04-Layer 2 - LAN Switching

HomeSupportResource CenterH3C Access Controllers Configuration Guides(E5208P03 E5215P01 R5215P01)-6W10204-Layer 2 - LAN Switching
08-VLAN termination configuration
Title Size Download
08-VLAN termination configuration 248.85 KB

Configuring VLAN termination

Overview

VLAN termination typically processes packets that include VLAN tags. A VLAN termination-enabled interface performs the following tasks when receiving a VLAN-tagged packet:

1.     Assigns the packet to an interface according to its VLAN tags.

2.     Removes the VLAN tags of the packet.

3.     Delivers the packet to Layer 3 forwarding or other processing pipelines.

Before sending the packet, the VLAN termination-enabled interface determines whether to add new VLAN tags to the packet, based on the VLAN termination type.

VLAN termination can also process packets that do not include any VLAN tags.

This document uses the following VLAN tag concepts for a packet that has two or more layers of VLAN tags:

·     Layer 1 VLAN tag—Specifies the outermost layer of VLAN tags.

·     Layer 2 VLAN tag—Specifies the second outermost layer of VLAN tags.

The VLAN IDs of the packets are numbered in the same manner as the VLAN tags.

VLAN termination types

VLAN termination types

Types of packets to be terminated on the interface

Tagging status of outgoing packets on the interface

Dot1q termination

The packets must meet both of the following requirements:

·     The packets include one or more layers of VLAN tags.

·     The outermost VLAN tag matches the configured value.

Single-tagged

QinQ termination

The packets must meet both of the following requirements:

·     The packets include two or more layers of VLAN tags.

·     The outermost two layers of tags match the configured values.

Double-tagged

Untagged termination

Untagged packets

Untagged

Default termination

Packets that cannot be processed on any other subinterfaces of the same main interface

Untagged

 

VLAN termination application scenarios

Inter-VLAN communication

Hosts in different VLANs cannot directly communicate with each other. You can use Layer 3 routing to allow all VLANs to communicate. To restrict communication to the specified VLANs, configure VLAN termination on subinterfaces or VLAN interfaces.

As shown in Figure 1, Host A and Host B are in different VLANs. The two hosts can communicate with each other after you perform the following tasks:

1.     Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP addresses for Host A and Host B, respectively.

2.     On the device, configure VLAN termination on Layer 3 Ethernet subinterfaces GigabitEthernet 1/0/1.1 and GigabitEthernet 1/0/2.1.

Figure 1 VLAN termination for inter-VLAN communication

 

LAN-WAN communication

Typically, WAN protocols such as PPP do not recognize VLAN-tagged packets from LANs. Before packets are sent to a WAN, the sending port must locally record the VLAN information and remove VLAN tags from the packets. To do that, configure VLAN termination on subinterfaces or VLAN interfaces.

As shown in Figure 2, a host is located on a customer network and wants to access the WAN network. CVLAN and SVLAN represent the VLAN on the customer network and service provider network, respectively.

To access the WAN network, a packet originating from the host is processed as follows:

1.     Layer 2 Switch A adds a CVLAN tag to the packet and sends the packet.

2.     Layer 2 Switch B adds an SVLAN tag to the packet on the QinQ-enabled port.

3.     The packet is forwarded on the service provider network based on the SVLAN tag.

4.     The gateway removes the two layers of VLAN tags from the packet and adds new VLAN tags on the QinQ termination-enabled port.

5.     The gateway sends the packet to the WAN network.

Figure 2 VLAN termination enables LAN-WAN communication

 

Feature and hardware compatibility

The following matrix shows the VLAN termination and hardware compatibility:

 

Hardware series

Model

VLAN termination compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-L

WX3010H-X

WX3024H

WX3024H-L

Yes:

·     WX3010H

·     WX3024H

No:

·     WX3010H-L

·     WX3010H-X

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

No

WX5500E series

WX5510E

WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

No

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

No

 

Configuration restrictions and guidelines

When you configure VLAN termination, follow these restrictions and guidelines:

·     On a portal-enabled interface, log off all portal users before you change the VLAN termination type, for example, from Dot1q termination to QinQ termination. Any portal users who remain online after the change cannot be logged off or reauthenticated. For more information about portal authentication, see Security Configuration Guide.

·     A main interface cannot terminate VLAN-tagged packets. To terminate VLAN-tagged packets, you can create subinterfaces for the main interface.

·     Layer 3 Ethernet subinterfaces and VLAN interfaces can terminate the following packets:

¡     Packets with matching Layer 1 VLAN IDs.

¡     Packets with matching Layer 1 and Layer 2 VLAN IDs.

A VLAN interface can terminate only the packets whose Layer 1 VLAN ID is numbered the same as the VLAN interface. For example, VLAN-interface 10 can terminate only the packets that have Layer 1 VLAN tag 10.

·     After you modify the VLAN termination configuration for a Layer 3 Ethernet subinterface, the subinterface automatically restarts. All dynamic ARP table entries for the subinterface are deleted.

·     When a main interface bound to a VLAN interface receives a VLAN-tagged packet, the main interface processes the packet according to the VLAN interface configuration.

After you configure VLAN termination, the system finds an interface for a received packet in the following order:

·     Subinterface configured with QinQ termination.

·     Subinterface configured with Dot1q termination, or subinterface that supports Dot1q termination by default.

·     Subinterface configured with untagged termination.

·     Subinterface configured with default termination.

·     Main interface.

VLAN termination configuration task list

Tasks at a glance

(Required.) Perform one of the following tasks:

·     Configuring Dot1q termination

¡     Configuring ambiguous Dot1q termination

¡     Configuring unambiguous Dot1q termination

·     Configuring QinQ termination

¡     Configuring ambiguous QinQ termination

¡     Configuring unambiguous QinQ termination

·     Configuring untagged termination

·     Configuring default termination

(Optional.) Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts

 

Configuring Dot1q termination

Based on the range of outermost VLAN IDs in the VLAN-tagged packets that can be terminated by a subinterface, the following types of Dot1q termination are available:

·     Ambiguous Dot1q termination—Terminates VLAN-tagged packets whose outermost VLAN IDs are in the specified range. Any other VLAN-tagged packets are not allowed to pass through this subinterface.

When the subinterface receives a packet, it removes the outermost layer of tags from the packet. When the subinterface sends a packet, it tags the packet with a VLAN ID as follows:

¡     For a PPPoE packet, the VLAN ID is obtained by searching the PPPoE session entries.

¡     For a DHCP relay packet, the VLAN ID is obtained by searching the DHCP session entries.

¡     For an IPv4 packet, the VLAN ID is obtained by searching the ARP entries.

·     Unambiguous Dot1q termination—Terminates only VLAN-tagged packets whose outermost VLAN ID matches the specified VLAN ID. Any other VLAN-tagged packets are not allowed to pass through this subinterface.

When the subinterface receives a packet, it removes the outermost VLAN tag of the packet.

When the subinterface sends a packet, it tags the packet with the specified VLAN ID.

Configuring ambiguous Dot1q termination

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

3.     Configure ambiguous Dot1q termination.

vlan-type dot1q vid vlan-id-list

By default, Dot1q termination is disabled on a subinterface.

 

Configuring unambiguous Dot1q termination

Step

Command

Remarks

4.     Enter system view.

system-view

N/A

5.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

6.     Configure unambiguous Dot1q termination.

vlan-type dot1q vid vlan-id

By default, Dot1q termination is disabled on a subinterface.

 

Configuring QinQ termination

QinQ termination allows only packets that include specific VLAN tags to pass through the subinterface or VLAN interface. The following types of QinQ termination are available:

·     Ambiguous QinQ termination—Terminates QinQ packets whose outermost two layers of VLAN IDs are in the specified range.

When the subinterface or VLAN interface receives a packet, it removes the outermost two layers of VLAN tags of the packet.

When the subinterface or VLAN interface sends a packet, it tags the packet with the outermost two layers of VLAN IDs, which are determined as follows:

¡     For a PPPoE packet, the outermost two layers of VLAN IDs are obtained by searching the PPPoE session entries.

¡     For a DHCP relay packet, the outermost two layers of VLAN IDs are obtained by searching the DHCP relay entries.

¡     For an IPv4 packet, the outermost two layers of VLAN IDs are obtained by searching the ARP entries.

·     Unambiguous QinQ termination—Terminates QinQ packets whose outermost two layers of VLAN IDs match the specified values.

When the subinterface or VLAN interface receives a packet, it removes the two layers of VLAN tags of the packet.

When the subinterface or VLAN interface sends the packet, it tags the packet with two layers of VLAN tags as specified.

Configuring ambiguous QinQ termination

Configuring ambiguous QinQ termination by specifying the outermost two layers of VLAN IDs

When you configure ambiguous QinQ termination by using this method, follow these restrictions and guidelines:

·     If you specify the same Layer 1 VLAN ID for multiple subinterfaces under a main interface, the Layer 2 VLAN IDs specified for them must be different. However, if you specify different Layer 1 VLAN IDs for the subinterfaces, the Layer 2 VLAN IDs specified for the subinterfaces are not required to be different.

·     Subinterfaces under different main interfaces can terminate VLAN-tagged packets with the same Layer 1 and Layer 2 VLAN IDs.

·     When you use the vlan-type dot1q vid second-dot1q command to configure ambiguous QinQ termination multiple times, one of the following conditions occurs:

¡     If the most recently specified Layer 1 ID is the same as the current Layer 1 ID, the specified Layer 2 IDs in both configurations take effect.

¡     If the most recently specified Layer 1 ID is different from the current Layer 1 ID, you must first delete the old configuration.

To configure ambiguous QinQ termination:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

3.     Configure ambiguous QinQ termination by specifying the outermost two layers of VLAN IDs.

vlan-type dot1q vid vlan-id-list second-dot1q { vlan-id-list | any }

By default, QinQ termination is disabled on an interface.

 

Configuring ambiguous QinQ termination by specifying the Layer 2 VLAN IDs

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter VLAN interface view.

interface vlan-interface interface-number

N/A

3.     Configure ambiguous QinQ termination by specifying the Layer 2 VLAN IDs.

second-dot1q { vlan-id-list | any }

By default, QinQ termination is disabled on an interface.

The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable.

 

 

NOTE:

After you enable ambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows:

·     Process only packets that match the ambiguous QinQ termination configuration of the VLAN interface.

·     Drop any other packets sent to the VLAN interface.

 

Configuring unambiguous QinQ termination

Configuring unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

3.     Configure unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs.

vlan-type dot1q vid vlan-id second-dot1q vlan-id

By default, QinQ termination is disabled on an interface.

 

Configuring unambiguous QinQ termination by specifying the Layer 2 VLAN ID

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter VLAN interface view.

interface vlan-interface interface-number

N/A

3.     Configure unambiguous QinQ termination by specifying the Layer 2 VLAN ID.

second-dot1q vlan-id

By default, QinQ termination is disabled on an interface.

The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable.

 

 

NOTE:

After you enable unambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows:

·     Process only packets that match the unambiguous QinQ termination configuration of the VLAN interface.

·     Drop any other packets sent to the VLAN interface.

 

Configuring untagged termination

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

3.     Configure untagged termination.

vlan-type dot1q untagged

By default, untagged termination is disabled on a subinterface.

 

Configuring default termination

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

N/A

3.     Configure default termination.

vlan-type dot1q default

By default, default termination is disabled on a subinterface.

 

Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts

This function enables ambiguous Dot1q or QinQ termination-enabled interfaces to transmit broadcasts and multicasts.

To enable a VLAN termination-enabled interface to transmit broadcasts and multicasts:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

·     Enter Layer 3 Ethernet subinterface view:
interface interface-type interface-number.subnumber

·     Enter VLAN interface view:
interface vlan-interface interface-number

N/A

3.     Enable the interface to transmit broadcasts and multicasts.

vlan-termination broadcast enable

By default, an ambiguous Dot1q or QinQ termination-enabled interface does not transmit broadcasts and multicasts.

 

VLAN termination configuration examples

Unambiguous Dot1q termination configuration example

Network requirements

As shown in Figure 3, configure unambiguous Dot1q termination on subinterfaces of the device to implement intra-VLAN and inter-VLAN communications between hosts.

Figure 3 Network diagram

 

Configuration procedure

IMPORTANT

IMPORTANT:

The vlan-type dot1q vid command is required for devices that support it, because an Ethernet subinterface can be activated and transmit packets only after it is associated with VLANs.

 

1.     Configure Host A, Host B, Host C, and Host D:

# On Host A, specify 1.1.1.1/8 and 1.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host B, specify 2.2.2.2/8 and 2.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host C, specify 3.3.3.3/8 and 3.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host D, specify 4.4.4.4/8 and 4.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

2.     Configure Layer 2 Switch A:

# Create VLAN 10.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 10

# Assign GigabitEthernet 1/0/2 to VLAN 10.

[L2_SwitchA-vlan10] port gigabitethernet 1/0/2

[L2_SwitchA-vlan10] quit

# Create VLAN 20.

[L2_SwitchA] vlan 20

# Assign GigabitEthernet 1/0/3 to VLAN 20.

[L2_SwitchA-vlan20] port gigabitethernet 1/0/3

[L2_SwitchA-vlan20] quit

# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 10 and 20.

[L2_SwitchA] interface gigabitethernet 1/0/1

[L2_SwitchA-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 10 20

3.     Configure Layer 2 Switch B in the same way you configure Layer 2 Switch A. (Details not shown.)

4.     Configure the AC:

# Create GigabitEthernet 1/0/1.10, and assign an IP address to this interface.

<AC> system-view

[AC] interface gigabitethernet 1/0/1.10

[AC-GigabitEthernet1/0/1.10] ip address 1.0.0.1 255.0.0.0

# Configure GigabitEthernet 1/0/1.10 to terminate packets tagged with VLAN 10.

[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 10

[AC-GigabitEthernet1/0/1.10] quit

# Create GigabitEthernet 1/0/1.20, and assign an IP address to this interface.

[AC] interface gigabitethernet 1/0/1.20

[AC-GigabitEthernet1/0/1.20] ip address 2.0.0.1 255.0.0.0

# Configure GigabitEthernet 1/0/1.20 to terminate packets tagged with VLAN 20.

[AC-GigabitEthernet1/0/1.20] vlan-type dot1q vid 20

[AC-GigabitEthernet1/0/1.20] quit

# Configure GigabitEthernet 2/0/1.10, and assign an IP address to this interface.

[AC] interface gigabitethernet 2/0/1.10

[AC-GigabitEthernet2/0/1.10] ip address 3.0.0.1 255.0.0.0

# Configure GigabitEthernet 2/0/1.10 to terminate packets tagged with VLAN 10.

[AC-GigabitEthernet2/0/1.10] vlan-type dot1q vid 10

[AC-GigabitEthernet2/0/1.10] quit

# Configure GigabitEthernet 2/0/1.20, and assign an IP address to this interface.

[AC] interface gigabitethernet 2/0/1.20

[AC-GigabitEthernet2/0/1.20] ip address 4.0.0.1 255.0.0.0

# Configure GigabitEthernet 2/0/1.20 to terminate packets tagged with VLAN 20.

[AC-GigabitEthernet2/0/1.20] vlan-type dot1q vid 20

[AC-GigabitEthernet2/0/1.20] quit

Verifying the configuration

# Verify that Host A, Host B, Host C, and Host D can ping each other. (Details not shown.)

Ambiguous Dot1q termination configuration example

Network requirements

As shown in Figure 4, configure ambiguous Dot1q termination, so that hosts in different VLANs can communicate with the server group.

Figure 4 Network diagram

 

Configuration procedure

In this example, L2 switch B uses the factory configuration.

1.     Configure Host A, Host B, and Host C:

# Assign 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)

# Specify 1.1.1.11/24 as the gateway IP address for the hosts. (Details not shown.)

2.     Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/1 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/1

[L2_SwitchA-vlan11] quit

# Create VLAN 12.

[L2_SwitchA] vlan 12

# Assign GigabitEthernet 1/0/2 to VLAN 12.

[L2_SwitchA-vlan12] port gigabitethernet 1/0/2

[L2_SwitchA-vlan12] quit

# Create VLAN 13.

[L2_SwitchA] vlan 13

# Assign GigabitEthernet 1/0/3 to VLAN 13.

[L2_SwitchA-vlan13] port gigabitethernet 1/0/3

[L2_SwitchA-vlan13] quit

# Configure GigabitEthernet 1/0/7 as a trunk port, and assign the port to VLANs 11 through 13.

[L2_SwitchA] interface gigabitethernet 1/0/7

[L2_SwitchA-GigabitEthernet1/0/7] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/7] port trunk permit vlan 11 to 13

3.     Configure the AC:

# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.

<AC> system-view

[AC] interface gigabitethernet 1/0/1.10

[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0

# Enable Dot1q termination on GigabitEthernet 1/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN IDs are 11, 12, or 13.

[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 11 to 13

# Enable GigabitEthernet 1/0/1.10 to transmit broadcasts and multicasts.

[AC-GigabitEthernet1/0/1.10] vlan-termination broadcast enable

[AC-GigabitEthernet1/0/1.10] quit

# Configure an IP address for GigabitEthernet 1/0/2.

[AC] interface gigabitethernet 1/0/2

[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0

4.     Configure the server group:

# Assign each device in the server group an IP address on the network segment 1.1.2.0/24. (Details not shown.)

# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)

Verifying the configuration

# Verify that Host A, Host B, and Host C can ping the device in the server group. (Details not shown.)

Configuration example for Dot1q termination supporting PPPoE server

Network requirements

As shown in Figure 5, the AC acts as a PPPoE server. Hosts in different VLANs access the Internet through the PPPoE server.

Configure Dot1q termination so that hosts in different VLANs can access the Internet.

Figure 5 Network diagram

 

Configuration procedure

# Configure VLANs and Dot1q termination. For the configuration procedure, see "Ambiguous Dot1q termination configuration example." (Details not shown.)

# Configure the AC as the PPPoE server. Configure PPPoE settings on GigabitEthernet 1/0/1.10 on the AC. For more information about the PPPoE configuration, see Layer 2—WAN Configuration Guide. (Details not shown.)

Unambiguous QinQ termination configuration example

Network requirements

As shown in Figure 6:

·     Layer 2 Switch C supports only single VLAN-tagged packets.

·     On Layer 2 Switch B, GigabitEthernet 1/0/2 is enabled with QinQ to adds an SVLAN tag 100 to the packets with CVLAN ID 11.

Configure unambiguous QinQ termination so that Host A can communicate with Host B.

Figure 6 Network diagram

 

Configuration procedure

In this example, Layer 2 Switch C uses the factory configuration.

1.     Configure Host A and Host B:

# On Host A, specify 1.1.1.1/24 and 1.1.1.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host B, specify 1.1.2.1/24 and 1.1.2.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)

2.     Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/2 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/2

[L2_SwitchA-vlan11] quit

# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 11.

[L2_SwitchA] interface gigabitethernet 1/0/1

[L2_SwitchA-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 11

3.     Configure Layer 2 Switch B:

# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 11 and VLAN 100.

<L2_SwitchB> system-view

[L2_SwitchB] interface gigabitethernet 1/0/2

[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[L2_SwitchB-GigabitEthernet1/0/2] qinq enable

[L2_SwitchB-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.

[L2_SwitchB] interface gigabitethernet 1/0/1

[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100

4.     Configure the AC:

# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.

<AC> system-view

[AC] interface gigabitethernet 1/0/1.10

[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0

# Enable QinQ termination on GigabitEthernet 1/0/1.10 to terminate the VLAN-tagged packets with the Layer 1 VLAN ID 100 and the Layer 2 VLAN ID 11.

[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 100 second-dot1q 11

[AC-GigabitEthernet1/0/1.10] quit

# Assign an IP address to GigabitEthernet 1/0/2.

[AC] interface gigabitethernet 1/0/2

[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0

Verifying the configuration

# Verify that Host A and Host B can ping each other. (Details not shown.)

Ambiguous QinQ termination configuration example

Network requirements

As shown in Figure 7, QinQ is enabled on GigabitEthernet 1/0/2 of Layer 2 Switch B.

Configure ambiguous QinQ termination, so that hosts can communicate with the server group.

Figure 7 Network diagram

 

Configuration procedure

In this example, Layer 2 Switch C uses the factory configuration.

1.     Configure Host A, Host B, and Host C:

# Assign IP addresses 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)

# Specify 1.1.1.11/24 as the gateway address for the hosts. (Details not shown.)

2.     Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/1 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/1

[L2_SwitchA-vlan11] quit

# Create VLAN 12.

[L2_SwitchA] vlan 12

# Assign GigabitEthernet 1/0/2 to VLAN 12.

[L2_SwitchA-vlan12] port gigabitethernet 1/0/2

[L2_SwitchA-vlan12] quit

# Create VLAN 13.

[L2_SwitchA] vlan 13

# Assign GigabitEthernet 1/0/3 to VLAN 13.

[L2_SwitchA-vlan13] port gigabitethernet 1/0/3

[L2_SwitchA-vlan13] quit

# Configure GigabitEthernet 1/0/7 as a trunk port, and assign the port to VLANs 11 through 13.

[L2_SwitchA] interface gigabitethernet 1/0/7

[L2_SwitchA-GigabitEthernet1/0/7] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/7] port trunk permit vlan 11 to 13

3.     Configure Layer 2 Switch B:

# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLANs 11 through 13 and VLAN 100.

<L2_SwitchB> system-view

[L2_SwitchB] interface gigabitethernet 1/0/2

[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 to 13 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[L2_SwitchB-GigabitEthernet1/0/2] qinq enable

[L2_SwitchB-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.

[L2_SwitchB] interface gigabitethernet 1/0/1

[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100

4.     Configure the AC:

# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.

<AC> system-view

[AC] interface gigabitethernet 1/0/1.10

[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0

# Configure GigabitEthernet 1/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN ID is 100 and Layer 2 VLAN ID is 11, 12, or 13.

[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 100 second-dot1q 11 to 13

# Enable GigabitEthernet 1/0/1.10 to transmit broadcasts and multicasts.

[AC-GigabitEthernet1/0/1.10] vlan-termination broadcast enable

[AC-GigabitEthernet1/0/1.10] quit

# Assign an IP address to GigabitEthernet 1/0/2.

[AC] interface gigabitethernet 1/0/2

[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0

5.     Configure the server group:

# Assign each device in the server group an IP address on the network segment 1.1.2.0/24. (Details not shown.)

# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)

Verifying the configuration

# Verify that Host A, Host B, and Host C can ping the server group. (Details not shown.)