Abstract: This document introduces how to use and configure QinQ (also known as VLAN-VPN) and selective QinQ on the H3C series Ethernet switches in real network scenario.

Acronyms: QinQ (802.1q in 802.1q)

Chapter 1 QinQ Overview

1.1 QinQ Support Matrix

1.1.1 Support for QinQ on the H3C Series Ethernet Switches

Table 1-1 Support for QinQ on the H3C series switches

Feature (right)	QinQ	Selective QinQ
Model (below)	QinQ	Selective QinQ
S3600-EI	l	l
S3600-SI	l	l
S5600	l	l
S5100-EI	l	l
S5100-SI	l	–
S3100-SI	l	–
S3100-52P	l	–

& Note:

l In the above table, the symbol solid dots (l) indicate that the corresponding models support the function, while the dashes (–) indicate that the corresponding models do not support the function.

l For the detailed information about selective QinQ supported by a model, refer to the user manual of the model.

1.2 Configuration Guide

& Note:

l The configuration procedure differs by device. In this guide, the S3600 series are taken as an example. For how to configure QinQ on other models, refer to their accompanied operation manuals.

l The configuration example in this guide provides only basic configuration procedures. For detailed information about the involved functions, refer to the corresponding operation manual and command manual.

1.2.1 Configuring QinQ

The H3C S3600 series support QinQ. It enables a frame to be transmitted across the service provider network with double VLAN tags.

Follow these steps to configure QinQ:

To do…			Use the command…	Remarks
Enter system view			system-view	—
Enter Ethernet port view			interface interface-type interface-number	—
Enable QinQ			vlan-vpn enable	Required Disabled by default.
Assign the port to the specified VLAN(s)		For an access port	port access vlan vlan-id	Required For a QinQ frame to be forwarded, the specified VLANs must include the outer VLAN ID of the frame. By default, a port permits only frames of VLAN 1 to pass through.
		For a trunk port	port trunk permit vlan { vlan-list \| all }
		For a hybrid port	port hybrid vlan vlan-list { tagged \| untagged }
Specify the default VLAN for the port	For an access port		The VLAN to which it is assigned to	Optional The VLAN specified here is the outer VLAN ID that basic QinQ tags frames with on the port. By default, the default VLAN of a port is VLAN 1.
	For a trunk port		port trunk pvid vlan vlan-id
	For a hybrid port		port hybrid pvid vlan vlan-id
Set the TPID in the outer VLAN tag of frames			vlan-vpn tpid value	Optional Do not set the TPID to a protocol value that may cause conflicts. Some of such values are listed in Table 3-1. By default, the TPID in the outer VLAN tag is 0x8100 on the H3C series switches.
Configure inner-outer VLAN tag priority copying			vlan-vpn inner-cos-trust enable	Use either command By default, both inner-outer VLAN tag priority copying and inner-outer VLAN tag priority mapping are disabled.
Configure an inner-outer VLAN tag priority mapping			vlan-vpn priority old-priority remark new-priority
Display information about all QinQ-enabled ports			display port vlan-vpn	Available in any view

1.2.2 Configuring Selective QinQ

Follow these steps to configure selective QinQ:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Enable selective QinQ	vlan-vpn enable	Required Disabled by default.
Specify the outer VLAN tag to be added to frames and enter QinQ view	vlan-vpn vid vlan-id	Required
Configure the port to add the outer VLAN tag to frames with a specified inner VLAN ID	raw-vlan-id inbound vlan-id-list	Required Disabled by default.
Configure inter-VLAN MAC address replicating for selective QinQ	mac-address-mapping index source-vlan source-vlan-list destination-vlan dest-vlan-id	Required Disabled by default.

& Note:

QinQ and selective QinQ cannot be enabled on any port of a device with IRF Fabric enabled.

Chapter 2 Configuration Examples

2.1 QinQ Configuration Example

& Note:

Throughout this document, customer VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a user uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for users.

2.1.1 Network Requirements

A service provider offers VPN services for MAN customers Customer 1 and Customer 2. For ease of network management and planning, both customers expect the service provider to forward their traffic with VLAN tags. In addition, the two customers prioritize traffic by VLAN as follows:

l Customer 1: high priority for traffic of CVLANs 20 through 100, normal priority for traffic of CVLANs 200 through 300, and low priority for traffic of CVLAN 400.

l Customer 2: high priority for traffic of CVLANs 300 through 350, normal priority for traffic of CVLANs 400 through 450, and low priority for traffic of CVLAN 100.

The service provider is required to prioritize the traffic of the two customers based on their respective traffic priority schemes and keep their traffic separated even when they are using the same inner VLAN ID. Untagged multicast traffic of the two customers is transmitted over the specified service provider VLAN based on the same transmission policy.

The core devices in the service provider network can recognize the TPID 9100 only. Therefore, you must configure the devices at the distribution layer to set the TPID in outer VLAN tags to 9100 for interoperability with the core devices.

2.1.2 Network Diagram

Figure 2-1 Network diagram for QinQ configuration

2.1.3 Configuration Outlines

& Note:

The following part provides only the configuration for transmitting traffic from left to right in Figure 2-1. You can follow the same configuration idea to configure the devices for transmitting traffic from right to left.

I. Configuration on the S3600-1

Figure 2-2 Configuration on the S3600-1

Customer 1 and Customer 2 are connected to Ethernet 1/0/10 and Ethernet 1/0/20 of the S3600-1 through DSLAM. DSLAM transmits customer traffic without removing their VLAN tag. The service provider network thus provides the following transmission policy for Customer 1 and Customer 2:

l Assigning SVLANs 100, 101, and 102 for Customer 1 to transmit high, normal, and low priority traffic respectively.

l Assigning SVLANs 200, 201, 202 for Customer 2 to transmit high, normal, and low priority traffic respectively.

l Transmitting the multicast traffic of the two customers over VLAN 500.

Table 2-1 Configure QinQ on the S3600-1 as follows:

Port	QinQ function	For inbound traffic Inner-outer VLAN mappings (CVLANs to SVLAN)	For outbound traffic
Ethernet 1/0/10	Enable selective QinQ	20 – 100 to 100 (high priority) 200 – 300 to 101 (normal priority) 400 to 102 (low priority)	Forward traffic with the outer VLAN tag removed.
	Enable basic QinQ	Untagged multicast traffic to VLAN 500
	Set the TPID on the port to 9100	—
	Configure inter-VLAN MAC address replicating to reduce QinQ frame broadcast	Replicate MAC address entries between the default VLAN and the outer VLANs
Ethernet 1/0/20	Enable selective QinQ	300 – 350 to 200 (high priority) 400 – 450 to 201 (normal priority) 100 to 202 (low priority)	Forward traffic with the outer VLAN tag removed.
	Enable basic QinQ	Untagged multicast traffic to VLAN 500
	Set the TPID on the port to 9100	—
	Configure inter-VLAN MAC address replicating to reduce QinQ frame broadcast	Replicate MAC address entries between the default VLAN and the outer VLANs
Ethernet 1/0/25	Set the TPID on the port to 9100	—	Forward traffic with VLAN tags.

& Note:

As the core devices on the service provider network can recognize the TPID 9100 only, you should change the TPID that the ports will use in the outer VLAN tags from 8100 (the default) to 9100 for interoperability sake.

II. Configuration on S3600-2

Figure 2-3 Configuration on S3600-2

Configure Ethernet 1/0/15 and Ethernet 1/0/20 to forward the traffic from the service provider network with the outer VLAN tag removed.

Basic QinQ and selective QinQ are required for S3600-2 to receive customer traffic. The configurations on S3600-2 are similar to those on S3600-1.

2.1.4 Configuration Procedure

I. Devices and software version used

The S3600 series, software version Test 1545.

II. Configuration procedure

l Configure the S3600-1

# Create SVLANs 100 through 102 and SVLANs 200 through 202.

<S3600-1> system-view

[S3600-1] vlan 100 to 102

[S3600-1] vlan 200 to 202

# Configure Ethernet 1/0/10 as a hybrid port, and assign it to SVLANs 100 through 102 and SVLAN 500. Configure SVLAN 500 as the default VLAN of Ethernet 1/0/10, and configure Ethernet 1/0/10 to forward the traffic of the four VLANs with their outer VLAN tag removed.

[S3600-1] interface Ethernet 1/0/10

[S3600-1-Ethernet1/0/10] port link-type hybrid

[S3600-1-Ethernet1/0/10] port hybrid vlan 100 101 102 500 untagged

[S3600-1-Ethernet1/0/10] port hybrid pvid vlan 500

# Enable basic QinQ on Ethernet 1/0/10 to tag the untagged multicast traffic with the SVLAN ID 500.

[S3600-1-Ethernet1/0/10] vlan-vpn enable

# Enable selective QinQ on Ethernet 1/0/10 to tag the received tagged traffic with an SVLAN ID based on the CVLAN ID.

[S3600-1-Ethernet1/0/10] vlan-vpn vid 100

[S3600-1-Ethernet1/0/10-vid-100] raw-vlan-id inbound 20 to 100

[S3600-1-Ethernet1/0/10-vid-100] quit

[S3600-1-Ethernet1/0/10] vlan-vpn vid 101

[S3600-1-Ethernet1/0/10-vid-101] raw-vlan-id inbound 200 to 300

[S3600-1-Ethernet1/0/10-vid-101] quit

[S3600-1-Ethernet1/0/10] vlan-vpn vid 102

[S3600-1-Ethernet1/0/10-vid-102] raw-vlan-id inbound 400

[S3600-1-Ethernet1/0/10-vid-102] quit

[S3600-1-Ethernet1/0/10]

# Enable MAC address replicating on Ethernet 1/0/10 to replicate the MAC addresses learned in VLAN 500 to SVLANs 100 through 102.

[S3600-1-Ethernet1/0/10] mac-address-mapping 0 source-vlan 500 destination-vlan 100

[S3600-1-Ethernet1/0/10] mac-address-mapping 1 source-vlan 500 destination-vlan 101

[S3600-1-Ethernet1/0/10] mac-address-mapping 2 source-vlan 500 destination-vlan 102

# Set the TPID in outer VLAN tags to 0x9100.

[S3600-1-Ethernet1/0/10] vlan-vpn tpid 9100

[S3600-1-Ethernet1/0/10] quit

# Configure Ethernet 1/0/20 as a hybrid port, and assign it to SVLANs 200 through 202 and SVLAN 500. Configure SVLAN 500 as the default VLAN of Ethernet 1/0/20, and configure the port to forward the traffic of the four VLANs with their outer VLAN tag removed.

[S3600-1] interface Ethernet 1/0/20

[S3600-1-Ethernet1/0/20] port link-type hybrid

[S3600-1-Ethernet1/0/20] port hybrid vlan 200 201 202 500 untagged

[S3600-1-Ethernet1/0/20] port hybrid pvid vlan 500

# Enable basic QinQ on Ethernet 1/0/20.

[S3600-1-Ethernet1/0/20] vlan-vpn enable

# Enable selective QinQ on Ethernet 1/0/20 to tag the received tagged traffic with an SVLAN ID based on the CVLAN ID.

[S3600-1-Ethernet1/0/20] vlan-vpn vid 200

[S3600-1-Ethernet1/0/20-vid-200] raw-vlan-id inbound 300 to 350

[S3600-1-Ethernet1/0/20-vid-200] quit

[S3600-1-Ethernet1/0/20] vlan-vpn vid 201

[S3600-1-Ethernet1/0/20-vid-201] raw-vlan-id inbound 400 to 450

[S3600-1-Ethernet1/0/20-vid-201] quit

[S3600-1-Ethernet1/0/20] vlan-vpn vid 202

[S3600-1-Ethernet1/0/20-vid-202] raw-vlan-id inbound 100

[S3600-1-Ethernet1/0/20-vid-202] quit

# Enable MAC address replicating on Ethernet 1/0/50 to replicate the MAC addresses learned in SVLAN 500 to SVLANs 200 through 202.

[S3600-1-Ethernet1/0/20] mac-address-mapping 0 source-vlan 500 destination-vlan 200

[S3600-1-Ethernet1/0/20] mac-address-mapping 1 source-vlan 500 destination-vlan 201

[S3600-1-Ethernet1/0/20] mac-address-mapping 2 source-vlan 500 destination-vlan 202

# Set the TPID in outer VLAN tags to 0x9100.

[S3600-1-Ethernet1/0/20] vlan-vpn tpid 9100

[S3600-1-Ethernet1/0/20] quit

# Configure Ethernet 1/0/25 as a hybrid port, and assign it to SVLANs 100 through 102, and SVLAN 500. Configure VLAN 200 as the default VLAN of Ethernet 1/0/10, and configure Ethernet 1/0/10 to forward the traffic of the four VLANs with the outer VLAN tag removed.

[S3600-1] interface Ethernet 1/0/25

[S3600-1-Ethernet1/0/25] port link-type hybrid

[S3600-1-Ethernet1/0/25] port hybrid vlan 100 101 102 200 201 202 500 tagged

# Configure Ethernet 1/0/25 to set its TPID to 9100.

[S3600-1-Ethernet1/0/25] vlan-vpn tpid 9100

l Configure S3600-2

Because the position of the S3600-2 on the network is the same as that of the S3600-1, you can configure basic QinQ and selective QinQ on the S3600-2 as you have done on the S3600-1. Note that:

Ethernet 1/0/15 of S3600-2 corresponds to Ethernet 1/0/10 of S3600-1.

Ethernet 1/0/20 of S3600-2 corresponds to Ethernet 1/0/20 of S3600-1.

Ethernet 1/0/10 of S3600-2 corresponds to Ethernet 1/0/10 of S3600-1.

l Configure the devices at the core

The configuration on the devices at the core involves the ports interconnecting the core devices and the ports connecting to the S3600-1 and the S3600-2. Your configuration must ensure that the core devices can send traffic of SVLANs (100 through 102, 200 through 202, and 500) without removing the outer VLAN tag.

Chapter 3 Appendix

3.1 Protocols and Standards

IEEE 802.1Q Virtual Bridged Local Area Networks

3.2 Reserved Protocol Type Values

Because the position of the TPID field is the same as that of the protocol type field in a VLAN untagged frame, you cannot set the TPID to any of the values in the table below.

Table 3-1 Reserved protocol type values

Protocol	Protocol type value
ARP	0x0806
IP	0x0800
MPLS	0x8847/0x8848
IPX	0x8137
IS-IS	0x8000
LACP	0x8809
802.1x	0x888E

H3C Low-End Ethernet Switches Configuration Examples(V1.04)

1.1.1 Support for QinQ on the H3C Series Ethernet Switches

I. Configuration on the S3600-1

II. Configuration on S3600-2

I. Devices and software version used

II. Configuration procedure

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us