Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-VLAN termination configuration | 142.64 KB |
VLAN termination application scenarios
Restrictions: Hardware compatibility with VLAN termination
Restrictions and guidelines: VLAN termination configuration
VLAN termination tasks at a glance
Configuring ambiguous Dot1q termination
Configuring unambiguous Dot1q termination
Configuring untagged termination
Configuring default termination
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
Configuring VLAN termination
About VLAN termination
VLAN termination typically processes packets that include VLAN tags. A VLAN termination-enabled interface performs the following tasks when receiving a VLAN-tagged packet:
1. Assigns the packet to an interface according to its VLAN tags.
2. Removes the VLAN tags of the packet.
3. Delivers the packet to Layer 3 forwarding or other processing pipelines.
Before sending the packet, the VLAN termination-enabled interface determines whether to add new VLAN tags to the packet, based on the VLAN termination type.
VLAN termination can also process packets that do not include any VLAN tags.
This document uses the following VLAN tag concepts for a packet that has two or more layers of VLAN tags:
· Layer 1 VLAN tag—Specifies the outermost layer of VLAN tags.
· Layer 2 VLAN tag—Specifies the second outermost layer of VLAN tags.
The VLAN IDs of the packets are numbered in the same manner as the VLAN tags.
VLAN termination types
|
Types of packets to be terminated on the interface |
Tags of outgoing packets on the interface |
|
|
Dot1q termination |
The packets must meet both of the following requirements: · The packets include one or more layers of VLAN tags. · The outermost VLAN ID matches the configured value. |
Single-tagged |
|
Untagged termination |
Untagged packets. |
Untagged |
|
Default termination |
Packets that cannot be processed on any other subinterfaces of the same main interface. |
Untagged |
VLAN termination mechanism
VLAN interfaces and subinterfaces, such as Layer 3 Ethernet subinterfaces and Layer 3 aggregate subinterfaces, can terminate the following packets:
· Packets whose outermost VLAN IDs match the configured values.
· Packets whose outermost two layers of VLAN IDs match the configured values.
A VLAN interface terminates only the packets whose outermost VLAN ID is the same as the VLAN interface number. For example, VLAN-interface 10 terminates only the packets with the outermost VLAN tag 10.
A main interface does not terminate VLAN-tagged packets (for example, Layer 3 Ethernet interface or Layer 3 aggregate interface). To terminate VLAN-tagged packets, create subinterfaces for the main interface.
Subinterfaces of the same main interface can use different types of VLAN termination. To process received packets, the system selects a subinterface based on the following VLAN termination types in descending order of priority:
· Dot1q termination or support for Dot1q termination by default.
· Untagged termination.
· Default termination.
If none of these VLAN termination types applies, the main interface processes the packets.
If untagged termination is enabled on a subinterface of an interface, untagged packets are processed by the subinterface instead of the main interface.
If default termination is enabled on a subinterface of an interface, packets are processed by the subinterface instead of the main interface.
When a main interface is bound to a VLAN interface, the main interface processes VLAN-tagged packets according to the VLAN termination configuration of the VLAN interface.
VLAN termination application scenarios
Inter-VLAN communication
Hosts in different VLANs cannot directly communicate with each other. You can use Layer 3 routing to allow all VLANs to communicate. To restrict communication to the specified VLANs, configure VLAN termination on subinterfaces or VLAN interfaces.
As shown in Figure 1, Host A and Host B are in different VLANs. For the two hosts to communicate with each other, perform the following tasks:
1. Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP address for Host A and Host B, respectively.
2. On the device, configure Dot1q termination on Layer 3 Ethernet subinterfaces Subinterface A.2 and Subinterface A.3.
Figure 1 Inter-VLAN communication through Layer 3 subinterfaces
As shown in Figure 2, Host A is in VLAN 2, Host B is in VLAN 3, and Host C is in VLAN 4. For Host A and Host B to communicate with each other, perform the following tasks:
1. Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP address for Host A and Host B, respectively.
2. On the device, create VLAN-interface 2 and configure the IP address as 1.1.1.1/24, which is the same as the gateway address of Host A. Create VLAN-interface 3 and configure the IP address as 1.1.2.1/24, which is the same as the gateway address of Host B.
VLAN termination by the outermost VLAN ID of packets is automatically performed on VLAN interfaces. For example, when Host A sends a packet to Host B, VLAN-interface 2 removes the VLAN tag from the packet and forwards it to VLAN-interface 3. Then, VLAN-interface 3 tags the packet with VLAN 3 and Host B can receive the packet.
Because the device does not have a VLAN interface to terminate packets from VLAN 4, Host C cannot communicate with Host A or Host B.
Figure 2 Inter-VLAN communication through VLAN interfaces
Restrictions: Hardware compatibility with VLAN termination
|
Hardware |
VLAN termination compatibility |
|
F1000-A-G5, F1000-C-G5, F1000-C-G5-LI, F1000-E-G5, F1000-H-G5, F1000-S-G5 |
Yes |
|
F1000-A-G3, F1000-C-G3, F1000-E-G3, F1000-S-G3 |
Yes |
|
F100-A-G5, F100-C-G5, F100-E-G5, F100-M-G5, F100-S-G5 |
Yes |
|
F100-C-G3, F100-M-G3, F100-S-G3 |
Yes |
|
F100-A-G3, F100-E-G3 |
No |
|
F1000-S-VG |
Yes |
|
F1000-E-VG |
No |
|
F1000-A-G2, F1000-C-G2, F1000-E-G2, F1000-S-G2 |
No |
|
F100-C-G2, F100-M-G2, F100-S-G2 |
Yes |
|
F100-A-G2, F100-E-G2 |
No |
|
F100-C-EI |
Yes |
|
F1000-C-EI, F100-A-EI, F100-A-SI, F100-E-EI |
No |
|
F100-C80-WiNet, F100-C60-WiNet, F100-C50-WiNet, F100-S80-WiNet, F100-A91-WiNet, F100-A81-WiNet |
Yes |
|
F100-A80-WiNet |
No |
|
F1000-C8395, F1000-C8390, F1000-C8385, F1000-C8380, F1000-C8370, F1000-C8360, F1000-C8350, F1000-C8330 |
Yes |
|
F1000-C8150, F1000-C8130, F1000-C8120, F1000-C8110 |
Yes |
|
F1000-C8180, F1000-C8170, F1000-C8160 |
No |
|
F100-C-A6, F100-C-A5, F100-C-A3 |
Yes |
|
F100-C-A6-WL, F100-C-A5-W, F100-C-A3-W |
Yes |
|
F100-C-HI, F100-S-HI |
Yes |
|
F1000-C-H, F100-A-HI |
No |
|
F1000-770-HI, F1000-750-HI, F1000-740-HI, F1000-730-HI, F1000-720-HI, F1000-710-HI |
Yes |
|
F1000-C-XI, F1000-E-XI, F100-C-XI, F100-S-XI |
Yes |
|
F1000-990-AI, F1000-980-AI, F1000-970-AI, F1000-960-AI, F1000-950-AI, F1000-930-AI, F1000-920-AI |
No |
|
F1000-9390-AI, F1000-9385-AI, F1000-9380-AI, F1000-9370-AI, F1000-9360-AI, F1000-9350-AI, F1000-9330-AI, F1000-9320-AI |
Yes |
|
LSPM6FWD8, LSQM2FWDSC8 |
Yes |
Restrictions and guidelines: VLAN termination configuration
When you configure VLAN termination, follow these restrictions and guidelines:
· On a portal-enabled interface, log off all portal users before you change the VLAN termination type. Any portal users who remain online after the change cannot be logged off or reauthenticated. For more information about portal authentication, see Security Configuration Guide.
· After you modify the VLAN termination configuration for a subinterface, the subinterface automatically restarts. All dynamic ARP table entries for the subinterface are deleted.
VLAN termination tasks at a glance
To configure VLAN termination, perform the following tasks:
1. (Required.) Configuring VLAN termination
Choose one of the following tasks:
¡ Configuring ambiguous Dot1q termination
¡ Configuring unambiguous Dot1q termination
¡ Configuring untagged termination
¡ Configuring default termination
2. (Optional.) Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
Perform this task to enable VLAN termination-enabled interfaces to transmit broadcasts and multicasts.
3. (Optional.) Configuring the TPID for VLAN-tagged packets
Configuring ambiguous Dot1q termination
About this task
Use this feature to terminate VLAN-tagged packets whose outermost VLAN IDs are in the specified range. Other VLAN-tagged packets are not allowed to pass.
When an interface receives a packet, it removes the outermost VLAN ID from the packet. When the interface sends a packet, it tags the packet with a VLAN ID as follows:
· For a PPPoE packet, the VLAN ID is from the matching PPPoE session entry.
· For a DHCP relay packet, the VLAN ID is from the matching DHCP session entry.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Configure ambiguous Dot1q termination.
vlan-type dot1q vid vlan-id-list
By default, Dot1q termination is disabled on a subinterface.
Configuring unambiguous Dot1q termination
About this task
Use this feature to terminate only VLAN-tagged packets whose outermost VLAN ID matches the specified VLAN ID. Other VLAN-tagged packets are not allowed to pass.
When an interface receives a packet, it removes the outermost VLAN ID from the packet. When the interface sends a packet, it tags the packet with the specified VLAN ID.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Configure unambiguous Dot1q termination.
vlan-type dot1q vid vlan-id
By default, Dot1q termination is disabled on a subinterface.
Configuring untagged termination
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Configure untagged termination.
vlan-type dot1q untagged
By default, untagged termination is disabled on a subinterface.
Configuring default termination
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Configure default termination.
vlan-type dot1q default
By default, default termination is disabled on a subinterface.
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
About this task
This function enables ambiguous Dot1q termination-enabled interfaces to transmit broadcasts and multicasts.
To transmit a broadcast or multicast packet, the interface starts a traversal over the VLAN IDs specified for ambiguous termination. It copies the packet and tags each copy with a VLAN ID, until all VLAN IDs in the specified range are traversed.
Restrictions and guidelines
As a best practice, use the vlan-termination broadcast ra command to enable an ambiguous Dot1q termination-enabled interface to transmit RA multicast packets on an IPv6 network. This command prohibits transmission of broadcast packets and other types of multicast packets, and consumes less CPU resources than the vlan-termination broadcast enable command.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet subinterface view.
interface interface-type interface-number.subnumber
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Enable the interface to transmit broadcasts and multicasts.
¡ Enable the interface to transmit broadcasts and multicasts.
vlan-termination broadcast enable
¡ Enable the interface to transmit only RA multicasts on an IPv6 network.
vlan-termination broadcast ra
By default, an ambiguous Dot1q termination-enabled interface does not transmit broadcasts and multicasts.
Configuring the TPID for VLAN-tagged packets
About this task
TPID identifies whether or not a frame contains VLAN tags. By default, the value of 0x8100 identifies an IEEE 802.1Q-tagged frame. You can set another TPID value to identify VLAN-tagged packets.
To work with VLAN termination on a subinterface, set the TPID value in the outermost VLAN tag of packets on the main interface of the subinterface. If VLAN termination is enabled on a VLAN interface, set the TPID value in the outermost VLAN tag of packets on the same VLAN interface.
The interface processes packets as untagged packets if their outermost VLAN tag is not 0x8100 or the configured value.
When sending a packet, the interface sets the TPID value in the outermost VLAN tag to the configured value. If the packet includes two or more layers of VLAN tags, the interface sets the TPID values to 0x8100 in all VLAN tags except the outermost VLAN tag.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 3 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
¡ Enter Reth subinterface view.
interface reth interface-number.subnumber
3. Set the TPID value in the outermost VLAN tag of packets received and sent by the interface.
dot1q ethernet-type hex-value
The default setting is 0x8100.
