802.1q tunneling又叫做QinQ,能利用隧道技术,让服务供应商(ISP)仅用一个VLAN来支持客户端的多个VLAN,从而防止多客户存在而很快消耗掉4096个VLAN上限。QinQ技术通过配置隧道端口(tunnel port),并通过对传入ISP的封包进行双TAG处理,以在ISP端传输。该技术所建立的连接被称为非对称连接,因为一端是tunnel口,另一端可能是trunk口或者路由器子接口。

802.1q tunneling_第1张图片
配置如下:

Customer1:

interface FastEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan14
ip address 14.0.0.1 255.255.255.0
interface Vlan41
ip address 41.0.0.1 255.255.255.0

Customer2:

interface FastEthernet1/0/17
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan14
ip address 14.0.0.2 255.255.255.0
interface Vlan41
ip address 41.0.0.2 255.255.255.0

ISP:

system mtu 1504
interface FastEthernet0/14
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
interface FastEthernet0/23
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable

实验结果:

Customer1#show cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac RelayDevice ID Local Intrfce Holdtme Capability Platform Port ID
Customer2 Fas 1/0/1 120 R S I WS-C3750- Fas 1/0/17
Customer1#ping 14.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Customer1#ping 41.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 41.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

  实验结果证明了802.1q tunneling的连通性和透明性。
如果MTU的值使用默认的1500的话,或者刚刚配好tunnel口的话,系统会弹出信息:

System MTU of 1500 might be insufficient for 802.1Q tunnelling.
802.1Q tunnelling requires system MTU size of 1504 to handle maximum size ethernet frames.