are received on all the allowed VLANs (999) are bridged to the respective internal VLANs. The transmitted frames have the respective internal VLAN Dot1q tag.
Router# configure terminal
Router(config)# interface gig2/1
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# ethernet dot1ad nni
Router(config-if)# switchport trunk allowed vlan 999
The following example shows how to configure Dot1ad on an SVI:
Router# configure terminal
Router(config)# interface gig2/1
Router(config-if)# ethernet dot1ad nni
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 999
Router(config)# interface vlan 999
Router(config-if)# ip address 1.2.3.4 255.255.0.0
Configuring a Layer 2 Protocol Forward
Perform the following tasks to configure the Layer 2 protocol forward:
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport access vlan vlan-id
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. l2protocol [ forward] [ protocol ]
7. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 3/0 |
Configures an interface. |
Step 4 |
switchport access vlan vlan-id Example: Router(config)# switchport access vlan 500 |
Sets the VLAN when an interface is in access mode. |
Step 5 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni s-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI S-port. |
Step 6 |
l2 protocol [forward] [ protocol ] Example: Router(config-if)# l2 protocol forward vtp |
Processes or forwards the Layer 2 BPDUs. In this example, all the BPDUs are forwarded except VTP PDUs. |
Step 7 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure a Layer 2 protocol forward:
Router# configure terminal
Router(config)# interface gig3/0
Router(config-if)# switchport access vlan 500
Router(config-if)# ethernet dot1ad uni s-port
Router(config-if)# l2protocol forward vtp
Configuring a Switchport for Translating QinQ to 802.1ad
Translating a QinQ port to 802.1ad involves configuring the port connecting to QinQ port and NNI port.
Perform the following tasks to configure a port connecting to the QinQ port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport mode {access | trunk}
5. switchport trunk allowed vlan vlan-list
6. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 1/1 |
Configures an interface. |
Step 4 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 5 |
switchport trunk allowed vlan vlan-list Example: Router(config-if)# switchport trunk allowed vlan 1000 |
Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode. |
Step 6 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure an NNI port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. switchport
6. switchport mode {access | trunk}
7. switchport trunk allowed vlan vlan-list
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 4/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad nni |
Configures a dot1ad NNI port or UNI port. In this example, it is an NNI. |
Step 5 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 6 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 7 |
switchport trunk allowed vlan vlan-list Example: Router(config-if)# switchport trunk allowed vlan 999-1199 |
Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to translate a QinQ port to 802.1ad. In this example, the peer router to gig1/1 multiplexes various customer VLANs into VLAN 1000.
Router# configure terminal
Router(config)# interface gig1/1
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 1000
Router# configure terminal
Router(config)# interface gig4/0
Router(config-if)# ethernet dot1ad nni
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 1000,1199
Configuring a Switchport (L2PT)
Configuring the switchport for L2PT is required to tunnel the STP packets from a customer on the dot1ad network to a customer on the QinQ network.
Perform the following tasks to configure the port connecting to the customer.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. no l2 protocol [peer | forward] [ protocol ]
7. l2protocol-tunnel [cdp | stp | vtp]
8. switchport mode {access | trunk}
9. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 5 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni s-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI S-port. |
Step 6 |
no l2 protocol [peer | forward] [ protocol ] Example: Router(config-if)# no l2 protocol forward |
Disables L2 protocol forwarding. |
Step 7 |
l2protocol-tunnel [cdp | stp | vtp] Example: Router(config-if)# l2protocol-tunnel stp |
Enables protocol tunneling for STP. |
Step 8 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 9 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure an NNI port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. switchport
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. switchport mode {access | trunk}
7. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 5 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad nni |
Configures a dot1ad NNI or UNI port. In this example, it is an NNI. |
Step 6 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 7 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to tunnel the STP packets from a customer on the Dot1ad network to a customer on a QinQ network:
Router# configure terminal
Router(config)# interface gig1/0
Router(config-if)# switchport
Router(config-if)# ethernet dot1ad uni s-port
Router(config-if)# no l2protocol forward
Router(config-if)# l2protocol-tunnel stp
Router(config-if)# switchport mode access
Router# configure terminal
Router(config)# interface gig4/0
Router(config-if)# switchport
Router(config-if)# ethernet dot1ad nni
Router(config-if)# switchport mode trunk
Configuring a Customer-Facing UNI-C Port with EVC
Perform the following tasks to configure a UNI-C port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. service instance id service-type
6. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
7. bridge-domain vlan-id
8. service instance id service-type
9. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
10. bridge-domain vlan-id
11. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port. |
Step 5 |
service instance id service-type Example: Router(config-if)# service instance 1 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 1. |
Step 6 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 1-100 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 7 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 1000 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 8 |
service instance id service-type Example: Router(config-if)# service instance 2 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 2. |
Step 9 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 102-4094 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 10 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 500 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 11 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure an NNI port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. service instance id service-type
6. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
7. rewrite ingress tag pop 1 symmetric
8. bridge-domain vlan-id
9. service instance id service-type
10. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
11. rewrite ingress tag pop 1 symmetric
12. bridge-domain vlan-id
13. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port. |
Step 5 |
service instance id service-type Example: Router(config-if)# service instance 1 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 1. |
Step 6 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 1000 second-dot1q 1-100 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 7 |
rewrite ingress tag pop 1 symmetric Example: Router(config-if)# rewrite ingress tag pop 1 symmetric |
Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance. |
Step 8 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 1000 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 9 |
service instance id service-type Example: Router(config-if)# service instance 2 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 2. |
Step 10 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 500 second-dot1q 102-4904 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 11 |
rewrite ingress tag pop 1 symmetric Example: Router(config-if)# rewrite ingress tag pop 1 symmetric |
Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance. |
Step 12 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 500 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 13 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure a customer-facing UNI port. In this example, a dot1q frame coming on VLAN 50 matches service instance 1, and on the ingress port, the rewrite command pushes the 1000 outer-vlan.
Router# configure terminal
Router(config)# interface gig1/1
Router(config-if)# ethernet dot1ad uni c-port
Router(config-if)# service instance 1 ethernet
Router(config-if)# encapsulation dot1q 1-100
Router(config-if)# bridge-domain 1000
Router(config-if)# service instance 2 ethernet
Router(config-if)# encapsulation dot1q 102-4904
Router(config-if)# bridge-domain 500
Router# configure terminal
Router(config)# interface gig4/1
Router(config-if)# ethernet dot1ad nni
Router(config-if)# service instance 1 ethernet
Router(config-if)# encapsulation dot1q 1000 second dot1q 1-100
Router(config-if)# rewrite ingress tag pop 1 symmetric
Router(config-if)# bridge-domain 1000
Router(config-if)# service instance 2ethernet
Router(config-if)# encapsulation dot1q 500 second dot1q 102-4904
Router(config-if)# rewrite ingress tag pop 1 symmetric
Router(config-if)# bridge-domain 500
Configuring a Customer-Facing UNI-C Port and Switchport on NNI with EVC
Perform the following tasks to configure a UNI-C port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. service instance id service-type
6. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
7. bridge-domain vlan-id
8. service instance id service-type
9. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
10. bridge-domain vlan-id
11. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port. |
Step 5 |
service instance id service-type Example: Router(config-if)# service instance 1 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 1. |
Step 6 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 1-100 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 7 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 1000 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 8 |
service instance id service-type Example: Router(config-if)# service instance 2 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 2. |
Step 9 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 102-4094 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 10 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 500 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 11 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure an NNI port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. switchport
6. switchport mode {access | trunk}
7. switchport trunk allowed vlan vlan-list
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router# interface gigabitethernet 4/1 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad nni |
Configures a dot1ad NNI port or UNI port. In this example, it is an NNI. |
Step 5 |
switchport Example: Router(config-if)# switchport |
Put the interface into Layer 2 mode. |
Step 6 |
switchport mode {access | trunk} Example: Router(config-if)# switchport mode trunk |
Sets the interface type. In this example, it is Trunk. |
Step 7 |
switchport trunk allowed vlan vlan-list Example: Router(config-if)# switchport trunk allowed vlan 1000-500 |
Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure a customer-facing UNI-C port and switchport on NNI with EVC:
Router# configure terminal
Router(config)# interface gig1/1
Router(config-if)# ethernet dot1ad uni c-port
Router(config-if)# service instance 1 ethernet
Router(config-if)# encapsulation dot1q 1-100
Router(config-if)# bridge-domain 1000
Router(config-if)# service instance 2 ethernet
Router(config-if)# encapsulation dot1q 102-4904
Router(config-if)# bridge-domain 500
Router# configure terminal
Router(config)# interface gig4/0
Router(config-if)# switchport
Router(config-if)# ethernet dot1ad uni
Router(config-if)# switchport mode trunk
Router(config-if)# switchport allowed vlan 1000,500
Configuring a Customer-Facing UNI-S Port with EVC
Perform the following tasks to configure a UNI-S port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. service instance id service-type
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. encapsulation default
7. bridge-domain vlan-id
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
service instance id service-type Example: Router(config-if)# service instance 1 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 1. |
Step 5 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni s-port |
Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-S port. |
Step 6 |
encapsulation default Example: Router(config-if)# encapsulation default |
Configures the default service instance on a port. Anything that does not meet the criteria of other service instances on the same physical interface falls into this service instance. |
Step 7 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 1000 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Perform the following tasks to configure an NNI port.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. service instance id service-type
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
7. rewrite ingress tag pop 1 symmetric
8. bridge-domain vlan-id
9. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 2/1 |
Configures an interface. |
Step 4 |
service instance id service-type Example: Router(config-if)# service instance 1 ethernet |
Configures an Ethernet service instance. In this example, the service instance is 1. |
Step 5 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad uni c-port |
Configures a dot1ad NNI or UNI port. In this example, it is a UNI C port. |
Step 6 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 1000 second-dot1q 1-100 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 7 |
rewrite ingress tag pop 1 symmetric Example: Router(config-if)# rewrite ingress tag pop 1 symmetric |
Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance. |
Step 8 |
bridge-domain vlan-id Example: Router(config-if)# bridge-domain 1000 |
Binds a service instance or a MAC tunnel to a bridge domain. |
Step 9 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure an NNI port:
Router# configure terminal
Router(config)# interface gig1/1
Router(config-if)# service instance 1 ethernet
Router(config-if)# ethernet dot1ad nni
Router(config-if)# encapsulation dot1q 1000
Router(config-if)# rewrite ingress tag pop 1 symmetric
Router(config-if)# bridge-domain 1000
Configuring a Layer 3 Termination
Perform the following tasks to configure a Layer 3 termination.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ethernet dot1ad {nni | uni {c-port | s-port}}
5. interface type number
6. encapsulation dot1q vlan -id second-dot1q {any | vlan -id} [native]
7. ip address ip-address mask
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number Example: Router(config)# interface gigabitethernet 3/0 |
Configures an interface. |
Step 4 |
ethernet dot1ad {nni | uni {c-port | s-port}} Example: Router(config-if)# ethernet dot1ad nni |
Configures a dot1ad NNI or UNI port. In this example, it is an NNI port. |
Step 5 |
interface type number Example: Router(config)# interface gigabitethernet 3/0/.1 |
Configures an interface. |
Step 6 |
encapsulation dot1q vlan-id second-dot1q {any | vlan-id } [native] Example: Router(config-if)# encapsulation dot1q 10 second-dot1q 10 |
Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN. |
Step 7 |
ip address Example: Router(config-if)# ip address 1.2.3.4 255.255.0.0 |
Sets a primary or secondary IP address for an interface. |
Step 8 |
end Example: Router(config-if)# end |
Returns the CLI to privileged EXEC mode. |
Examples
The following example shows how to configure a Layer 3 termination. Note that Layer 3 is supported only on trunk interfaces.
Router# configure terminal
Router(config)# interface gig3/0
Router(config-if)# ethernet dot1ad nni
Router(config)# interface gig3/0/0.1
Router(config-if)# encapsulation dot1q 10 second dot1q 10
Router(config-if)# ip address 1.2.3.4 255.255.0.0
The following example shows how to configure a Layer 3 termination on an SVI:
Router# configure terminal
Router(config)# interface gig4/1
Router(config-if)# ethernet dot1ad nni
Router(config-if)# service instance 1 ethernet
Router(config-if)# encapsulation dot1q 200 second dot1q 300
Router(config-if)# rewrite ingress tag pop 2 symmetric
Router(config-if)# bridge-domain 50
Router(config-if)# service instance 2 ethernet
Router(config-if)# encapsulation dot1q 300
Router(config-if)# rewrite ingress tag pop 1 symmetric
Router(config-if)# bridge-domain 60
Router(config)# interface vlan 50
Router(config-if)# ip address 2.3.4.5 255.255.0.0
Router(config)# interface vlan 60
Router(config-if)# ip address 3.4.5.6 255.255.0.0
Displaying a Dot1ad Configuration
You can display a Dot1ad configuration using the show ethernet dot1ad command. This command displays the Dot1ad configuration for all interfaces. To display the configuration on a particular interface, use the show ethernet dot1ad interface command.
The following example shows how to display a Dot1ad configuration on all interfaces:
Router# show ethernet dot1ad
Interface: GigabitEthernet4/0/1
L2protocol pass cdp stp vtp dtp pagp dot1x lacp
Interface: GigabitEthernet4/0/2
L2protocol pass cdp stp vtp dtp pagp dot1x lacp