From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

NMC DOiT Vol.2 Scenario 4 Day 1 – 802.1Q Tunneling

500 Words. Plan about 3 minute(s) to read this.

I’m cutting out a little bit early tonight because I hung my terminal server at work that connects me to my CCIE rack again. I think I know what happens to cause the hang, too. If I press a “C” at the poor little thing’s prompt, it sends the SSH daemon into a tailspin. That just screams software upgrade to me. No, my terminal server is not an IOS platform – it’s some offbeat company I’d never heard of before this job I have. It’s a little disappointing that the dumb terminal server quit, because I was going great guns, man. Everything was flying along.

I configured the frame relay and PPP in less than my budgeted time. You may think that’s no big deal, but it’s a win for me, because it means that by scenario 4, I have a good handle on getting the frame interface types set up and communicating quickly, no matter how mixed and matched they are. So that makes me happy. I was going a little over time budget on getting all the IP addresses assigned and VLANs built, because I had to read up on 802.1Q tunneling on the 3550. But I was only going to be over about 15 minutes, so considering a major part of that time was reading configuration instructions, I don’t feel too badly about that.

So what about 802.1 tunneling, anyway? 802.1q tunneling is where you end up with 2 dot1q tags on an ethernet frame. This is generally used by a provider in a metro ethernet environment. The feature allows a customer to tag a frame, send his frame into the provider cloud, and have his tag be preserved within the cloud while it is switched elsewhere. The provider is able to place his own tag onto the frame without disturbing the customer’s tag. When the frame comes out the other side of the cloud, the customer’s tag will be intact, ready for the customer to process. One notable catch is that you need to increase the switch’s MTU max size to at least 1504 (where the default is 1500) to handle the additional tag. When the system MTU size is reset, the switch requires a reload.

Setting up dot1q tunneling on a 3550:

  1. Increase system MTU size with global config command “system mtu 1504” and reload. Note that you can go larger that 1504, but 1504 is the minimum required to support double-tagged frames.
  2. Enter the interface config for the port that will uplink to your customer.
  3. Assign an access VLAN to the interface that you, as the provider, assign to the customer. The customer does not care about this VLAN number. The only relevance is to your provider network. “switchport access vlan vlan-id
  4. Set the interface mode to be dot1q tunneling with “switchport mode dot1q-tunnel“.

That was the simplest possible 802.1q tunneling configuration. Like so many other things in IOS, there’s a lot of other options to help handle any number of other situations.

Read more about dot1q tunneling on the 3550.