Skip to main content

CCIE QinQ

I must say this is one of the technology's I love and some times also love to hate as it can make you very confused on where to start and what to do to make it work, but once you do make it work you fill like Houdini.

why like Houdini because basically the technology make your middle switch go away like it never was there and sowing to the person you wanted to show like he is directly connected to a switch when he is not.

now that I made every one a little confused, i will start to explain, QinQ allow you to take a middle switch and turn it to transparent while connecting 2 other components and maid them fill like they are directly connected.





why do you need that, well the CCIE lab love it as it is confusing setup but there are more reason then that, with QinQ you can connect topology's while you migrating, you can also connect between clients that have there own topology that you do not want to encounter in your topology by transferring all of them with a single tag between there point of presents you do not need to create a trunk between the 2 branches and pass all the vlan id inside while limiting your self to 1 or 2 clients.

you can see a much more elaborate details in cisco site

here i will give you few steps to create QinQ simple scenario
you can see that R1 is connected to SW1 and SW1 connected to SW2, if you will do a show cdp nei on R1 you will see that you are connected on F0/0 to SW1 F0/1, I want you to make you see like you are connected to SW2 port F0/10, how to do that magic?!

Go into SW1
global config
! this is to allow another tag to pass the metro tag as it also
! called an additional of 4 byte
!
switch(config)#system mtu 1504
! i will create a vlan for access control between the ports


switch(config)#vlan 200
!
!now I will go under int F0/1 and F0/10 and type the same commands
switch(config-if)#sw mode dot1q-tunnel
switch(config-if)#sw acc vlan 200
switch(config-if)#l2protocol-tunnel cdp
switch(config-if)#no shut

now when you will go to R1 and do show cdp nei you will see like magic that you are directly connected to SW2 F0/10 instead of SW1 and I didn't switched the cable!!!

Read more on cisco site you will love it.

Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…