Login
- Table of Contents
-
- 05-Layer 2—LAN Switching Configuration Guide
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-M-LAG configuration
- 04-VLAN configuration
- 05-MVRP configuration
- 06-VLAN mapping configuration
- 07-VLAN termination configuration
- 08-Loop detection configuration
- 09-Spanning tree configuration
- 10-LLDP configuration
- 11-PFC configuration
- 12-Service loopback group configuration
- 13-Layer 2 forwarding configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-VLAN termination configuration | 144.40 KB |
VLAN termination application scenarios
Restrictions and guidelines: VLAN termination configuration
VLAN termination tasks at a glance
Configuring the VLAN termination mode for subinterfaces
Configuring ambiguous Dot1q termination
Configuring unambiguous Dot1q termination
Configuring ambiguous QinQ termination
About ambiguous QinQ termination
Configuring ambiguous QinQ termination by specifying the outermost two layers of VLAN ID ranges
Configuring ambiguous QinQ termination by specifying the Layer 2 VLAN IDs
Configuring unambiguous QinQ termination
About unambiguous QinQ termination
Configuring unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs
Configuring unambiguous QinQ termination by specifying the Layer 2 VLAN ID
Configuring untagged termination
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
Configuring VLAN termination
About VLAN termination
VLAN termination typically processes packets that include VLAN tags. A VLAN termination-enabled interface performs the following tasks when receiving a VLAN-tagged packet:
1. Assigns the packet to an interface according to its VLAN tags.
2. Removes the VLAN tags of the packet.
3. Delivers the packet to Layer 3 forwarding or other processing pipelines.
Before sending the packet, the VLAN termination-enabled interface determines whether to add new VLAN tags to the packet, based on the VLAN termination type.
VLAN termination can also process packets that do not include any VLAN tags.
This document uses the following VLAN tag concepts for a packet that has two or more layers of VLAN tags:
· Layer 1 VLAN tag—Specifies the outermost layer of VLAN tags.
· Layer 2 VLAN tag—Specifies the second outermost layer of VLAN tags.
The VLAN IDs of the packets are numbered in the same manner as the VLAN tags.
VLAN termination types
|
Types of packets to be terminated on the interface |
Tags of outgoing packets on the interface |
|
|
Dot1q termination |
The packets must meet both of the following requirements: · The packets include one or more layers of VLAN tags. · The outermost VLAN ID matches the configured value. |
Single-tagged |
|
QinQ termination |
The packets must meet both of the following requirements: · The packets include two or more layers of VLAN tags. · The outermost two layers of tags match the configured values. |
Double-tagged |
|
Untagged termination |
Untagged packets. |
Untagged |
VLAN termination mechanism
VLAN interfaces and subinterfaces (for example, Layer 3 Ethernet subinterfaces) can terminate the following packets:
· Packets whose outermost VLAN IDs match the configured values.
· Packets whose outermost two layers of VLAN IDs match the configured values.
A VLAN interface terminates only the packets whose outermost VLAN ID is the same as the VLAN interface number. For example, VLAN-interface 10 terminates only the packets with the outermost VLAN tag 10.
A main interface (for example, Layer 3 Ethernet interface) does not terminate VLAN-tagged packets. To terminate VLAN-tagged packets, create subinterfaces for the main interface.
Subinterfaces of the same main interface can use different types of VLAN termination. To process received packets, the system selects a subinterface based on the following VLAN termination types in descending order of priority:
· QinQ termination.
· Dot1q termination or support for Dot1q termination by default.
· Untagged termination.
If none of these VLAN termination types applies, the main interface processes the packets.
If untagged termination is enabled on a subinterface of an interface, untagged packets are processed by the subinterface instead of the main interface.
When a main interface is bound to a VLAN interface, the main interface processes VLAN-tagged packets according to the VLAN termination configuration of the VLAN interface.
VLAN termination application scenarios
Inter-VLAN communication
Hosts in different VLANs cannot directly communicate with each other. You can use Layer 3 routing to allow all VLANs to communicate. To restrict communication to the specified VLANs, configure VLAN termination on subinterfaces or VLAN interfaces.
As shown in Figure 1, Host A and Host B are in different VLANs. For the two hosts to communicate with each other, perform the following tasks:
1. Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP address for Host A and Host B, respectively.
2. On the device, configure Dot1q termination on Layer 3 Ethernet subinterfaces Subinterface A.2 and Subinterface A.3.
Figure 1 Inter-VLAN communication through Layer 3 subinterfaces
As shown in Figure 2, Host A is in VLAN 2, Host B is in VLAN 3, and Host C is in VLAN 4. For Host A and Host B to communicate with each other, perform the following tasks:
1. Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP address for Host A and Host B, respectively.
2. On the device, create VLAN-interface 2 and configure the IP address as 1.1.1.1/24, which is the same as the gateway address of Host A. Create VLAN-interface 3 and configure the IP address as 1.1.2.1/24, which is the same as the gateway address of Host B.
VLAN termination by the outermost VLAN ID of packets is automatically performed on VLAN interfaces. For example, when Host A sends a packet to Host B, VLAN-interface 2 removes the VLAN tag from the packet and forwards it to VLAN-interface 3. Then, VLAN-interface 3 tags the packet with VLAN 3 and Host B can receive the packet.
Because the device does not have a VLAN interface to terminate packets from VLAN 4, Host C cannot communicate with Host A or Host B.
Figure 2 Inter-VLAN communication through VLAN interfaces
LAN-WAN communication
Typically, WAN protocols such as PPP do not recognize VLAN-tagged packets from LANs. Before packets are sent to a WAN, the sending port must locally record the VLAN information and remove VLAN tags from the packets. To do that, configure VLAN termination on subinterfaces or VLAN interfaces.
As shown in Figure 3, a host is located on a customer network and wants to access the WAN network through a PPPoE connection. CVLAN and SVLAN represent the VLAN on the customer network and service provider network, respectively.
To access the WAN network, a packet originating from the host is processed as follows:
1. Layer 2 Switch A adds a CVLAN tag to the packet and sends the packet.
2. Layer 2 Switch B adds an SVLAN tag to the packet on the QinQ-enabled port.
3. The packet is forwarded on the service provider network based on the SVLAN tag.
4. The gateway removes the two layers of VLAN tags from the packet and adds new VLAN tags on the QinQ termination-enabled port.
5. The gateway sends the packet to the WAN.
Figure 3 VLAN termination enables LAN-WAN communication
Restrictions and guidelines: VLAN termination configuration
When you configure VLAN termination, follow these restrictions and guidelines:
· On a portal-enabled interface, log off all portal users before you change the VLAN termination type, for example, from Dot1q termination to QinQ termination. Any portal users who remain online after the change cannot be logged off or reauthenticated. For more information about portal authentication, see Security Configuration Guide.
· After you modify the VLAN termination configuration for a subinterface, the subinterface automatically restarts. All dynamic ARP table entries for the subinterface are deleted.
When you configure VLAN termination on a Layer 3 Ethernet subinterface, follow these restrictions and guidelines:
· If an ACL packet filter or QoS policy is applied to the main interface to which the subinterface belongs, the main interface can match only the received untagged packets.
· If an ACL packet filter or QoS policy is applied to the subinterface or other subinterfaces of the same main interface, the outbound packets cannot be matched.
For more information about applying QoS policies based on interfaces and packet filtering, see ACL and QoS Configuration Guide.
VLAN termination tasks at a glance
To configure VLAN termination, perform the following tasks:
1. Configuring the VLAN termination mode for subinterfaces
Before configuring VLAN termination on a subinterface, you must enable customized termination mode for subinterfaces.
2. (Required.) Configuring VLAN termination
Choose one of the following tasks:
¡ Configuring ambiguous Dot1q termination
¡ Configuring unambiguous Dot1q termination
¡ Configuring ambiguous QinQ termination
¡ Configuring unambiguous QinQ termination
¡ Configuring untagged termination
3. (Optional.) Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
Perform this task to enable ambiguous Dot1q or QinQ termination-enabled interfaces to transmit broadcasts and multicasts.
Configuring the VLAN termination mode for subinterfaces
About this task
The device provides the following VLAN termination modes for subinterfaces:
· Automatic termination mode—In this mode, a newly created subinterface automatically terminates the packets whose outermost VLAN ID is the same as the subinterface number. In addition, you cannot configure VLAN termination (Dot1q termination, QinQ termination, or untagged termination) on subinterfaces.
· Customized termination mode—In this mode, you must configure VLAN termination on a newly created subinterface for it to terminate VLAN-tagged packets.
Procedure
1. Enter system view.
system-view
2. Configure the VLAN termination mode for subinterfaces.
vlan-termination mode { auto | custom }
By default, the VLAN termination mode for subinterfaces is automatic.
Configuring ambiguous Dot1q termination
About this task
Use this feature to terminate VLAN-tagged packets whose outermost VLAN IDs are in the specified range. Other VLAN-tagged packets are not allowed to pass.
When an interface receives a packet, it removes the outermost VLAN ID from the packet. When the interface sends a packet, it tags the packet with a VLAN ID as follows:
· For a DHCP relay packet, the VLAN ID is from the matching DHCP session entry.
· For an IPv4 or MPLS packet, the VLAN ID is from the matching ARP entry.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
3. Configure ambiguous Dot1q termination.
vlan-type dot1q vid vlan-id-list
By default, Dot1q termination is disabled on a subinterface.
Configuring unambiguous Dot1q termination
About this task
Use this feature to terminate only VLAN-tagged packets whose outermost VLAN ID matches the specified VLAN ID. Other VLAN-tagged packets are not allowed to pass.
When an interface receives a packet, it removes the outermost VLAN ID from the packet. When the interface sends a packet, it tags the packet with the specified VLAN ID.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
3. Configure unambiguous Dot1q termination.
vlan-type dot1q vid vlan-id
By default, Dot1q termination is disabled on a subinterface.
Configuring ambiguous QinQ termination
About ambiguous QinQ termination
Use this feature to terminate QinQ packets whose outermost two layers of VLAN IDs are in the specified range.
When an interface receives a packet, it removes the outermost two layers of VLAN tags from the packet. When the interface sends a packet, it tags the packet with the outermost two layers of VLAN IDs, which are determined as follows:
· For a DHCP relay packet, VLAN IDs are from the matching DHCP relay entry.
· For an IPv4 or MPLS packet, VLAN IDs are from the matching ARP entry.
Configuring ambiguous QinQ termination by specifying the outermost two layers of VLAN ID ranges
Restrictions and guidelines
· When you enable QinQ termination on multiple subinterfaces of the same main interface, specify different Layer 2 VLAN IDs for the subinterfaces..
· Subinterfaces of different main interfaces can terminate VLAN-tagged packets with the same Layer 1 and Layer 2 VLAN IDs.
· To modify the QinQ termination settings on a subinterface, perform the following tasks:
a. Execute the undo vlan-type dot1q vid second-dot1q command to delete the existing QinQ termination settings.
b. Configure QinQ termination again.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
3. Configure ambiguous QinQ termination by specifying the Layer 1 VLAN ID and Layer 2 VLAN ID range.
vlan-type dot1q vid vlan-id second-dot1q { vlan-id-list | any }
By default, QinQ termination is disabled on a subinterface.
Configuring ambiguous QinQ termination by specifying the Layer 2 VLAN IDs
Restrictions and guidelines
After you enable ambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows:
· Process only packets that match the ambiguous QinQ termination configuration of the VLAN interface.
· Drop any other packets sent to the VLAN interface.
Procedure
1. Enter system view.
system-view
2. Enter VLAN interface view.
interface vlan-interface interface-number
3. Configure ambiguous QinQ termination by specifying the Layer 2 VLAN IDs.
second-dot1q { vlan-id-list | any }
By default, QinQ termination is disabled on an interface.
The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable.
Configuring unambiguous QinQ termination
About unambiguous QinQ termination
Use this feature to terminate QinQ packets whose outermost two layers of VLAN IDs match the specified values.
When an interface receives a packet, it removes the two layers of VLAN tags from the packet. When the interface sends the packet, it tags the packet with two layers of VLAN tags as specified.
Configuring unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs
1. Enter system view.
system-view
2. Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
3. Configure unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs.
vlan-type dot1q vid vlan-id second-dot1q vlan-id
By default, QinQ termination is disabled on a subinterface.
Configuring unambiguous QinQ termination by specifying the Layer 2 VLAN ID
Restrictions and guidelines
After you enable unambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows:
· Process only packets that match the unambiguous QinQ termination configuration of the VLAN interface.
· Drop any other packets sent to the VLAN interface.
Procedure
1. Enter system view.
system-view
2. Enter VLAN interface view.
interface vlan-interface interface-number
3. Configure unambiguous QinQ termination by specifying the Layer 2 VLAN ID.
second-dot1q vlan-id
By default, QinQ termination is disabled on an interface.
The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable.
Configuring untagged termination
1. Enter system view.
system-view
2. Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
3. Configure untagged termination.
vlan-type dot1q untagged
By default, untagged termination is disabled on a subinterface.
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
About this task
After you configure Dot1q/ QinQ termination on an interface to terminate packets of multiple VLANs, the interface drops broadcast and multicast packets by default. Use this feature to enable the interface to transmit broadcasts and multicasts.
To transmit a broadcast or multicast packet, the interface starts a traversal over all the VLAN IDs specified for Dot1q/QinQ termination. It copies the packet and tags each copy with VLAN IDs, until all combinations of VLAN IDs are traversed. For example, when ambiguous QinQ termination is configured, both layers of VLAN ID ranges are traversed.
Restrictions and guidelines
On an IPv6 network, you must use the vlan-termination broadcast ra command to enable an ambiguous Dot1q or QinQ termination-enabled interface to transmit RA multicast packets. This command prohibits transmission of broadcast packets and other types of multicast packets, and consumes less CPU resources than the vlan-termination broadcast enable command.
When you execute the vlan-termination broadcast ra command on an interface, configure the undo ipv6 nd ra halt command to allow the interface to advertise RA messages. For more information about the undo ipv6 nd ra halt command, see Layer 3—IP Services Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter VLAN interface view.
interface vlan-interface interface-number
3. Enable the interface to transmit broadcasts and multicasts.
¡ Enable the interface to transmit broadcasts and multicasts.
vlan-termination broadcast enable
¡ Enable the interface to transmit only RA multicasts on an IPv6 network.
vlan-termination broadcast ra
By default, broadcast and multicast packets are dropped on an interface configured with Dot1q/QinQ termination to terminate packets of multiple VLANs.
