The Cisco 2960 switch is a L3 capable switch. Today switches are usually no longer confined to L2 and the router/switch delineation is blurred from the traditional definitions.
You are missing the ip routing command from your config. If you add this command you will find that the VLAN SVIs can route directly between each other on the switch. More information on this feature can be found here:
Configure InterVLAN Routing on Layer 3 Switches
However I do not see any routing configuration or default gateway configured on your switch whatsoever, so I doubt that the switch itself could reach any remote network assistance. I suspect that proxy-arp is what is being used here and the major classes are what is 'choosing' the VLAN.
Proxy ARP
What you're proposing is not going to be possible in a single box.
If we focus just on C-TAG 300, then from the switch port perspective traffic on the Customer-facing/left-most port in your diagram will require ingress frames to have the outer (S-Tag) popped off and traffic dropped into C-VLAN 300 on the switch (so it can be passed to other tagged member interfaces).
When traffic is returning towards this interface however, you will only be able to push a single S-TAG onto C-TAG 300 frames that egress this port either 500 OR 600. The switch has no way of differentiating traffic back to each customer, as any MAC being learnt from this port would be in VLAN 300 from the switch point of view, and not an associated S-VLAN.
It would be possible using two switches (or dare I suggest it, one switch with a cable looped back to itself), but not particularly scalable as the number of S-Tags increases.
Below is a very ghetto ASCII network diagram of how this would work:
Switch 1 Switch 2
+----------+ +-------+
--[600 300]--[500 300]--|-+-(500)--|--[300]--|-(300)-|---[ ]---
Customer-facing | +-(600)--|--[300]--|-( )-|--[300]--
+----------+ +-------+
From the left, You would have the port facing your customers trunked for both S-Tags, and then define VLANs on the switch for both S-VLANs (500 and 600).
You would then have a port in each S-VLAN untagged connected to Switch 2 - this would send out frames with only the payload of each Q-in-Q frame which in this example would be a frame with single C-Tag 300 on it.
On switch 2, you would define VLAN 300 (and other C-VLANs) and have tagged-ports allowing VLAN 300 facing Switch 1.
It may not be immediately obvious from my masterpiece diagram, but Switch 2 has just one big VLAN 300 with four physical interfaces.
Now you can have your other ports with VLAN 300 singly tagged (or untagged) going off to your various services.
As it turns out, it doesn't look like the Nexus 3548 is capable of Q-in-Q:
From Cisco Documentation:
The ability to configure Q-in-Q is available only for Cisco Nexus 3000 and 3100 Series switches. Q-in-Q is automatically enabled when you configure a VLAN ID for an edge port, if the VLAN ID is maintained on the edge port.
Best Answer
Remember, by default, VLAN 1 is associated with all the physical interfaces, Default VLAN (for access ports) and Native VLAN (for IEEE 802.1Q trunks) on the switch. The thing that people does is to unassociated with the required interface(in this case, VLAN 1 ):
The only way that one Vlan interfaces came UP is to associated with some interface of that switch, this is the only way.
I guess, this is the problem that you have. Here you can find the datasheet for your 2690 switch:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_25_fx/configuration/guide/2960scg.pdf
Are supported up to 4096 Vlan ID on that switch, on the way that you can do what you are asking, i guess, first you need to clear the capabilities of your equipment, and next, configure what you want.