Page 1 of 1

set up QinQ or Qinad for SP with Cisco N9K

Posted: Sun Jun 21, 2020 12:57 pm
by lechat75
Hi All,
I try to achieve a QinQ setup involving CRS326 & N9K.
We have to use briding for port facing the 326 because we want L3 termination on cutomers routers as well L2 features.
With the setup below (and symetric config between the two CPE), I c'ant get it work (no mac learned).
N9K supports both double tag or 802.1ad etype (trunk multi tag command).

Customer CPE :

/interface bridge
add admin-mac=C4:AD:34:E7:76:49 auto-mac=no comment=defconf fast-forward=no \
name=QinQ protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether4 ] mtu=1518 name=ether4_CSR326-LAB@SFP+4
/interface vlan
add interface=ether4_CSR326-LAB@SFP+4 mtu=1518 name=vlan22 use-service-tag=\
yes vlan-id=22
add interface=QinQ name=vlan222 vlan-id=222

/interface bridge port
add bridge=QinQ interface=vlan22 pvid=22
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=QinQ tagged=QinQ,vlan22 vlan-ids=222
/interface list member
add comment=defconf interface=QinQ list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address= interface=vlan222 network=

CRS 326 for cust 1:
/interface bridge
add admin-mac=74:4D:28:E2:CB:C3 auto-mac=no comment=defconf ether-type=0x88a8 \
name=QinQ-INFRA protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name="ether1_cisco WS-C2960X-48TS-L@Gi21"
set [ find default-name=qsfpplus1-4 ] advertise=1000M-full speed=1Gbps
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no name=\
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no loop-protect=on \
mtu=1518 name=sfp-sfpplus4_RB760iGS@ETH4
set [ find default-name=sfp-sfpplus24 ] auto-negotiation=no l2mtu=10218 mtu=\
1518 name=sfp-sfpplus24_SP
/interface vlan
add interface=QinQ-INFRA name=vlan222 vlan-id=222

/interface bridge port
add bridge=QinQ-INFRA comment=defconf interface=sfp-sfpplus4_RB760iGS@ETH4
add bridge=QinQ-INFRA comment=defconf interface=sfp-sfpplus24_SP
/interface bridge vlan
add bridge=QinQ-INFRA tagged=sfp-sfpplus4_RB760iGS@ETH4,sfp-sfpplus24_SP \

Wireshark gives some clue:
tag staking does not work properly : when CVLAN 222 is nested into the SVLAN 22 for cust 1, the frame from CPE has only one tag and when we use the Service tag, 802.1ad frame is send but with no success.
I was wondering if i can get the the expected result without using the service tag : only with adding the second tag on frames already 802.1q tagged on ingress bridge port.

Many thanks