Login
- Table of Contents
-
- 03-Layer 2—LAN Switching Configuration Guide
- 00-Preface
- 01-Ethernet interface configuration
- 02-Loopback, null, and inloopback interface configuration
- 03-Bulk interface configuration
- 04-MAC address table configuration
- 05-Ethernet link aggregation configuration
- 06-Port isolation configuration
- 07-Spanning tree configuration
- 08-Loop detection configuration
- 09-VLAN configuration
- 10-MVRP configuration
- 11-QinQ configuration
- 12-VLAN mapping configuration
- 13-LLDP configuration
- 14-Cut-through forwarding configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 11-QinQ configuration | 177.88 KB |
Configuring transparent transmission for VLANs
Configuring the TPID in VLAN tags
Setting the 802.1p priority in SVLAN tags
Displaying and maintaining QinQ
Configuring QinQ
This document uses the following terms:
· CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network.
· SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
Overview
802.1Q-in-802.1Q (QinQ) adds an 802.1Q tag to 802.1Q tagged customer traffic. It enables a service provider to extend Layer 2 connections across an Ethernet network between customer sites.
QinQ provides the following benefits:
· Enables a service provider to use a single SVLAN to convey multiple CVLANs for a customer.
· Enables customers to plan CVLANs without conflicting with SVLANs.
· Enables customers to keep their VLAN assignment schemes unchanged when the service provider changes its VLAN assignment scheme.
· Allows customers to use overlapping CVLAN IDs. Devices in the service provider network make forwarding decisions based on SVLAN IDs instead of CVLAN IDs.
How QinQ works
As shown in Figure 1, a QinQ frame transmitted over the service provider network carries the following tags:
· CVLAN tag—Identifies the VLAN to which the frame belongs when it is transmitted in the customer network.
· SVLAN tag—Identifies the VLAN to which the QinQ frame belongs when it is transmitted in the service provider network. The service provider allocates the SVLAN tag to the customer.
The devices in the service provider network forward a tagged frame according to its SVLAN tag only. The CVLAN tag is transmitted as part of the frame's payload.
Figure 1 Single-tagged Ethernet frame header and double-tagged Ethernet frame header
As shown in Figure 2, customer A has remote sites CE 1 and CE 4. Customer B has remote sites CE 2 and CE 3. The CVLANs of the two customers overlap. The service provider assigns SVLANs 3 and 4 to customers A and B, respectively.
When a tagged frame from CE 1 arrives, PE 1 tags the frame with SVLAN 3. The double-tagged frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4.
Figure 2 Typical QinQ application scenario
QinQ implementations
QinQ is enabled on a per-port basis. The link type of a QinQ-enabled port can be access, hybrid, or trunk. The QinQ tagging behaviors are the same across these types of ports.
A QinQ-enabled port tags all incoming frames (tagged or untagged) with the PVID tag.
· If an incoming frame already has one tag, it becomes a double-tagged frame.
· If the frame does not have any 802.1Q tags, it becomes a frame tagged with the PVID.
QinQ provides the most basic VLAN manipulation method to tag all incoming frames (tagged or untagged) with the PVID tag. To perform advanced VLAN manipulations, use VLAN mapping (see "Configuring VLAN mapping") or QoS policies. For example:
· To use different SVLANs for different CVLAN tags, use one-to-two VLAN mapping.
· To replace the SVLAN ID, CVLAN ID, or both IDs for an incoming double-tagged frame, use two-to-two VLAN mapping.
· To set the 802.1p priority in SVLAN tags, configure a QoS policy as described in "Setting the 802.1p priority in SVLAN tags."
Protocols and standards
· IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks
· IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges
Restrictions and guidelines
When you configure QinQ, follow these restrictions and guidelines:
· EVB and QinQ are mutually exclusive. Do not enable both features on a port.
· Before you can configure QinQ on a port, you must remove any VLAN mappings on the port. After you enable QinQ on the port, you can configure any VLAN mapping types except two-to-two VLAN mapping. If QinQ and a VLAN mapping conflict, the VLAN mapping takes effect.
· The inner 802.1Q tag of QinQ frames is treated as part of the payload. As a best practice to ensure correct transmission of QinQ frames, set the MTU to a minimum of 1504 bytes for each port on the forwarding path. This value is the sum of the default Ethernet interface MTU (1500 bytes) and the length (4 bytes) of a VLAN tag.
Enabling QinQ
Enable QinQ on customer-side ports of PEs. A QinQ-enabled port tags an incoming frame with its PVID.
To enable QinQ:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable QinQ. |
qinq enable |
By default, QinQ is disabled. |
Configuring transparent transmission for VLANs
You can exclude traffic of a VLAN (for example, the management VLAN) from the QinQ tagging action on a customer-side port. This VLAN is called a transparent VLAN.
To ensure successful transmission for a transparent VLAN, follow these configuration guidelines:
· Set the link type of the port to trunk or hybrid, and assign the port to its PVID and the transparent VLAN.
· Do not configure any other VLAN manipulation actions for the VLAN on the port.
· Make sure all ports on the traffic path permit the VLAN to pass through.
To enable transparent transmission for a list of VLANs:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Configure the port link type. |
port link-type { hybrid | trunk } |
By default, the link type of ports is access. |
|
4. Configure the port to allow packets from its PVID and the transparent VLANs to pass through. |
·
For hybrid ports: ·
For trunk ports: |
By default, trunk ports allow only packets from VLAN 1 to pass through. Hybrid ports allow only packets from VLAN 1 to pass through untagged. |
|
5. Enable QinQ on the port. |
qinq enable |
By default, QinQ is disabled. |
|
6. Specify transparent VLANs. |
qinq transparent-vlan vlan-list |
By default, transparent transmission is not configured for any VLANs on a port. |
Configuring the TPID in VLAN tags
TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On the device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q. In a multi-vendor network, make sure the TPID setting is the same across all devices so 802.1Q tagged frames can be identified correctly.
TPID settings include CVLAN TPID and SVLAN TPID.
A QinQ-enabled port uses the CLAN TPID to match incoming tagged frames. An incoming frame is handled as untagged if its TPID is different from the CVLAN TPID.
SVLAN TPIDs are configurable on a per-port basis. A service provider-side port uses the SVLAN TPID to replace the TPID in outgoing frames' SVLAN tags and match incoming tagged frames. An incoming frame is handled as untagged if the TPID in its outer VLAN tag is different from the SVLAN TPID.
For example, a PE device is connected to a customer device that uses the TPID 0x8200 and to a provider device that uses the TPID 0x9100. For correct packet processing, you must set the CVLAN TPID and SVLAN TPID to 0x8200 and 0x9100 on the PE, respectively.
The TPID field is in the same position as the EtherType field in an untagged Ethernet frame. To ensure correct packet type identification, do not set the TPID value to any of the values listed in Table 1.
Table 1 Reserved EtherType values
|
Protocol type |
Value |
|
ARP |
0x0806 |
|
PUP |
0x0200 |
|
RARP |
0x8035 |
|
IP |
0x0800 |
|
IPv6 |
0x86DD |
|
PPPoE |
0x8863/0x8864 |
|
MPLS |
0x8847/0x8848 |
|
IPX/SPX |
0x8137 |
|
IS-IS |
0x8000 |
|
LACP |
0x8809 |
|
802.1X |
0x888E |
|
LLDP |
0x88CC |
|
802.1ag |
0x8902 |
|
Cluster |
0x88A7 |
|
Reserved |
0xFFFD/0xFFFE/0xFFFF |
Configuring the CVLAN TPID
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure the TPID value for CVLAN tags. |
qinq ethernet-type customer-tag hex-value |
The default setting is 0x8100 for CVLAN tags. |
Configuring the SVLAN TPID
When you configure the SVLAN ID, follow these restrictions and guidelines:
· Configure the SVLAN TPID on service provider-side ports of PEs.
· Do not configure the SVLAN TPID on a QinQ-enabled port.
· EVB and SVLAN TPID configuration are mutually exclusive. Do not configure both features on a port.
To configure the SVLAN TPID:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Ethernet interface view or aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Configure the SVLAN TPID. |
qinq ethernet-type service-tag hex-value |
The default setting is 0x8100 for SVLAN tags. |
Setting the 802.1p priority in SVLAN tags
By default, a QinQ-enabled port sets the 802.1p priority in the SVLAN tag depending on the priority trust mode.
· If the 802.1p priority is trusted, the port copies the 802.1p priority in the CVLAN tag to the SVLAN tag.
· If port priority is trusted, the port sets the 802.1p priority in the SVLAN to be the same as the port priority. The default port priority is 0.
Alternatively, you can configure a QoS policy to set the 802.1p priority in the SVLAN by using one of the following methods:
· Sets an 802.1p priority value in the SVLAN tag depending on the VLAN ID or 802.1p priority in the CVLAN tag.
· Copies the 802.1p priority in the CVLAN tag to the SVLAN tag.
To set the 802.1p priority in SVLAN tags:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a traffic class and enter traffic class view. |
traffic classifier classifier-name [ operator { and | or } ] |
By default, no traffic class is configured. |
|
3. Configure CVLAN match criteria. |
·
Match CVLAN IDs: ·
Match 802.1p priority: |
N/A |
|
4. Return to system view. |
quit |
N/A |
|
5. Create a traffic behavior and enter traffic behavior view. |
traffic behavior behavior-name |
N/A |
|
6. Configure a priority marking action for SVLAN tags. |
·
Replace the priority in the SVLAN tags
of matching frames with the configured priority: ·
Copy the 802.1p
priority in the CVLAN tag to the SVLAN tag: |
N/A |
|
7. Return to system view. |
quit |
N/A |
|
8. Create a QoS policy and enter QoS policy view. |
qos policy policy-name |
N/A |
|
9. Associate the traffic class with the traffic behavior. |
classifier classifier-name behavior behavior-name |
N/A |
|
10. Return to system view. |
quit |
N/A |
|
11. Enter Layer 2 Ethernet interface view. |
interface interface-type interface-number |
N/A |
|
12. Configure the port to trust the 802.1p priority in incoming frames. |
qos trust dot1p |
By default, the device does not trust the 802.1p priority carried in frames. Skip this step if the remark dot1p customer-dot1p-trust command is configured. |
|
13. Enable QinQ. |
qinq enable |
N/A |
|
14. Apply the QoS policy to the inbound direction of the port. |
qos apply policy policy-name inbound |
N/A |
For more information about QoS policies, see ACL and QoS Configuration Guide.
Displaying and maintaining QinQ
Execute display commands in any view.
|
Task |
Command |
|
Display QinQ-enabled ports. |
display qinq [ interface interface-type interface-number ] |
QinQ configuration examples
Basic QinQ configuration example
Network requirements
As shown in Figure 3:
· The service provider assigns VLAN 100 to Company A's VLANs 10 through 70.
· The service provider assigns VLAN 200 to Company B's VLANs 30 through 90.
· The devices between PE 1 and PE 2 in the service provider network use a TPID value of 0x8200.
Configure QinQ on PE 1 and PE 2 to transmit traffic in VLANs 100 and 200 for Company A and Company B, respectively.
For the QinQ frames to be identified correctly, set the SVLAN TPID to 0x8200 on the service provider-side ports of PE 1 and PE 2.
Configuration procedure
1. Configure PE 1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 100 and VLANs 10 through 70.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the PVID for Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] qinq enable
[PE1-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.
[PE1] interface ten-gigabitethernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on Ten-GigabitEthernet 1/0/2.
[PE1-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
[PE1-Ten-GigabitEthernet1/0/2] quit
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200 and VLANs 30 through 90.
[PE1] interface ten-gigabitethernet 1/0/3
[PE1-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the PVID for Ten-GigabitEthernet 1/0/3.
[PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200
# Enable QinQ on Ten-GigabitEthernet 1/0/3.
[PE1-Ten-GigabitEthernet1/0/3] qinq enable
[PE1-Ten-GigabitEthernet1/0/3] quit
2. Configure PE 2:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 200 and VLANs 30 through 90.
<PE2> system-view
[PE2] interface ten-gigabitethernet 1/0/1
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the PVID for Ten-GigabitEthernet 1/0/1.
[PE2-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 200
# Enable QinQ on Ten-GigabitEthernet 1/0/1.
[PE2-Ten-GigabitEthernet1/0/1] qinq enable
[PE2-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.
[PE2] interface ten-gigabitethernet 1/0/2
[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on Ten-GigabitEthernet 1/0/2.
[PE2-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
[PE2-Ten-GigabitEthernet1/0/2] quit
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 100 and VLANs 10 through 70.
[PE2] interface ten-gigabitethernet 1/0/3
[PE2-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the PVID for Ten-GigabitEthernet 1/0/3.
[PE2-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 100
# Enable QinQ on Ten-GigabitEthernet 1/0/3.
[PE2-Ten-GigabitEthernet1/0/3] qinq enable
[PE2-Ten-GigabitEthernet1/0/3] quit
3. Configure the devices between PE 1 and PE 2:
# Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.)
# Configure all the ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag. (Details not shown.)
VLAN transparent transmission configuration example
Network requirements
As shown in Figure 4:
· The service provider assigns VLAN 100 to a company's VLANs 10 through 50.
· VLAN 3000 is the dedicated VLAN of the company on the service provider network.
Configure QinQ on PE 1 and PE 2 to provide Layer 2 connectivity for CVLANs 10 through 50 over the service provider network.
Configure VLAN transparent transmission for VLAN 3000 on PE 1 and PE 2 to enable the hosts in VLAN 3000 to communicate without using an SVLAN.
Configuration procedure
1. Configure PE 1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 10 through 50, 100, and 3000.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] qinq enable
# Configure Ten-GigabitEthernet 1/0/1 to transparently transmit frames from VLAN 3000.
[PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
[PE1-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000.
[PE1] interface ten-gigabitethernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000
[PE1-Ten-GigabitEthernet1/0/2] quit
2. Configure PE 2:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 10 through 50, 100, and 3000.
<PE2> system-view
[PE2] interface ten-gigabitethernet 1/0/1
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on Ten-GigabitEthernet 1/0/1.
[PE2-Ten-GigabitEthernet1/0/1] qinq enable
# Configure Ten-GigabitEthernet 1/0/1 to transparently transmit frames from VLAN 3000.
[PE2-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
[PE2-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000.
[PE2] interface ten-gigabitethernet 1/0/2
[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000
3. Configure the devices between PE 1 and PE 2:
# Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.)
# Configure all the ports on the forwarding path to allow frames from VLANs 100 and 3000 to pass through without removing the VLAN tag. (Details not shown.)
