802.1Q Tunneling Configuration Guidelines And Restrictions; Restrictions - Cisco 7609 Configuration Manual

Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
When a tunnel port receives tagged customer traffic from an 802.1Q trunk port, it does not strip the
received 802.1Q tag from the frame header; instead, the tunnel port leaves the 802.1Q tag intact, adds a
2-byte Ethertype field (0x8100) followed by a 2-byte field containing the priority (CoS) and the VLAN.
The received customer traffic is then put into the VLAN to which the tunnel port is assigned. This
Ethertype 0x8100 traffic, with the received 802.1Q tag intact, is called tunnel traffic.
A VLAN carrying tunnel traffic is an 802.1Q tunnel. The tunnel ports in the VLAN are the tunnel's
ingress and egress points.
The tunnel ports do not have to be on the same network device. The tunnel can cross other network links
and other network devices before reaching the egress tunnel port. A tunnel can have as many tunnel ports
as required to support the customer devices that need to communicate through the tunnel.
An egress tunnel port strips the 2-byte Ethertype field (0x8100) and the 2-byte length field and transmits
the traffic with the 802.1Q tag still intact to an 802.1Q trunk port on a customer device. The 802.1Q trunk
port on the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer
VLAN.
Note Tunnel traffic carries a second 802.1Q tag only when it is on a trunk link between service-provider
network devices, with the outer tag containing the service-provider-assigned VLAN ID and the inner tag
containing the customer-assigned VLAN IDs.

802.1Q Tunneling Configuration Guidelines and Restrictions

Follow these guidelines and restrictions when configuring 802.1Q tunneling in your network:

Restrictions

•
•
•
•
78-14064-04
Because tunnel traffic has the added ethertype and length field and retains the 802.1Q tag within the
router, the following restrictions exist:
– The Layer 3 packet within the Layer 2 frame cannot be identified in tunnel traffic.
– Layer 3 and higher parameters cannot be identified in tunnel traffic (for example, Layer 3
destination and source addresses).
– Because the Layer 3 addresses cannot be identified within the packet, tunnel traffic cannot be
routed.
– The router can provide only MAC-layer filtering for tunnel traffic (VLAN IDs and source and
destination MAC addresses).
– The router can provide only MAC-layer access control and QoS for tunnel traffic.
– QoS cannot detect the received CoS value in the 802.1Q 2-byte Tag Control Information field.
On an asymmetrical link, the Cisco Discovery Protocol (CDP) reports a native VLAN mismatch if
the VLAN of the tunnel port does not match the native VLAN of the 802.1Q trunk. The 802.1Q
tunnel feature does not require that the VLANs match. Ignore the messages if your configuration
requires nonmatching VLANs.
Asymmetrical links do not support the Dynamic Trunking Protocol (DTP), because only one port on
the link is a trunk. Configure the 802.1Q trunk port on an asymmetrical link to trunk unconditionally.
Jumbo frames can be tunneled as long as the jumbo frame length combined with the 802.1Q tag does
not exceed the maximum frame size.
802.1Q Tunneling Configuration Guidelines and Restrictions
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
14-3