# 802.1ad (Q-in-Q)

IEEE 802.1ad states that traffic with a single tag should have 0x8100 (802.1q) and traffic for QinQ should be identified with 0x88a8 as the outer tag.

The fields of 802.1ad are essentially identical to 802.1q, but the EtherType is 0x88a8 for the outer tag.

<figure><img src="/files/9csEBDBHyUAILcFGaxdI" alt=""><figcaption></figcaption></figure>

Typically in the real world, two 802.1q tags (8100) are used:

<figure><img src="/files/lOkNiDXtRrMADcmjfEfT" alt=""><figcaption></figcaption></figure>

While some devices might need 88a8 in order to properly identify QinQ, in practice two 8100 tags are often used.

On IOS-XR, we can use an outer tag of 0x88a8 using:

```
int Gi0/0/0/1.100 l2transport
 encap dot1ad 100 second-dot1q 10
```

## L2VPN EFPs <a href="#id-0008874d-c235-41c0-a63d-35a96369d200" id="id-0008874d-c235-41c0-a63d-35a96369d200"></a>

Configuring VLAN tag matching on ASR9000 is usually fairly intuitive. A longest match rule applies. For example, **dot1q 100 second-dot1q 100** will be matched first, before a subinterface with **dot1q 100 second-dot1q any**.

You can use the **exact** keyword to match only one dot1q tag and zero additional dot1q tags. You can use the **any** keyword to match any VLAN id. You can use **encapsulation default** to match anything that wasn’t matched by any other more-specific EFPs. You can also use **encapsulation untagged** under a subinterface to match untagged traffic. This is used to only match untagged traffic such as CDP frames, MST BDPUs, etc.

Generally the **rewrite ingress tag pop 1 symmetric** command is required. This is needed even when a BVI belongs to the same BD, because the BVI does not have an encapsulation. The **symmetric** keyword means that the opposite action happens upon egress. In this case, the tag defined in the **encap dot1q ####** command is pushed upon egress.

```
int Gi0/0/0/1.100 l2transport
 encap dot1q 100
 rewrite ingress tag pop 1 symmetric
```

The **translate** keyword can be used to translate vlan 100 to vlan 200, for example.

```
int Gi0/0/0/1.100 l2transport
 encap dot1q 100
 rewrite ingress tag translate 1-to-1 dot1q 4 symmetric
```

When you use **l2transport** on a physical interface, it matches all traffic, the VLAN tags do not matter. You cannot define **encapsulation** on a physical interface.

```
int Gi0/0/0/3
 l2transport
```

## Further Reading <a href="#id-1ce8dde3-d4d1-8095-bf7c-cfd25ed89c50" id="id-1ce8dde3-d4d1-8095-bf7c-cfd25ed89c50"></a>

<https://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116453-technote-ios-xr-l2vpn-00.html>

* Everything in this article is a must-read for CCIE-SP


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ccie-sp.gitbook.io/ccie-spv5.1-labs/labs/l2-connectivity-notes/802.1ad-q-in-q.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.