Login
- Table of Contents
-
- H3C SR6602-I[IE] AI-Powered ICT Converged Gateways Configuration Examples All-in-One-R9141-6W100
- 00-Preface
- 01-Local 802.1X Authentication Configuration Examples
- 02-RADIUS-Based 802.1X Authentication Configuration Examples
- 03-AAA Configuration Examples
- 04-ACL Configuration Examples
- 05-MPLS over ADVPN Configuration Examples
- 06-ARP Attack Protection Configuration Examples
- 07-BFD Configuration Examples
- 08-Basic BGP Configuration Examples
- 09-BGP Route Attribute-Based Route Selection Configuration Examples
- 10-CPOS Interface Configuration Examples
- 11-EAA Monitor Policy Configuration Examples
- 12-GRE with OSPF Configuration Examples
- 13-HoVPN Configuration Examples
- 14-IGMP Snooping Configuration Examples
- 15-IGMP Configuration Examples
- 16-IPsec Configuration Examples
- 17-IPsec Digital Certificate Authentication Configuration Examples
- 18-IPv6 IS-IS Configuration Examples
- 19-IPv6 over IPv4 GRE Tunnel Configuration Examples
- 20-IPv6 over IPv4 Manual Tunnel with OSPFv3 Configuration Examples
- 21-IS-IS Configuration Examples
- 22-Combined ISATAP Tunnel and 6to4 Tunnel Configuration Examples
- 23-L2TP over IPsec Configuration Examples
- 24-Multi-Instance L2TP Configuration Examples
- 25-L2TP Multidomain Access Configuration Examples
- 26-MPLS L3VPN Configuration Examples
- 27-MPLS OAM Configuration Examples
- 28-MPLS TE Configuration Examples
- 29-Basic MPLS Configuration Examples
- 30-NAT DNS Mapping Configuration Examples
- 31-NetStream Configuration Examples
- 32-NQA Configuration Examples
- 33-NTP Configuration Examples
- 34-OSPFv3 Configuration Examples
- 35-OSPF Configuration Examples
- 36-OSPF Multi-Process Configuration Examples
- 37-OSPF Multi-Instance Configuration Examples
- 38-Portal Configuration Examples
- 39-POS Interace Configuration Examples
- 40-PPP Configuration Examples
- 41-QinQ Configuration Examples
- 42-RBAC Configuration Examples
- 43-RMON Configuration Examples
- 44-IPv4 NetStream Sampling Configuration Examples
- 45-SNMP Configuration Examples
- 46-SRv6 Configuration Examples
- 47-SSH Configuration Examples
- 48-Tcl Commands Configuration Examples
- 49-VLAN Configuration Examples
- 50-VRRP Configuration Examples
- 51-VXLAN over IPsec Configuration Examples
- 52-Cloudnet VPN Configuration Examples
- 53-Ethernet Link Aggregation Configuration Examples
- 54-Ethernet OAM Configuration Examples
- 55-Outbound Bidirectional NAT Configuration Examples
- 56-NAT Hairpin in C-S Mode Configuration Examples
- 57-Load Sharing NAT Server Configuration Examples
- 58-BIDIR-PIM Configuration Examples
- 59-Control Plane-Based QoS Policy Configuration Examples
- 60-Scheduling a Task Configuration Examples
- 61-Client-Initiated L2TP Tunnel Configuration Examples
- 62-LAC-Auto-Initiated L2TP Tunnel Configuration Examples
- 63-Authorized ARP Configuration Examples
- 64-GTS Configuration Examples
- 65-Traffic Policing Configuration Examples
- 66-Traffic Accounting Configuration Examples
- 67-PBR Configuration Examples
- 68-TFTP Client Software Upgrade Configuration Examples
- 69-FTP Client Software Upgrade Configuration Examples
- 70-FTP Server Software Upgrade Configuration Examples
- 71-Routing Policy Configuration Examples
- 72-Software Upgrade from the BootWare Menu Configuration Examples
- 73-Mirroring Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 41-QinQ Configuration Examples | 125.00 KB |
|
|
|
H3C Routers |
|
QinQ Configuration Examples |
|
|
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Introduction
The following information provides examples of QinQ configuration for transmitting user data over service provider network.
A QinQ-enabled port tags all incoming frames (tagged or untagged) with the default VLAN tag.
|
|
NOTE: After QinQ is enabled on a port, the device learns the MAC addresses of the user network and saves them for the SVLAN encapsulated by QinQ. |
Prerequisites
This document applies to Comware 9-based router. Procedures and information in the examples might be slightly different depending on the software or hardware version of the router.
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of QinQ.
Example: Configuring QinQ
Network configuration
As shown in Figure 1:
· Customer A and Customer B each have two branch offices that need to communicate over the service provider network.
· The service provider assigns VLANs 1000 and 2000 to Customer A and Customer B, respectively.
Configure QinQ to transmit traffic in VLANs 1000 and 2000 for Customer A and Customer B, respectively.
Analysis
· Configure the QinQ function on the ports of PE A and PE B connected to the user network.
· To ensure that the VLAN information of the service provider network is not included in the data received by the user network, make sure the QinQ-enabled ports do not tag the outgoing packets of the port default VLAN. The link type of a QinQ-enabled port can be access, hybrid, or trunk. For a hybrid port, configure it to permit packets of the port default VLAN without VLAN tags. For a trunk port, configure it to permit packets of the port default VLAN.
Software versions used
This configuration example was created and verified on R9141P16 of the SR6602-I device.
Restrictions and guidelines
· The default VLAN for a port with QinQ enabled must be configured as the SVLAN encapsulated by QinQ.
· Ensure that the SVLAN tag of the QinQ packets is not modified or removed during transmission of the QinQ packets.
· After adding SVLAN tags to packets by QinQ, the CVLAN tags are transmitted as the data part of the packets, and the packet length increases by four bytes. As a best practice, increase the MTU value for each interface on the QinQ packet transmission path to at least 1504 bytes.
Procedures
Configure PE A
# Create VLAN 1000 and VLAN 2000.
<PE_A> system-view
[PE_A] vlan 1000
[PE_A-vlan1000] quit
[PE_A] vlan 2000
[PE_A-vlan2000] quit
# Configure GigabitEthernet 1/0/1 as an access port, and assign it to VLAN 1000.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] port access vlan 1000
# Enable QinQ on GigabitEthernet 1/0/1.
[PE_A-GigabitEthernet1/0/1] qinq enable
[PE_A-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as an access port, and assign it to VLAN 2000.
[PE_A] interface gigabitethernet 1/0/2
[PE_A-GigabitEthernet1/0/2] port access vlan 2000
# Enable QinQ on GigabitEthernet 1/0/2.
[PE_A-GigabitEthernet1/0/2] qinq enable
[PE_A-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/3 as a trunk port, assign it to VLANs 1000 and 2000, and cancel the assignment to VLAN 1.
[PE_A] interface gigabitethernet 1/0/3
[PE_A-GigabitEthernet1/0/3] port link-type trunk
[PE_A-GigabitEthernet1/0/3] port trunk permit vlan 1000 2000
[PE_A-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_A-GigabitEthernet1/0/3] quit
Configure PE B
# Create VLAN 1000 and VLAN 2000.
<PE_B> system-view
[PE_B] vlan 1000
[PE_B-vlan1000] quit
[PE_B] vlan 2000
[PE_B-vlan2000] quit
# Configure GigabitEthernet 1/0/1 as an access port, and assign it to VLAN 2000.
[PE_B] interface gigabitethernet 1/0/1
[PE_B-GigabitEthernet1/0/1] port access vlan 2000
# Enable QinQ on GigabitEthernet 1/0/1.
[PE_B-GigabitEthernet1/0/1] qinq enable
[PE_B-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as an access port, and assign it to VLAN 2000.
[PE_B] interface gigabitethernet 1/0/2
[PE_B-GigabitEthernet1/0/2] port access vlan 1000
# Enable QinQ on GigabitEthernet 1/0/2.
[PE_B-GigabitEthernet1/0/2] qinq enable
[PE_B-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/3 as a trunk port, assign it to VLANs 1000 and 2000, and cancel the assignment to VLAN 1.
[PE_B] interface gigabitethernet 1/0/3
[PE_B-GigabitEthernet1/0/3] port link-type trunk
[PE_B-GigabitEthernet1/0/3] port trunk permit vlan 1000 2000
[PE_B-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_B-GigabitEthernet1/0/3] quit
Configure the devices between PE 1 and PE 2
# Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.)
# Configure all ports on the forwarding path to allow frames from VLANs 1000 and 2000 to pass through without removing the VLAN tag. (Details not shown.)
Verifying the configuration
1. Verify that two PCs in the same CVLAN and different branches can ping each other across the service provider network and learn the MAC address of each other. It indicates that the CVLAN information can be transparently transmitted across the service provider network.
# Two PCs belonging to VLAN 100 of Customer A can ping each other and learn each other's MAC addresses.
C:\Windows\System32>ping 192.168.100.67
Pinging 192.168.100.67 with 32 bytes of data:
Reply from 192.168.100.67: bytes=32 time<1ms TTL=255
Reply from 192.168.100.67: bytes=32 time=11ms TTL=255
Reply from 192.168.100.67: bytes=32 time<1ms TTL=255
Reply from 192.168.100.67: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.100.67:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 11ms, Average = 2ms
C:\Windows\System32>arp -a
Interface: 192.168.100.24 --- 0x15
Internet Address Physical Address Type
192.168.100.67 0c-da-41-b2-1e-31 dynamic
192.168.100.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
2. Verify that two PCs of Customer A and Customer B in the same CVLAN (such as VLAN 130) can ping each other. If you check the ARP table on one of the PCs, you can find that it has not learned the MAC address of the other. It indicates that the traffic in the same CVLAN between different companies is isolated at Layer 2.
Configuration files
· PE A
#
vlan 1000
#
vlan 2000
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 1000
qinq enable
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2000
qinq enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
· PE B
#
vlan 1000
#
vlan 2000
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2000
qinq enable
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 1000
qinq enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
Related documentation
· H3C SR6602-I[IE] AI-Powered ICT Converged Gateways Configuration Guides (V9)
· H3C SR6602-I[IE] AI-Powered ICT Converged Gateways Command References (V9)
