C H A P T E R
7-1
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
78-13315-02
7
Configuring IEEE 802.1Q Tunneling
This chapter describes how to configure IEEE 802.1Q tunneling on the Catalyst 6000 family switches.
This chapter consists of these sections:
•
Understanding How 802.1Q Tunneling Works, page 7-1
•
802.1Q Tunneling Configuration Guidelines, page 7-2
•
Configuring Support for 802.1Q Tunneling, page 7-3
Understanding How 802.1Q Tunneling Works
802.1Q tunneling enables service providers to use a single VLAN to support customers who have
multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer
VLANs segregated.
A port configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling,
you assign a tunnel port to a VLAN that you dedicate to tunneling. To keep customer traffic segregated,
each customer requires a separate VLAN, but that one VLAN supports all of the customer’s VLANs.
With 802.1Q tunneling, tagged traffic comes from an 802.1Q trunk port on a customer device and enters
the switch through a tunnel port. The link between the 802.1Q trunk port on a customer device and the
tunnel port is called an asymmetrical link because one end is configured as an 802.1Q trunk port and the
other end is configured as a tunnel port.
When a tunnel port receives tagged customer traffic from an 802.1Q trunk port, it does not strip the
received 802.1Q tag from the frame header; instead, the tunnel port leaves the 802.1Q tag intact, adds a
1-byte Ethertype field (0x8100) and a 1-byte length field and puts the received customer traffic into the
VLAN to which the tunnel port is assigned. This Ethertype 0x8100 traffic, with the received 802.1Q tag
intact, is called tunnel traffic.
A VLAN carrying tunnel traffic is an 802.1Q tunnel. The tunnel ports in the VLAN are the tunnel’s
ingress and egress points.
The tunnel ports do not have to be on the same network device. The tunnel can cross other network links
and other network devices before reaching the egress tunnel port. A tunnel can have as many tunnel ports
as required to support the customer devices that need to communicate through the tunnel.
An egress tunnel port strips the 1-byte Ethertype field (0x8100) and the 1-byte length field and transmits
the traffic with the 802.1Q tag still intact to an 802.1Q trunk port on a customer device. The 802.1Q
trunk port on the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer
VLAN.