A Service Provider provides a Layer 2 connection that is based on IEEE 802.1ad.
When the customer tries to access a switch at the other side of the link by using SSH, the connection fails.
What is the cause of this failure?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://ccieblog.co.uk/qinq/802-1q-tunnelling-qinqThe most likely cause of the SSH connection failure in this scenario is that the Service Provider omitted the command "vlan dot1q tag native" on the link that connects the customer's switch to the Service Provider's network.
IEEE 802.1ad, also known as Provider Bridging or QinQ, is a protocol that allows Service Providers to provide Layer 2 connectivity to customers using a single physical link. It works by adding an additional VLAN tag to Ethernet frames, which identifies the customer's VLAN as well as the Service Provider's VLAN. This allows the Service Provider to differentiate traffic from multiple customers on the same physical link.
In this scenario, the customer is trying to access a switch on the other side of the link using SSH. SSH is a Layer 7 protocol that relies on a reliable Layer 4 transport protocol such as TCP to establish a connection. However, since the Layer 2 connection is based on IEEE 802.1ad, the Ethernet frames sent by the customer's switch are tagged with the customer's VLAN ID as well as the Service Provider's VLAN ID. The switch on the other side of the link does not expect to receive frames with two VLAN tags, and therefore drops them, resulting in the SSH connection failure.
The command "vlan dot1q tag native" is used to strip the Service Provider's VLAN tag from frames that belong to the customer's native VLAN. The native VLAN is the VLAN that is not tagged on the link between the customer and the Service Provider. By default, frames belonging to the native VLAN are tagged with the Service Provider's VLAN ID when they are sent across the link. By using the "vlan dot1q tag native" command, the Service Provider can remove the Service Provider's VLAN tag from frames belonging to the customer's native VLAN, allowing the switch on the other side of the link to receive them correctly.
The other commands listed in the answers, "l2protocol-tunnel stp" and "l2protocol-tunnel vtp", are used to tunnel Layer 2 control protocols such as STP and VTP across the Service Provider's network. These commands are not relevant to the issue described in the scenario. The command "spanning-tree bpdufilter enable" is used to filter BPDU frames, which are used by STP to prevent loops in a Layer 2 network. This command may be used by the Service Provider to prevent customers from sending their own BPDU frames across the network, but it is not relevant to the SSH connection failure in this scenario.