RB2011 QinQ

risbozg · September 9, 2014, 2:25pm

Hi,

Here’s the situation. I have a customer who uses vlan range 100-150 and it’s connected to my router RB2011 11UiAS-2HnD-IN. I wanna accept this tagged frames and send them as double vlan tagged (with my S-tag VLAN id 387) (QinQ) out on another interface. On another side, there is Cisco L3 Switch with Dot1Q tunnel ready for connect.

I tried with examples on mikrotik wiki but it’s not explained good enough (there is no single example how to configure QinQ). Another thing, I searched, and searched, and I can’t find how to configure interface as Trunk.

My question is, how to configure interface to accept vlan range (100-150) and then add second tag ( VLAN 387) to these frames, and send it to trunk interface? I tried everything from search engines and it’s not working.

Tnx in advance

garthvs · September 10, 2014, 6:32pm

You can create QinQ interfaces very easily by creating one VLAN interface and then creating another VLAN interface on top of that:

Ethernet

VLAN 500 (PVID)
```
     - VLAN 1000 (CVID)
```

risbozg · September 11, 2014, 6:51am

garthvs:

You can create QinQ interfaces very easily by creating one VLAN interface and then creating another VLAN interface on top of that:

Ethernet
VLAN 500 (PVID)
     - VLAN 1000 (CVID)

It’s not working. I tried this for 500th time yesterday and it’s not working. Packet’s sent out another interface are missing VLAN tag. I don’t know if you read my original post but thing I want to do is to match VLAN range not just single VLAN.

Will85 · March 26, 2015, 2:56pm

Hi risbozg,

I was wondering if you got it, I’m having the same problem as you.
If you got, could you explain to me?

Thanks in advance

ZeroByte · March 26, 2015, 3:44pm

The OP’s design was to allow a specific range of “inner” VLAN tags, and use their own service provider tag.

In the provider-edge device, let’s say that interface ether1 = upstream to the core and ether2 = customer-facing.

Suppose the provider-tag you want to use is 387 (OP’s choice).

Create a bridge and call it “CustBridge387”
Create a Vlan interface on ether1 “Ether1.QQ387” and configure it to use VLAN id 387.
Connect ether2 and Ether1.QQ387 as ports on CustBridge387.

At this point, you have created the QinQ edge device for the customer.
If you want to limit which customer VLANs go across it then make a bridge filter forwarding rule on CustBridge387 to limit the VLAN tags. (match the customer VLANs - the bridge won’t see the service provider vlans)

Now you need to make sure the MTU is supported everywhere. A single C-vlan tag will raise the L2MTU requirement to minimum 1508 on any interface which transports the double-tagged frame. (ether1 on the edge device, and all trunk interfaces between) The minimum L2MTU is 1504 for ether2, CustBridge387, and Ether1.QQ387 since they all carry the customer’s 802.1q tags inside them.

FYI - Cisco auto-includes the first 802.1q header size in its MTU calculations, so the trunk interfaces that carry double-tagged traffic need mtu=1504 minimum. (kind of strange)

Here is a diagram of the connection:

                            Ether1
                               Ether1.vlan101
Ether2 <--- CustBridge387 ---> Ether1.QQ387
                               Ether1.vlan500

(I created a couple of unrelated vlan subinterfaces on Ether1 just to illustrate where this fits into the big picture.)