Lets recap briefly about dot1q tunnel
Customers sometimes demand layer 2 for end-to-end connectivity over service providers network, SP uses a technique to transparently passing the different customers traffic over their layer 2 network by using an additional vlan tag called "metro tag". This technique is called Layer 2 tunneling or L2VPN.
PE switch ports connected to CE switch ports as an asymmetric link meaning that CE side can be either trunk or access ports, the PE switch port just takes the traffic receive on the port and adds a metro tag to it.
It does not matter whether inter link trunks are ISL or dotq inside the SP network.
SP assign a vlan to each customer over which customers vlan travels inside the SP network.
Configuration on PE switch ports on each side connected to CE switch port as as follow
#switchport access vlan 100
! this is the metro tag, make sure spanning tree is end to end in all the SP switches for ! ! ! this vlan
#switchport mode dotq-tunnel
! set tunnel mode
On CE switch port connected to PE switch port can be configured as static or trunk port.
Points to remember:
1. mac addresses of all host at customers side are learned in SP switch to actual pass traffic. Therefore scalability issue arises due to limited mac address learning capability of switches
2. dotq tunnel port does not support DTP and any layer 3 setting configuration.
3. CDP,STP and VTP are disable by default on the dotq tunnel ports. So that customers traffic transparently pass over SP network.
4. dotq tunnel add additional 4 byte header so MTU needs to increase to 1504 byte at SP switches. "system mtu 1504"
4. Traffic from customers side can leak inside SP network if metro tag is the native vlan of inside the SP network. To avoid such this, always tag even the native vlan traffic inside the SP network via "dot1q tag native vlan"
