CHAPTER
13-1
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
13
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Virtual private networks (VPNs) provide enterprise-scale connectivity on a shared infrastructure, often
Ethernet-based, with the same security, prioritization, reliability, and manageability requirements of
private networks. Tunneling is a feature designed for service providers who carry tra ffic of mul tipl e
customers across their networks and are required to maintain t he VLAN an d L ay er 2 pr otoc ol
configurations of each customer without impacting the traffic of other customers. The Cisco ME 3400
Ethernet Access switch supports IEEE 802.1Q tunneling and Layer 2 protocol tunneling when it is
running the metro access or metro IP access image. The metro ba se im ag e does n ot suppo rt tu nnel ing.
Note For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release.
This chapter contains these sections:
Understanding IEEE 802.1Q Tunneling, page 13-1
Configuring IEEE 802.1Q Tunneling, page 13-4
Understanding Layer 2 Protocol Tunneling, page 13-8
Configuring Layer 2 Protocol Tunneling, page 13-10
Monitoring and Maintaining Tunneling Status, page 13-18

Understanding IEEE 802.1Q Tunneling

Business customers of service providers often have specific requirements for VLAN IDs and the number
of VLANs to be supported. The VLAN ranges required by different customers in the same
service-provider network might overlap, and traffic of customers through the infrastructure might be
mixed. Assigning a unique range of VLAN IDs to each customer woul d restrict customer configurations
and could easily exceed the VLAN limit (4096) of th e IEEE 8 02. 1Q sp ec ificatio n.
Using the IEEE 802.1Q tunneling feature, service providers can use a single VLAN to suppor t customers
who have multiple VLANs. Customer VLAN IDs are preserved, and traffic from different customers is
segregated within the service-provider network, even when they appear to be in the same VLAN. Using
IEEE 802.1Q tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy and retaggi ng the
tagged packets. A port configured to support IEEE 802.1Q tunneling is ca lled a tunnel port. When you
configure tunneling, you assign a tunnel port to a VLAN ID that is dedicated to tunneling. Each customer
requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs.