Sharing Ilmu

Sharing for useful things

Configuration 802.1Q tunneling (Q-in-Q) on Cisco

802.1Q tunneling (Q-in-Q)  is a services that creates Layer 2 Tunneling by adding second vlan tag on the Ethernet Frames. is often used by Metro Ethernet Service Provider to tunnel traffic between their customers. I Think is called VLAN running in the VLAN.

As the example topology below we can see that we have two Connection sites with the different location. But we have requirement to keep connecting both as layer vlan connection.

Now Let’s start configuration from SW-ISP, SW_C1 and SW_C2.

Configuration on SW-ISP, Create VLAN 100 and configuration trunk on interface g0/0-1

SW-ISP(config)#vlan 100
SW-ISP(config-vlan)#name QinQ-Tunneling
SW-ISP(config-vlan)#exit
SW-ISP(config)#int range g0/0-1
SW-ISP(config-if-range)#switchport trunk encapsulation dot1q
SW-ISP(config-if-range)#switchport mode trunk
SW-ISP(config-if-range)#end

 

Configuration on SW_C1

Create VLAN 100

SW_C1(config)#vlan 100
SW_C1(config-vlan)#name QinQ-Tunneling
SW_C1(config-vlan)#exit

Config interface trunk on G0/0 interface

SW_C1(config)#int g0/0
SW_C1(config-if)#switchport trunk encapsulation dot1q
SW_C1(config-if)#switchport mode trunk
SW_C1(config-if)#switchport trunk allowed vlan 100
SW_C1(config-if)#end
SW_C1#

Configure QinQ Tunneling on G0/1. which is the interface connected to the customer.

SW_C1(config)#int g0/1
SW_C1(config-if)#switchport mode dot1q-tunnel
SW_C1(config-if)#l2protocol-tunnel
SW_C1(config-if)#switchport access vlan 100
SW_C1(config-if)#exit
SW_C1(config)#

 

Configuration on SW_C2

Create VLAN 100

SW_C2(config)#vlan 100
SW_C2(config-vlan)#name QinQ-Tunneling
SW_C2(config-vlan)#exit

 

Config interface trunk on G0/0 interface

SW_C2(config)#int g0/0
SW_C2(config-if)#switchport trunk encapsulation dot1q
SW_C2(config-if)#switchport mode trunk
SW_C2(config-if)#switchport trunk allowed vlan 100
SW_C2(config-if)#exit

 

Configure QinQ Tunneling on G0/1. which is the interface connected to the customer.

SW_C2(config)#int g0/1
SW_C2(config-if)#switchport mode dot1q-tunnel
SW_C2(config-if)#l2protocol-tunnel
SW_C2(config-if)#switchport access vlan 100
SW_C2(config-if)#end
SW_C2#

 

Now Configure SW-HO and Branch

Configure SW-HO

Add Vlan 10 and Vlan 20

SW-HO(config)#vlan 10
SW-HO(config-vlan)#exit
SW-HO(config)#vlan 20
SW-HO(config-vlan)#exit

Configure switch port trunk on G0/0 that connected to SW_C1

SW-HO(config)#int g0/0
SW-HO(config-if)#switchport trunk encapsulation dot1q
SW-HO(config-if)#switchport mode trunk
SW-HO(config-if)#exit

Then Configure access port to PC

SW-HO(config)#int g0/1
SW-HO(config-if)#switchport mode access
SW-HO(config-if)#switchport access vlan 10
SW-HO(config-if)#exit
SW-HO(config)#int g0/2
SW-HO(config-if)#switchport mode access
SW-HO(config-if)#switchport access vlan 20
SW-HO(config-if)#exit
SW-HO(config)#

 

Configure SW-Branch

Add Vlan 10 and Vlan 20

SW-Branch(config)#vlan 10
SW-Branch(config-vlan)#exit
SW-Branch(config)#vlan 20
SW-Branch(config-vlan)#exit

Configure switch port trunk on G0/0 that connected to SW_C2

SW-Branch(config)#int g0/0
SW-Branch(config-if)#switchport trunk encapsulation dot1q
SW-Branch(config-if)#switchport mode trunk
SW-Branch(config-if)#exit

Then Configure access port to PC

SW-Branch(config)#int g0/1
SW-Branch(config-if)#switchport mode access
SW-Branch(config-if)#switchport access vlan 10
SW-Branch(config-if)#exit
SW-Branch(config)#int g0/2
SW-Branch(config-if)#switchport mode access
SW-Branch(config-if)#switchport access vlan 20
SW-Branch(config-if)#exit
SW-Branch(config)#

 

Configure ip address on PCHO10

PCHO10> ip 192.168.10.1/24
Checking for duplicate address...
PC1 : 192.168.10.1 255.255.255.0
PCHO10>

 

Configure ip address on PCHO20

PCHO20> ip 192.168.20.1/24
Checking for duplicate address...
PC1 : 192.168.20.1 255.255.255.0
PCHO20>

 

Config ip address on PCBR10

PCBR10> ip 192.168.10.2/24
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0
PCBR10>

 

Config ip address on PCBR20

PCBR20> ip 192.168.20.2/24
Checking for duplicate address...
PC1 : 192.168.20.2 255.255.255.0
PCBR20>

After that do a ping test between PCs HO and Branch.

PCHO10> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=64 time=42.641 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=64 time=19.437 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=64 time=20.863 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=64 time=18.621 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=64 time=27.816 ms
PCHO10>

 

PCHO20> ping 192.168.20.2
84 bytes from 192.168.20.2 icmp_seq=1 ttl=64 time=14.547 ms
84 bytes from 192.168.20.2 icmp_seq=2 ttl=64 time=15.672 ms
84 bytes from 192.168.20.2 icmp_seq=3 ttl=64 time=19.206 ms
84 bytes from 192.168.20.2 icmp_seq=4 ttl=64 time=40.554 ms
84 bytes from 192.168.20.2 icmp_seq=5 ttl=64 time=27.468 ms
PCHO20>

 

PCBR10> ping 192.168.10.1
84 bytes from 192.168.10.1 icmp_seq=1 ttl=64 time=17.805 ms
84 bytes from 192.168.10.1 icmp_seq=2 ttl=64 time=22.574 ms
84 bytes from 192.168.10.1 icmp_seq=3 ttl=64 time=14.186 ms
84 bytes from 192.168.10.1 icmp_seq=4 ttl=64 time=43.997 ms
84 bytes from 192.168.10.1 icmp_seq=5 ttl=64 time=18.362 ms
PCBR10>

 

PCBR20> ping 192.168.20.1
84 bytes from 192.168.20.1 icmp_seq=1 ttl=64 time=17.707 ms
84 bytes from 192.168.20.1 icmp_seq=2 ttl=64 time=22.481 ms
84 bytes from 192.168.20.1 icmp_seq=3 ttl=64 time=15.062 ms
84 bytes from 192.168.20.1 icmp_seq=4 ttl=64 time=26.976 ms
84 bytes from 192.168.20.1 icmp_seq=5 ttl=64 time=15.206 ms
PCBR20>

 

As you can see above, the connection between PC HO and Branch that connected on VLAN10 and VLAN20 is successfull.

 

Now verify cdp neighbor on SW-HO and Branch.

SW-HO#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SW-Branch Gig 0/0 140 R S I Gig 0/0

Total cdp entries displayed : 1
SW-HO#

 

SW-Branch#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SW-HO Gig 0/0 146 R S I Gig 0/0

Total cdp entries displayed : 1
SW-Branch#

As you can see above, CDP neighboor on SW-HO is a SW Branch. also CDP Neighboor on SW-Branch is SW-HO. That’s like both switch are directly connected while in real topology is connected to another switch.

z
Previous Article

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2026 Sharing Ilmu All Right Reserved. Online CV Resume Theme By eDataStyle . Proudly powered by WordPress .