Login
- Table of Contents
-
- H3C Low-End Ethernet Switches Configuration Examples(V1.04)
- 01-DHCP Configuration Examples
- 02-QACL Configuration Examples
- 03-802.1x Configuration Examples
- 04-SSH Configuration Examples
- 05-Routing Configuration Examples
- 06-Multicast Protocol Configuration Examples
- 07-VLAN Configuration Examples
- 08-Voice VLAN configuration examples
- 09-QinQ Configuration Examples
- 10-ARP Attack Prevention Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-QinQ Configuration Examples | 124.03 KB |
Table of Contents
1.1.1 Support for QinQ on the H3C Series Ethernet Switches
1.2.2 Configuring Selective QinQ
Chapter 2 Configuration Examples
2.1 QinQ Configuration Example
3.2 Reserved Protocol Type Values
QinQ Configuration Examples
Keywords: QinQ, selective QinQ
Abstract: This document introduces how to use and configure QinQ (also known as VLAN-VPN) and selective QinQ on the H3C series Ethernet switches in real network scenario.
Acronyms: QinQ (802.1q in 802.1q)
Chapter 1 QinQ Overview
1.1 QinQ Support Matrix
1.1.1 Support for QinQ on the H3C Series Ethernet Switches
Table 1-1 Support for QinQ on the H3C series switches
|
Feature (right) |
QinQ |
Selective QinQ |
|
Model (below) |
||
|
l |
l |
|
|
S3600-SI |
l |
l |
|
S5600 |
l |
l |
|
S5100-EI |
l |
l |
|
S5100-SI |
l |
– |
|
S3100-SI |
l |
– |
|
S3100-52P |
l |
– |
& Note:
l In the above table, the symbol solid dots (l) indicate that the corresponding models support the function, while the dashes (–) indicate that the corresponding models do not support the function.
l For the detailed information about selective QinQ supported by a model, refer to the user manual of the model.
1.2 Configuration Guide
& Note:
l The configuration procedure differs by device. In this guide, the S3600 series are taken as an example. For how to configure QinQ on other models, refer to their accompanied operation manuals.
l The configuration example in this guide provides only basic configuration procedures. For detailed information about the involved functions, refer to the corresponding operation manual and command manual.
1.2.1 Configuring QinQ
The H3C S3600 series support QinQ. It enables a frame to be transmitted across the service provider network with double VLAN tags.
Follow these steps to configure QinQ:
|
To do… |
Use the command… |
Remarks |
||
|
Enter system view |
system-view |
— |
||
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
||
|
Enable QinQ |
vlan-vpn enable |
Required Disabled by default. |
||
|
Assign the port to the specified VLAN(s) |
For an access port |
port access vlan vlan-id |
Required For a QinQ frame to be forwarded, the specified VLANs must include the outer VLAN ID of the frame. By default, a port permits only frames of VLAN 1 to pass through. |
|
|
For a trunk port |
port trunk permit vlan { vlan-list | all } |
|||
|
For a hybrid port |
port hybrid vlan vlan-list { tagged | untagged } |
|||
|
Specify the default VLAN for the port |
For an access port |
The VLAN to which it is assigned to |
Optional The VLAN specified here is the outer VLAN ID that basic QinQ tags frames with on the port. By default, the default VLAN of a port is VLAN 1. |
|
|
For a trunk port |
port trunk pvid vlan vlan-id |
|||
|
For a hybrid port |
port hybrid pvid vlan vlan-id |
|||
|
Set the TPID in the outer VLAN tag of frames |
vlan-vpn tpid value |
Optional Do not set the TPID to a protocol value that may cause conflicts. Some of such values are listed in Table 3-1. By default, the TPID in the outer VLAN tag is 0x8100 on the H3C series switches. |
||
|
Configure inner-outer VLAN tag priority copying |
vlan-vpn inner-cos-trust enable |
Use either command By default, both inner-outer VLAN tag priority copying and inner-outer VLAN tag priority mapping are disabled. |
||
|
Configure an inner-outer VLAN tag priority mapping |
vlan-vpn priority old-priority remark new-priority |
|||
|
Display information about all QinQ-enabled ports |
display port vlan-vpn |
Available in any view |
||
1.2.2 Configuring Selective QinQ
Follow these steps to configure selective QinQ:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Enable selective QinQ |
vlan-vpn enable |
Required Disabled by default. |
|
Specify the outer VLAN tag to be added to frames and enter QinQ view |
vlan-vpn vid vlan-id |
Required |
|
Configure the port to add the outer VLAN tag to frames with a specified inner VLAN ID |
raw-vlan-id inbound vlan-id-list |
Required Disabled by default. |
|
Configure inter-VLAN MAC address replicating for selective QinQ |
mac-address-mapping index source-vlan source-vlan-list destination-vlan dest-vlan-id |
Required Disabled by default. |
& Note:
QinQ and selective QinQ cannot be enabled on any port of a device with IRF Fabric enabled.
Chapter 2 Configuration Examples
2.1 QinQ Configuration Example
& Note:
Throughout this document, customer VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a user uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for users.
2.1.1 Network Requirements
A service provider offers VPN services for MAN customers Customer 1 and Customer 2. For ease of network management and planning, both customers expect the service provider to forward their traffic with VLAN tags. In addition, the two customers prioritize traffic by VLAN as follows:
l Customer 1: high priority for traffic of CVLANs 20 through 100, normal priority for traffic of CVLANs 200 through 300, and low priority for traffic of CVLAN 400.
l Customer 2: high priority for traffic of CVLANs 300 through 350, normal priority for traffic of CVLANs 400 through 450, and low priority for traffic of CVLAN 100.
The service provider is required to prioritize the traffic of the two customers based on their respective traffic priority schemes and keep their traffic separated even when they are using the same inner VLAN ID. Untagged multicast traffic of the two customers is transmitted over the specified service provider VLAN based on the same transmission policy.
The core devices in the service provider network can recognize the TPID 9100 only. Therefore, you must configure the devices at the distribution layer to set the TPID in outer VLAN tags to 9100 for interoperability with the core devices.
2.1.2 Network Diagram
Figure 2-1 Network diagram for QinQ configuration
2.1.3 Configuration Outlines
& Note:
The following part provides only the configuration for transmitting traffic from left to right in Figure 2-1. You can follow the same configuration idea to configure the devices for transmitting traffic from right to left.
I. Configuration on the S3600-1
Figure 2-2 Configuration on the S3600-1
Customer 1 and Customer 2 are connected to Ethernet 1/0/10 and Ethernet 1/0/20 of the S3600-1 through DSLAM. DSLAM transmits customer traffic without removing their VLAN tag. The service provider network thus provides the following transmission policy for Customer 1 and Customer 2:
l Assigning SVLANs 100, 101, and 102 for Customer 1 to transmit high, normal, and low priority traffic respectively.
l Assigning SVLANs 200, 201, 202 for Customer 2 to transmit high, normal, and low priority traffic respectively.
l Transmitting the multicast traffic of the two customers over VLAN 500.
Table 2-1 Configure QinQ on the S3600-1 as follows:
|
Port |
QinQ function |
For inbound traffic Inner-outer VLAN mappings (CVLANs to SVLAN) |
For outbound traffic |
|
Ethernet 1/0/10 |
Enable selective QinQ |
20 – 100 to 100 (high priority) 200 – 300 to 101 (normal priority) 400 to 102 (low priority) |
Forward traffic with the outer VLAN tag removed. |
|
Enable basic QinQ |
Untagged multicast traffic to VLAN 500 |
||
|
Set the TPID on the port to 9100 |
— |
||
|
Configure inter-VLAN MAC address replicating to reduce QinQ frame broadcast |
Replicate MAC address entries between the default VLAN and the outer VLANs |
||
|
Ethernet 1/0/20 |
Enable selective QinQ |
300 – 350 to 200 (high priority) 400 – 450 to 201 (normal priority) 100 to 202 (low priority) |
Forward traffic with the outer VLAN tag removed. |
|
Enable basic QinQ |
Untagged multicast traffic to VLAN 500 |
||
|
Set the TPID on the port to 9100 |
— |
||
|
Configure inter-VLAN MAC address replicating to reduce QinQ frame broadcast |
Replicate MAC address entries between the default VLAN and the outer VLANs |
||
|
Ethernet 1/0/25 |
Set the TPID on the port to 9100 |
— |
Forward traffic with VLAN tags. |
& Note:
As the core devices on the service provider network can recognize the TPID 9100 only, you should change the TPID that the ports will use in the outer VLAN tags from 8100 (the default) to 9100 for interoperability sake.
II. Configuration on S3600-2
Figure 2-3 Configuration on S3600-2
Configure Ethernet 1/0/15 and Ethernet 1/0/20 to forward the traffic from the service provider network with the outer VLAN tag removed.
Basic QinQ and selective QinQ are required for S3600-2 to receive customer traffic. The configurations on S3600-2 are similar to those on S3600-1.
2.1.4 Configuration Procedure
I. Devices and software version used
The S3600 series, software version Test 1545.
II. Configuration procedure
l Configure the S3600-1
# Create SVLANs 100 through 102 and SVLANs 200 through 202.
<S3600-1> system-view
[S3600-1] vlan 100 to 102
[S3600-1] vlan 200 to 202
# Configure Ethernet 1/0/10 as a hybrid port, and assign it to SVLANs 100 through 102 and SVLAN 500. Configure SVLAN 500 as the default VLAN of Ethernet 1/0/10, and configure Ethernet 1/0/10 to forward the traffic of the four VLANs with their outer VLAN tag removed.
[S3600-1] interface Ethernet 1/0/10
[S3600-1-Ethernet1/0/10] port link-type hybrid
[S3600-1-Ethernet1/0/10] port hybrid vlan 100 101 102 500 untagged
[S3600-1-Ethernet1/0/10] port hybrid pvid vlan 500
# Enable basic QinQ on Ethernet 1/0/10 to tag the untagged multicast traffic with the SVLAN ID 500.
[S3600-1-Ethernet1/0/10] vlan-vpn enable
# Enable selective QinQ on Ethernet 1/0/10 to tag the received tagged traffic with an SVLAN ID based on the CVLAN ID.
[S3600-1-Ethernet1/0/10] vlan-vpn vid 100
[S3600-1-Ethernet1/0/10-vid-100] raw-vlan-id inbound 20 to 100
[S3600-1-Ethernet1/0/10-vid-100] quit
[S3600-1-Ethernet1/0/10] vlan-vpn vid 101
[S3600-1-Ethernet1/0/10-vid-101] raw-vlan-id inbound 200 to 300
[S3600-1-Ethernet1/0/10-vid-101] quit
[S3600-1-Ethernet1/0/10] vlan-vpn vid 102
[S3600-1-Ethernet1/0/10-vid-102] raw-vlan-id inbound 400
[S3600-1-Ethernet1/0/10-vid-102] quit
[S3600-1-Ethernet1/0/10]
# Enable MAC address replicating on Ethernet 1/0/10 to replicate the MAC addresses learned in VLAN 500 to SVLANs 100 through 102.
[S3600-1-Ethernet1/0/10] mac-address-mapping 0 source-vlan 500 destination-vlan 100
[S3600-1-Ethernet1/0/10] mac-address-mapping 1 source-vlan 500 destination-vlan 101
[S3600-1-Ethernet1/0/10] mac-address-mapping 2 source-vlan 500 destination-vlan 102
# Set the TPID in outer VLAN tags to 0x9100.
[S3600-1-Ethernet1/0/10] vlan-vpn tpid 9100
[S3600-1-Ethernet1/0/10] quit
# Configure Ethernet 1/0/20 as a hybrid port, and assign it to SVLANs 200 through 202 and SVLAN 500. Configure SVLAN 500 as the default VLAN of Ethernet 1/0/20, and configure the port to forward the traffic of the four VLANs with their outer VLAN tag removed.
[S3600-1] interface Ethernet 1/0/20
[S3600-1-Ethernet1/0/20] port link-type hybrid
[S3600-1-Ethernet1/0/20] port hybrid vlan 200 201 202 500 untagged
[S3600-1-Ethernet1/0/20] port hybrid pvid vlan 500
# Enable basic QinQ on Ethernet 1/0/20.
[S3600-1-Ethernet1/0/20] vlan-vpn enable
# Enable selective QinQ on Ethernet 1/0/20 to tag the received tagged traffic with an SVLAN ID based on the CVLAN ID.
[S3600-1-Ethernet1/0/20] vlan-vpn vid 200
[S3600-1-Ethernet1/0/20-vid-200] raw-vlan-id inbound 300 to 350
[S3600-1-Ethernet1/0/20-vid-200] quit
[S3600-1-Ethernet1/0/20] vlan-vpn vid 201
[S3600-1-Ethernet1/0/20-vid-201] raw-vlan-id inbound 400 to 450
[S3600-1-Ethernet1/0/20-vid-201] quit
[S3600-1-Ethernet1/0/20] vlan-vpn vid 202
[S3600-1-Ethernet1/0/20-vid-202] raw-vlan-id inbound 100
[S3600-1-Ethernet1/0/20-vid-202] quit
# Enable MAC address replicating on Ethernet 1/0/50 to replicate the MAC addresses learned in SVLAN 500 to SVLANs 200 through 202.
[S3600-1-Ethernet1/0/20] mac-address-mapping 0 source-vlan 500 destination-vlan 200
[S3600-1-Ethernet1/0/20] mac-address-mapping 1 source-vlan 500 destination-vlan 201
[S3600-1-Ethernet1/0/20] mac-address-mapping 2 source-vlan 500 destination-vlan 202
# Set the TPID in outer VLAN tags to 0x9100.
[S3600-1-Ethernet1/0/20] vlan-vpn tpid 9100
[S3600-1-Ethernet1/0/20] quit
# Configure Ethernet 1/0/25 as a hybrid port, and assign it to SVLANs 100 through 102, and SVLAN 500. Configure VLAN 200 as the default VLAN of Ethernet 1/0/10, and configure Ethernet 1/0/10 to forward the traffic of the four VLANs with the outer VLAN tag removed.
[S3600-1] interface Ethernet 1/0/25
[S3600-1-Ethernet1/0/25] port link-type hybrid
[S3600-1-Ethernet1/0/25] port hybrid vlan 100 101 102 200 201 202 500 tagged
# Configure Ethernet 1/0/25 to set its TPID to 9100.
[S3600-1-Ethernet1/0/25] vlan-vpn tpid 9100
l Configure S3600-2
Because the position of the S3600-2 on the network is the same as that of the S3600-1, you can configure basic QinQ and selective QinQ on the S3600-2 as you have done on the S3600-1. Note that:
Ethernet 1/0/15 of S3600-2 corresponds to Ethernet 1/0/10 of S3600-1.
Ethernet 1/0/20 of S3600-2 corresponds to Ethernet 1/0/20 of S3600-1.
Ethernet 1/0/10 of S3600-2 corresponds to Ethernet 1/0/10 of S3600-1.
l Configure the devices at the core
The configuration on the devices at the core involves the ports interconnecting the core devices and the ports connecting to the S3600-1 and the S3600-2. Your configuration must ensure that the core devices can send traffic of SVLANs (100 through 102, 200 through 202, and 500) without removing the outer VLAN tag.
Chapter 3 Appendix
3.1 Protocols and Standards
IEEE 802.1Q Virtual Bridged Local Area Networks
3.2 Reserved Protocol Type Values
Because the position of the TPID field is the same as that of the protocol type field in a VLAN untagged frame, you cannot set the TPID to any of the values in the table below.
Table 3-1 Reserved protocol type values
|
Protocol |
Protocol type value |
|
ARP |
0x0806 |
|
IP |
0x0800 |
|
MPLS |
0x8847/0x8848 |
|
IPX |
0x8137 |
|
IS-IS |
0x8000 |
|
LACP |
0x8809 |
|
802.1x |
0x888E |
