QinQ confusion: QinQ on EX, QFX or VCF

Configuring Q-in-Q, or dot1q tunneling can lead to some confusion. I’ve seen confusion due to changes in the new enhanced Layer 2 CLI configuration and because of a mismatch in Ethertype. This is a short article on how QinQ can be configured on an EX, QFX or VCF. I’ll configure a dot1q tunnel between two EX4300's and between a VCF and an EX4200.

First, using the enhanced Layer 2 CLI, the EX4300 configuration:

set interfaces ge-0/0/0 description cpe
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 3000 vlan-id-list 1-4094
set interfaces ge-0/0/0 unit 3000 input-vlan-map push
set interfaces ge-0/0/0 unit 3000 output-vlan-map pop

set interfaces ge-0/0/47 description ex4300
set interfaces ge-0/0/47 flexible-vlan-tagging
set interfaces ge-0/0/47 encapsulation extended-vlan-bridge
set interfaces ge-0/0/47 unit 3000 vlan-id 3000


set vlans q-in-q interface ge-0/0/0.3000
set vlans q-in-q interface ge-0/0/47.3000

This setup will switch traffic between the CPEs just fine. All the VLANs specified in the ‘vlan-id-list’ can be used on the CPE devices. The EX4300s will tunnel these frames by placing VLAN tag 3000 in front of any of the tags used by the customer. The above configuration can be used on VCF and QFX as well.

Now, we'll look at a scenario where a VCF and an EX4200 are tunneling across a switch that is not configured for QinQ:

The configuration I used for the EX4300 was applied to the VCF as well. In addition, the rightmost EX4200 was configured for QinQ like this:

set interfaces ge-0/0/0 description cpe
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 3000

set interfaces ge-0/0/47 description ex4300
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 3000

set vlans q-in-q vlan-id 3000
set vlans q-in-q dot1q-tunneling customer-vlans 1-4094

There was no connectivity between the CPEs. I realized that the Ethertypes did not match. To fix this, I added the following configuration of the EX4200:

set ethernet-switching-options dot1q-tunneling ether-type 0x8100

After issuing this configuration command, both switches that were performing the tunneling started doing so using the same Ethertype. Most Juniper switches support TPIDs 0x8100, 0x88a8 and 0x9100. To factor in intermediate switches that do not support or perform QinQ, I figured 0x8100 was the way to go.

Perhaps a little needless to say, but do not forget to factor in the added VLAN when configuring the MTU.

Ps, to specify the Ethertype using the enhanced Layer 2 CLI:

set interfaces ge-0/0/47 ether-options ethernet-switch-profile tag-protocol-id 0x8100

14-1-2016