Lessons Learned: Cisco Catalyst Q-in-Q
Today I had the chance to work on a scenario where cisco Q-in-Q was needed. Basically, Q-in-Q is a method wherein a vlan (normally that of a customer) is left intact, and encapsulated within another vlan (normally that of a provider). So it’s vlan-within-a-vlan.
So a customer tags his traffic with vlan tag 123, or anything else of their choice, and the provider would like to keep an outer tag of 456 within their infrastructure. In essence, port f0/1 on SW_P1 needs to encapsulate anything that enters into it with vlan tag 456, and remove the vlan tag for traffic exiting the interface, leaving the inner traffic intact.
Fairly simple with the cisco catalyst switches, for example:
switchport access vlan 456
switchport mode dot1q-tunnel
no mdix auto
vlan dot1q tag native
switchport mode trunk
switchport encapsulation dot1q
There’s much more info on the ‘net about the above, though the above alone will give you a general idea. What is not very well document is before even starting on any of the above commands, you need to disable IGMP snooping using:
no ip igmp snooping
Else, the switch simply doesnt perform Q-in-Q. To be fair, cisco documentation states that IGMP snooping and Q-in-Q do not match well and so IGMP should be disabled. But most guides on the internet fail to tell you this.