Cisco Systems 15310-CL, 15310-MA Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling on the ML-Series Card

CHAPTE R

8-1

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

78-18133-01

Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling on the ML-Series Card

Virtual private networks (VPNs) provide enterprise-scale connectivity on a shared infrastructure, often

Ethernet-based, with the same security, prioritization, reliability, and manageability requirements of

private networks. Tunneling is a feature designed for service providers who carry traffic of multiple

customers across their networks and are required to maintain t he VLAN and Layer 2 protocol

configurations of each customer without impacting the traffic of other cu stomers. The ML-Series cards

support IEEE 802.1Q tunneling (QinQ) and Layer 2 protocol tunneling.

This chapter contains the following sections:

• Understanding IEEE 802.1Q Tunneling, page 8-1

• Configuring IEEE 802.1Q Tunneling, page 8-4

• Understanding VLAN-Transparent and VLAN-Specific Services, page 8-6

• VLAN-Transparent and VLAN-Specific Services Configuration Example, page 8-7

• Understanding Layer 2 Protocol Tunneling, page 8-9

• Configuring Layer 2 Protocol Tunneling, page 8-9

Business customers of service providers often have specific requirements for VLAN IDs and the number

of VLANs to be supported. The VLAN ranges required by different customers in the same

service-provider network might overlap, and traffic of customers through the infrastructure might be

mixed. Assigning a unique range of VLAN IDs to each customer woul d restrict customer configurations

and could easily exceed the IEEE 802.1Q specification VLAN limit of 4096.

Using the IEEE 802.1Q tunneling (QinQ) feature, service providers can use a single VLA N to support

customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different

customers is segregated within the service-provider infrastructure even when they appear to be on the

same VLAN. The IEEE 802.1Q tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy

and tagging the tagged packets. A port configured to support IEEE 802.1Q tunneling is called a tunnel

port. When you configure tunneling, you assign a tunnel port to a VLAN that is de dicated to tunneling.

Each customer requires a separate VLAN, but that VLAN supports all of the customer’s VLANs.