QinQ doest work

RouterOS Beginner Basics
1

Hi all

I’m trying to configure QinQ works between Cisco 3750 ME and RT Board 1100. But it doesnt work. Have a look the configuration below.

On Switch port connected to MikroTik is configured:
Int Gi 1/0/1
Switch access vlan 501
Switch mode dot1t-tunnel

Int Vlan 100
ip add 10.10.10.2 255.255.255.0
Int Vlan 200
ip add 10.10.20.2 255.255.255.0
Int Vlan 300
ip add 10.10.30.2 255.255.255.0
Int Vlan 400
ip add 10.10.40.2 255.255.255.0

All Vlans are up

MikroTik configuration

/interface vlan
add name=vlan501 vlan-id=501 interface=ether1
add name=vlan100 vlan-id=100 interface=vlan501
add name=vlan200 vlan-id=100 interface=vlan501
add name=vlan300 vlan-id=100 interface=vlan501
add name=vlan400 vlan-id=100 interface=vlan501

/ip address
add address=10.10.10.1/24 interface=VLAN100
add address=10.10.20.1/24 interface=VLAN200
add address=10.10.30.1/24 interface=VLAN300
add address=10.10.40.1/24 interface=VLAN400

This configuration didnt work and I tried to use just sub interface, but it didnt work either.

/interface vlan
add name=VLAN100 vlan-id=100 interface=ether1 disabled=no
add name=VLAN200 vlan-id=200 interface=ether1 disabled=no
add name=VLAN300 vlan-id=300 interface=ether1 disabled=no
add name=VLAN400 vlan-id=400 interface=ether1 disabled=no

What else do I have to do?

Thanks

2

Cisco VlanXXX virtual IP interfaces don’t participate in QinQ.
(or at least they didn’t the last time I tried this)

When you configure a physical interface with dot1q-tunnel as the switch mode, it is the edge of the tunnel. Once a frame enters the switch on that interface it is now inside a tunnel, and the tunnel zooms right underneath the VIP interfaces.

The idea of QinQ is to transparently carry a customer’s VLANs. If you want to participate in QinQ, you start it with a router.

So your second Mikrotik configuration is the correct one to be a Q-in-Q client. If you configured a second Mikrotik the same way, and connected it to another port on the 3750ME which was also configured as dot1q-tunnel access vlan 501…
Then the two Mikrotiks would be able to ping each other across the Cisco switch this way.

Here’s kind of a diagram:

[Mikrotik]---- (vlans100/200/300) —>[qq edge] ===(501)===[core switch]===(501)===[qq edge]—(100/200/300)—>[Mikrotik]

The virtual IP interfaces can only see vlan 501 - not the inner VLANs. That’s why you can’t ping the Cisco.
It’s not broken - it’s supposed to be that way.