Syntax
display port vlan-vpn
View
Any view
Parameters
None
Description
Use the display port vlan-vpn
command to display the information about VLAN-VPN configuration of the current
system.
Related commands: vlan-vpn enable, vlan-vpn
inner-cos-trust, vlan-vpn tpid.
Examples
# Display the VLAN-VPN configuration of the
current system.
<Sysname> display port vlan-vpn
VLAN-VPN TPID: 8200
Ethernet1/0/1
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
Ethernet1/0/5
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
Table 1-1
Description on the fields of the display port
vlan-vpn command
|
Field
|
Description
|
|
VLAN-VPN TPID
|
Global TPID value
|
|
Ethernet1/0/1
|
The port with the VLAN VPN feature
enabled
|
|
VLAN-VPN status
|
The operation status of the VLAN VPN
feature on the port
|
|
VLAN-VPN VLAN
|
The VLAN corresponding to the tag that
the port tags packets with, that is, the default VLAN of the port
|
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn enable command to
enable the VLAN-VPN feature for a port.
Use the undo vlan-vpn command to
disable the VLAN-VPN feature for a port.
By default, the VLAN-VPN feature is
disabled.
With the VLAN-VPN feature enabled, a
received packet is tagged with the default VLAN tag of the receiving port no
matter whether or not the packet already carries a VLAN tag.
l
If the packet already carries a VLAN tag, the packet
becomes a dual-tagged packet.
l
Otherwise, the packet becomes a packet carrying
the default VLAN tag of the port.
You can use the display port vlan-vpn
command to display the configuration information of VLAN-VPN on the ports to
verity your configuration.
After the VLAN-VPN function is enabled, you
can use the vlan-vpn vid command and the raw-vlan-id inbound
command to configure the selective QinQ function. Refer to Selective QinQ Configuration Commands
for details.
Examples
# Enable the VLAN-VPN feature for Ethernet 1/0/1
port.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn
enable
1.1.3 vlan-vpn tpid
Syntax
vlan-vpn tpid
value
undo vlan-vpn tpid
View
System view
Parameters
value:
User-defined TPID value (in hexadecimal format), in the range 0x0001 to 0xFFFF.
Description
Use the vlan-vpn tpid command to set
the global TPID value. With the TPID value set , the port fills the value to
the TPID field of the outer tag to be added for a packet and, upon receiving a
packet, compares the TPID value with the TPID field of the packet to determine
whether the packet carries a VLAN tag or not.
Use the undo vlan-vpn tpid command
to restore the default TPID value.
The default TPID value is 0x8100.
For the position and function of the TPID
field in a packet, refer to VLAN Operation.
The TPID field in an Ethernet frame has the
same position with the protocol type field in a frame without a VLAN tag. To prevent
other devices in the network from recognizing the tag-encapsulated packets of
the current switch as protocol packets, you are not allowed to set the TPID
value to any of the values in the table below.
Table 1-2 Common Ethernet frame protocol
type values
|
Protocol type
|
Value
|
|
ARP
|
0x0806
|
|
IP
|
0x0800
|
|
MPLS
|
0x8847/0x8848
|
|
IPX
|
0x8137
|
|
IS-IS
|
0x8000
|
|
LACP
|
0x8809
|
|
802.1x
|
0x888E
|
Examples
# Set the global TPID value to 0x9100.
<Sysname>
system-view
System
View: return to User View with Ctrl+Z.
[Sysname]
vlan-vpn tpid 9100
Syntax
raw-vlan-id inbound vlan-id-list
undo raw-vlan-id inbound { all | vlan-id-list }
View
QinQ view
Parameters
vlan-id-list:
Lists of VLAN IDs. After receiving packets of these VLANs, the switch will
encapsulate the packets with the specified outer VLAN tag. You need to provide
this argument in the form of { vlan-id [ to vlan-id ]
}&<1-10>, where the VLAN ID after the to keyword must be
larger than or equal to the VLAN ID before the to keyword and &<1-10>
means that you can specify up to 10 VLANs/VLAN ranges for this argument.
all: Removes
all configurations of encapsulating an outer VLAN tag for specified inner VLANs
in the current view.
Description
Use the raw-vlan-id inbound command
to specify to encapsulate packets with the specified inner VLAN tags with the
specified outer tag. This command must be configured on ports connecting the
user network.
Use the undo raw-vlan-id inbound command
to remove the configuration.
By default, the switch does not encapsulate
packets with any outer VLAN tag.
Caution:
A packet cannot be
tagged with different outer VLAN tags. To change the outer VLAN tag of a
packet, you need to remove the existing outer VLAN tag configuration and
configure a new outer VLAN tag.
Before configuring this command in QinQ
view, you need to use the vlan-vpn vid command to configure the outer
VLAN tag to be used in the selective QinQ policy.
Related commands: vlan-vpn vid.
Examples
# Configure Switch to add the tag of VLAN
20 as the outer tag to packets with their inner VLAN IDs being 8 through 15.
<Sysname>
system-view
System View: return to User View with
Ctrl+Z.
[Sysname] vlan-vpn vid 20
[Sysname-vid-20] raw-vlan-id inbound
8 to 15
2.1.2 vlan-vpn
vid
Syntax
vlan-vpn vid vlan-id
undo vlan-vpn vid vlan-id
View
System view
Parameters
vlan-id:
VLAN ID, in the range 1 to 4094.
Description
Use the vlan-vpn vid command to
configure the outer VLAN tag for a selective QinQ policy (that is, the outer
VLAN tag to be used by a port to encapsulate received packets) and to enter
QinQ view.
Use the undo vlan-vpn vid command to
remove the configured outer VLAN tag. Note that this command will also remove all
configurations configured by the raw-vlan-id inbound command in QinQ view.
By default, no selective QinQ policy is configured
on a port.
After specifying an outer VLAN tag and
enter QinQ view, you need to use the raw-vlan-id inbound command to specify
which VLANs’ packets will be encapsulated with the specified outer VLAN
tag. Otherwise, the configuration of the outer VLAN tag is of no use.
Related commands: raw-vlan-id inbound.
Examples
# Specify to add VLAN 20 tag as the outer
tags to the packets with their inner VLAN IDs being 2 through 14.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] vlan-vpn vid 20
[Sysname-vid-20] raw-vlan-id inbound
2 to 14
Syntax
vlan-vpn selective enable
undo vlan-vpn selective enable
View
Ethernet port view
Parameter
None
Description
Use the vlan-vpn selective enable
command to enable the selective QinQ feature on a port. With the selective QinQ
feature enabled, packets carrying specific inner VLAN tags are tagged with
specific outer VLAN tags according to the VLAN tag mapping rules defined.
Use the undo vlan-vpn selective enable
command to disable the selective QinQ feature.
By default, the selective QinQ feature is
disabled on a port.
Related commands: vlan-vpn vid, raw-vlan-id
inbound.
Example
# Enable the selective QinQ feature on
Ethernet 1/0/1.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname]
interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1]
vlan-vpn selective enable
Syntax
vlan-mapping vlan old-vlan-id remark new-vlan-id
undo vlan-mapping vlan old-vlan-id
View
System view, Ethernet port view
Parameter
vlan old-vlan-id:
Specifies the source VLAN ID for VLAN mapping. The old-vlan-id argument
is in the range of 1 to 4094.
remark new-vlan-id: Specifies the target VLAN ID for VLAN mapping. The new-vlan-id
argument is in the range of 1 to 4094.
Description
Use the vlan-mapping command
in system view to define a global VLAN mapping rule. A VLAN mapping rule maps
the VLAN tag of a specific VLAN carried in packets to another one.
Use the vlan-mapping command in
Ethernet port view to define a VLAN mapping rule for the current port and enable
the VLAN mapping function for the port.
Use the undo vlan-mapping command in
system view to invalidate a VLAN mapping rule.
Use the undo vlan-mapping command in
Ethernet port view to invalidate a VLAN mapping rule and disable the VLAN
mapping function on the current port.
By default,
no global VLAN mapping rule or port-level VLAN mapping rule is defined.
l
A port that is in a link aggregation port group
cannot have the VLAN Mapping feature enabled.
l
The VLAN mapping function and the protocol-based
VLAN function are mutually exclusive on the same port.
l
To modify a VLAN mapping relationship, you need
to delete the corresponding VLAN mapping rule and then define a new one.
l
With a global VLAN mapping rule defined in
system view, you cannot define any VLAN mapping rules in Ethernet port view.
Related commands: vlan-mapping enable.
Example
# Define a VLAN mapping rule on Ethernet
1/0/1 to map VLAN 100 to VLAN 200.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1]vlan-mapping vlan
100 remark 200
Syntax
vlan-mapping enable
undo vlan-mapping enable
View
Ethernet port view
Parameter
None
Description
Use the vlan-mapping enable command
to enable the VLAN mapping function on a port based on global VLAN mapping
rules.
Use the undo vlan-mapping enable
command to disable the VLAN mapping function on a port.
By default,
the VLAN mapping function is disabled.
l
A port that is in a link aggregation port group
cannot have the VLAN Mapping feature enabled.
l
With port-based VLAN mapping rules configured
for a port, the VLAN mapping function is enabled on the port at the same time.
In this case, the vlan-mapping enable command cannot be used to enable
the VLAN mapping function again.
l
The VLAN mapping function and the protocol-based
VLAN function are mutually exclusive on the same port.
Related command: vlan-mapping.
Example
# Enable the VLAN mapping function on
Ethernet 1/0/1.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-mapping
enable
Syntax
bpdu-tunnel protocol-type
undo bpdu-tunnel { protocol-type | all }
View
Ethernet port view
Parameters
protocol-type: Protocol type, packets of which will be transmitted through a BPDU
tunnel, This argument can be a keyword listed in Table 4-1.
Table 4-1 Description on the protocol-name
argument
|
Value
|
Description
|
|
cdp
|
Enable/Disable BPDU tunnel for CISCO
discovery protocol (CDP).
|
|
hgmp
|
Enable/Disable BPDU tunnel for Huawei
group management protocol (HGMP) related protocols, including neighbor
discovery protocol (NDP), neighbor topology discovery protocol, cluster member
remote control (MRC), and Huawei authentication bypass protocol (HABP).
|
|
lacp
|
Enable/Disable BPDU tunnel for link
aggregation control protocol (LACP).
|
|
pagp
|
Enable/Disable BPDU tunnel for port
aggregation protocol (PAGP).
|
|
pvst
|
Enable/Disable BPDU tunnel for per-VLAN
spanning tree (PVST).
|
|
stp
|
Enable/Disable BPDU tunnel for spanning
tree protocol (STP).
|
|
vtp
|
Enable/Disable BPDU tunnel for VLAN trunk
protocol (VTP).
|
|
udld
|
Enable/Disable BPDU tunnel for uni-directional
link direction (UDLD).
|
all:
Disables BPDU tunnel for all protocol packets.
Description
Use the bpdu-tunnel command to
enable BPDU tunnel on a port, so that packets of the specified protocol will be
transparently transmitted through the BPDU tunnel on the port.
Use the undo bpdu-tunnel command to
disable BPDU tunnel on a port.
By default, BPDU tunnel is disabled on a
port.
After you enable a port to transmit packets
of a specified protocol type through the BPDU tunnel, when the port receives
such a packet, it will use the specified private multicast MAC address to
replace the original destination MAC address of the packet before sending it. As
a result, the packet will not be recognized as a protocol packet by other
devices in the operator network during transmission. In this way, transparent
transmission is implemented.
You can use the bpdu-tunnel tunnel-dmac
command to change the destination MAC addresses of protocol packets to a
specified multicast MAC address.
Caution:
l
If this command is enabled on a port for a
specific protocol, the specific protocol cannot be enabled on the port. For
example, if you have configured the bpdu-tunnel lacp command, the lacp
enable command cannot be enabled on the port.
l
The commands configured for service
provider’s devices at both ends of a BPDU tunnel must be consistent.
Otherwise, BPDU packets of the customer network cannot be transparently
transmitted properly.
Examples
# Enable BPDU tunnel for packets of LACP.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] bpdu-tunnel lacp
Syntax
bpdu-tunnel tunnel-dmac mac-address
undo bpdu-tunnel tunnel-dmac
View
System view
Parameters
mac-address:
Destination MAC address to be assigned to the protocol packets transmitted
along a BPDU tunnel. This argument must be a multicast MAC address.
Description
Use the bpdu-tunnel tunnel-dmac
command to configure the destination MAC address for protocol packets
transmitted along a BPDU tunnel.
Use the undo bpdu-tunnel tunnel-dmac
command to restore the default destination MAC address.
By default, the destination MAC address for
protocol packets transmitted along a BPDU tunnel is 010f-e200-0003.
Caution:
Related commands: display bpdu-tunnel.
Examples
# Set the destination MAC address for
protocol packets transmitted along BPDU tunnels to 010f-e266-c3ab.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] bpdu-tunnel tunnel-dmac
010f-e266-c3ab
Syntax
display bpdu-tunnel
View
Any view
Parameters
None
Description
Use the display bpdu-tunnel command
to display the private multicast MAC address configured for protocol packets
transmitted along the BPDU tunnel(s).
Related commands: bpdu-tunnel tunnel-dmac.
Examples
# Display the private multicast MAC address
configured for packets transmitted along the BPDU tunnel(s).
<Sysname> display bpdu-tunnel
Tunnel packet's
destination-mac-address: 010f-e2cd-0003
The above output information indicates that
all the protocol packets transmitted along the BPDU tunnel(s) use 010f-e2cd-0003
as their destination MAC addresses.
