Consider the following topology:
We have one Customer with two distributed locations (SW1, R1 and SW2, R2) connected over Provider backbone. What we want to create is something like this:
If Provider support 802.1q and L2 tunneling we can achieve a nice Etherchannel between our 2 remote locations with direct CDP visibility. Also STP and VTP is supported, just like when these SW1 and SW2 switches are directly connected.
First, lets configure SW1 and SW2 Customer devices.
On the three interfaces connected to provider devices we want to configure LACP Etherchannel:
SW1 / SW2 Customer
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active |
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
Next we will configure the SW1 and SW2 ports connected to R1 and R2 devices:
SW1 / SW2 Customer
vtp mode transparent
vtp domain Customer
vlan 100
name End2End
!
interface Fa0/10
switchport mode access
switchport access vlan 100 |
vtp mode transparent
vtp domain Customer
vlan 100
name End2End
!
interface Fa0/10
switchport mode access
switchport access vlan 100
Of course another approach can be taken in terms of VTP, like having Server / Client configuration, but this was the simplest one to illustrate here.
Let’s add some IP addresses on the two routers R1 and R2:
R1 Customer
interface fa0/0
ip address 10.0.0.1 255.255.255.0 |
interface fa0/0
ip address 10.0.0.1 255.255.255.0
R2 Customer
interface fa0/0
ip address 10.0.0.2 255.255.255.0 |
interface fa0/0
ip address 10.0.0.2 255.255.255.0
Our job, as Customer, is done. What about the Provider configuration? Here is where “the magic” happens.
To provide our Customer with three end to end 802.1q tunnels, we need to create three VLANs, assign them to the interfaces pointing to Customer SW1 and SW2 and enable the 802.1q tunnels.
SW1 / SW2 Provider
vlan 10
vlan 20
vlan 30
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode dot1q-tunnel
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode dot1q-tunnel
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode dot1q-tunnel |
vlan 10
vlan 20
vlan 30
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode dot1q-tunnel
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode dot1q-tunnel
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode dot1q-tunnel
Of course SW1 and SW2 from Provider should have 802.1q trunk enable and allow the tranport of VLANs 10, 20 and 30:
SW1 / SW2 Provider
int fa0/4
switchport trunk mode dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20,30 |
int fa0/4
switchport trunk mode dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20,30
OK, we have the dot1q tunneling enabled now:
SW1 / SW2 Provider
show dot1q-tunnel
dot1q-tunnel mode LAN Port(s)
-----------------------------
Fa0/1
Fa0/2
Fa0/3 |
show dot1q-tunnel
dot1q-tunnel mode LAN Port(s)
-----------------------------
Fa0/1
Fa0/2
Fa0/3
Still, the Customer wants Etherchannel functionality, CDP visibility and the ability to transport own VLAN information (remember we did configure Vlan 100 on the interface of SW1 / SW2 Customer pointing to R1 / R2). Let’s enable also these ones:
SW1 / SW2 Provider
interface FastEthernet0/1
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable
!
interface FastEthernet0/2
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable
!
interface FastEthernet0/3
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable |
interface FastEthernet0/1
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable
!
interface FastEthernet0/2
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable
!
interface FastEthernet0/3
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel cdp
l2protocol-tunnel stp
no cdp enable
Perfect, now let’s do some “show” commands to see that everything is working.
SW1 / SW2 Customer
show etherchannel 1 summary | b Group
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) Fa0/3(P) |
show etherchannel 1 summary | b Group
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) Fa0/3(P)
show spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 0011.20ab.6180
Cost 9
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0014.a86b.f600
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/10 Desg FWD 19 128.3 P2p
Po1 Root FWD 9 128.56 P2p |
show spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 0011.20ab.6180
Cost 9
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0014.a86b.f600
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/10 Desg FWD 19 128.3 P2p
Po1 Root FWD 9 128.56 P2p
OK, the Etherchannel is UP and the STP is showing correct values. Let’s see if we can do a simple “ping” from R1 to R2
R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms |
R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
The Customer is happy, but what about the Provider, what does it see on the L2 infrastructure?
SW1 / SW2 Provider
show spanning-tree vlan 100
Spanning tree instance(s) for vlan 100 does not exist. |
show spanning-tree vlan 100
Spanning tree instance(s) for vlan 100 does not exist.
So, the Provider has no idea about Vlan 100 used by the Customer. This is because STP BPDUs from SW1 / SW2 Customer are tunneled inside dot1q-tunnel and hidden by the metro tags 10, 20 and 30.
One note for real life example, the Provider needs to support at least MTU 1504 so that Customer does not deal with packet fragmentation.