Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentIOS XE Intelligent Services
71727374757677787980
Configuring Routing Between VLANs
How to Configure Routing Between VLANS
43
Figure 82 Broadband Ethernet-based DSLAM Model of Q-in-Q VLANs
VLAN aggregation on a DSLAM will result in a lot of aggregate VLANs that at some point need to be
terminated on the broadband remote access servers (BRAS). Although the model could connect the
DSLAMs directly to the BRAS, a more common model uses the existing Ethernet-switched network
where each DSLAM VLAN ID is tagged with a second tag (Q-in-Q) as it connects into the
Ethernet-switched network.
The only model that is supported is PPPoE over Q-in-Q (PPPoEoQinQ). This can either be a PPP
terminated session or as a L2TP LAC session. No IP over Q-in-Q is supported.
The Cisco 10000 series Internet router already supports plain PPPoE and PPP over 802.1Q
encapsulation. Supporting PPP over Q-in-Q encapsulation is new. PPP over Q-in-Q encapsulation
processing is an extension to 802.1q encapsulation processing. A Q-in-Q frame looks like a VLAN
802.1Q frame, only it has two 802.1Q tags instead of one. See Figure 81.
PPP over Q-in-Q encapsulation supports configurable outer tag Ethertype. The configurable Ethertype
field values are 0x8100 (default), 0x9100, and 0x9200. See Figure 83.
Figure 83 Supported Configurable Ethertype Field Values
Security ACL Application on the Cisco 10000 Series Internet Router
The IEEE 802.1Q-in-Q VLAN Tag Termination feature provides limited security access control list
(ACL) support for the Cisco 10000 series Internet router.
If you apply an ACL to PPPoE traffic on a Q-in-Q subinterface in a VLAN, apply the ACL directly on
the PPPoE session, using virtual access interfaces (VAIs) or RADIUS attribute 11 or 242.
You can apply ACLs to virtual access interfaces by configuring them under virtual template interfaces.
You can also configure ACLs by using RADIUS attribute 11 or 242. When you use attribute 242, a
maximum of 30,000 sessions can have ACLs.
ACLs that are applied to the VLAN Q-in-Q subinterface have no effect and are silently ignored. In the
following example, ACL 1 that is applied to the VLAN Q-in-Q subinterface level will be ignored:
Router(config)# interface FastEthernet3/0/0.100
Router(config-subif)# encapsulation dot1q 100 second-dot1q 200
GigE
BRAS
QinQ
L2/L3 switch
L2/L3 switch
DSLAM
DSLAM
FE/GE
Outer VLAN
1
VLAN
1
VLAN
10
VLAN
20
VLAN
30
170136
L2/L3 switch
Outer VLAN
2
L2/L3 switch
Outer VLAN
2
Outer VLAN
3
DA SA
0x8100
0x9100
0x9200
Tag 0x8100 Tag Len/Etype Data FCS
170137