cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
haakebecks
New Contributor

Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

So this is where things are at. We had a Comcast EPL set up at two locations. This is a Comcast Layer 2 product that utilizes 802.1Q. We have a two 3305 Routers in place and our mindset was that Eth 0/1 was the WAN port and Eth 0/2 was the LAN Port.

We configured the Eth 0/2 LAN Ports as follows:

Site 1: 192.168.2.1 / 255.255.255.0

Site 2. 192.168.3.1 / 255.255.255.0

We configured the Eth 0/1 WAN Ports as follows:

Site 1: 802.1Q with a VLAN Tag of 1 and Native Set

Site 2: 802.1Q with a VLAN Tag of 1 and Native Set

We then added a sub policy with an IP Address for each.

Site 1: 192.168.4.1 / 255.255.255.0   

Site 2. 192.165.4.2 / 255.255.255.0

I can take a laptop and configure it to use 192.168.2.4 at Site 1 and am able to ping across the LAN interface and get a response from 192.168.4.1 which is the WAN interface. I can also do the same thing at Site 2 utilizing the appropriate IPs. However, I cannot ping across the EPL so no traffic is being routed across the EPL from what I can tell.

We are VERY, VERY new to this and trying to figure it all out as we go. I'm sure we are missing a bunch of things. Any help, anybody can provide would be greatly appreciated. Are we making this too complex? Should be routers have LAN IP addresses in the same range? Do we even need the sub policy or is the 802.1Q and VLAN tagging enough? Do we need to do anything with the built-in firewall on the 3305 to allow this traffic? If so, can we simply disable the firewall to test?

A step by step would be wonderful!

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Your problem pinging across may be simply that you need a static route to the LAN subnet at the other side, not related to 802.1q at all

At site 1 add the following:

ip route 192.168.3.0 255.255.255.0 192.168.4.2

And at site 2, add:

ip route 192.168.2.0 255.255.255.0 192.168.4.1


View solution in original post

0 Kudos
13 Replies
jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Setting the VLAN to 1 native is essentially the same as having no VLAN at all.  You'll likely find that if you had just plugged in the devices without configuring VLANs it would work the same way.

802.1q VLANs are a means to isolate logical Ethernet networks over a single physical wire by adding a "tag" value to the frame entering the 802.1q domain and removing the tag leaving it. 

A trunk port is a switch port that has multiple VLANs passing through it, each with a unique tag from 1 to 4096.  The native VLAN on a trunk is that VLAN that has no tag.  Only one VLAN can be native on a trunk.  By default traffic is in VLAN 1 and it is native.

An access port is a member of a single VLAN.

Say that you have several separate IP networks, they can have overlapping IP addresses or different, and you have a single wire or fiber between two (or more) sites.  You want to be able to share this single link among the several networks, but isolate their traffic from each other. 

At each site you would put a switch and on the first ports do something like:

int sw 0/1

  switchport access vlan 10

int sw 0/2

  switchport access vlan 20

int sw 03

   switchport access vlan 30

int sw 24

switchport mode trunk

Now connect switchport 24 from each switch the shared medium. 

Any traffic you send to port 1 on one end will come out port 1 on the other and not be seen by any other port.  Ditto port 2 to port 2, and port 3 to port 3.  What happens "in the middle" is that anything entering port 1 on one side gets a "tag" saying "This frame belongs to VLAN 10" applied before it leaves the switch on the trunk.  When it arrives on the receiving side, the tag is examined, the traffic is switched to all ports that are assigned to VLAN 10, and the tag is removed before it exits the access port.  "Native" is one (and only) one VLAN that doesn't get a tag on the trunk side.  On the other side, any traffic appearing on a trunk with no tag will be switched to the native VLAN for the trunk.

The VLANs can represent separate customers, voice vs. data traffic, or anything where you want separation between the traffic.

There are tweaks to prioritize one type of traffic over another, route between VLANs on a single trunk (router-on-a-stick), etc. but that's the basic idea.

However, VLAN 1 native as the only VLAN on a trunk is pretty much the same thing as a plain old port with no 802.1q at all. There are some subtle differences in the ethernet frame flagging it as trunk-capable.

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

So in this instance I don't want to use Native. Correct?

Also, just so we are clear... before I dig into things further, I am just trying to establish connectivity between the two routers at this point and Comcast says I have to use 802.1Q.

In a perfect world, my assumption was that I could just plug in a laptop in Eth 0/2 at both locations and Eth 0/1 at both locations is configured for 802.1q and plugged into Comcast's Layer 2 Ciena box and connectivity would be established. However, that is clearly not the case.

So in the scenario I am painting above, how do I need to configure the router to establish that connectivity?

jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Your problem pinging across may be simply that you need a static route to the LAN subnet at the other side, not related to 802.1q at all

At site 1 add the following:

ip route 192.168.3.0 255.255.255.0 192.168.4.2

And at site 2, add:

ip route 192.168.2.0 255.255.255.0 192.168.4.1


0 Kudos
jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

From the router itself at site 1 can you ping 192.168.4.2 and from the router itself at site 2 can you ping 192.168.4.1 ?

Did Comcast assign you a specific VLAN ID or just say that you needed to use 802.1q? 

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

No, at site 1: I can ping 192.168.4.1 and at site 2: I can ping 192.168.4.2... those IP addresses are basically the IP assigned to the sub policy on each router. Basically, I can ping from the LAN side to the WAN side on the same router without issue, but can't ping the other router even though the IP Address is in the same range. Does that make sense?

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

We'll give this a try Monday. Closing up shop now. I REALLY appreciate your help Jay and we'll post back on Monday letting you know what our results were. Thanks again and have a great weekend!

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Alright, we setup those static routes on each side and still no joy. Please see attached screen shots. Perhaps I am missing something and doing it in the wrong location? Still cannot ping through to the other side. My though when looking at the routes is that it should be routing any traffic with any subnet mask to the 192.168.4.x address

IMG_1288.JPGIMG_1289.JPGIMG_1290.JPGIMG_1291.JPGIMG_1292.JPGIMG_1293.JPG

jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

You may need to talk to Comcast to determine if they want you to use a specific VLAN ID.  You may be making this more complicated than it needs to be. I would first try it without any 802.1q at all.  Just configure 192.168.4.1 and 192.168.4.2 on the eth 0/1 interfaces directly. 

Also, you have a default route 0.0.0.0/0 on each side pointing to the other.  While this may be OK for a lab test setup, it will cause problems in the real world.  Any traffic not destined for the subnets at each side will loop between the routers and go nowhere.  Is this network connected to the Internet anywhere?  If so, that's where the default belongs.  I would just route the specific subnets at each end to the other. 

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

So, ideally it would look like so to avoid any issues or are you telling me to remove 192.168.3.0 and 192.168.4.0 from the Route Table? I didn't build those routes, the router put them in there automatically.

IMG_1294.JPG

We will also test without 802.1q, although we were told we must use it.

jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

I was more concerned with the 0.0.0.0 routes shown in your previous screen shots.  The specific static routes to the other side's LAN are correct and necessary.

When they told you to use 802.1q did they also assign a specific VLAN? 

Try it without 802.1q first, just put the 192.168.4.x IPs on the eth 0/1 interfaces.

If this doesn't work, then complete the 802.1q configuration.  If they specified a VLAN, use it.  If not then try any VLAN other than VLAN 1, and don't make it native.

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Well, to start peeling back the layers, I turned off 802.1q on both routers, assigned them the same 192.168.4.1 and 192.168.4.2 IP addresses on Eth 0/1 and plugged them into a local switch. I pulled all routing
out except as shown in the last screenshot. I can ping from end to end so at least I know the routing is setup correctly. I'll give that a shot and go from there.

jayh
Honored Contributor
Honored Contributor

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

You should be good to go with just the static routes then. 

Re: Comcast EPL 2 Sites - 801.Q for Beginners

Jump to solution

Jay, I just wanted to say thank you again for all of your help! The issue was indeed vlan tagging on the 802.1q interface. The tags weren't being passed through properly. That being said, normal static routing also worked fine and is what we went with in the end for more control. Hopefully this helps anybody else out there stumbling through this process since Comcast offered very little guidance on it. Again, thanks for everything!