Login
- Table of Contents
-
- 04-Layer 2 - LAN Switching Configuration Guide
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-Port isolation configuration
- 04-VLAN configuration
- 05-MVRP configuration
- 06-VLAN mapping configuration
- 07-Loop detection configuration
- 08-Spanning tree configuration
- 09-LLDP configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-VLAN mapping configuration | 237.75 KB |
Contents
VLAN mapping application scenarios
Restrictions and guidelines: VLAN mapping configuration
VLAN mapping tasks at a glance
Configuring one-to-one VLAN mapping
Configuring many-to-one VLAN mapping
About many-to-one VLAN mapping
Configuring many-to-one VLAN mapping
Configuring one-to-two VLAN mapping
Display and maintenance commands for VLAN mapping
VLAN mapping configuration examples
Example: Configuring one-to-one and many-to-one VLAN mapping
Configuring VLAN mapping
About VLAN mapping
VLAN mapping re-marks VLAN traffic with new VLAN IDs.
VLAN mapping types
H3C provides the following types of VLAN mapping:
· One-to-one VLAN mapping—Replaces one VLAN tag with another.
· Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
· One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag.
VLAN mapping application scenarios
One-to-one and many-to-one VLAN mapping
One-to-one and many-to-one VLAN mapping are typically used by a community for broadband Internet access, as shown in Figure 1.
Figure 1 Application scenario of one-to-one and many-to-one VLAN mapping
As shown in Figure 1, the network is implemented as follows:
· Each home gateway uses different VLANs to transmit the PC, VoD, and VoIP services.
· To further subclassify each type of traffic by customer, configure one-to-one VLAN mapping on the wiring-closet switches. This feature assigns a separate VLAN to each type of traffic from each customer. The required total number of VLANs in the network can be very large.
One-to-two VLAN mapping
One-to-two VLAN mapping is typically used to implement communication across different SP networks, as shown in Figure 2.
Figure 2 Application scenario of one-to-two and two-to-two VLAN mapping
As shown in Figure 2, when the packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 10 by using one-to-two VLAN mapping.
One-to-two VLAN mapping provides the following benefits:
· Enables a customer network to plan its CVLAN assignment without conflicting with SVLANs.
· Adds a VLAN tag to a tagged packet and expands the number of available VLANs to 4094 × 4094.
· Reduces the stress on the SVLAN resources, which were 4094 VLANs in the SP network before the mapping process was initiated.
VLAN mapping implementations
Figure 3 shows a simplified network that illustrates basic VLAN mapping terms.
Basic VLAN mapping terms include the following:
· Uplink traffic—Traffic transmitted from the customer network to the service provider network.
· Downlink traffic—Traffic transmitted from the service provider network to the customer network.
· Network-side port—A port connected to or closer to the service provider network.
· Customer-side port—A port connected to or closer to the customer network.
Figure 3 Basic VLAN mapping terms
One-to-one VLAN mapping
As shown in Figure 4, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows:
· Replaces the CVLAN with the SVLAN for the uplink traffic.
· Replaces the SVLAN with the CVLAN for the downlink traffic.
Figure 4 One-to-one VLAN mapping implementation
Many-to-one VLAN mapping
As shown in Figure 5, many-to-one VLAN mapping in common mode is implemented on both the customer-side and network-side ports as follows:
· For the uplink traffic, the customer-side many-to-one VLAN mapping replaces multiple CVLANs with the same SVLAN.
· For the downlink traffic, the network-side many-to-one VLAN mapping replaces the SVLAN with the CVLAN found in the ARP snooping table. For more information about ARP snooping, see Layer 3—IP Services Configuration Guide.
Figure 5 Many-to-one VLAN mapping implementation in common mode
One-to-two VLAN mapping
As shown in Figure 6, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic.
For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission. Use one of the following methods to remove the SVLAN tag from the downlink traffic:
· Configure the customer-side port as a hybrid port and assign the port to the SVLAN as an untagged member.
· Configure the customer-side port as a trunk port and set the port PVID to the SVLAN.
Figure 6 One-to-two VLAN mapping implementation
Restrictions and guidelines: VLAN mapping configuration
To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."
To add or replace VLAN tags for packets, you can configure both VLAN mapping and a QoS policy. The QoS policy takes effect if a configuration conflict occurs. For information about QoS policies, see ACL and QoS Configuration Guide.
You cannot configure VLAN mapping together with the MAC learning limit feature on the same interface. For more information about the MAC learning limit feature, see "Configuring the MAC address table."
VLAN mapping tasks at a glance
Use the appropriate VLAN mapping methods for the devices in the network.
To configure VLAN mapping, perform the following tasks:
· Configuring one-to-one VLAN mapping
Configure one-to-one VLAN mapping on the wiring-closet switch, as shown in Figure 1.
· Configuring many-to-one VLAN mapping
Configure many-to-one VLAN mapping on the campus switch, as shown in Figure 1.
· Configuring one-to-two VLAN mapping
Configure one-to-two VLAN mapping on PE 1 and PE 4, as shown in Figure 2, through which traffic from customer networks enters the service provider networks.
Prerequisites
Before you configure VLAN mapping, create original and translated VLANs.
Configuring one-to-one VLAN mapping
About this task
Configure one-to-one VLAN mapping on the customer-side ports of wiring-closet switches (see Figure 1) to isolate traffic of the same service type from different homes.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Set the link type of the port.
port link-type { hybrid | trunk }
By default, the link type of a port is access.
4. Assign the port to the original VLAN and the translated VLAN.
¡ Assign the trunk port to the original VLAN and the translated VLAN.
port trunk permit vlan vlan-id-list
By default, a trunk port is assigned to VLAN 1.
¡ Assign the hybrid port to the original VLAN and the translated VLAN as a tagged member.
port hybrid vlan vlan-id-list tagged
By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
5. Configure a one-to-one VLAN mapping.
vlan mapping vlan-id translated-vlan vlan-id
By default, no VLAN mapping is configured on an interface.
Configuring many-to-one VLAN mapping
About many-to-one VLAN mapping
Configure many-to-one VLAN mapping on campus switches (see Figure 1) to transmit the same type of traffic from different users in one VLAN.
Configuring many-to-one VLAN mapping
About this task
In a network that uses IP addresses manually configured, configure many-to-one VLAN mapping with ARP snooping.
The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the ARP snooping entry lookup. For more information about ARP snooping commands, see ARP commands in Layer 3—IP Services Command Reference.
Restrictions and guidelines for many-to-one VLAN mapping in dynamic IPv4 address assignment environment
· To ensure correct traffic forwarding from the service provider network to the customer network, do not configure many-to-one VLAN mapping together with uRPF. For more information about uRPF, see Security Configuration Guide.
· Different CVLANs cannot contain the same IP address.
· In a VLAN, a conflict will occur if the MAC address corresponding to an IP address changes, and the ARP snooping entry created for the IP address will become invalid. To resolve this issue, use the reset arp snooping command to clear that ARP snooping entry, or wait for the entry to be aged out.
· To modify many-to-one VLAN mappings, first use the reset arp snooping binding command to clear the ARP snooping entries.
Many-to-one VLAN mapping in dynamic IPv4 address assignment environment tasks at a glance
To configure many-to-one VLAN mapping in a network where IP addresses are assigned manually, perform the following tasks:
2. Configuring the customer-side port
3. Configuring the network-side port
Enabling ARP snooping
1. Enter system view.
system-view
2. Enter VLAN view.
vlan vlan-id
3. Enable ARP snooping.
arp snooping enable
By default, ARP snooping is disabled.
You must enable ARP snooping for the original VLANs and the translated VLANs.
Configuring the customer-side port
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Set the link type of the port.
port link-type { hybrid | trunk }
By default, the link type of a port is access.
4. Assign the port to the original VLANs and the translated VLAN.
¡ Assign the trunk port to the original VLANs and the translated VLAN.
port trunk permit vlan vlan-id-list
By default, a trunk port is assigned to VLAN 1.
¡ Assign the hybrid port to the original VLANs and the translated VLAN as a tagged member.
port hybrid vlan vlan-id-list tagged
By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
5. Configure a many-to-one VLAN mapping.
vlan mapping uni range vlan-range-list translated-vlan vlan-id
By default, no VLAN mapping is configured on an interface.
Configuring the network-side port
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Set the link type of the port.
port link-type { hybrid | trunk }
By default, the link type of a port is access.
4. Assign the port to the translated VLAN.
¡ Assign the trunk port to the translated VLAN.
port trunk permit vlan vlan-id-list
By default, a trunk port is assigned to VLAN 1.
¡ Assign the hybrid port to the translated VLAN as a tagged member.
port hybrid vlan vlan-id-list tagged
By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
5. Configure the port to use the original VLAN tags of the many-to-one mapping to replace the VLAN tags of the packets destined for the user network.
vlan mapping nni
By default, the port does not replace the VLAN tags of the packets destined for the user network.
Configuring one-to-two VLAN mapping
About this task
Configure one-to-two VLAN mapping on the customer-side ports of edge devices from which customer traffic enters SP networks, for example, on PEs 1 and 4 in Figure 2. One-to-two VLAN mapping enables the edge devices to add an SVLAN tag to each incoming packet.
Restrictions and guidelines
Only one SVLAN tag can be added to packets from the same CVLAN. To add different SVLAN tags to different CVLAN packets on a port, set the port link type to hybrid and configure multiple one-to-two VLAN mappings.
The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet length is added by 4 bytes. As a best practice, set the MTU to a minimum of 1504 bytes for ports on the forwarding path of the packet in the service provider network.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Set the link type of the port.
port link-type { hybrid | trunk }
By default, the link type of a port is access.
4. Assign the port to the CVLANs.
¡ Assign the trunk port to the CVLANs.
port trunk permit vlan vlan-id-list
By default, a trunk port is assigned to VLAN 1.
¡ Assign the hybrid port to the CVLANs.
port hybrid vlan vlan-id-list { tagged | untagged }
By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
5. Configure the port to allow packets from the SVLAN to pass through untagged.
¡ Configure the SVLAN as the PVID of the trunk port and assign the trunk port to the SVLAN.
port trunk pvid vlan vlan-id
port trunk permit vlan { vlan-id-list | all }
¡ Assign the hybrid port to the SVLAN as an untagged member.
port hybrid vlan vlan-id-list untagged
6. Configure a one-to-two VLAN mapping.
vlan mapping nest { range vlan-range-list | single vlan-id-list } nested-vlan vlan-id
By default, no VLAN mapping is configured on an interface.
Display and maintenance commands for VLAN mapping
Execute display commands in any view.
|
Task |
Command |
|
Display VLAN mapping information. |
display vlan mapping [ interface interface-type interface-number ] |
VLAN mapping configuration examples
Example: Configuring one-to-one and many-to-one VLAN mapping
Network configuration
As shown in Figure 7:
· Each household subscribes to PC, VoD, and VoIP services.
· On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively.
To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches. This feature assigns one VLAN to each type of traffic from each household.
To save VLAN resources, configure many-to-one VLAN mappings on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN. Use VLANs 501, 502, and 503 for PC, VoD, and VoIP traffic, respectively.
Table 1 VLAN mappings for each service
|
Service |
VLANs on home gateways |
VLANs on wiring-closet switches (Switch A and Switch B) |
VLANs on campus switch (Switch C) |
|
PC |
VLAN 1 |
VLANs 101, 102, 103, 104 |
VLAN 501 |
|
VoD |
VLAN 2 |
VLANs 201, 202, 203, 204 |
VLAN 502 |
|
VoIP |
VLAN 3 |
VLANs 301, 302, 303, 304 |
VLAN 503 |
Procedure
1. Configure Switch A:
# Create the original VLANs.
<SwitchA> system-view
[SwitchA] vlan 2 to 3
# Create the translated VLANs.
[SwitchA] vlan 101 to 102
[SwitchA] vlan 201 to 202
[SwitchA] vlan 301 to 302
# Configure customer-side port Twenty-FiveGigE 1/1/11 as a trunk port.
<SwitchA> system-view
[SwitchA] interface twenty-fivegige 1/1/11
[SwitchA-Twenty-FiveGigE1/1/11] port link-type trunk
# Assign GigabitEthernet 1/0/1 to all original VLANs and translated VLANs.
[SwitchA-Twenty-FiveGigE1/1/11] port trunk permit vlan 1 2 3 101 201 301
# Configure one-to-one VLAN mappings on Twenty-FiveGigE 1/1/11 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively.
[SwitchA-Twenty-FiveGigE1/1/11] vlan mapping 1 translated-vlan 101
[SwitchA-Twenty-FiveGigE1/1/11] vlan mapping 2 translated-vlan 201
[SwitchA-Twenty-FiveGigE1/1/11] vlan mapping 3 translated-vlan 301
[SwitchA-Twenty-FiveGigE1/1/11] quit
# Configure customer-side port Twenty-FiveGigE 1/1/12 as a trunk port.
[SwitchA] interface twenty-fivegige 1/1/12
[SwitchA-Twenty-FiveGigE1/1/12] port link-type trunk
# Assign Twenty-FiveGigE 1/1/12 to all original VLANs and translated VLANs.
[SwitchA-Twenty-FiveGigE1/1/12] port trunk permit vlan 1 2 3 102 202 302
# Configure one-to-one VLAN mappings on Twenty-FiveGigE 1/1/12 to map VLANs 1, 2, and 3 to VLANs 102, 202, and 302, respectively.
[SwitchA-Twenty-FiveGigE1/1/12] vlan mapping 1 translated-vlan 102
[SwitchA-Twenty-FiveGigE1/1/12] vlan mapping 2 translated-vlan 202
[SwitchA-Twenty-FiveGigE1/1/12] vlan mapping 3 translated-vlan 302
[SwitchA-Twenty-FiveGigE1/1/12] quit
# Configure the network-side port (Twenty-FiveGigE 1/1/13) as a trunk port.
[SwitchA] interface twenty-fivegige 1/1/13
[SwitchA-Twenty-FiveGigE1/1/13] port link-type trunk
# Assign Twenty-FiveGigE 1/1/13 to the translated VLANs.
[SwitchA-Twenty-FiveGigE1/1/13] port trunk permit vlan 101 201 301 102 202 302
[SwitchA-Twenty-FiveGigE1/1/13] quit
2. Configure Switch B in the same way Switch A is configured. (Details not shown.)
3. Configure Switch C:
# Enable DHCP snooping.
<SwitchC> system-view
[SwitchC] dhcp snooping enable
# Create the original VLANs and translated VLANs, and enable ARP detection for these VLANs.
[SwitchC] vlan 101
[SwitchC-vlan101] arp detection enable
[SwitchC-vlan101] vlan 201
[SwitchC-vlan201] arp detection enable
[SwitchC-vlan201] vlan 301
[SwitchC-vlan301] arp detection enable
[SwitchC-vlan301] vlan 102
[SwitchC-vlan102] arp detection enable
[SwitchC-vlan102] vlan 202
[SwitchC-vlan202] arp detection enable
[SwitchC-vlan202] vlan 302
[SwitchC-vlan302] arp detection enable
[SwitchC-vlan302] vlan 103
[SwitchC-vlan103] arp detection enable
[SwitchC-vlan103] vlan 203
[SwitchC-vlan203] arp detection enable
[SwitchC-vlan203] vlan 303
[SwitchC-vlan303] arp detection enable
[SwitchC-vlan303] vlan 104
[SwitchC-vlan104] arp detection enable
[SwitchC-vlan104] vlan 204
[SwitchC-vlan204] arp detection enable
[SwitchC-vlan204] vlan 304
[SwitchC-vlan304] arp detection enable
[SwitchC-vlan304] vlan 501
[SwitchC-vlan501] arp detection enable
[SwitchC-vlan501] vlan 502
[SwitchC-vlan502] arp detection enable
[SwitchC-vlan502] vlan 503
[SwitchC-vlan503] arp detection enable
[SwitchC-vlan503] quit
# Configure customer-side port Twenty-FiveGigE 1/1/11 as a trunk port.
[SwitchC] interface twenty-fivegige 1/1/11
[SwitchC-Twenty-FiveGigE1/1/11] port link-type trunk
# Assign Twenty-FiveGigE 1/1/11 to all original VLANs and translated VLANs.
[SwitchC-Twenty-FiveGigE1/1/11] port trunk permit vlan 101 102 201 202 301 302 501 to 503
# Configure many-to-one VLAN mappings on Twenty-FiveGigE 1/1/11 to map VLANs for PC, VoD, and VoIP traffic to VLANs 501, 502, and 503, respectively.
[SwitchC-Twenty-FiveGigE1/1/11] vlan mapping uni range 101 to 102 translated-vlan 501
[SwitchC-Twenty-FiveGigE1/1/11] vlan mapping uni range 201 to 202 translated-vlan 502
[SwitchC-Twenty-FiveGigE1/1/11] vlan mapping uni range 301 to 302 translated-vlan 503
# Configure customer-side port Twenty-FiveGigE 1/1/12 as a trunk port.
[SwitchC] interface twenty-fivegige 1/1/12
[SwitchC-Twenty-FiveGigE1/1/12] port link-type trunk
# Assign Twenty-FiveGigE 1/1/12 to all original VLANs and translated VLANs.
[SwitchC-Twenty-FiveGigE1/1/12] port trunk permit vlan 103 104 203 204 303 304 501 to 503
# Configure many-to-one VLAN mappings on Twenty-FiveGigE 1/1/12 to map VLANs for PC, VoD, and VoIP traffic to VLANs 501, 502, and 503, respectively.
[SwitchC-Twenty-FiveGigE1/1/12] vlan mapping uni range 103 to 104 translated-vlan 501
[SwitchC-Twenty-FiveGigE1/1/12] vlan mapping uni range 203 to 204 translated-vlan 502
[SwitchC-Twenty-FiveGigE1/1/12] vlan mapping uni range 303 to 304 translated-vlan 503
# Configure the network-side port (Twenty-FiveGigE 1/1/13) to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network.
[SwitchC] interface twenty-fivegige 1/1/13
[SwitchC-Twenty-FiveGigE1/1/13] vlan mapping nni
# Configure Twenty-FiveGigE 1/1/13 as a trunk port.
[SwitchC-Twenty-FiveGigE1/1/13] port link-type trunk
# Assign Twenty-FiveGigE 1/1/13 to the translated VLANs.
[SwitchC-Twenty-FiveGigE1/1/13] port trunk permit vlan 501 to 503
# Configure Twenty-FiveGigE 1/1/13 as an ARP trusted port.
[SwitchC-GigabitEthernet1/0/3] arp detection trust
[SwitchC-GigabitEthernet1/0/3] quit
4. Configure Switch D:
# Create the translated VLANs.
<SwitchD> system-view
[SwitchD] vlan 501 to 503
# Configure Twenty-FiveGigE 1/1/11 as a trunk port.
<SwitchD> system-view
[SwitchD] interface twenty-fivegige 1/1/11
[SwitchD-Twenty-FiveGigE1/1/11] port link-type trunk
# Assign Twenty-FiveGigE 1/1/11 to the translated VLANs.
[SwitchD-Twenty-FiveGigE1/1/11] port trunk permit vlan 501 to 503
[SwitchD-Twenty-FiveGigE1/1/11] quit
Verifying the configuration
# Verify VLAN mapping information on the wiring-closet switches, for example, Switch A.
[SwitchA] display vlan mapping
Interface Twenty-FiveGigE1/1/11:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 101 N/A
2 N/A 201 N/A
3 N/A 301 N/A
Interface Twenty-FiveGigE1/1/12:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 102 N/A
2 N/A 202 N/A
3 N/A 302 N/A
# Verify VLAN mapping information on Switch C.
[SwitchC] display vlan mapping
Interface Twenty-FiveGigE1/1/11:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
101-102 N/A 501 N/A
201-202 N/A 502 N/A
301-302 N/A 503 N/A
Interface Twenty-FiveGigE1/1/12:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
103-104 N/A 501 N/A
203-204 N/A 502 N/A
303-304 N/A 503 N/A
