To make students acquainted with operating of QinQ technology frequently used in service provider networks or local networks of large companies. The network is built with the help of GNS3 emulator.
The lab emulates a network of a provider who has points of presence in two cities: Moscow and St. Petersburg. The operator provides clients with L2-connectivity but does not restrict them to the only virtual network, it means that the provider gets 802.1Q trunk from clients. The operator also provides routing between virtual networks of the same client.
Studying of QinQ settings for real switches is out of scope of this lab, so ordinary emulator’s switches (Ethernet switch) are appropriate as L2 devices. Cisco 7200 model with the version of the operating system (IOS) recommended by the tutor is used as a router.
SW1, SW5, PC1, PC2, PC5 and PC6 devices belong to A company. The company B has the following devices: SW2, SW6, PC3, PC4, PC7 and PC8. The network operator has R1 router and two switches (SW3 and SW4).
The table below presents mapping between clients’ computers, numbers of virtual networks and PCs’ IP addresses.
As the numbers of clients’ virtual networks overlap, there is no ability to transmit them via an ordinary trunk between cities.
- Perform all connections presented at the scheme and turn on the equipment.
- On switches SW1, SW2, SW5 and SW6 perform all necessary settings for connection of the clients’ computers. Interfaces #1 should be configured in trunk mode.
- Assign IP-addresses, subnet masks and default gateways on all PCs of both companies. As a gateway set IP address with the first three octets equal to the workstation’s address and the last one equal to 1. For example, for PC1 192.168.0.1 address should be set up as a default gateway. Subnet masks should be equal to /24. Thus, setting of the network parameters for PC1 host is performed with the help of ip 192.168.0.2/24 192.168.0.1 command. One can view current settings with the help of sho ip command.
- Configure SW3 switch as shown in the picture below. The ports to which clients’ trunks are connected should be in qinq mode. VLAN number means an assigned external tag with the help of which frames of one client will differ from the frames of another one. Thus, in the operator network virtual network VLAN11 is mapped to A client and VLAN 12 is mapped to B client. An internal tag obtained from the client via the trunk is not changed, and only an additional tag is added.
- Perform settings of SW4 switch similarly to SW3.
- With the help of ping command (with corresponding arguments), make sure that the connection between computers in Moscow and their corresponding hosts in St. Petersburg is available.
- With the help of Wireshark network analyzer, capture traffic between switches of the client and service provider, for example, SW1 and SW3. Make sure that the trunk operating is normal.
- With the help of Wireshark network analyzer, capture traffic between two provider’s switches that means the link between Moscow and St. Petersburg. Generate traffic between PC1 and PC5. Study captured frames and make sure of the presence of 802.1Q double tag.
- Turn on the interface Gi0/0 on R1 router.
- Go to configuration mode of Gi0/0.112 subinterface. With the help of encapsulation dot1Q 11 second-dot1q 2 command set up that the subinterface should process traffic with a double tag. At first, an external tag is specified, and then with the help of second-dot1q option an internal tag is specified.
- Assign IP address 192.168.0.1 with /24 subnet mask to Gi0/0.112 subinterface.
- Perform similar settings for Gi0/0.113, Gi0/0.122 and Gi0/0.123 subinterfaces (processing tags and IP addresses).
- From all hosts make sure of the default gateway availability.
- Capture traffic on the link between R1 and SW3 and analyze it. Which tags present in the frames?
- Make sure that at this point from each host all other hosts are available, even those placed in the networks of another company.
- On R1 router configure access lists (ACLs) to deny transmitting traffic between IP networks belonging to different companies.
- * On the technical site of the provider in St. Petersburg set R2 router and connect it to SW4 switch similarly to the connection of R1 to SW3.
- * Propose failover solution that allows protecting from failure of one of the routers, so that L3-connectivity between different IP networks of the same client is saved.
- * Implement the solution proposed in the previous point.