Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-S12500_QinQ_Configuration Examples | 151.45 KB |
Contents
Example: Configuring basic QinQ
Configuration restrictions and guidelines
Configuring devices in the service provider network
Example: Configuring selective QinQ
Configuration restrictions and guidelines
Configuring devices in the service provider network
Introduction
QinQ enables service providers to separate or aggregate customer traffic in the service provider network by adding a layer of service provider VLAN tag (SVLAN tag) to customer traffic.
QinQ has the following implementations:
· Basic QinQ—Enabled on a per-port basis. A basic QinQ-enabled port tags all incoming frames (tagged or untagged) with the PVID tag without discriminating CVLANs. As a result, basic QinQ cannot separate a customer's traffic by traffic type.
· Selective QinQ—Implemented through QoS policies. Selective QinQ enables a port to tag incoming traffic with different SVLAN tags for different CVLANs. In contrast to basic QinQ, selective QinQ can separate traffic by both customer and traffic type.
Use basic QinQ to separate traffic by customer.
Use selective QinQ to separate traffic by CVLAN for a customer that has multiple CVLANs.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of H3C QinQ.
Example: Configuring basic QinQ
Network requirements
As shown in Figure 1, configure basic QinQ on PE 1 and PE 2 (two S12500 switches) to provide Layer 2 connectivity for Company A and Company B over the service provider network.
In the service provider network, assign VLAN 100 and VLAN 200 to Company A and Company B, respectively.
The TPID in the 802.1Q-tagged frames from PE 1 and PE 2 is 0x8100. In the service provider network, PE 1 and PE 2 are connected to third-party devices that use the TPID 0x8200.
Requirements analysis
To run QinQ, you only need to configure QinQ on customer-side ports of PEs.
For the service provider-side ports to support multiple SVLANs, configure the link type of service provider-side ports as trunk or hybrid.
The default SVLAN TPID on S12500 switches is 0x8100. If the switches are connected to devices that use a different TPID, you must change the TPID on either side for 802.1Q tagged frames to be identified correctly. In this example, you must change the SVLAN TPID to 0x8200 on the service provider-side ports (GigabitEthernet 3/0/2) on PE 1 and PE 2.
Software version used
This configuration example was created and verified on S12500-CMW520-R1825P01.
Configuration restrictions and guidelines
When you configure basic QinQ, follow these restrictions and guidelines:
· The link type of customer-side ports can be access, hybrid, or trunk. Whichever link type you choose, QinQ always tags all incoming frames (tagged or untagged) with the PVID tag.
· If the link type of the customer-side port is hybrid or trunk, you must specify the SVLAN ID as the PVID and remove the port from VLAN 1. All ports are in VLAN 1 by default. Incorrect forwarding occurs if you do not remove the customer-side port from VLAN 1.
· If the link type of the customer-side port is hybrid, you must assign the port to the SVLAN as an untagged VLAN member.
· QinQ adds a four-byte VLAN tag to the 802.1Q frame header. You must increase the MTU to at least 1504 bytes for each port on the path of QinQ frames for forwarding QinQ frames.
· To change the TPID value on the PE, you must make sure the QinQ-enabled customer-side ports and the provider-side ports are on the same card for correct VLAN tag processing.
Configuration procedures
This example assumes that the CVLANs have been configured correctly on the CEs.
Configuring PE 1
1. Configure GigabitEthernet 3/0/1 (a customer-side port):
# Configure the port as a trunk port, assign it to VLAN 100, and remove it from VLAN 1.
<PE1> system-view
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 3/0/1
[PE1-GigabitEthernet3/0/1] undo shutdown
[PE1-GigabitEthernet3/0/1] port link-type trunk
[PE1-GigabitEthernet3/0/1] port trunk permit vlan 100
[PE1-GigabitEthernet3/0/1] undo port trunk permit vlan 1
# Set the PVID to 100 on the port.
[PE1-GigabitEthernet3/0/1] port trunk pvid vlan 100
# Enable basic QinQ on the port.
[PE1-GigabitEthernet3/0/1] qinq enable
[PE1-GigabitEthernet3/0/1] quit
2. Configure GigabitEthernet 3/0/3 (a customer-side port):
# Configure the port as a trunk port, remove it from VLAN 1, and assign it to VLAN 200.
[PE1] vlan 200
[PE1-vlan200] quit
[PE1] interface gigabitethernet 3/0/3
[PE1-GigabitEthernet3/0/3] undo shutdown
[PE1-GigabitEthernet3/0/3] port link-type trunk
[PE1-GigabitEthernet3/0/3] undo port trunk permit vlan 1
[PE1-GigabitEthernet3/0/3] port trunk permit vlan 200
,# Set the PVID to 200 on the port.
[PE1-GigabitEthernet3/0/3] port trunk pvid vlan 200
# Enable basic QinQ on the port.
[PE1-GigabitEthernet3/0/3] qinq enable
[PE1-GigabitEthernet3/0/3] quit
3. Configure GigabitEthernet 3/0/2 (the service provider-side port):
# Configure the port as a trunk port, and assign it to VLAN 100 and VLAN 200.
[PE1] interface gigabitethernet 3/0/2
[PE1-GigabitEthernet3/0/2] undo shutdown
[PE1-GigabitEthernet3/0/2] port link-type trunk
[PE1-GigabitEthernet3/0/2] port trunk permit vlan 100 200
# Set the SVLAN TPID to 0x8200.
[PE1-GigabitEthernet3/0/2] qinq ethernet-type 8200
[PE1-GigabitEthernet3/0/2] quit
Configuring PE 2
1. Configure GigabitEthernet 3/0/1 (a customer-side port):
# Configure the port as a trunk port, assign it to VLAN 200, and remove it from VLAN 1.
<PE2> system-view
[PE2] vlan 200
[PE2-vlan200] quit
[PE2] interface gigabitethernet 3/0/1
[PE2-GigabitEthernet3/0/1] undo shutdown
[PE2-GigabitEthernet3/0/1] port link-type trunk
[PE2-GigabitEthernet3/0/1] port trunk permit vlan 200
[PE2-GigabitEthernet3/0/1] undo port trunk permit vlan 1
# Set the PVID to 200 on the port.
[PE2-GigabitEthernet3/0/1] port trunk pvid vlan 200
# Enable basic QinQ on the port.
[PE2-GigabitEthernet3/0/1] qinq enable
[PE2-GigabitEthernet3/0/1] quit
2. Configure GigabitEthernet 3/0/3 (a customer-side port):
# Configure the port as a trunk port, remove it from VLAN 1, and assign it to VLAN 100.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 3/0/3
[PE2-GigabitEthernet3/0/3] undo shutdown
[PE2-GigabitEthernet3/0/3] port link-type trunk
[PE2-GigabitEthernet3/0/3] undo port trunk permit vlan 1
[PE2-GigabitEthernet3/0/3] port trunk permit vlan 100
# Set the PVID to 100 on the port.
[PE2-GigabitEthernet3/0/3] port trunk pvid vlan 100
# Enable basic QinQ on the port.
[PE2-GigabitEthernet3/0/3] qinq enable
[PE2-GigabitEthernet3/0/3] quit
3. Configure GigabitEthernet 3/0/2 (the service provider-side port):
# Configure the port as a trunk port, and assign it to VLAN 100 and VLAN 200.
[PE2] interface gigabitethernet 3/0/2
[PE2-GigabitEthernet3/0/2] undo shutdown
[PE2-GigabitEthernet3/0/2] port link-type trunk
[PE2-GigabitEthernet3/0/2] port trunk permit vlan 100 200
# Set the SVLAN TPID to 0x8200.
[PE2-GigabitEthernet3/0/2] qinq ethernet-type 8200
[PE2-GigabitEthernet3/0/2] quit
Configuring devices in the service provider network
All ports on the path between PE 1 and PE 2 must allow frames from VLAN 100 and VLAN 200 to pass through without removing the VLAN tag. (Details not shown.)
Verifying the configuration
# Verify that each company's PCs can ping each other in the same CVLAN across the service provider network. (Details not shown.)
# Verify that the two companies' PCs cannot communicate at Layer 2 even if their CVLAN IDs are the same. The ARP tables on one company's PCs do not contain entries for MAC addresses of the other company's PCs. (Details not shown.)
Configuration files
· PE 1:
#
vlan 100
#
vlan 200
#
interface GigabitEthernet3/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
port trunk pvid vlan 100
qinq enable
#
interface GigabitEthernet3/0/2
port link-type trunk
port trunk permit vlan 100 200
qinq ethernet-type 8200
#
interface GigabitEthernet3/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
port trunk pvid vlan 200
qinq enable
#
· PE 2:
#
vlan 100
#
vlan 200
#
interface GigabitEthernet3/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
port trunk pvid vlan 200
qinq enable
#
interface GigabitEthernet3/0/2
port link-type trunk
port trunk permit vlan 100 200
qinq ethernet-type 8200
#
interface GigabitEthernet3/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
port trunk pvid vlan 100
qinq enable
#
Example: Configuring selective QinQ
Network requirements
As shown in Figure 2, configure selective QinQ on GigabitEthernet 3/0/2 of PE 2 to meet the following requirements:
· Extend VLAN 10 in SVLAN 1000 from CE 3 to CE 1 over the service provider network.
· Extend VLAN 20 in SVLAN 2000 from CE 3 to CE 2 over the service provider network.
Configure basic QinQ on GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of PE 1 to extend VLAN 10 from CE 1 and CE 2, respectively, to CE 3 over the service provider network.
In the service provider network, PE 1 and PE 2 are connected to third-party devices that use the TPID 0x8100.
Requirements analysis
To implement selective QinQ, the customer-side ports must be hybrid ports because they must support multiple SVLANs and must send traffic to the customer site with the SVLAN tag removed.
To add different SVLAN tags for different types of customer traffic, you must apply a QoS policy to the inbound direction of the customer-side port (GigabitEthernet 3/0/2 on PE 2 in this example). In the QoS policy, you must use the if-match service-vlan-id command to configure CVLAN IDs as traffic classifiers, because the CVLAN tag is the outermost VLAN tag before an SVLAN tag is inserted. The action in the traffic behaviors for matching CVLAN traffic must be nest top-most.
To send SVLAN-tagged frames to the service provider network, you must assign the service provider-side ports of the edge devices (GigabitEthernet 3/0/3 on PE 1 and GigabitEthernet 3/0/1 on PE 2) to all the SVLANs.
The default SVLAN TPID on S12500 switches is 0x8100. You do not need to change the SVLAN TPID because the devices connected to the PEs use the same TPID.
Software version used
This configuration example was created and verified on S12500-CMW520-R1825P01.
Configuration restrictions and guidelines
When you configure selective QinQ, follow these restrictions and guidelines:
· You must assign the customer-side port to SVLANs as an untagged VLAN member.
· You must set the MTU to at least 1504 bytes for each port on the path of QinQ frames.
Configuration procedures
Configuring PE 1
1. Configure GigabitEthernet 3/0/1 (a customer-side port):
# Configure the port as a trunk port, remove it from VLAN 1, and assign it to VLAN 1000.
<PE1> system-view
[PE1] vlan 1000
[PE1-vlan1000] quit
[PE1] interface gigabitethernet 3/0/1
[PE1-GigabitEthernet3/0/1] undo shutdown
[PE1-GigabitEthernet3/0/1] port link-type trunk
[PE1-GigabitEthernet3/0/1] undo port trunk permit vlan 1
[PE1-GigabitEthernet3/0/1] port trunk permit vlan 1000
# Set the PVID to 1000 on the port.
[PE1-GigabitEthernet3/0/1] port trunk pvid vlan 1000
# Enable basic QinQ on the port.
[PE1-GigabitEthernet3/0/1] qinq enable
[PE1-GigabitEthernet3/0/1] quit
2. Configure GigabitEthernet 3/0/2 (a customer-side port):
# Configure the port as a trunk port, remove it from VLAN 1, and assign it to VLAN 2000.
[PE1] vlan 2000
[PE1-vlan1000] quit
[PE1] interface gigabitethernet 3/0/2
[PE1-GigabitEthernet3/0/2] undo shutdown
[PE1-GigabitEthernet3/0/2] port link-type trunk
[PE1-GigabitEthernet3/0/2] undo port trunk permit vlan 1
[PE1-GigabitEthernet3/0/2] port trunk permit vlan 2000
# Set the PVID to 2000 on the port.
[PE1-GigabitEthernet3/0/2] port trunk pvid vlan 2000
# Enable basic QinQ on the port.
[PE1-GigabitEthernet3/0/2] qinq enable
[PE1-GigabitEthernet3/0/2] quit
3. Configure GigabitEthernet 3/0/3 (the service provider-side port):
# Configure the port as a trunk port.
[PE1] interface gigabitethernet 3/0/3
[PE1-GigabitEthernet3/0/3] undo shutdown
[PE1-GigabitEthernet3/0/3] port link-type trunk
# Assign the port to VLAN 1000 and VLAN 2000.
[PE1-GigabitEthernet3/0/3] port trunk permit vlan 1000 2000
[PE1-GigabitEthernet3/0/3] quit
Configuring PE 2
1. Configure GigabitEthernet 3/0/2 (a customer-side port):
# Configure a QoS policy to tag frames from CVLAN 10 with SVLAN tag 1000 and tag frames from CVLAN 20 with SVLAN tag 2000.
<PE2> system-view
[PE2] vlan 1000
[PE2-vlan1000] quit
[PE2] vlan 2000
[PE2-vlan2000] quit
[PE2] traffic classifier tc1
[PE2-classifier-tc1] if-match service-vlan-id 10
[PE2-classifier-tc1] quit
[PE2] traffic behavior be1
[PE2-behavior-be1] nest top-most vlan 1000
[PE2-behavior-be1] quit
[PE2] traffic classifier tc2
[PE2-classifier-tc2] if-match service-vlan-id 20
[PE2-classifier-tc2] quit
[PE2] traffic behavior be2
[PE2-behavior-be2] nest top-most vlan 2000
[PE2-behavior-be2] quit
[PE2] qos policy p
[PE2-qospolicy-p] classifier tc1 behavior be1
[PE2-qospolicy-p] classifier tc2 behavior be2
[PE2-qospolicy-p] quit
# Apply the QoS policy to the inbound direction of GigabitEthernet 3/0/2.
[PE2] interface GigabitEthernet3/0/2
[PE2-GigabitEthernet3/0/2] undo shutdown
[PE2-GigabitEthernet3/0/2] port link-type hybrid
[PE2-GigabitEthernet3/0/2] port hybrid vlan 1000 2000 untagged
[PE2-GigabitEthernet3/0/2] qos apply policy p inbound
[PE2-GigabitEthernet3/0/2] quit
2. Configure GigabitEthernet 3/0/1 (the service provider-side port):
# Configure the port as a trunk port.
[PE2] interface gigabitethernet 3/0/1
[PE2-GigabitEthernet3/0/1] undo shutdown
[PE2-GigabitEthernet3/0/1] port link-type trunk
# Assign the port to VLAN 1000 and VLAN 2000.
[PE2-GigabitEthernet3/0/1] port trunk permit vlan 1000 2000
Configuring devices in the service provider network
All ports on the path between PE 1 and PE 2 must allow frames from VLAN 1000 and VLAN 2000 to pass through without removing the VLAN tag.
Verifying the configuration
Send frames in VLAN 10 between CE 1 and CE 3 and send frames in VLAN 20 between CE 2 and CE 3 to verify that the frames can reach the destination. (Details not shown.)
Configuration files
· PE 1:
#
vlan 1000
#
vlan 2000
#
interface GigabitEthernet3/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000
port trunk pvid vlan 1000
qinq enable
#
interface GigabitEthernet3/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2000
port trunk pvid vlan 2000
qinq enable
#
interface GigabitEthernet3/0/3
port link-type trunk
port trunk permit vlan 1000 2000
#
· PE 2:
#
vlan 1000
#
vlan 2000
#
traffic classifier tc2 operator and
if-match service-vlan-id 20
traffic classifier tc1 operator and
if-match service-vlan-id 10
#
traffic behavior be1
nest top-most vlan-id 1000
traffic behavior be2
nest top-most vlan-id 2000
#
qos policy p
classifier tc1 behavior be1
classifier tc2 behavior be2
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000 2000
#
interface GigabitEthernet3/0/2
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 1000 2000 untagged
qos apply policy p inbound
#
Related documentation
· H3C S12500 Routing Switch Series Layer 2—LAN Switching Configuration Guide
· H3C S12500 Routing Switch Series Layer 2—LAN Switching Command Reference
