Table of Contents

Chapter 1 QinQ Configuration Commands. 1-1

1.1 QinQ Configuration Commands. 1-1

1.1.1 display atm vlan-vpn. 1-1

1.1.2 display port vlan-vpn. 1-2

1.1.3 traffic-redirect 1-2

1.1.4 traceuser 1-5

1.1.5 vlan-vpn enable. 1-6

1.1.6 vlan-vpn tpid. 1-7

1.1.7 vlan-vpn tunnel 1-8

1.1.8 vlan-vpn uplink enable. 1-9

 

Chapter 1  QinQ Configuration Commands

1.1  QinQ Configuration Commands

1.1.1  display atm vlan-vpn

Syntax

display atm vlan-vpn [ interface atm interface-number [ pvc { pvc-name | vpi/vci } ] ]

View

Any view

Parameters

interface-number: ATM primary port or subinterface number.

pvc-name: PVC name. If you do not specify the PVC name or VPI/VCI value, all the PVCs of the ATM primary port or subinterfaces will be specified by default.

vpi/vci: VPI/VCI value.

Description

Use the display atm vlan-vpn command to display the configuration information of VLAN VPN-enabled PVCs of the ATM primary port or the subinterface. 

Related command: vlan-vpn enable.

Examples

# Display the configuration of all the VLAN VPN-enabled PVCs on the current ATM primary port.

<H3C> display atm vlan-vpn

VLAN-VPN TPID: 0x8100

Atm4/1/1, PVC 41/1

  VLAN-VPN status: enabled

  VLAN-VPN VLAN: 1

Atm4/1/1, PVC 41/5

  VLAN-VPN status: enabled

  VLAN-VPN VLAN: 5

Atm4/1/1, PVC 41/6

  VLAN-VPN status: enabled

  VLAN-VPN VLAN: 6

1.1.2  display port vlan-vpn

Syntax

display port vlan-vpn

View

Any view

Parameters

None

Description

Use the display port vlan-vpn command to display in order the VLAN VPN-related configurations in the current system, including current TPID, the information about VLAN-VPN ports, and the information about VLAN-VPN uplink ports.

Examples

# Display the VLAN VPN-related configurations in the current system.

<H3C> display port vlan-vpn

VLAN-VPN TPID: 0x9100

 

GigabitEthernet1/1/1

 VLAN-VPN status: enabled

 VLAN-VPN VLAN: 1

 

GigabitEthernet1/1/2

VLAN-VPN uplink status: enabled

1.1.3  traffic-redirect

Syntax

I. Use the following command to deliver Layer 3 traffic classification rules.

traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { nested-vlan nested-vlanid [ interface interface-type interface-number destination-vlan [ l2-vpn ] | link-aggregation group groupid destination-vlan | smart-link group groupid destination-vlan ] | modified-vlan modified-vlanid }

undo traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ]

II. Use the following command to deliver Layer 2 and Layer 3 traffic classification rules simultaneously.

traffic-redirect inbound ip-group { acl-number | acl-name } rule rule link-group { acl-number | acl-name } [ rule rule ] { nested-vlan nested-vlanid [ interface interface-type interface-number destination-vlan [ l2-vpn ] | link-aggregation group groupid destination-vlan | smart-link group groupid destination-vlan ] | modified-vlan modified-vlanid }

or

traffic-redirect inbound ip-group { acl-number | acl-name } link-group { acl-number | acl-name } rule rule { nested-vlan nested-vlanid [ interface interface-type interface-number destination-vlan [ l2-vpn ] | link-aggregation group groupid destination-vlan | smart-link group groupid destination-vlan ] | modified-vlan modified-vlanid }

undo traffic-redirect inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } rule rule }

or

undo traffic-redirect inbound link-group { acl-number | acl-name } { rule rule ip-group { acl-number | acl-name } | ip-group { acl-number | acl-name } rule rule }

III. Use the following command to deliver Layer 2 traffic classification rules.

traffic-redirect inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { nested-vlan nested-vlanid [ interface interface-type interface-number } destination-vlan [ l2-vpn ] | link-aggregation group groupid destination-vlan | smart-link group groupid destination-vlan ] | modified-vlan modified-vlanid }

undo traffic-redirect inbound link-group { acl-number | acl-name } [ rule rule ]

View

Ethernet port view, port group view

Parameters

ip-group { acl-number | acl-name }: Specifies a basic or advanced ACL. The acl-number argument is the ACL number, in the range of 2,000 to 3,999. The acl-name argument is the ACL name, a string that is of 1 to 32 characters in length. The string must begin with an English letter (that is, a-z or A-Z]) and cannot contain spaces or quotation marks.

link-group { acl-number | acl-name }: Specifies a Layer 2 ACL. The acl-number argument is the ACL number, in the range of 4,000 to 4,999. The acl-name argument is the ACL name, a string that is of 1 to 32 characters in length. The string must begin with an English letter (that is, a-z or A-Z]) and cannot contain spaces or quotation marks.

rule rule: Specifies a rule of the ACL. The rule argument is in the range of 0 to 127. If you do not specify a rule, the system applies all rules of the ACL.

system-index index: Specifies the system index value of an ACL rule. The system assigns a system index to an ACL rule after delivering the ACL rule for indexing. Although not recommended, you can still specify a system index for an ACL rule manually when executing this command.

nested-vlan nested-vlanid: Specifies to insert VLAN tags in the packets that match the specified ACL rules as the outer VLAN tags. The nested-vlanid argument is the VLAN ID to be inserted.

interface interface-type interface-number: Redirects the packets to the designated Ethernet port or RPR logical interface. interface-type indicates the port type. interface-number indicates the port number.

destination-vlan: Destination VLAN ID. You must specify the VLAN where the destination Ethernet port belongs to. This value ranges from 2 to 4094.

l2-vpn: Redirects MPLS L2-VPN packets. This keyword is not supported when packets are redirected to a RPR logical interface.

link-aggregation group groupid destination-vlan: Redirects packets to the manual aggregation group specified by groupid, which ranges from 1 to 31.

smart-link group groupid destination-vlan: Redirects packets to the smart link group specified by groupid, in the range of 1 to 48.

modified-vlan modified-vlanid: Changes the outer VLAN tags of the packets that match the specified ACL rules. The modified-vlanid argument is the new VLAN ID to be inserted in the packets.

Description

Use the traffic-redirect command to enable ACL-based traffic classification on the ports and set/modify the outer VLAN tags to be inserted in the packets that match the specified ACL rules. (Note that this command only applies to packets that match ACL rules with the permit keyword specified.)

Use the undo traffic-redirect command to remove the configuration.

 

 

Related commands: traffic-redirect, acl.

Examples

# Insert the outer tag of VLAN 30 into the packets that match rule 0 of ACL 3500 (assuming that the ACL and its rules have been defined) as the outer VLAN tag. Then redirect the packets to Ethernet 5/1/1. The destination VLAN ID is 30. The L2VPN packets are allowed to pass the port.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet5/1/2

[H3C-Ethernet5/1/2] traffic-redirect inbound ip-group 3500 rule 0 system-index 3 nested-vlan 30 interface Ethernet5/1/1 30 l2-vpn

# Insert the VLAN tag of VLAN 4 into the packets that match ACL 4100 as the outer VLAN tag (assuming that ACL 4100 and its rules already exist.).

<H3C> system-view

[H3C]interface Ethernet2/1/1

[H3C-Ethernet2/1/1]traffic-redirect inbound link-group 4100 nested-vlan 4

1.1.4  traceuser

Syntax

traceuser interface interface-type interface-number [ mac mac-address ] [ vlan vlan-id ] [ number number ]

View

Any view

Parameters

interface interface-type interface-number: Specifies an interface to be monitored by its interface type and number. The monitored interface can only be an Ethernet interface or RPR logical interface.

mac mac-address: Specifies the MAC address to be monitored.

vlan vlan-id: Specifies the VLAN to be monitored by the VLAN ID, ranging from 1 to 4094.

number number: Specifies how many pieces of monitor information will be generated. The value range for the number argument is 0 to 500. The default value is 10. The value being 0 disables the monitoring function.

Description

Use the traceuser command to monitor packets of specified users in the inbound direction of a specified interface, or packets of a specified MAC address or VLAN. If the specified port belongs to an aggregation group, the system monitors inbound packets of the whole aggregation group.

 

 

Examples

# Disable the monitoring function on GigabitEthernet 2/1/1.

<H3C> traceuser interface gigabitethernet2/1/1 number 0

1.1.5  vlan-vpn enable

Syntax

vlan-vpn enable

undo vlan-vpn

View

Ethernet port view/PVC view

Parameters

None

Description

Use the vlan-vpn enable command to enable VLAN VPN for the port or the PVC.

Use the undo vlan-vpn command to disable VLAN VPN for the port or the PVC.

With VLAN VPN enabled, a received packet is tagged with the default VLAN tag of the port no matter whether or not the packet carries a VLAN tag. Therefore, if the packet already carries a VLAN tag, it becomes a dual-tagged packet. Otherwise, the packet is carries the default VLAN tag of the receiving port.

 

 

By default, VLAN VPN is disabled on a port or PVC.

Examples

# Enable VLAN VPN on Ethernet2/1/1.

<H3C> system-view

[H3C] interface Ethernet 2/1/1

[H3C-Ethernet2/1/1] vlan-vpn enable

# Enable VLAN VPN on the PVC.

<H3C> system-view

[H3C] interface Atm 6/0/1.2

[H3C-atm6/0/1.2] pvc name 1 11/11

[H3C-atm-pvc-atm6/0/1.2-11/11-1] vlan-vpn enable

1.1.6  vlan-vpn tpid

Syntax

vlan-vpn tpid value

undo vlan-vpn tpid

View

System view

Parameters

value: TPID value to be set (in hexadecimal format). This argument ranges from 1 to 0xFFFF.

Description

Use the vlan-vpn tpid command to set the TPID value of the VLAN-VPN uplink ports.

Use the undo vlan-vpn tpid command to restore the default TPID value (0x8100) for VLAN-VPN uplink ports.

Do not set the TPID value to a value that may cause conflicts (such as the known protocol type value 0x0806, which is that of ARP packets). Otherwise, the packets may be discarded.

Table 1-1 Common protocol type values of an Ethernet frame

Protocol type	Value
ARP	0x0806
IP	0x0800
MPLS	0x8847/0x8848
IPX	0x8137
IS-IS	0x8000
LACP	0x8809
802.1x	0x888E

 

Examples

# Set the TPID value to 0x9100.

<H3C> system-view

[H3C] vlan-vpn tpid 9100

# Restore the default TPID value (0x8100).

[H3C] undo vlan-vpn tpid

1.1.7  vlan-vpn tunnel

Syntax

vlan-vpn tunnel

undo vlan-vpn tunnel

View

System view

Parameters

None

Description

Use the vlan-vpn tunnel command to enable VLAN-VPN tunneling.

Use the undo vlan-vpn tunnel command to disable VLAN-VPN tunneling.

VLAN-VPN tunneling enables customer networks in different geographic regions to transmit BPDU packets to each other transparently through the designated VLAN VPN over the operator network.

This function is disabled by default.

Examples

# Enable VLAN-VPN tunneling.

<H3C>system-view

[H3C] vlan-vpn tunnel

1.1.8  vlan-vpn uplink enable

Syntax

vlan-vpn uplink enable

undo vlan-vpn uplink

View

Ethernet port view

Parameters

None

Description

Use the vlan-vpn uplink enable command to configure a port as a VLAN-VPN uplink port.

Use the undo vlan-vpn uplink command to cancel the configuration.

When sending a packet, a VLAN-VPN uplink port replaces the TPID value in the outer VLAN tag with the configured TPID value. You can use the vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.

 

 

Examples

# Configure Ethernet3/1/1 as a VLAN-VPN uplink port.

<H3C> system-view

[H3C] interface Ethernet 3/1/1

[H3C-Ethernet3/1/1] vlan-vpn uplink enable

# Restore Ethernet3/1/1 port to a common port.

[H3C-Ethernet3/1/1] undo vlan-vpn uplink

VLAN-VPN uplink status: enabled