Consider the following topology:
We have one Customer with two distributed locations (SW1, R1 and SW2, R2) connected over Provider backbone. What we want to create is something like this:
If Provider support 802.1q and L2 tunneling we can achieve a nice Etherchannel between our 2 remote locations with direct CDP visibility. Also STP and VTP is supported, just like when these SW1 and SW2 switches are directly connected.
First, lets configure SW1 and SW2 Customer devices.
On the three interfaces connected to provider devices we want to configure LACP Etherchannel:
SW1 / SW2 Customer
interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active |
Next we will configure the SW1 and SW2 ports connected to R1 and R2 devices:
SW1 / SW2 Customer
vtp mode transparent vtp domain Customer vlan 100 name End2End ! interface Fa0/10 switchport mode access switchport access vlan 100 |
Of course another approach can be taken in terms of VTP, like having Server / Client configuration, but this was the simplest one to illustrate here.
Let’s add some IP addresses on the two routers R1 and R2:
R1 Customer
interface fa0/0 ip address 10.0.0.1 255.255.255.0 |
R2 Customer
interface fa0/0 ip address 10.0.0.2 255.255.255.0 |
Our job, as Customer, is done. What about the Provider configuration? Here is where “the magic” happens.
To provide our Customer with three end to end 802.1q tunnels, we need to create three VLANs, assign them to the interfaces pointing to Customer SW1 and SW2 and enable the 802.1q tunnels.
SW1 / SW2 Provider
vlan 10 vlan 20 vlan 30 ! interface FastEthernet0/1 switchport access vlan 10 switchport mode dot1q-tunnel ! interface FastEthernet0/2 switchport access vlan 20 switchport mode dot1q-tunnel ! interface FastEthernet0/3 switchport access vlan 30 switchport mode dot1q-tunnel |
Of course SW1 and SW2 from Provider should have 802.1q trunk enable and allow the tranport of VLANs 10, 20 and 30:
SW1 / SW2 Provider
int fa0/4 switchport trunk mode dot1q switchport mode trunk switchport trunk allowed vlan 10,20,30 |
OK, we have the dot1q tunneling enabled now:
SW1 / SW2 Provider
show dot1q-tunnel dot1q-tunnel mode LAN Port(s) ----------------------------- Fa0/1 Fa0/2 Fa0/3 |
Still, the Customer wants Etherchannel functionality, CDP visibility and the ability to transport own VLAN information (remember we did configure Vlan 100 on the interface of SW1 / SW2 Customer pointing to R1 / R2). Let’s enable also these ones:
SW1 / SW2 Provider
interface FastEthernet0/1 l2protocol-tunnel point-to-point lacp l2protocol-tunnel cdp l2protocol-tunnel stp no cdp enable ! interface FastEthernet0/2 l2protocol-tunnel point-to-point lacp l2protocol-tunnel cdp l2protocol-tunnel stp no cdp enable ! interface FastEthernet0/3 l2protocol-tunnel point-to-point lacp l2protocol-tunnel cdp l2protocol-tunnel stp no cdp enable |
Perfect, now let’s do some “show” commands to see that everything is working.
SW1 / SW2 Customer
show etherchannel 1 summary | b Group Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) Fa0/3(P) |
show spanning-tree vlan 100 VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 32868 Address 0011.20ab.6180 Cost 9 Port 56 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0014.a86b.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/10 Desg FWD 19 128.3 P2p Po1 Root FWD 9 128.56 P2p |
OK, the Etherchannel is UP and the STP is showing correct values. Let’s see if we can do a simple “ping” from R1 to R2
R1#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms |
The Customer is happy, but what about the Provider, what does it see on the L2 infrastructure?
SW1 / SW2 Provider
show spanning-tree vlan 100 Spanning tree instance(s) for vlan 100 does not exist. |
So, the Provider has no idea about Vlan 100 used by the Customer. This is because STP BPDUs from SW1 / SW2 Customer are tunneled inside dot1q-tunnel and hidden by the metro tags 10, 20 and 30.
One note for real life example, the Provider needs to support at least MTU 1504 so that Customer does not deal with packet fragmentation.