登录

欢迎user新华三退出

国家 / 地区

  • 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

H3C 中低端以太网交换机 二层技术-以太网交换典型配置指导-6W100

目录

06-VLAN映射典型配置指导

本章节下载 06-VLAN映射典型配置指导  (466.9 KB)

docurl=/cn/Service/Document_Software/Document_Center/Switches/Catalog/CE3000/CE3000-EI/Configure/Typical_Configuration_Example/H3C_2Layer-CG-6W100/201111/733118_30005_0.htm

06-VLAN映射典型配置指导

目 

1 VLAN映射典型配置指导

1.1 1:1/N:1 VLAN映射典型配置指导(方式一)

1.1.1 组网需求

1.1.2 配置思路

1.1.3 适用产品、版本

1.1.4 配置过程和解释

1.1.5 完整配置

1.1.6 配置注意事项

1.2 1:1/N:1 VLAN映射典型配置指导(方式二)

1.2.1 组网需求

1.2.2 配置思路

1.2.3 适用产品、版本

1.2.4 配置过程和解释

1.2.5 完整配置

1.2.6 配置注意事项

1.3 2:2 VLAN映射典型配置指导

1.3.1 组网需求

1.3.2 配置思路

1.3.3 适用产品、版本

1.3.4 配置过程和解释

1.3.5 完整配置

1.3.6 配置注意事项

 

1 VLAN映射典型配置指导

VLAN映射是指将报文原有的VLAN标签进行替换,使其能够在转发后的网络中应用基于VLAN的各种传输策略。

l              1:1 VLAN映射:将来自某一特定VLAN的报文所携带的VLAN Tag替换为新的VLAN Tag。

l              N:1 VLAN映射:将来自两个或多个VLAN的报文所携带的不同VLAN Tag替换为相同的VLAN Tag。

l              2:2 VLAN映射:将携带有两层VLAN Tag的报文的内、外层VLAN Tag都替换为新的VLAN Tag。

图1-1 VLAN映射基本概念示意图

 

图1-1所示,为了更好的理解后面的配置过程,此处定义几个概念:

l              上行数据流:从用户网络发往汇聚层网络或SP网络的数据流,都称为上行数据流。

l              下行数据流:从汇聚层网络或SP网络发往用户网络的数据流,都称为下行数据流。

l              上行端口:发送上行数据流和接收下行数据流的端口称为上行端口。

l              下行端口:发送下行数据流和接收上行数据流的端口称为下行端口。

l              上行策略:负责上行数据流VLAN映射规则的QoS策略。

l              下行策略:负责下行数据流VLAN映射规则的QoS策略。

1.1  1:1/N:1 VLAN映射典型配置指导(方式一)

1.1.1  组网需求

图1-2 1:1/N:1 VLAN映射典型配置组网示意图

 

在某个小区网络中,服务提供商为家庭用户提供电脑上网(PC)、视频点播(VoD)和语音电话(VoIP)三种数据应用服务,每个用户通过家庭网关接入楼道交换机,并通过DHCP自动获取IP地址。在向用户分发家庭网关时,服务提供商在家庭网关上进行了统一配置,将PC业务划分到VLAN1、VoD业务化分到VLAN2、VoIP业务划分到VLAN3。

在楼道交换机上,为了对不同用户的相同业务进行区分,同时防止用户之间的信息泄漏和恶意攻击,要求将每个用户的每种业务采用单独的VLAN进行标记;在园区交换机上,为节省VLAN资源,要求将数据根据业务类型进行统一分类,其中:PC业务通过VLAN 501发送;VoD业务通过VLAN 502发送;VoIP业务通过VLAN 503发送。

1.1.2  配置思路

l              上行数据的映射

要完成楼道交换机的组网需求,可以通过1:1VLAN映射功能来实现,即在连接每个家庭网关的端口上配置QoS策略,流分类为匹配用户原始VLAN,流行为为重标记报文的VLAN标签,即可将接收到的所有用户的VLAN1/VLAN2/VLAN3的数据都分别映射到不同的VLAN。例如在端口1上将VLAN1映射到VLAN101,在端口2上将VLAN1映射到VLAN102,依次类推。这样,便可保证在楼道交换机上,每个用户的每种业务都能够用不同的VLAN来区分。

在园区交换机上,需要使用N:1 VLAN映射,即在QoS策略中,流分类为匹配经楼道交换机重标记后的同一类报文的多个VLAN,流行为为重标记报文的VLAN标签。将此QoS策略在下行端口应用后,即可将楼道交换机映射后的数据再根据数据类型进行重新映射,忽略对不同用户的区分,例如将上一段介绍中楼道交换机映射后的VLAN101和VLAN102都映射为501。

以上是对组网中上行数据进行的映射配置,为保证用户能够从外网获取数据,还必须对下行的数据进行配置,使其准确的发送给提出需求的用户。

l              下行数据的映射

由于用户都是采用DHCP方式自动获取IP地址,因此可以在楼道交换机和园区交换机上都配置DHCP Snooping功能,将每个用户的每个客户端的IP地址、MAC地址、接收端口和映射前的VLAN作为一条绑定表项进行记录,当下行报文到来时,可以通过报文的目的IP地址确认目的主机,并根据DHCP Snooping绑定表项中对应该IP的VLAN信息来进行VLAN映射,从而完成反向的VLAN标签替换。

经过以上配置后,用户与外网间交互的数据中VLAN标签会按图1-3所示进行替换。

图1-3 1:1/N:1 VLAN映射配置效果示意图

 

1.1.3  适用产品、版本

表1-1 配置适用的产品与软件版本关系

产品

软件版本

S3610&S5510系列以太网交换机

Release 5301,Release 5303,Release 5306,Release 5309

S3500-EA系列以太网交换机

Release 5303,Release 5309

 

1.1.4  配置过程和解释

(1)        楼道交换机SwitchA的配置

l              对上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为1、2、3的报文。

<SwitchA> system-view

[SwitchA] traffic classifier uplink_1 operator or

[SwitchA-classifier-uplink_1] if-match customer-vlan-id 1

[SwitchA-classifier-uplink_1] quit

[SwitchA] traffic classifier uplink_2 operator or

[SwitchA-classifier-uplink_2] if-match customer-vlan-id 2

[SwitchA-classifier-uplink_2] quit

[SwitchA] traffic classifier uplink_3 operator or

[SwitchA-classifier-uplink_3] if-match customer-vlan-id 3

[SwitchA-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为101、201、301。

[SwitchA] traffic behavior uplink_1

[SwitchA-behavior-uplink_1] remark service-vlan-id 101

[SwitchA-behavior-uplink_1] quit

[SwitchA] traffic behavior uplink_2

[SwitchA-behavior-uplink_2] remark service-vlan-id 201

[SwitchA-behavior-uplink_2] quit

[SwitchA] traffic behavior uplink_3

[SwitchA-behavior-uplink_3] remark service-vlan-id 301

[SwitchA-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN101、VLAN2的报文映射至VLAN201、VLAN3的报文映射至VLAN301。

[SwitchA] qos policy uplink_1

[SwitchA-policy-uplink_1] classifier uplink_1 behavior uplink_1

[SwitchA-policy-uplink_1] classifier uplink_2 behavior uplink_2

[SwitchA-policy-uplink_1] classifier uplink_3 behavior uplink_3

[SwitchA-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许用户VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3

# 在端口GigabitEthernet1/0/1的入方向上应用上行策略uplink_1。

[SwitchA-GigabitEthernet1/0/1] qos apply policy uplink_1 inbound

[SwitchA-GigabitEthernet1/0/1] quit

# 配置三个流行为,动作为重标记运营商VLAN为102、202、302。

[SwitchA] traffic behavior uplink_4

[SwitchA-behavior-uplink_4] remark service-vlan-id 102

[SwitchA-behavior-uplink_4] quit

[SwitchA] traffic behavior uplink_5

[SwitchA-behavior-uplink_5] remark service-vlan-id 202

[SwitchA-behavior-uplink_5] quit

[SwitchA] traffic behavior uplink_6

[SwitchA-behavior-uplink_6] remark service-vlan-id 302

[SwitchA-behavior-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN102、VLAN2的报文映射至VLAN202、VLAN3的报文映射至VLAN302。

[SwitchA] qos policy uplink_2

[SwitchA-policy-uplink_2] classifier uplink_1 behavior uplink_4 mode dot1q-tag-manipulation

[SwitchA-policy-uplink_2] classifier uplink_2 behavior uplink_5 mode dot1q-tag-manipulation

[SwitchA-policy-uplink_2] classifier uplink_3 behavior uplink_6 mode dot1q-tag-manipulation

[SwitchA-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许用户原始VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchA-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchA-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchA] interface gigabitethernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 101 201 301 102 202 302

[SwitchA-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 使能DHCP Snooping功能。

[SwitchA] dhcp-snooping

# 在每个进行映射的VLAN上都使能ARP Detection功能,以便对ARP报文进行VLAN映射。

[SwitchA] vlan 1

[SwitchA-vlan1] arp detection enable

[SwitchA-vlan1] vlan 2

[SwitchA-vlan2] arp detection enable

[SwitchA-vlan2] vlan 3

[SwitchA-vlan3] arp detection enable

[SwitchA-vlan3] vlan 101

[SwitchA-vlan101] arp detection enable

[SwitchA-vlan101] vlan 201

[SwitchA-vlan201] arp detection enable

[SwitchA-vlan201] vlan 301

[SwitchA-vlan301] arp detection enable

[SwitchA-vlan301] vlan 102

[SwitchA-vlan102] arp detection enable

[SwitchA-vlan102] vlan 202

[SwitchA-vlan202] arp detection enable

[SwitchA-vlan202] vlan 302

[SwitchA-vlan302] arp detection enable

[SwitchA-vlan302] quit

# 配置端口GigabitEthernet1/0/1与源IP和源MAC地址进行动态绑定。

[SwitchA] interface GigabitEthernet1/0/1

[SwitchA-GigabitEthernet1/0/1] ip check source ip-address mac-address

[SwitchA-GigabitEthernet1/0/1] quit

# 配置端口GigabitEthernet1/0/2与源IP和源MAC地址进行动态绑定。

[SwitchA] interface GigabitEthernet1/0/2

[SwitchA-GigabitEthernet1/0/2] ip check source ip-address mac-address

[SwitchA-GigabitEthernet1/0/2] quit

# 配置端口GigabitEthernet1/0/3为DHCP Snooping信任端口。

[SwitchA] interface GigabitEthernet1/0/3

[SwitchA-GigabitEthernet1/0/3] dhcp-snooping trust

# 配置端口GigabitEthernet1/0/3为ARP信任端口。

[SwitchA-GigabitEthernet1/0/3] arp detection trust

(2)        楼道交换机SwitchB的配置

l              对上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为1、2、3的报文。

<SwitchB> system-view

[SwitchB] traffic classifier uplink_1 operator or

[SwitchB-classifier-uplink_1] if-match customer-vlan-id 1

[SwitchB-classifier-uplink_1] quit

[SwitchB] traffic classifier uplink_2 operator or

[SwitchB-classifier-uplink_2] if-match customer-vlan-id 2

[SwitchB-classifier-uplink_2] quit

[SwitchB] traffic classifier uplink_3 operator or

[SwitchB-classifier-uplink_3] if-match customer-vlan-id 3

[SwitchB-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为111、211、311。

[SwitchB] traffic behavior uplink_1

[SwitchB-behavior-uplink_1] remark service-vlan-id 111

[SwitchB-behavior-uplink_1] quit

[SwitchB] traffic behavior uplink_2

[SwitchB-behavior-uplink_2] remark service-vlan-id 211

[SwitchB-behavior-uplink_2] quit

[SwitchB] traffic behavior uplink_3

[SwitchB-behavior-uplink_3] remark service-vlan-id 311

[SwitchB-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN111、VLAN2的报文映射至VLAN211、VLAN3的报文映射至VLAN311。

[SwitchB] qos policy uplink_1

[SwitchB-policy-uplink_1] classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_1] classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_1] classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许用户原始VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3

# 在端口GigabitEthernet1/0/1的入方向上应用上行策略uplink_1。

[SwitchB-GigabitEthernet1/0/1] qos apply policy uplink_1 inbound

[SwitchB-GigabitEthernet1/0/1] quit

# 配置三个流行为,动作为重标记运营商VLAN为112、212、312。

[SwitchB] traffic behavior uplink_4 operator or

[SwitchB-behavior-uplink_4] remark service-vlan-id 112

[SwitchB-behavior-uplink_4] quit

[SwitchB] traffic behavior uplink_5 operator or

[SwitchB-behavior-uplink_5] remark service-vlan-id 212

[SwitchB-behavior-uplink_5] quit

[SwitchB] traffic behavior uplink_6 operator or

[SwitchB-behavior-uplink_6] remark service-vlan-id 312

[SwitchB-behavior-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN112、VLAN2的报文映射至VLAN212、VLAN3的报文映射至VLAN312。

[SwitchB] qos policy uplink_2

[SwitchB-policy-uplink_2] classifier uplink_1 behavior uplink_4 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_2] classifier uplink_2 behavior uplink_5 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_2] classifier uplink_3 behavior uplink_6 mode dot1q-tag-manipulation

[SwitchB-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许用户原始VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-type trunk

[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchB-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchB-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchB] interface gigabitethernet 1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-type trunk

[SwitchB-GigabitEthernet1/0/3] port trunk permit vlan 111 211 311 112 212 312

[SwitchB-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 使能DHCP Snooping功能。

[SwitchB] dhcp-snooping

# 在每个进行映射的VLAN上都使能ARP Detection功能,以便对ARP报文进行VLAN映射。

[SwitchB] vlan 1

[SwitchB-vlan1] arp detection enable

[SwitchB-vlan1] vlan 2

[SwitchB-vlan2] arp detection enable

[SwitchB-vlan2] vlan 3

[SwitchB-vlan3] arp detection enable

[SwitchB-vlan3] vlan 111

[SwitchB-vlan111] arp detection enable

[SwitchB-vlan111] vlan 211

[SwitchB-vlan211] arp detection enable

[SwitchB-vlan211] vlan 311

[SwitchB-vlan311] arp detection enable

[SwitchB-vlan311] vlan 112

[SwitchB-vlan112] arp detection enable

[SwitchB-vlan112] vlan 212

[SwitchB-vlan212] arp detection enable

[SwitchB-vlan212] vlan 312

[SwitchB-vlan312] arp detection enable

[SwitchB-vlan312] quit

# 配置端口GigabitEthernet1/0/1与源IP和源MAC地址进行动态绑定。

[SwitchB] interface GigabitEthernet1/0/1

[SwitchB-GigabitEthernet1/0/1] ip check source ip-address mac-address

[SwitchB-GigabitEthernet1/0/1] quit

# 配置端口GigabitEthernet1/0/2与源IP和源MAC地址进行动态绑定。

[SwitchB] interface GigabitEthernet1/0/2

[SwitchB-GigabitEthernet1/0/2] ip check source ip-address mac-address

[SwitchB-GigabitEthernet1/0/2] quit

# 配置端口GigabitEthernet1/0/3为DHCP Snooping信任端口。

[SwitchB] interface GigabitEthernet1/0/3

[SwitchB-GigabitEthernet1/0/3] dhcp-snooping trust

# 配置端口GigabitEthernet1/0/3为ARP信任端口。

[SwitchB-GigabitEthernet1/0/3] arp detection trust

(3)        园区交换机SwitchC的配置

l              对SwitchA上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为101~102、201~202、301~302的报文。

<SwitchC> system-view

[SwitchC] traffic classifier uplink_1 operator or

[SwitchC-classifier-uplink_1] if-match customer-vlan-id 101 102

[SwitchC-classifier-uplink_1] quit

[SwitchC] traffic classifier uplink_2 operator or

[SwitchC-classifier-uplink_2] if-match customer-vlan-id 201 202

[SwitchC-classifier-uplink_2] quit

[SwitchC] traffic classifier uplink_3 operator or

[SwitchC-classifier-uplink_3] if-match customer-vlan-id 301 302

[SwitchC-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为501、502、503。

[SwitchC] traffic behavior uplink_1

[SwitchC-behavior-uplink_1] remark service-vlan-id 501

[SwitchC-behavior-uplink_1] quit

[SwitchC] traffic behavior uplink_2

[SwitchC-behavior-uplink_2] remark service-vlan-id 502

[SwitchC-behavior-uplink_2] quit

[SwitchC] traffic behavior uplink_3

[SwitchC-behavior-uplink_3] remark service-vlan-id 503

[SwitchC-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将VLAN101~VLAN102的报文映射至VLAN501、VLAN201~VLAN202的报文映射至VLAN502、VLAN301~VLAN302的报文映射至VLAN503。

[SwitchC] qos policy uplink_1

[SwitchC-policy-uplink_1] classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许SwitchA发送的所有VLAN的报文通过。

[SwitchC] interface gigabitethernet 1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302

# 在端口GigabitEthernet1/0/1的入方向上应用上行策略uplink_1。

[SwitchC-GigabitEthernet1/0/1] qos apply policy uplink_1 inbound

[SwitchC-GigabitEthernet1/0/1] quit

l              对SwitchB上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为111~112、211~212、311~312的报文。

[SwitchC] traffic classifier uplink_4 operator or

[SwitchC-classifier-uplink_4] if-match customer-vlan-id 111 112

[SwitchC-classifier-uplink_4] quit

[SwitchC] traffic classifier uplink_5 operator or

[SwitchC-classifier-uplink_5] if-match customer-vlan-id 211 212

[SwitchC-classifier-uplink_5] quit

[SwitchC] traffic classifier uplink_6 operator or

[SwitchC-classifier-uplink_6] if-match customer-vlan-id 311 312

[SwitchC-classifier-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和之前配置的三个流行为分别配对,实现将VLAN111~VLAN112的报文映射至VLAN501、VLAN211~VLAN212的报文映射至VLAN502、VLAN311~VLAN312的报文映射至VLAN503。

[SwitchC] qos policy uplink_2

[SwitchC-policy-uplink_2] classifier uplink_4 behavior uplink_1 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] classifier uplink_5 behavior uplink_2 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] classifier uplink_6 behavior uplink_3 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许SwitchB发送的所有VLAN的报文通过。

[SwitchC] interface gigabitethernet 1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 111 112 211 212 311 312

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchC-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchC-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchC] interface gigabitethernet 1/0/3

[SwitchC-GigabitEthernet1/0/3] port link-type trunk

[SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503

[SwitchC-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 使能DHCP Snooping功能。

[SwitchC] dhcp-snooping

# 在每个进行映射的VLAN上都使能ARP Detection功能,以便对ARP报文进行VLAN映射。

[SwitchC] vlan 101

[SwitchC-vlan101] arp detection enable

[SwitchC-vlan101] vlan 201

[SwitchC-vlan201] arp detection enable

[SwitchC-vlan201] vlan 301

[SwitchC-vlan301] arp detection enable

[SwitchC-vlan301] vlan 102

[SwitchC-vlan102] arp detection enable

[SwitchC-vlan102] vlan 202

[SwitchC-vlan202] arp detection enable

[SwitchC-vlan202] vlan 302

[SwitchC-vlan302] arp detection enable

[SwitchC-vlan302] vlan 111

[SwitchC-vlan111] arp detection enable

[SwitchC-vlan111] vlan 211

[SwitchC-vlan211] arp detection enable

[SwitchC-vlan211] vlan 311

[SwitchC-vlan311] arp detection enable

[SwitchC-vlan311] vlan 112

[SwitchC-vlan112] arp detection enable

[SwitchC-vlan112] vlan 212

[SwitchC-vlan212] arp detection enable

[SwitchC-vlan212] vlan 312

[SwitchC-vlan312] arp detection enable

[SwitchC-vlan312] vlan 501

[SwitchC-vlan501] arp detection enable

[SwitchC-vlan501] vlan 502

[SwitchC-vlan502] arp detection enable

[SwitchC-vlan502] vlan 503

[SwitchC-vlan503] arp detection enable

[SwitchC-vlan503] quit

# 配置端口GigabitEthernet1/0/1与源IP和源MAC地址进行动态绑定。

[SwitchC] interface GigabitEthernet1/0/1

[SwitchC-GigabitEthernet1/0/1] ip check source ip-address mac-address

[SwitchC-GigabitEthernet1/0/1] quit

# 配置端口GigabitEthernet1/0/2与源IP和源MAC地址进行动态绑定。

[SwitchC] interface GigabitEthernet1/0/2

[SwitchC-GigabitEthernet1/0/2] ip check source ip-address mac-address

[SwitchC-GigabitEthernet1/0/2] quit

# 配置端口GigabitEthernet1/0/3为DHCP Snooping信任端口。

[SwitchC] interface GigabitEthernet1/0/3

[SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust

# 配置端口GigabitEthernet1/0/3为ARP信任端口。

[SwitchC-GigabitEthernet1/0/3] arp detection trust

1.1.5  完整配置

l              Switch A的配置

#

 dhcp-snooping

#

vlan 1

 arp detection enable

#

vlan 2

 arp detection enable

#

vlan 3

 arp detection enable

#

vlan 101

 arp detection enable

#

vlan 102

 arp detection enable

#

vlan 201

 arp detection enable

#

vlan 202

 arp detection enable

#

vlan 301

 arp detection enable

#

vlan 302

 arp detection enable

#

traffic classifier uplink_1 operator or

 if-match customer-vlan-id 1

traffic classifier uplink_2 operator or

 if-match customer-vlan-id 2

traffic classifier uplink_3 operator or

 if-match customer-vlan-id 3

#

traffic behavior uplink_1

 remark service-vlan-id 101

traffic behavior uplink_2

 remark service-vlan-id 201

traffic behavior uplink_3

 remark service-vlan-id 301

traffic behavior uplink_4

 remark service-vlan-id 102

traffic behavior uplink_5

 remark service-vlan-id 202

traffic behavior uplink_6

 remark service-vlan-id 302

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

qos policy uplink_2

 classifier uplink_1 behavior uplink_4 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_5 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_6 mode dot1q-tag-manipulation

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 to 3

 qos apply policy uplink_1 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 to 3

 qos apply policy uplink_2 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/3

 port link-type trunk

 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302

 dhcp-snooping trust

 arp detection trust

l              Switch B的配置

#

 dhcp-snooping

#

vlan 1

 arp detection enable

#

vlan 2

 arp detection enable

#

vlan 3

 arp detection enable

#

vlan 101

 arp detection enable

#

vlan 102

 arp detection enable

#

vlan 201

 arp detection enable

#

vlan 202

 arp detection enable

#

vlan 301

 arp detection enable

#

vlan 302

 arp detection enable

#

traffic classifier uplink_1 operator or

 if-match customer-vlan-id 1

traffic classifier uplink_2 operator or

 if-match customer-vlan-id 2

traffic classifier uplink_3 operator or

 if-match customer-vlan-id 3

#

traffic behavior uplink_1

 remark service-vlan-id 101

traffic behavior uplink_2

 remark service-vlan-id 201

traffic behavior uplink_3

 remark service-vlan-id 301

traffic behavior uplink_4

 remark service-vlan-id 102

traffic behavior uplink_5

 remark service-vlan-id 202

traffic behavior uplink_6

 remark service-vlan-id 302

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

qos policy uplink_2

 classifier uplink_1 behavior uplink_4 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_5 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_6 mode dot1q-tag-manipulation

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 to 3

 qos apply policy uplink_1 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 to 3

 qos apply policy uplink_2 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/3

 port link-type trunk

 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302

 dhcp-snooping trust

 arp detection trust

l              Switch C的配置

#

 dhcp-snooping

#

vlan 101

 arp detection enable

#

vlan 102

 arp detection enable

#

vlan 111

 arp detection enable

#

vlan 112

 arp detection enable

#

vlan 201

 arp detection enable

#

vlan 202

 arp detection enable

#

vlan 211

 arp detection enable

#

vlan 212

 arp detection enable

#

vlan 301

 arp detection enable

#

vlan 302

 arp detection enable

#

vlan 311

 arp detection enable

#

vlan 312

 arp detection enable

#

vlan 501

 arp detection enable

#

vlan 502

 arp detection enable

#

vlan 503

 arp detection enable

#

traffic classifier uplink_1 operator or

 if-match customer-vlan-id 101 102

traffic classifier uplink_2 operator or

 if-match customer-vlan-id 201 202

traffic classifier uplink_3 operator or

 if-match customer-vlan-id 301 302

traffic classifier uplink_4 operator or

 if-match customer-vlan-id 111 112

traffic classifier uplink_5 operator or

 if-match customer-vlan-id 211 212

traffic classifier uplink_6 operator or

 if-match customer-vlan-id 311 312

#

traffic behavior uplink_1

 remark service-vlan-id 501

traffic behavior uplink_2

 remark service-vlan-id 502

traffic behavior uplink_3

 remark service-vlan-id 503

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

qos policy uplink_2

 classifier uplink_4 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_5 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_6 behavior uplink_3 mode dot1q-tag-manipulation

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302

 qos apply policy uplink_1 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 111 to 112 211 to 212 311 to 312

 qos apply policy uplink_2 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet1/0/3

 port link-type trunk

 port trunk permit vlan 1 501 to 503

 dhcp-snooping trust

 arp detection trust

1.1.6  配置注意事项

如果用户想要改变VLAN映射关系,必须先用reset dhcp-snooping命令来清除DHCP Snooping表项或者先取消下行端口与源IP和源MAC地址的动态绑定关系后再重新进行绑定,然后再修改QoS策略中的VLAN映射关系。

1.2  1:1/N:1 VLAN映射典型配置指导(方式二)

1.2.1  组网需求

图1-4 1:1/N:1 VLAN映射典型配置组网示意图

 

在某个小区网络中,服务提供商为家庭用户提供电脑上网(PC)、视频点播(VoD)和语音电话(VoIP)三种数据应用服务,每个用户通过家庭网关接入楼道交换机,并通过DHCP自动获取IP地址。在向用户分发家庭网关时,服务提供商在家庭网关上进行了统一配置,将PC业务划分到VLAN1、VoD业务化分到VLAN2、VoIP业务划分到VLAN3。

在楼道交换机上,为了对不同用户的相同业务进行区分,同时防止用户之间的恶意攻击,要求将每个用户的每种业务采用单独的VLAN进行标记;在园区交换机上,为节省VLAN资源,要求将数据根据业务类型进行统一分类,其中:PC业务通过VLAN 501发送;VoD业务通过VLAN 502发送;VoIP业务通过VLAN 503发送。

1.2.2  配置思路

l              上行数据的映射

要完成楼道交换机的组网需求,可以通过1:1VLAN映射功能来实现,即在连接每个家庭网关的端口上配置QoS策略,流分类为匹配用户原始VLAN,流行为为重标记报文的VLAN标签,即可将接收到的所有用户的VLAN1、VLAN2、VLAN3的数据都分别映射到不同的VLAN。例如在端口1上将VLAN1映射到VLAN101,在端口2上将VLAN1映射到VLAN102,依次类推。这样,便可保证在楼道交换机上,每个用户的每种业务都能够用不同的VLAN来区分。

在园区交换机上,需要使用N:1 VLAN映射,即在QoS策略中,流分类为匹配经楼道交换机重标记后的同一类报文的多个VLAN,流行为为重标记报文的VLAN标签。将此QoS策略在下行端口应用后,即可将楼道交换机映射后的数据再根据数据类型进行重新映射,忽略对不同用户的区分,例如将上一段介绍中楼道交换机映射后的VLAN101和VLAN102都映射为501。

以上是对组网中上行数据进行的映射配置,为保证用户能够从外网获取数据,还必须对下行的数据进行配置,使其准确的发送给提出需求的用户。

l              下行数据的映射

由于用户都是采用DHCP方式自动获取IP地址,因此可以在园区交换机上配置DHCP Snooping功能,将每个用户的每个客户端的IP地址、MAC地址、接收端口和映射前的VLAN作为一条绑定表项进行记录,当下行报文到来时,可以通过报文的目的IP地址确认目的主机,并根据DHCP Snooping绑定表项中对应该IP的VLAN信息来进行VLAN映射,从而完成反向的VLAN映射。

经过园区交换机反向映射的下行数据已经恢复为上行时经楼道交换机映射后的VLAN标签(例如VLAN101),当下行数据到达楼道交换机后,可以在楼道交换机的下行端口配置1:1 VLAN映射,将VLAN标签重新映射回VLAN1、VLAN2、VLAN3,从而能够正常被用户接收。

经过以上配置后,用户与外网间交互的数据中VLAN标签会按图1-3所示进行替换。

图1-5 1:1/N:1 VLAN映射配置效果示意图

1.2.3  适用产品、版本

表1-2 配置适用的产品与软件版本关系

产品

软件版本

S7500E系列以太网交换机

Release 6300系列,Release 6600系列,Release 6610系列

S7600系列以太网交换机

Release 6600系列,Release 6610系列

S5800&S5820X系列以太网交换机

Release 1110,Release 1211

CE3000-32F以太网交换机

Release 1211

S5500-EI系列以太网交换机

Release 2202,Release 2208

 

1.2.4  配置过程和解释

(1)        楼道交换机SwitchA的配置

l              对上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为1、2、3的报文。

<SwitchA> system-view

[SwitchA] traffic classifier uplink_1

[SwitchA-classifier-uplink_1] if-match customer-vlan-id 1

[SwitchA-classifier-uplink_1] quit

[SwitchA] traffic classifier uplink_2

[SwitchA-classifier-uplink_2] if-match customer-vlan-id 2

[SwitchA-classifier-uplink_2] quit

[SwitchA] traffic classifier uplink_3

[SwitchA-classifier-uplink_3] if-match customer-vlan-id 3

[SwitchA-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为101、201、301。

[SwitchA] traffic behavior uplink_1

[SwitchA-behavior-uplink_1] remark service-vlan-id 101

[SwitchA-behavior-uplink_1] quit

[SwitchA] traffic behavior uplink_2

[SwitchA-behavior-uplink_2] remark service-vlan-id 201

[SwitchA-behavior-uplink_2] quit

[SwitchA] traffic behavior uplink_3

[SwitchA-behavior-uplink_3] remark service-vlan-id 301

[SwitchA-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN101、VLAN2的报文映射至VLAN201、VLAN3的报文映射至VLAN301。

[SwitchA] qos policy uplink_1

[SwitchA-policy-uplink_1] classifier uplink_1 behavior uplink_1

[SwitchA-policy-uplink_1] classifier uplink_2 behavior uplink_2

[SwitchA-policy-uplink_1] classifier uplink_3 behavior uplink_3

[SwitchA-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许用户VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3

# 开启端口GigabitEthernet1/0/1的基本QinQ功能。

[SwitchA-GigabitEthernet1/0/1] qinq enable

# 在端口GigabitEthernet1/0/1的入方向上应用上行策略uplink_1。

[SwitchA-GigabitEthernet1/0/1] qos apply policy uplink_1 inbound

# 配置三个流行为,动作为重标记运营商VLAN为102、202、302。

[SwitchA] traffic behavior uplink_4

[SwitchA-behavior-uplink_4] remark service-vlan-id 102

[SwitchA-behavior-uplink_4] quit

[SwitchA] traffic behavior uplink_5

[SwitchA-behavior-uplink_5] remark service-vlan-id 202

[SwitchA-behavior-uplink_5] quit

[SwitchA] traffic behavior uplink_6

[SwitchA-behavior-uplink_6] remark service-vlan-id 302

[SwitchA-behavior-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN102、VLAN2的报文映射至VLAN202、VLAN3的报文映射至VLAN302。

[SwitchA] qos policy uplink_2

[SwitchA-policy-uplink_2] classifier uplink_1 behavior uplink_4

[SwitchA-policy-uplink_2] classifier uplink_2 behavior uplink_5

[SwitchA-policy-uplink_2] classifier uplink_3 behavior uplink_6

[SwitchA-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许用户原始VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3

# 开启端口GigabitEthernet1/0/2的基本QinQ功能。

[SwitchA-GigabitEthernet1/0/2] qinq enable

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchA-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchA-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchA] interface gigabitethernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 101 201 301 102 202 302

[SwitchA-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 配置三个流分类,分别匹配运营商VLAN为101、201、301的报文。

[SwitchA] traffic classifier downlink_1

[SwitchA-classifier-downlink_1] if-match service-vlan-id 101

[SwitchA-classifier-downlink_1] quit

[SwitchA] traffic classifier downlink_2

[SwitchA-classifier-downlink_2] if-match service-vlan-id 102

[SwitchA-classifier-downlink_2] quit

[SwitchA] traffic classifier downlink_3

[SwitchA-classifier-downlink_3] if-match service-vlan-id 103

[SwitchA-classifier-downlink_3] quit

# 配置三个流行为,动作为重标记用户VLAN为1、2、3。

[SwitchA] traffic behavior downlink_1

[SwitchA-behavior-downlink_1] remark customer-vlan-id 1

[SwitchA-behavior-downlink_1] quit

[SwitchA] traffic behavior downlink_2

[SwitchA-behavior-downlink_2] remark customer-vlan-id 2

[SwitchA-behavior-downlink_2] quit

[SwitchA] traffic behavior downlink_3

[SwitchA-behavior-downlink_3] remark customer-vlan-id 3

[SwitchA-behavior-downlink_3] quit

# 创建QoS策略downlink_1,将三个流分类和流行为分别配对,实现将运营商VLAN101的报文映射至VLAN1、VLAN201的报文映射至VLAN2、VLAN301的报文映射至VLAN3。

[SwitchA] qos policy downlink_1

[SwitchA-policy-downlink_1] classifier downlink_1 behavior downlink_1

[SwitchA-policy-downlink_1] classifier downlink_2 behavior downlink_2

[SwitchA-policy-downlink_1] classifier downlink_3 behavior downlink_3

[SwitchA-policy-downlink_1] quit

# 配置端口GigabitEthernet1/0/1允许运营商VLAN(VLAN101、VLAN201、VLAN301)的报文通过。

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 101 201 301

# 在端口GigabitEthernet1/0/1的出方向上应用下行策略downlink_1。

[SwitchA-GigabitEthernet1/0/1] qos apply policy downlink_1 outbound

# 配置三个流分类,分别匹配运营商VLAN为102、202、302的报文。

[SwitchA] traffic classifier downlink_4

[SwitchA-classifier-downlink_4] if-match service-vlan-id 102

[SwitchA-classifier-downlink_4] quit

[SwitchA] traffic classifier downlink_5

[SwitchA-classifier-downlink_5] if-match service-vlan-id 202

[SwitchA-classifier-downlink_5] quit

[SwitchA] traffic classifier downlink_6

[SwitchA-classifier-downlink_6] if-match service-vlan-id 302

[SwitchA-classifier-downlink_6] quit

# 创建QoS策略downlink_2,将三个流分类和流行为分别配对,实现将运营商VLAN102的报文映射至VLAN1、VLAN202的报文映射至VLAN2、VLAN302的报文映射至VLAN3。

[SwitchA] qos policy downlink_2

[SwitchA-policy-downlink_2] classifier downlink_4 behavior downlink_1

[SwitchA-policy-downlink_2] classifier downlink_5 behavior downlink_2

[SwitchA-policy-downlink_2] classifier downlink_6 behavior downlink_3

[SwitchA-policy-downlink_2] quit

# 配置端口GigabitEthernet1/0/2允许运营商VLAN(VLAN102、VLAN202、VLAN302)的报文通过。

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 102 202 302

# 在端口GigabitEthernet1/0/2的出方向上应用下行策略downlink_2。

[SwitchA-GigabitEthernet1/0/2] qos apply policy downlink_2 outbound

(2)        楼道交换机SwitchB的配置

l              对上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为1、2、3的报文。

<SwitchB> system-view

[SwitchB] traffic classifier uplink_1

[SwitchB-classifier-uplink_1] if-match customer-vlan-id 1

[SwitchB-classifier-uplink_1] quit

[SwitchB] traffic classifier uplink_2

[SwitchB-classifier-uplink_2] if-match customer-vlan-id 2

[SwitchB-classifier-uplink_2] quit

[SwitchB] traffic classifier uplink_3

[SwitchB-classifier-uplink_3] if-match customer-vlan-id 3

[SwitchB-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为111、211、311。

[SwitchB] traffic behavior uplink_1

[SwitchB-behavior-uplink_1] remark service-vlan-id 111

[SwitchB-behavior-uplink_1] quit

[SwitchB] traffic behavior uplink_2

[SwitchB-behavior-uplink_2] remark service-vlan-id 211

[SwitchB-behavior-uplink_2] quit

[SwitchB] traffic behavior uplink_3

[SwitchB-behavior-uplink_3] remark service-vlan-id 311

[SwitchB-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN111、VLAN2的报文映射至VLAN211、VLAN3的报文映射至VLAN311。

[SwitchB] qos policy uplink_1

[SwitchB-policy-uplink_1] classifier uplink_1 behavior uplink_1

[SwitchB-policy-uplink_1] classifier uplink_2 behavior uplink_2

[SwitchB-policy-uplink_1] classifier uplink_3 behavior uplink_3

[SwitchB-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许用户VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3

# 开启端口GigabitEthernet1/0/1的基本QinQ功能。

[SwitchB-GigabitEthernet1/0/1] qinq enable

# 在端口GigabitEthernet1/0/1的入方向上应用上行策略uplink_1。

[SwitchB-GigabitEthernet1/0/1] qos apply policy uplink_1 inbound

# 配置三个流行为,动作为重标记运营商VLAN为112、212、312。

[SwitchB] traffic behavior uplink_4

[SwitchB-behavior-uplink_4] remark service-vlan-id 112

[SwitchB-behavior-uplink_4] quit

[SwitchB] traffic behavior uplink_5

[SwitchB-behavior-uplink_5] remark service-vlan-id 212

[SwitchB-behavior-uplink_5] quit

[SwitchB] traffic behavior uplink_6

[SwitchB-behavior-uplink_6] remark service-vlan-id 312

[SwitchB-behavior-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和流行为分别配对,实现将用户VLAN1的报文映射至VLAN112、VLAN2的报文映射至VLAN212、VLAN3的报文映射至VLAN312。

[SwitchB] qos policy uplink_2

[SwitchB-policy-uplink_2] classifier uplink_1 behavior uplink_4

[SwitchB-policy-uplink_2] classifier uplink_2 behavior uplink_5

[SwitchB-policy-uplink_2] classifier uplink_3 behavior uplink_6

[SwitchB-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许用户原始VLAN(VLAN1、VLAN2、VLAN3)的报文通过。

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-type trunk

[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3

# 开启端口GigabitEthernet1/0/2的基本QinQ功能。

[SwitchB-GigabitEthernet1/0/2] qinq enable

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchB-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchB-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchB] interface gigabitethernet 1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-type trunk

[SwitchB-GigabitEthernet1/0/3] port trunk permit vlan 111 211 311 112 212 312

[SwitchB-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 配置三个流分类,分别匹配运营商VLAN为111、211、311的报文。

[SwitchB] traffic classifier downlink_1

[SwitchB-classifier-downlink_1] if-match service-vlan-id 101

[SwitchB-classifier-downlink_1] quit

[SwitchB] traffic classifier downlink_2

[SwitchB-classifier-downlink_2] if-match service-vlan-id 102

[SwitchB-classifier-downlink_2] quit

[SwitchB] traffic classifier downlink_3

[SwitchB-classifier-downlink_3] if-match service-vlan-id 103

[SwitchA-classifier-downlink_3] quit

# 配置三个流行为,动作为重标记用户VLAN为1、2、3。

[SwitchB] traffic behavior downlink_1

[SwitchB-behavior-downlink_1] remark customer-vlan-id 1

[SwitchB-behavior-downlink_1] quit

[SwitchB] traffic behavior downlink_2

[SwitchB-behavior-downlink_2] remark customer-vlan-id 2

[SwitchB-behavior-downlink_2] quit

[SwitchB] traffic behavior downlink_3

[SwitchB-behavior-downlink_3] remark customer-vlan-id 3

[SwitchB-behavior-downlink_3] quit

# 创建QoS策略downlink_1,将三个流分类和流行为分别配对,实现将运营商VLAN111的报文映射至VLAN1、VLAN211的报文映射至VLAN2、VLAN311的报文映射至VLAN3。

[SwitchB] qos policy downlink_1

[SwitchB-policy-downlink_1] classifier downlink_1 behavior downlink_1

[SwitchB-policy-downlink_1] classifier downlink_2 behavior downlink_2

[SwitchB-policy-downlink_1] classifier downlink_3 behavior downlink_3

[SwitchB-policy-downlink_1] quit

# 配置端口GigabitEthernet1/0/1允许运营商VLAN(VLAN111、VLAN211、VLAN311)的报文通过。

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 111 211 311

# 在端口GigabitEthernet1/0/1的出方向上应用下行策略downlink_1。

[SwitchB-GigabitEthernet1/0/1] qos apply policy downlink_1 outbound

# 配置三个流分类,分别匹配运营商VLAN为112、212、312的报文。

[SwitchB] traffic classifier downlink_4

[SwitchB-classifier-downlink_4] if-match service-vlan-id 112

[SwitchB-classifier-downlink_4] quit

[SwitchB] traffic classifier downlink_5

[SwitchB-classifier-downlink_5] if-match service-vlan-id 212

[SwitchB-classifier-downlink_5] quit

[SwitchB] traffic classifier downlink_6

[SwitchB-classifier-downlink_6] if-match service-vlan-id 312

[SwitchB-classifier-downlink_6] quit

# 创建QoS策略downlink_2,将三个流分类和流行为分别配对,实现将运营商VLAN112的报文映射至VLAN1、VLAN212的报文映射至VLAN2、VLAN312的报文映射至VLAN3。

[SwitchB] qos policy downlink_2

[SwitchB-policy-downlink_2] classifier downlink_4 behavior downlink_1

[SwitchB-policy-downlink_2] classifier downlink_5 behavior downlink_2

[SwitchB-policy-downlink_2] classifier downlink_6 behavior downlink_3

[SwitchB-policy-downlink_2] quit

# 配置端口GigabitEthernet1/0/2允许运营商VLAN(VLAN112、VLAN212、VLAN312)的报文通过。

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 112 212 312

# 在端口GigabitEthernet1/0/2的出方向上应用下行策略downlink_2。

[SwitchB-GigabitEthernet1/0/2] qos apply policy downlink_2 outbound

(3)        园区交换机SwitchC的配置

l              对SwitchA上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为101~102、201~202、301~302的报文。

<SwitchC> system-view

[SwitchC] traffic classifier uplink_1 operator or

[SwitchC-classifier-uplink_1] if-match customer-vlan-id 101 102

[SwitchC-classifier-uplink_1] quit

[SwitchC] traffic classifier uplink_2 operator or

[SwitchC-classifier-uplink_2] if-match customer-vlan-id 201 202

[SwitchC-classifier-uplink_2] quit

[SwitchC] traffic classifier uplink_3 operator or

[SwitchC-classifier-uplink_3] if-match customer-vlan-id 301 302

[SwitchC-classifier-uplink_3] quit

# 配置三个流行为,动作为重标记运营商VLAN为501、502、503。

[SwitchC] traffic behavior uplink_1

[SwitchC-behavior-uplink_1] remark service-vlan-id 501

[SwitchC-behavior-uplink_1] quit

[SwitchC] traffic behavior uplink_2

[SwitchC-behavior-uplink_2] remark service-vlan-id 502

[SwitchC-behavior-uplink_2] quit

[SwitchC] traffic behavior uplink_3

[SwitchC-behavior-uplink_3] remark service-vlan-id 503

[SwitchC-behavior-uplink_3] quit

# 创建QoS策略uplink_1,将三个流分类和流行为分别配对,实现将VLAN101~VLAN102的报文映射至VLAN501、VLAN201~VLAN202的报文映射至VLAN502、VLAN301~VLAN302的报文映射至VLAN503。

[SwitchC] qos policy uplink_1

[SwitchC-policy-uplink_1] classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_1] quit

# 配置端口GigabitEthernet1/0/1允许SwitchA发送的所有VLAN以及映射后VLAN的报文通过。

[SwitchC] interface gigabitethernet 1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302 501 502 503

# 配置端口GigabitEthernet1/0/1为用户侧端口。

[SwitchC-GigabitEthernet1/0/1] qinq enable downlink

# 在端口GigabitEthernet1/0/1的入方向应用上行策略p1。

[SwitchC-GigabitEthernet1/0/1] qos apply policy p1 inbound

[SwitchC-GigabitEthernet1/0/1] quit

l              对SwitchB上行数据的VLAN映射配置

# 配置三个流分类,分别匹配用户VLAN为111~112、211~212、311~312的报文。

[SwitchC] traffic classifier uplink_4 operator or

[SwitchC-classifier-uplink_4] if-match customer-vlan-id 111 112

[SwitchC-classifier-uplink_4] quit

[SwitchC] traffic classifier uplink_5 operator or

[SwitchC-classifier-uplink_5] if-match customer-vlan-id 211 212

[SwitchC-classifier-uplink_5] quit

[SwitchC] traffic classifier uplink_6 operator or

[SwitchC-classifier-uplink_6] if-match customer-vlan-id 311 312

[SwitchC-classifier-uplink_6] quit

# 创建QoS策略uplink_2,将三个流分类和之前配置的三个流行为分别配对,实现将VLAN111~VLAN112的报文映射至VLAN501、VLAN211~VLAN212的报文映射至VLAN502、VLAN311~VLAN312的报文映射至VLAN503。

[SwitchC] qos policy uplink_2

[SwitchC-policy-uplink_2] classifier uplink_4 behavior uplink_1 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] classifier uplink_5 behavior uplink_2 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] classifier uplink_6 behavior uplink_3 mode dot1q-tag-manipulation

[SwitchC-policy-uplink_2] quit

# 配置端口GigabitEthernet1/0/2允许SwitchB发送的所有VLAN以及映射后VLAN的报文通过。

[SwitchC] interface gigabitethernet 1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 111 112 211 212 311 312 501 502 503

# 配置端口GigabitEthernet1/0/2为用户侧端口。

[SwitchC-GigabitEthernet1/0/2] qinq enable downlink

# 在端口GigabitEthernet1/0/2的入方向上应用上行策略uplink_2。

[SwitchC-GigabitEthernet1/0/2] qos apply policy uplink_2 inbound

[SwitchC-GigabitEthernet1/0/2] quit

# 配置上行端口GigabitEthernet1/0/3允许上行映射后的报文通过。

[SwitchC] interface gigabitethernet 1/0/3

[SwitchC-GigabitEthernet1/0/3] port link-type trunk

[SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503

[SwitchC-GigabitEthernet1/0/3] quit

l              对下行数据的VLAN映射配置

# 使能DHCP Snooping功能。

[SwitchC] dhcp-snooping

# 在每个进行映射的VLAN上都使能ARP Detection功能,以便对ARP报文进行VLAN映射。

[SwitchC] vlan 101

[SwitchC-vlan101] arp detection enable

[SwitchC-vlan101] vlan 201

[SwitchC-vlan201] arp detection enable

[SwitchC-vlan201] vlan 301

[SwitchC-vlan301] arp detection enable

[SwitchC-vlan301] vlan 102

[SwitchC-vlan102] arp detection enable

[SwitchC-vlan102] vlan 202

[SwitchC-vlan202] arp detection enable

[SwitchC-vlan202] vlan 302

[SwitchC-vlan302] arp detection enable

[SwitchC-vlan302] vlan 111

[SwitchC-vlan111] arp detection enable

[SwitchC-vlan111] vlan 211

[SwitchC-vlan211] arp detection enable

[SwitchC-vlan211] vlan 311

[SwitchC-vlan311] arp detection enable

[SwitchC-vlan311] vlan 112

[SwitchC-vlan112] arp detection enable

[SwitchC-vlan112] vlan 212

[SwitchC-vlan212] arp detection enable

[SwitchC-vlan212] vlan 312

[SwitchC-vlan312] arp detection enable

[SwitchC-vlan312] vlan 501

[SwitchC-vlan501] arp detection enable

[SwitchC-vlan501] vlan 502

[SwitchC-vlan502] arp detection enable

[SwitchC-vlan502] vlan 503

[SwitchC-vlan503] arp detection enable

[SwitchC-vlan503] quit

# 配置端口GigabitEthernet1/0/1与源IP和源MAC地址进行动态绑定。

[SwitchC] interface GigabitEthernet1/0/1

[SwitchC-GigabitEthernet1/0/1] ip check source ip-address mac-address

[SwitchC-GigabitEthernet1/0/1] quit

# 配置端口GigabitEthernet1/0/2与源IP和源MAC地址进行动态绑定。

[SwitchC] interface GigabitEthernet1/0/2

[SwitchC-GigabitEthernet1/0/2] ip check source ip-address mac-address

[SwitchC-GigabitEthernet1/0/2] quit

# 配置端口GigabitEthernet1/0/3为DHCP Snooping信任端口。

[SwitchC] interface GigabitEthernet1/0/3

[SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust

# 配置端口GigabitEthernet1/0/3为运营商侧端口。

[SwitchC-GigabitEthernet1/0/3] qinq enable uplink

# 配置端口GigabitEthernet1/0/3为ARP信任端口。

[SwitchC-GigabitEthernet1/0/3] arp detection trust

1.2.5  完整配置

l              Switch A的配置

#

traffic classifier uplink_1 operator and

 if-match customer-vlan-id 1

traffic classifier uplink_2 operator and

 if-match customer-vlan-id 2

traffic classifier uplink_3 operator and

 if-match customer-vlan-id 3

traffic classifier downlink_1 operator and

 if-match service-vlan-id 101

traffic classifier downlink_2 operator and

 if-match service-vlan-id 102

traffic classifier downlink_3 operator and

 if-match service-vlan-id 103

traffic classifier downlink_4 operator and

 if-match service-vlan-id 102

traffic classifier downlink_5 operator and

 if-match service-vlan-id 202

traffic classifier downlink_6 operator and

 if-match service-vlan-id 302

traffic classifier downlink54 operator and

#

traffic behavior uplink_1

 remark service-vlan-id 101

traffic behavior uplink_2

 remark service-vlan-id 201

traffic behavior uplink_3

 remark service-vlan-id 301

traffic behavior uplink_4

 remark service-vlan-id 102

traffic behavior uplink_5

 remark service-vlan-id 202

traffic behavior uplink_6

 remark service-vlan-id 302

traffic behavior downlink_1

 remark customer-vlan-id 1

traffic behavior downlink_2

 remark customer-vlan-id 2

traffic behavior downlink_3

 remark customer-vlan-id 3

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1

 classifier uplink_2 behavior uplink_2

 classifier uplink_3 behavior uplink_3

qos policy uplink_2

 classifier uplink_1 behavior uplink_4

 classifier uplink_2 behavior uplink_5

 classifier uplink_3 behavior uplink_6

qos policy downlink_1

 classifier downlink_1 behavior downlink_1

 classifier downlink_2 behavior downlink_2

 classifier downlink_3 behavior downlink_3

qos policy downlink_2

 classifier downlink_4 behavior downlink_1

 classifier downlink_5 behavior downlink_2

 classifier downlink_6 behavior downlink_3

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 to 3 101 201 301

 qinq enable

 qos apply policy uplink_1 inbound

 qos apply policy downlink_1 outbound

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 to 3 102 202 302

 qinq enable

 qos apply policy uplink_2 inbound

 qos apply policy downlink_2 outbound

#

interface GigabitEthernet1/0/3

 port link-type trunk

 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302

l              Switch B的配置

#

traffic classifier uplink_1 operator and

 if-match customer-vlan-id 1

traffic classifier uplink_2 operator and

 if-match customer-vlan-id 2

traffic classifier uplink_3 operator and

 if-match customer-vlan-id 3

traffic classifier downlink_1 operator and

 if-match service-vlan-id 111

traffic classifier downlink_2 operator and

 if-match service-vlan-id 211

traffic classifier downlink_3 operator and

 if-match service-vlan-id 311

traffic classifier downlink_4 operator and

 if-match service-vlan-id 112

traffic classifier downlink_5 operator and

 if-match service-vlan-id 212

traffic classifier downlink_6 operator and

 if-match service-vlan-id 312

traffic classifier downlink54 operator and

#

traffic behavior uplink_1

 remark service-vlan-id 111

traffic behavior uplink_2

 remark service-vlan-id 211

traffic behavior uplink_3

 remark service-vlan-id 311

traffic behavior uplink_4

 remark service-vlan-id 112

traffic behavior uplink_5

 remark service-vlan-id 212

traffic behavior uplink_6

 remark service-vlan-id 312

traffic behavior downlink_1

 remark customer-vlan-id 1

traffic behavior downlink_2

 remark customer-vlan-id 2

traffic behavior downlink_3

 remark customer-vlan-id 3

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1

 classifier uplink_2 behavior uplink_2

 classifier uplink_3 behavior uplink_3

qos policy uplink_2

 classifier uplink_1 behavior uplink_4

 classifier uplink_2 behavior uplink_5

 classifier uplink_3 behavior uplink_6

qos policy downlink_1

 classifier downlink_1 behavior downlink_1

 classifier downlink_2 behavior downlink_2

 classifier downlink_3 behavior downlink_3

qos policy downlink_2

 classifier downlink_4 behavior downlink_1

 classifier downlink_5 behavior downlink_2

 classifier downlink_6 behavior downlink_3

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 to 3 111 211 311

 qinq enable

 qos apply policy uplink_1 inbound

 qos apply policy downlink_1 outbound

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 to 3 112 212 312

 qinq enable

 qos apply policy uplink_2 inbound

 qos apply policy downlink_2 outbound

#

interface GigabitEthernet1/0/3

 port link-type trunk

 port trunk permit vlan 1 111 to 112 211 to 212 311 to 312

l              Switch C的配置

#

vlan 101

 arp detection enable

#

vlan 102

 arp detection enable

#

vlan 111

 arp detection enable

#

vlan 112

 arp detection enable

#

vlan 201

 arp detection enable

#

vlan 202

 arp detection enable

#

vlan 211

 arp detection enable

#

vlan 212

 arp detection enable

#

vlan 301

 arp detection enable

#

vlan 302

 arp detection enable

#

vlan 311

 arp detection enable

#

vlan 312

 arp detection enable

#

vlan 501

 arp detection enable

#

vlan 502

 arp detection enable

#

vlan 503

 arp detection enable

#

traffic classifier uplink_1 operator or

 if-match customer-vlan-id 101 102

traffic classifier uplink_2 operator or

 if-match customer-vlan-id 201 202

traffic classifier uplink_3 operator or

 if-match customer-vlan-id 301 302

traffic classifier uplink_4 operator or

 if-match customer-vlan-id 111 112

traffic classifier uplink_5 operator or

 if-match customer-vlan-id 211 212

traffic classifier uplink_6 operator or

 if-match customer-vlan-id 311 312

#

traffic behavior uplink_1

 remark service-vlan-id 501

traffic behavior uplink_2

 remark service-vlan-id 502

traffic behavior uplink_3

 remark service-vlan-id 503

#

qos policy uplink_1

 classifier uplink_1 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_2 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_3 behavior uplink_3 mode dot1q-tag-manipulation

qos policy uplink_2

 classifier uplink_4 behavior uplink_1 mode dot1q-tag-manipulation

 classifier uplink_5 behavior uplink_2 mode dot1q-tag-manipulation

 classifier uplink_6 behavior uplink_3 mode dot1q-tag-manipulation 

#

interface GigabitEthernet2/0/1

 port link-type trunk

 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302 501 to 503

 qinq enable downlink

 ip check source ip-address mac-address

#

interface GigabitEthernet2/0/2

 port link-type trunk

 port trunk permit vlan 1 111 to 112 211 to 212 311 to 312 501 to 503

 qinq enable downlink

 qos apply policy uplink_2 inbound

 ip check source ip-address mac-address

#

interface GigabitEthernet2/0/3

 port link-type trunk

 port trunk permit vlan 1 501 to 503

 qinq enable uplink

 dhcp-snooping trust

 arp detection trust

#

 dhcp-snooping

1.2.6  配置注意事项

l              在下行端口上应用策略前,需要先配置端口作为用户侧端口;在下行端口取消端口作为用户侧端口的配置之前,需要先解除QoS策略在该端口上的绑定。

l              如果用户想要改变VLAN映射关系,必须先用reset dhcp-snooping命令来清除DHCP Snooping表项或者先取消下行端口与源IP和源MAC地址的动态绑定关系后再重新进行绑定,然后再修改QoS策略中的VLAN映射关系。

l              在配置N:1 VLAN映射时,设备对处于不同网络位置的端口收到的报文会进行不同的处理,所以需要区分端口是处于运营商侧还是处于用户侧。

l              qinq enable uplinkqinq enable downlink命令也可在端口组视图下使用,对该端口组内的所有成员端口都生效。

1.3  2:2 VLAN映射典型配置指导

1.3.1  组网需求

图1-6 2:2 VLAN映射典型配置组网示意图

 

图1-6所示,站点1和站点2是同一家公司的两个分支机构,同属于VLAN10,通过运营商A提供的QinQ服务实现VPN连接,外层标签为VLAN 100。当该公司被另一家公司收购之后,需要这两个站点接入新公司的网络。新公司的VPN服务由运营商B提供,外层标签为200,总部中能够为这两个站点提供服务的业务VLAN为VLAN30。

现已经在两个运营商之间建立了链路,要求不改变站点和运营商VLAN的配置,使两个站点能够访问总部VLAN30的资源。

1.3.2  配置思路

在本例中,站点和总部之间互访的数据需要经过比较复杂的标签变化。首先,由站点发往总部的报文上行至运营商A后,会封装VLAN100的外层标签。该数据要在运营商B的网络中正确传输到总部,必须先把外层标签修改为VLAN200。要使站点能够访问总部的业务资源,还必须将内层标签修改为VLAN30。针对以上需求,可以通过2:2 VLAN映射功能来实现。

2:2 VLAN映射只需要在两个运营商的边缘设备中的其中一台上配置即可,此处我们以Switch C为例进行介绍。以站点发往总部的方向为上行方向,2:2 VLAN映射需要在Switch C的下行端口(GigabitEthernet1/0/1)和上行端口(GigabitEthernet1/0/2)上分别进行配置。

l              对上行数据流,在下行端口首先将外层标签替换为200,然后在上行端口将内层标签替换为30;

l              对下行数据流,在下行端口上执行两次替换,分别将内层标签和外层标签替换为10和100。

经过以上配置后,报文在Switch C处转发时,标签的变化如图1-7所示。

图1-7 2:2 VLAN映射效果示意图

 

1.3.3  适用产品、版本

表1-3 配置适用的产品与软件版本关系

产品

软件版本

S7500E系列以太网交换机

Release 6300系列,Release 6600系列,Release 6610系列

S7600系列以太网交换机

Release 6600系列,Release 6610系列

S5800&S5820X系列以太网交换机

Release 1110,Release 1211

CE3000-32F以太网交换机

Release 1211

S5500-EI系列以太网交换机

Release 2202,Release 2208

 

1.3.4  配置过程和解释

(1)        Switch A的配置

# 创建VLAN100

<SwitchA> system-view

[SwitchA] vlan 100

[SwitchA-vlan100] quit

# 配置GigabitEthernet1/0/1端口的QinQ功能,为VLAN 10报文添加VLAN ID100的外层VLAN Tag

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port access vlan 100

[SwitchA-GigabitEthernet1/0/1] qinq enable

[SwitchA-GigabitEthernet1/0/1] quit

# 配置上行端口GigabitEthernet1/0/2允许VLAN 100的报文通过。

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100

(2)        Switch B的配置

# 创建VLAN100

<SwitchB> system-view

[SwitchB] vlan 100

[SwitchB-vlan100] quit

# 配置GigabitEthernet1/0/3端口的QinQ功能,为VLAN 10报文添加VLAN ID100的外层VLAN Tag

[SwitchB] interface gigabitethernet 1/0/3

[SwitchB-GigabitEthernet1/0/3] port access vlan 100

[SwitchB-GigabitEthernet1/0/3] qinq enable

[SwitchB-GigabitEthernet1/0/3] quit

# 配置端口GigabitEthernet1/0/1允许VLAN 100的报文通过。

 [DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] port link-type trunk

[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 100

[DeviceB-GigabitEthernet1/0/1] quit

# 配置端口GigabitEthernet1/0/2允许VLAN 100的报文通过。

[DeviceB] interface gigabitethernet 1/0/2

[DeviceB-GigabitEthernet1/0/2] port link-type trunk

[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 100

(3)        Switch C的配置

# 创建VLAN200。

<SwitchC> system-view

[SwitchC] vlan 200

[SwitchC-vlan200] quit

l              对GigabitEthernet1/0/1端口接收的流量进行映射的配置

# 配置流分类,匹配内层VLAN为10,外层VLAN为100的报文。

[SwitchC] traffic classifier downlink_in

[SwitchC-classifier-downlink_in] if-match customer-vlan-id 10

[SwitchC-classifier-downlink_in] if-match service-vlan-id 100

[SwitchC-classifier-downlink_in] quit

# 配置流行为,将外层标签重标记为VLAN200。

[SwitchC] traffic behavior downlink_in

[SwitchC-behavior-downlink_in] remark service-vlan-id 200

[SwitchC-behavior-downlink_in] quit

# 创建QoS策略,将以上流分类和流行为进行关联。

[SwitchC] qos policy downlink_in

[SwitchC-qospolicy-downlink_in] classifier downlink_in behavior downlink_in

[SwitchC-qospolicy-downlink_in] quit

# 配置端口GigabitEthernet1/0/1允许VLAN200的报文通过。

[SwitchC] interface gigabitethernet 1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 200

# 在端口GigabitEthernet1/0/1的入方向应用QoS策略。

[SwitchC-GigabitEthernet1/0/1] qos apply policy downlink_in inbound

l              对GigabitEthernet1/0/2端口发送的流量进行映射的配置

# 配置流分类,匹配内层VLAN为10,外层VLAN为200的报文。

[SwitchC] traffic classifier uplink_out

[SwitchC-classifier-uplink_out] if-match customer-vlan-id 10

[SwitchC-classifier-uplink_out] if-match service-vlan-id 200

[SwitchC-classifier-uplink_out] quit

# 配置流行为,将内层标签重标记为VLAN30

[SwitchC] traffic behavior uplink_out

[SwitchC-behavior-uplink_out] remark customer-vlan-id 30

[SwitchC-behavior-uplink_out] quit

# 创建QoS策略,将以上流分类和流行为进行关联。

[SwitchC] qos policy uplink_out

[SwitchC-qospolicy-uplink_out] classifier uplink_out behavior uplink_out

[SwitchC-qospolicy-uplink_out] quit

# 配置端口GigabitEthernet1/0/2允许VLAN200的报文通过。

[SwitchC] interface gigabitethernet 1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 200

# 在端口GigabitEthernet1/0/2的出方向应用QoS策略。

[SwitchC-GigabitEthernet1/0/2] qos apply policy uplink_out outbound

l              对GigabitEthernet1/0/1端口发送的流量进行映射的配置

# 配置流分类,匹配内层VLAN为30,外层VLAN为200的报文。

[SwitchC] traffic classifier downlink_out

[SwitchC-classifier-downlink_out] if-match customer-vlan-id 30

[SwitchC-classifier-downlink_out] if-match service-vlan-id 200

[SwitchC-classifier-downlink_out] quit

# 配置流行为,将内层标签重标记为10,将外层标签重标记为100。

[SwitchC] traffic behavior downlink_out

[SwitchC-behavior-downlink_out] remark customer-vlan-id 10

[SwitchC-behavior-downlink_out] remark service-vlan-id 100

[SwitchC-behavior-downlink_out] quit

# 创建QoS策略,将以上流分类和流行为进行关联。

[SwitchC] qos policy downlink_out

[SwitchC-qospolicy-downlink_out] classifier downlink_out behavior downlink_out

[SwitchC-qospolicy-downlink_out] quit

# 在端口GigabitEthernet1/0/1的出方向应用QoS策略。

[SwitchC] interface GigabitEthernet 1/0/1

[SwitchC-GigabitEthernet1/0/1] qos apply policy downlink_out outbound

(4)        Switch D的配置

# 创建VLAN200

<SwitchD> system-view

[SwitchD] vlan 200

[SwitchD-vlan200] quit

# 配置GigabitEthernet1/0/2的QinQ功能,为VLAN 30报文添加VLAN ID200的外层VLAN Tag

[SwitchD] interface gigabitethernet 1/0/2

[SwitchD-GigabitEthernet1/0/2] port access vlan 200

[SwitchD-GigabitEthernet1/0/2] qinq enable

# 配置端口GigabitEthernet1/0/1允许VLAN 200的报文通过。

[SwitchD] interface gigabitethernet 1/0/1

[SwitchD-GigabitEthernet1/0/1] port link-type trunk

[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 200

1.3.5  完整配置

l              Switch A的配置

#

vlan 100

#

interface GigabitEthernet1/0/1

 port access vlan 100

 qinq enable

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 100 

l              Switch B的配置

#

vlan 100

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 100

 qinq enable

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 100

#

interface GigabitEthernet1/0/3

 port access vlan 100

 qinq enable

l              Switch C的配置

#

vlan 200

#

traffic classifier uplink_out operator and

 if-match customer-vlan-id 10

 if-match service-vlan-id 200

traffic classifier downlink_in operator and

 if-match customer-vlan-id 10

 if-match service-vlan-id 100

traffic classifier downlink_out operator and

 if-match customer-vlan-id 30

 if-match service-vlan-id 200

#

traffic behavior uplink_out

 remark customer-vlan-id 30

traffic behavior downlink_in

 remark service-vlan-id 200

traffic behavior downlink_out

 remark customer-vlan-id 10

 remark service-vlan-id 100

#

qos policy uplink_out

 classifier uplink_out behavior uplink_out

qos policy downlink_in

 classifier downlink_in behavior downlink_in

qos policy downlink_out

 classifier downlink_out behavior downlink_out

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 200

 qos apply policy downlink_in inbound

 qos apply policy downlink_out outbound

#

interface GigabitEthernet1/0/2

 port link-type trunk

 port trunk permit vlan 1 200

 qos apply policy uplink_out outbound 

l              Switch D的配置

#

vlan 200

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 200 

#

interface GigabitEthernet1/0/2

 port access vlan 200

 qinq enable

1.3.6  配置注意事项

l              在下行端口上应用策略前,需要先配置端口作为用户侧端口;在下行端口取消端口作为用户侧端口的配置之前,需要先解除QoS策略在该端口上的绑定。

l              如果用户想要改变VLAN映射关系,必须先用reset dhcp-snooping命令来清除DHCP Snooping表项或者先取消下行端口与源IP和源MAC地址的动态绑定关系后再重新进行绑定,然后再修改QoS策略中的VLAN映射关系。

l              在配置N:1 VLAN映射时,设备对处于不同网络位置的端口收到的报文会进行不同的处理,所以需要区分端口是处于运营商侧还是处于用户侧。

l              qinq enable uplinkqinq enable downlink命令也可在端口组视图下使用,对该端口组内的所有成员端口都生效。

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们