13-4
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 13 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Configuring IEEE 802.1Q Tunneling
Configuring IEEE 802.1Q Tunneling
These sections contain this configuration information:
Default IEEE 802.1Q Tunneling Configuration, page 13-4
IEEE 802.1Q Tunneling Configuration Guidelines, page 13-4
IEEE 802.1Q Tunneling and Other Features, page 13-6
Configuring an IEEE 802.1Q Tunneling Port, page 13-6

Default IEEE 802.1Q Tunneling Configuration

By default, IEEE 802.1Q tunneling is disabled because the default switchport mode is access. Tagging
of IEEE 802.1Q native VLAN packets on all IEEE 802.1Q trunk ports is also disabled. By default,
VLANs on the switch are UNI-ENI isolated VLANs.

IEEE 802.1Q Tunneling Configuration Guidelines

When you configure IEEE 802.1Q tunneling, you should always use an asymmetrical link between the
customer device and the edge switch, with the customer device port configured as an IEEE 802.1Q trunk
port and the edge switch port configured as a tunnel port.
Assign tunnel ports only to VLANs that are used for tunneling.
Configuration requirements for native VLANs and for and maximum transmission units (MTUs) are
explained in these next sections.

Native VLANs

When configuring IEEE 802.1Q tunneling on an edge switch, you must use IEEE 802.1Q trunk ports for
sending packets into the service-provider network. However, packets going through the core of the
service-provider network can be carried through IEEE 802.1Q trunks, ISL trunks, or nontrunking links.
When IEEE 802.1Q trunks are used in these core switches, the native VLANs of the IEEE 802.1Q trunks
must not match any native VLAN of the nontrunking (tunneling) port on the same switch because traffic
on the native VLAN would not be tagged on the IEEE 802.1Q sending trunk port.
See Figure 13-3. VLAN 40 is configured as the native VLAN for the IEEE 802.1Q trunk port from
Customer X at the ingress edge switch in the service-provider network (Switch B). Switch A of
Customer X sends a tagged packet on VLAN 30 to the ingress tunnel port of Switch B in the
service-provider network, which belongs to access VLAN 40. Because the access VLAN of the tunnel
port (VLAN 40) is the same as the native VLAN of the edge-switch trunk port (VLAN 40), the metro
tag is not added to tagged packets received from the tunnel port. The packet carries only the VLAN 30
tag through the service-provider network to the trunk port of the egress-edge switch (Switch C) and is
misdirected through the egress switch tunnel port to Customer Y.
These are some ways to solve this problem:
Use ISL trunks between core switches in the service-provider network. Although customer
interfaces connected to edge switches must be IEEE 802.1Q trunks, we recommend using ISL trunks
for connecting switches in the core layer. The Cisco ME switch does not support ISL trunks.