Login
- Table of Contents
-
- H3C Fixed Port Campus Switches Configuration Examples-B70D022-6W100
- 01-Login Management Configuration Examples
- 02-RBAC Configuration Examples
- 03-Software Upgrade Examples
- 04-ISSU Configuration Examples
- 05-Software Patching Examples
- 06-Ethernet Link Aggregation Configuration Examples
- 07-Port Isolation Configuration Examples
- 08-Spanning Tree Configuration Examples
- 09-VLAN Configuration Examples
- 10-VLAN Tagging Configuration Examples
- 11-DHCP Snooping Configuration Examples
- 12-Cross-Subnet Dynamic IP Address Allocation Configuration Examples
- 13-IPv6 over IPv4 Manual Tunneling with OSPFv3 Configuration Examples
- 14-ISATAP Tunnel and 6to4 Tunnel Configuration Examples
- 15-GRE Tunnel Configuration Examples
- 16-GRE with OSPF Configuration Examples
- 17-OSPF Configuration Examples
- 18-IS-IS Configuration Examples
- 19-BGP Configuration Examples
- 20-Policy-Based Routing Configuration Examples
- 21-OSPFv3 Configuration Examples
- 22-IPv6 IS-IS Configuration Examples
- 23-Routing Policy Configuration Examples
- 24-IGMP Snooping Configuration Examples
- 25-IGMP Configuration Examples
- 26-BIDIR-PIM Configuration Examples
- 27-Multicast VPN Configuration Examples
- 28-MLD Snooping Configuration Examples
- 29-IPv6 Multicast VLAN Configuration Examples
- 30-Basic MPLS Configuration Examples
- 31-MPLS L3VPN Configuration Examples
- 32-ACL Configuration Examples
- 33-Control Plane-Based QoS Policy Configuration Examples
- 34-Traffic Policing Configuration Examples
- 35-GTS and Rate Limiting Configuration Examples
- 36-Priority Mapping and Queue Scheduling Configuration Examples
- 37-Traffic Filtering Configuration Examples
- 38-AAA Configuration Examples
- 39-Port Security Configuration Examples
- 40-Portal Configuration Examples
- 41-SSH Configuration Examples
- 42-IP Source Guard Configuration Examples
- 43-Ethernet OAM Configuration Examples
- 44-CFD Configuration Examples
- 45-DLDP Configuration Examples
- 46-VRRP Configuration Examples
- 47-BFD Configuration Examples
- 48-NTP Configuration Examples
- 49-SNMP Configuration Examples
- 50-NQA Configuration Examples
- 51-Mirroring Configuration Examples
- 52-sFlow Configuration Examples
- 53-OpenFlow Configuration Examples
- 54-MAC Address Table Configuration Examples
- 55-Static Multicast MAC Address Entry Configuration Examples
- 56-IP Unnumbered Configuration Examples
- 57-MVRP Configuration Examples
- 58-MCE Configuration Examples
- 59-Congestion Avoidance and Queue Scheduling Configuration Examples
- 60-Attack Protection Configuration Examples
- 61-Smart Link Configuration Examples
- 62-RRPP Configuration Examples
- 63-BGP Route Selection Configuration Examples
- 64-IS-IS Route Summarization Configuration Examples
- 65-IRF Configuration Examples
- 66-MPLS TE Configuration Examples
- 67-VXLAN Configuration Examples
- 68-VCF Fabric Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-VLAN Tagging Configuration Examples | 526.29 KB |
General configuration restrictions and guidelines
Applicable hardware and software versions
Configuring devices between PE A and PE B
Example: Configuring one-to-two VLAN mapping
Applicable hardware and software versions
Configuring devices between PE A and PE B
Example: Configuring QoS policies for SVLAN tagging and 802.1p priority marking
Applicable hardware and software versions
Configuring devices between PE A and PE B
Example: Configuring one-to-one and many-to-one VLAN mapping
Applicable hardware and software versions
Example: Configuring two-to-two VLAN mapping
Applicable hardware and software versions
Introduction
This document provides examples for using VLAN tagging features to extend customer VLANs (CVLANs) across an Ethernet service provider network.
VLAN tagging features enable service providers to separate or aggregate customer traffic in the service provider network. The following are available VLAN tagging operations:
· Adding a layer of service provider VLAN (SVLAN) tag.
· Modifying the SVLAN tag, CVLAN tag, or both.
To add an SVLAN tag, use one of the following VLAN tagging features:
· QinQ—Tags all incoming frames (tagged or untagged) on the customer-side port with the PVID of the port.
· One-to-two VLAN mapping—Adds different SVLANs for traffic with different CVLAN tags.
· Policy-based VLAN manipulation—Uses QoS nest actions in a QoS policy to tag different classes of frames with different SVLAN tags. Traffic classifiers include CVLAN ID, IP address, and MAC address. In addition, you can use QoS priority marking to set the 802.1p priority in SVLAN tags.
To modify VLAN tags, use one of the following VLAN tagging features:
· VLAN mapping—Includes the following features:
¡ One-to-one VLAN mapping—Replaces one VLAN tag with another.
¡ Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
¡ Two-to-two VLAN mapping—Replaces the SVLAN ID, CVLAN ID, or both IDs for an incoming double-tagged frame.
· Policy-based VLAN manipulation—Uses a QoS policy to modify the SVLAN ID by using the remark service-vlan-id action.
The devices in the service provider network learn MAC addresses of CVLANs into the MAC address table of the SVLAN.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of QinQ, VLAN mapping, QoS nesting, and QoS priority and CVLAN marking.
General configuration restrictions and guidelines
EVB and the VLAN tagging features are mutually exclusive. Do not use EVB with any VLAN tagging features on a port.
Example: Configuring QinQ
Network configuration
As shown in Figure 1:
· The service provider assigns VLAN 1000 to Company A's VLANs 100 through 150.
· The service provider assigns VLAN 2000 to Company B's VLANs 120 through 200.
Configure QinQ on PE A and PE B to transmit traffic in VLANs 1000 and 2000 for Company A and Company B, respectively.
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S6520XE-HI switch series |
Supported in Release 11xx |
|
S5560X-EI switch series |
Supported in Release 111x |
|
S5500V2-EI switch series |
Supported in Release 111x |
|
MS4520V2-30F switch |
Supported in Release 111x |
|
S5560S-EI switch series S5560S-SI switch series |
Supported in Release 612x |
|
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series |
Supported in Release 612x |
|
S5120V2-SI switch series S5120V2-LI switch series |
Supported in Release 612x |
|
S3100V3-EI switch series S3100V3-SI switch series |
Supported in Release 612x |
|
S5110V2 switch series |
Supported in Release 612x |
|
S5110V2-SI switch series |
Not supported |
|
S5000V3-EI switch series |
Not supported |
|
S5000E-X switch series |
Not supported |
|
WAS6000 switch series |
Not supported |
|
E128C switch E152C switch E500C switch series E500D switch series |
Supported in Release 612x |
|
MS4520V2 switch series (except the MS4520V2-30F switch) |
Supported in Release 612x |
|
MS4320V2 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series |
Supported in Release 612x |
|
WS5850-WiNet switch series |
Supported in Release 612x |
|
WS5820-WiNet switch series WS5810-WiNet switch series |
Supported in Release 612x |
Restrictions and guidelines
When you configure QinQ, follow these restrictions and guidelines:
· You only need to configure QinQ on customer-side ports of PEs.
· The link type of the customer-side port can be access, hybrid, or trunk.
¡ If the link type is access, you must assign the port to the SVLAN.
¡ If the link type is trunk, you must assign the port to the SVLAN, and set the SVLAN ID as the PVID of the port.
¡ If the link type is hybrid, you must assign the port to the SVLAN as an untagged VLAN member, and set the SVLAN ID as the PVID of the port. The settings ensure that the port can forward traffic to the customer site with the SVLAN tag removed.
¡ Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. This value is the sum of the default Ethernet interface MTU (1500 bytes) and the length (4 bytes) of a CVLAN tag. The CVLAN tag of QinQ frames is treated as part of the payload during transmission.
¡ Configure all the ports on the forwarding path to allow frames from VLANs 1000 and 2000 to pass through without removing the VLAN tag.
Procedures
Configuring PE A
1. Create VLANs 1000 and 2000.
<PE_A> system-view
[PE_A] vlan 1000
[PE_A-vlan1000] quit
[PE_A] vlan 2000
[PE_A-vlan2000] quit
2. Configure GigabitEthernet 1/0/1:
# Configure the port as an access port, and assign the port to VLAN 1000.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] port access vlan 1000
# Enable QinQ on the port.
[PE_A-GigabitEthernet1/0/1] qinq enable
[PE_A-GigabitEthernet1/0/1] quit
3. Configure GigabitEthernet 1/0/2:
# Configure the port as an access port, and assign the port to VLAN 2000.
[PE_A] interface gigabitethernet 1/0/2
[PE_A-GigabitEthernet1/0/2] port access vlan 2000
# Enable QinQ on the port.
[PE_A-GigabitEthernet1/0/2] qinq enable
[PE_A-GigabitEthernet1/0/2] quit
4. Configure GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_A] interface gigabitethernet 1/0/3
[PE_A-GigabitEthernet1/0/3] port link-type trunk
# Assign the port to VLANs 1000 and 2000.
[PE_A-GigabitEthernet1/0/3] port trunk permit vlan 1000 2000
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_A-GigabitEthernet1/0/3] quit
Configuring PE B
1. Create VLANs 1000 and 2000.
<PE_B> system-view
[PE_B] vlan 1000
[PE_B-vlan1000] quit
[PE_B] vlan 2000
[PE_B-vlan2000] quit
2. Configure GigabitEthernet 1/0/1:
# Configure the port as an access port, and assign the port to VLAN 2000.
[PE_B] interface gigabitethernet 1/0/1
[PE_B-GigabitEthernet1/0/1] port access vlan 2000
# Enable QinQ on the port.
[PE_B-GigabitEthernet1/0/1] qinq enable
[PE_B-GigabitEthernet1/0/1] quit
3. Configure GigabitEthernet 1/0/2:
# Configure the port as an access port, and assign the port to VLAN 1000.
[PE_B] interface gigabitethernet 1/0/2
[PE_B-GigabitEthernet1/0/2] port access vlan 1000
# Enable QinQ on the port.
[PE_B-GigabitEthernet1/0/2] qinq enable
[PE_B-GigabitEthernet1/0/2] quit
4. Configure GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_B] interface gigabitethernet 1/0/3
[PE_B-GigabitEthernet1/0/3] port link-type trunk
# Assign the port to VLANs 1000 and 2000.
[PE_B-GigabitEthernet1/0/3] port trunk permit vlan 1000 2000
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_B-GigabitEthernet1/0/3] quit
Configuring devices between PE A and PE B
# Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.)
# Configure all ports on the forwarding path to allow frames from VLANs 1000 and 2000 to pass through without removing the VLAN tag. (Details not shown.)
Verifying the configuration
# Verify that each company's PCs can ping each other in the same CVLAN across the service provider network. (Details not shown.)
# Verify that the two companies' PCs cannot communicate at Layer 2 even if their CVLAN IDs are the same. The ARP tables on one company's PCs do not contain entries for MAC addresses of the other company's PCs. (Details not shown.)
Configuration files
|
|
IMPORTANT: The port link-mode bridge command is available only on the following switches: · S6520XE-HI switch series. · S5560X-EI switch series. · S5500V2-EI switch series. · MS4520V2-30F switch. |
· PE A:
#
vlan 1000
#
vlan 2000
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 1000
qinq enable
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2000
qinq enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
· PE B:
#
vlan 1000
#
vlan 2000
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2000
qinq enable
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 1000
qinq enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
Example: Configuring one-to-two VLAN mapping
Network configuration
As shown in Figure 2:
· Customer A and Customer B each have two branches that require Layer 2 connectivity over the service provider network.
· Both customers have three types of traffic. For each customer, the service provider assigns one SVLAN by traffic type.
Configure one-to-two VLAN mapping on each customer-side port of PE A and PE B to meet the following requirements:
· The service provider adds an SVLAN tag to packets from customer networks based on the traffic type, as described in Table 1 and Figure 3.
· The SVLAN tag uses the same 802.1p priority as the CVLAN tag.
Table 1 VLAN mapping table
|
Traffic type |
CVLANs |
SVLAN |
|
Customer A |
|
|
|
Video |
31 to 40 |
1003 |
|
Voice |
21 to 30 |
1002 |
|
Data |
10 to 20 |
1001 |
|
Customer B |
|
|
|
Storage |
36 to 40 |
2003 |
|
Voice |
26 to 35 |
2002 |
|
Data |
15 to 25 |
2001 |
Figure 3 Required traffic pattern in the service provider network
Analysis
To support multiple SVLANs and send traffic to the customer networks with the SVLAN tag removed, perform the following tasks on the customer-side ports:
1. Configure the link type of the ports as hybrid.
2. Assign the ports to the SVLANs as untagged VLAN members.
For the SVLAN tag to use the same 802.1p priority as the CVLAN tag, configure the customer-side port to use the 802.1p priority in incoming packets for priority mapping.
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S6520XE-HI switch series |
Supported in Release 11xx |
|
S5560X-EI switch series |
Supported in Release 111x |
|
S5500V2-EI switch series |
Supported in Release 111x |
|
MS4520V2-30F switch |
Supported in Release 111x |
|
S5560S-EI switch series S5560S-SI switch series |
Supported in Release 612x |
|
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series |
Supported in Release 612x |
|
S5120V2-SI switch series S5120V2-LI switch series |
Supported in Release 612x |
|
S3100V3-EI switch series S3100V3-SI switch series |
Supported in Release 612x |
|
S5110V2 switch series |
Supported in Release 612x |
|
S5110V2-SI switch series |
Supported in Release 612x |
|
S5000V3-EI switch series |
Supported in Release 612x |
|
S5000E-X switch series |
Supported in Release 612x |
|
WAS6000 switch series |
Supported in Release 612x |
|
E128C switch E152C switch E500C switch series E500D switch series |
Supported in Release 612x |
|
MS4520V2 switch series (except the MS4520V2-30F switch) |
Supported in Release 612x |
|
MS4320V2 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series |
Supported in Release 612x |
|
WS5850-WiNet switch series |
Supported in Release 612x |
|
WS5820-WiNet switch series WS5810-WiNet switch series |
Supported in Release 612x |
Restrictions and guidelines
When you configure ports on the forwarding path of double-tagged packets across the service provider network, follow these restrictions and guidelines:
· Set the MTU to a minimum of 1504 bytes for each port.
· Configure all ports to allow double-tagged packets to pass through without removing the SVLAN tag.
Procedures
Configuring PE A
1. Create CVLANs and SVLANs:
# Create CVLANs 10 to 40.
<PE_A> system-view
[PE_A] vlan 10 to 40
# Create SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
2. Configure the customer-side port GigabitEthernet 1/0/1:
# Configure the port as a hybrid port.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] port link-type hybrid
# Assign the port to CVLANs 10 through 40 as a tagged VLAN member.
[PE_A-GigabitEthernet1/0/1] port hybrid vlan 10 to 40 tagged
# Assign the port to SVLANs 1001 through 1003 as an untagged VLAN member.
[PE_A-GigabitEthernet1/0/1] port hybrid vlan 1001 to 1003 untagged
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/1] undo port hybrid vlan 1
# Configure one-to-two VLAN mapping to add SVLAN tag 1001 to traffic from VLANs 10 through 20.
[PE_A-GigabitEthernet1/0/1] vlan mapping nest range 10 to 20 nested-vlan 1001
# Configure one-to-two VLAN mapping to add SVLAN tag 1002 to traffic from VLANs 21 through 30.
[PE_A-GigabitEthernet1/0/1] vlan mapping nest range 21 to 30 nested-vlan 1002
# Configure one-to-two VLAN mapping to add SVLAN tag 1003 to traffic from VLANs 31 through 40.
[PE_A-GigabitEthernet1/0/1] vlan mapping nest range 31 to 40 nested-vlan 1003
# Configure the port to use the 802.1p priority in incoming packets for priority mapping.
[PE_A-GigabitEthernet1/0/1] qos trust dot1p
[PE_A-GigabitEthernet1/0/1] quit
3. Configure the customer-side port GigabitEthernet 1/0/2:
# Configure the port as a hybrid port.
[PE_A] interface gigabitethernet 1/0/2
[PE_A-GigabitEthernet1/0/2] port link-type hybrid
# Assign the port to CVLANs 15 through 40 as a tagged VLAN member.
[PE_A-GigabitEthernet1/0/2] port hybrid vlan 15 to 40 tagged
# Assign the port to SVLANs 2001 through 2003 as an untagged VLAN member.
[PE_A-GigabitEthernet1/0/2] port hybrid vlan 2001 to 2003 untagged
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/2] undo port hybrid vlan 1
# Configure one-to-two VLAN mapping to add SVLAN tag 2001 to traffic from VLANs 15 through 25.
[PE_A-GigabitEthernet1/0/2] vlan mapping nest range 15 to 25 nested-vlan 2001
# Configure one-to-two VLAN mapping to add SVLAN tag 2002 to traffic from VLANs 26 through 35.
[PE_A-GigabitEthernet1/0/2] vlan mapping nest range 26 to 35 nested-vlan 2002
# Configure one-to-two VLAN mapping to add SVLAN tag 2003 to traffic from VLANs 36 through 40.
[PE_A-GigabitEthernet1/0/2] vlan mapping nest range 36 to 40 nested-vlan 2003
# Configure the port to use the 802.1p priority in incoming packets for priority mapping.
[PE_A-GigabitEthernet1/0/2] qos trust dot1p
[PE_A-GigabitEthernet1/0/2] quit
4. Configure the service provider-side port GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_A] interface gigabitethernet 1/0/3
[PE_A-GigabitEthernet1/0/3] port link-type trunk
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/3] undo port trunk permit vlan 1
# Assign the port to SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_A-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-GigabitEthernet1/0/3] quit
Configuring PE B
1. Create CVLANs and SVLANs:
# Create CVLANs 10 to 40.
<PE_B> system-view
[PE_B] vlan 10 to 40
# Create SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
2. Configure the customer-side port GigabitEthernet 1/0/1:
# Configure the port as a hybrid port.
[PE_B] interface gigabitethernet 1/0/1
[PE_B-GigabitEthernet1/0/1] port link-type hybrid
# Assign the port to CVLANs 15 through 40 as a tagged VLAN member.
[PE_B-GigabitEthernet1/0/1] port hybrid vlan 15 to 40 tagged
# Assign the port to SVLANs 2001 through 2003 as an untagged VLAN member.
[PE_B-GigabitEthernet1/0/1] port hybrid vlan 2001 to 2003 untagged
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/1] undo port hybrid vlan 1
# Configure one-to-two VLAN mapping to add SVLAN tag 2001 to traffic from VLANs 15 through 25.
[PE_B-GigabitEthernet1/0/1] vlan mapping nest range 15 to 25 nested-vlan 2001
# Configure one-to-two VLAN mapping to add SVLAN tag 2002 to traffic from VLANs 26 through 35.
[PE_B-GigabitEthernet1/0/1] vlan mapping nest range 26 to 35 nested-vlan 2002
# Configure one-to-two VLAN mapping to add SVLAN tag 2003 to traffic from VLANs 36 through 40.
[PE_B-GigabitEthernet1/0/1] vlan mapping nest range 36 to 40 nested-vlan 2003
# Configure the port to use the 802.1p priority in incoming packets for priority mapping.
[PE_B-GigabitEthernet1/0/1] qos trust dot1p
[PE_B-GigabitEthernet1/0/1] quit
3. Configure the customer-side port GigabitEthernet 1/0/2:
# Configure the port as a hybrid port.
[PE_B] interface gigabitethernet 1/0/2
[PE_B-GigabitEthernet1/0/2] port link-type hybrid
# Assign the port to CVLANs 10 through 40 as a tagged VLAN member.
[PE_B-GigabitEthernet1/0/2] port hybrid vlan 10 to 40 tagged
# Assign the port to SVLANs 1001 through 1003 as an untagged VLAN member.
[PE_B-GigabitEthernet1/0/2] port hybrid vlan 1001 to 1003 untagged
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/2] undo port hybrid vlan 1
# Configure one-to-two VLAN mapping to add SVLAN tag 1001 to traffic from VLANs 10 through 20.
[PE_B-GigabitEthernet1/0/2] vlan mapping nest range 10 to 20 nested-vlan 1001
# Configure one-to-two VLAN mapping to add SVLAN tag 1002 to traffic from VLANs 21 through 30.
[PE_B-GigabitEthernet1/0/2] vlan mapping nest range 21 to 30 nested-vlan 1002
# Configure one-to-two VLAN mapping to add SVLAN tag 1003 to traffic from VLANs 31 through 40.
[PE_B-GigabitEthernet1/0/2] vlan mapping nest range 31 to 40 nested-vlan 1003
# Configure the port to use the 802.1p priority in incoming packets for priority mapping.
[PE_B-GigabitEthernet1/0/2] qos trust dot1p
[PE_B-GigabitEthernet1/0/2] quit
4. Configure the service provider-side port GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_B] interface gigabitethernet 1/0/3
[PE_B-GigabitEthernet1/0/3] port link-type trunk
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/3] undo port trunk permit vlan 1
# Assign the port to SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_B-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-GigabitEthernet1/0/3] quit
Configuring devices between PE A and PE B
# Set the MTU to a minimum of 1504 bytes for each port on the path of double-tagged packets. (Details not shown.)
# Configure all ports on the forwarding path to allow packets from VLANs 1001 through 1003 and VLANs 2001 through 2003 to pass through without removing the SVLAN tag. (Details not shown.)
Verifying the configuration
1. Verify VLAN mapping information:
# Verify VLAN mapping information on PE A.
[PE_A] display vlan mapping
Interface GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
Interface GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
# Verify VLAN mapping information on PE B.
[PE_B] display vlan mapping
Interface GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
Interface GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
2. Verify that PCs of the same customer in a CVLAN can ping each other across the service provider network. (Details not shown.)
3. Verify that PCs of different customers in a CVLAN cannot communicate at Layer 2. The ARP tables on one customer's PCs do not contain entries for MAC addresses of the other customer's PCs. (Details not shown.)
Configuration files
|
|
IMPORTANT: The port link-mode bridge command is available only on the following switches: · S6520XE-HI switch series. · S5560X-EI switch series. · S5500V2-EI switch series. · MS4520V2-30F switch. |
· PE A:
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· PE B:
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
Example: Configuring QoS policies for SVLAN tagging and 802.1p priority marking
Network configuration
As shown in Figure 4:
· Customer A and Customer B each have two branches that require Layer 2 connectivity over the service provider network.
· Both customers have three types of traffic and require different transmission priorities for the three types of traffic.
Apply a QoS policy to each customer-side port on PE A and PE B to meet the following requirements:
· Separate the traffic by customer and traffic type.
· Assign different 802.1p priority values to the traffic flows.
Table 2 shows the VLAN and 802.1p priority assignment scheme. For each customer, the service provider assigns one SVLAN by traffic type. Figure 5 shows the expected traffic transmission pattern after the QoS policies are applied to customer-side ports.
Table 2 VLAN and traffic priority assignment
|
Traffic type |
CVLANs |
SVLAN |
Traffic priority |
|
Customer A: |
|
|
|
|
Video |
31 to 40 |
1003 |
High |
|
Voice |
21 to 30 |
1002 |
Medium |
|
Data |
10 to 20 |
1001 |
Low |
|
Customer B: |
|
|
|
|
Storage |
36 to 40 |
2003 |
High |
|
Voice |
26 to 35 |
2002 |
Medium |
|
Data |
15 to 25 |
2001 |
Low |
Figure 5 Expected traffic pattern in the service provider network
Analysis
For the customer-side ports to support multiple SVLANs and send traffic to the customer site with the SVLAN tag removed, you must perform the following tasks:
1. Configure the link type as hybrid on the customer-side ports.
2. Assign the ports to the SVLANs as untagged VLAN members.
To change the 802.1p priority for a class of traffic, use the remark dot1p action. By default, the 802.1p priority in the SVLAN tag added by a QinQ-enabled port depends on the priority trust mode on the port.
· If the 802.1p priority in frames is trusted, the device copies the 802.1p priority in the CVLAN tag to the SVLAN tag.
· If port priority is trusted, the port priority is used as the 802.1p priority in the SVLAN tag. For untagged incoming frames, the port encapsulates the port priority as the 802.1p priority in the SVLAN tag.
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S6520XE-HI switch series |
Supported in Release 11xx |
|
S5560X-EI switch series |
Supported in Release 111x |
|
S5500V2-EI switch series |
Supported in Release 111x |
|
MS4520V2-30F switch |
Supported in Release 111x |
|
S5560S-EI switch series S5560S-SI switch series |
Not supported |
|
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series |
Not supported |
|
S5120V2-SI switch series S5120V2-LI switch series |
Not supported |
|
S3100V3-EI switch series S3100V3-SI switch series |
Not supported |
|
S5110V2 switch series |
Not supported |
|
S5110V2-SI switch series |
Not supported |
|
S5000V3-EI switch series |
Not supported |
|
S5000E-X switch series |
Not supported |
|
WAS6000 switch series |
Not supported |
|
E128C switch E152C switch E500C switch series E500D switch series |
Not supported |
|
MS4520V2 switch series (except the MS4520V2-30F switch) |
Not supported |
|
MS4320V2 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series |
Not supported |
|
WS5850-WiNet switch series |
Not supported |
|
WS5820-WiNet switch series WS5810-WiNet switch series |
Not supported |
Restrictions and guidelines
When you configure an SVLAN tagging QoS policy, follow these restrictions and guidelines:
· Use the nest action for SVLAN tagging. You can configure only one nest action in the traffic behavior for a traffic class.
· You must apply the QoS policy to the inbound direction of customer-side ports.
· For the nest action to take effect, you must enable QinQ on the customer-side ports.
· If an incoming frame does not match the QoS policy, the port adds the PVID tag to the frame as the SVLAN tag.
For QinQ frames to travel across the service provider network, follow these restrictions and guidelines:
· Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. This value is the sum of the default Ethernet interface MTU (1500 bytes) and the length (4 bytes) of a CVLAN tag. The CVLAN tag of QinQ frames is treated as part of the payload during transmission.
· Configure all the ports on the forwarding path to allow frames from VLANs 1001 through 1003 and VLANs 2001 through 2003 to pass through without removing the VLAN tag.
Procedures
Configuring PE A
1. Create SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
<PE_A> system-view
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
2. Configure the customer-side port GigabitEthernet 1/0/1:
# Configure the port as a hybrid port.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] port link-type hybrid
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/1] undo port hybrid vlan 1
# Assign the port to SVLANs 1001 through 1003 as an untagged VLAN member.
[PE_A-GigabitEthernet1/0/1] port hybrid vlan 1001 to 1003 untagged
# Enable QinQ on the port.
[PE_A-GigabitEthernet1/0/1] qinq enable
# Configure the port to trust the 802.1p priority of frames.
[PE_A-GigabitEthernet1/0/1] qos trust dot1p
[PE_A-GigabitEthernet1/0/1] quit
3. Configure the customer-side port GigabitEthernet 1/0/2:
# Configure the port as a hybrid port.
[PE_A] interface gigabitethernet 1/0/2
[PE_A-GigabitEthernet1/0/2] port link-type hybrid
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/2] undo port hybrid vlan 1
# Assign the port to SVLANs 2001 through 2003 as an untagged VLAN member.
[PE_A-GigabitEthernet1/0/2] port hybrid vlan 2001 to 2003 untagged
# Enable QinQ on the port.
[PE_A-GigabitEthernet1/0/2] qinq enable
# Configure the port to trust the 802.1p priority of frames.
[PE_A-GigabitEthernet1/0/2] qos trust dot1p
[PE_A-GigabitEthernet1/0/2] quit
3. Configure the service provider-side port GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_A] interface gigabitethernet 1/0/3
[PE_A-GigabitEthernet1/0/3] port link-type trunk
# Remove the port from VLAN 1.
[PE_A-GigabitEthernet1/0/3] undo port trunk permit vlan 1
# Assign the port to SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_A-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-GigabitEthernet1/0/3] quit
4. Configure QoS policies for SVLAN tagging and 802.1p priority marking:
# Create the class customer_A_pc to match traffic from CVLANs 10 through 20 (data traffic) for Customer A.
[PE_A] traffic classifier customer_A_pc
[PE_A-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_A-classifier-customer_A_pc] quit
# Create the classes customer_A_voice and customer_A_video to match Customer A's voice traffic and video traffic, respectively.
[PE_A] traffic classifier customer_A_voice
[PE_A-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_A-classifier-customer_A_voice] quit
[PE_A] traffic classifier customer_A_video
[PE_A-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_A-classifier-customer_A_video] quit
# Configure SVLAN tagging and 802.1p priority marking actions for Customer A's three traffic types.
[PE_A] traffic behavior customer_A_pc
[PE_A-behavior-customer_A_pc] nest top-most vlan 1001
[PE_A-behavior-customer_A_pc] remark dot1p 3
[PE_A-behavior-customer_A_pc] quit
[PE_A] traffic behavior customer_A_voice
[PE_A-behavior-customer_A_voice] nest top-most vlan 1002
[PE_A-behavior-customer_A_voice] remark dot1p 5
[PE_A-behavior-customer_A_voice] quit
[PE_A] traffic behavior customer_A_video
[PE_A-behavior-customer_A_video] nest top-most vlan 1003
[PE_A-behavior-customer_A_video] remark dot1p 7
[PE_A-behavior-customer_A_video] quit
# Create the QoS policy customer_A for Customer A, and associate the classes with their respective behaviors in the QoS policy.
[PE_A] qos policy customer_A
[PE_A-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_A-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_A-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_A-qospolicy-customer_A] quit
# Apply the QoS policy customer_A to the inbound direction of GigabitEthernet 1/0/1.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] qos apply policy customer_A inbound
[PE_A-GigabitEthernet1/0/1] quit
# Create traffic classes for matching Customer B's three traffic types.
[PE_A] traffic classifier customer_B_pc
[PE_A-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_A-classifier-customer_B_pc] quit
[PE_A] traffic classifier customer_B_voice
[PE_A-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_A-classifier-customer_B_voice] quit
[PE_A] traffic classifier customer_B_storage
[PE_A-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_A-classifier-customer_B_storage] quit
# Configure SVLAN tagging and 802.1p priority marking behaviors for Customer B's traffic types.
[PE_A] traffic behavior customer_B_pc
[PE_A-behavior-customer_B_pc] nest top-most vlan 2001
[PE_A-behavior-customer_B_pc] remark dot1p 3
[PE_A-behavior-customer_B_pc] quit
[PE_A] traffic behavior customer_B_voice
[PE_A-behavior-customer_B_voice] nest top-most vlan 2002
[PE_A-behavior-customer_B_voice] remark dot1p 5
[PE_A-behavior-customer_B_voice] quit
[PE_A] traffic behavior customer_B_storage
[PE_A-behavior-customer_B_storage] nest top-most vlan 2003
[PE_A-behavior-customer_B_storage] remark dot1p 7
[PE_A-behavior-customer_B_storage] quit
# Create the QoS policy customer_B for Customer B, and associate the classes with their respective behaviors in the QoS policy.
[PE_A] qos policy customer_B
[PE_A-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_A-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_A-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_A-qospolicy-customer_B] quit
# Apply the QoS policy customer_B to the inbound direction of GigabitEthernet 1/0/2.
[PE_A] interface gigabitethernet 1/0/2
[PE_A-GigabitEthernet1/0/2] qos apply policy customer_B inbound
[PE_A-GigabitEthernet1/0/2] quit
Configuring PE B
1. Create SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
<PE_B> system-view
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
2. Configure the customer-side port GigabitEthernet 1/0/1:
# Configure the port as a hybrid port.
[PE_B] interface gigabitethernet 1/0/1
[PE_B-GigabitEthernet1/0/1] port link-type hybrid
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/1] undo port hybrid vlan 1
# Assign the port to SVLANs 2001 through 2003 as an untagged VLAN member.
[PE_B-GigabitEthernet1/0/1] port hybrid vlan 2001 to 2003 untagged
# Enable QinQ on the port.
[PE_B-GigabitEthernet1/0/1] qinq enable
# Configure the port to trust the 802.1p priority of frames.
[PE_B-GigabitEthernet1/0/1] qos trust dot1p
[PE_B-GigabitEthernet1/0/1] quit
3. Configure the customer-side port GigabitEthernet 1/0/2:
# Configure the port as a hybrid port.
[PE_B] interface gigabitethernet 1/0/2
[PE_B-GigabitEthernet1/0/2] port link-type hybrid
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/2] undo port hybrid vlan 1
# Assign the port to SVLANs 1001 through 1003 as an untagged VLAN member.
[PE_B-GigabitEthernet1/0/2] port hybrid vlan 1001 to 1003 untagged
# Enable QinQ on the port.
[PE_B-GigabitEthernet1/0/2] qinq enable
# Configure the port to trust the 802.1p priority of frames.
[PE_B-GigabitEthernet1/0/2] qos trust dot1p
[PE_B-GigabitEthernet1/0/2] quit
4. Configure the service provider-side port GigabitEthernet 1/0/3:
# Configure the port as a trunk port.
[PE_B] interface gigabitethernet 1/0/3
[PE_B-GigabitEthernet1/0/3] port link-type trunk
# Remove the port from VLAN 1.
[PE_B-GigabitEthernet1/0/3] undo port trunk permit vlan 1
# Assign the port to SVLANs 1001 through 1003 and SVLANs 2001 through 2003.
[PE_B-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-GigabitEthernet1/0/3] quit
5. Configure QoS policies for SVLAN tagging and 802.1p priority marking:
# Create traffic classes for matching Customer A's traffic types.
[PE_B] traffic classifier customer_A_pc
[PE_B-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_B-classifier-customer_A_pc] quit
[PE_B] traffic classifier customer_A_voice
[PE_B-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_B-classifier-customer_A_voice] quit
[PE_B] traffic classifier customer_A_video
[PE_B-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_B-classifier-customer_A_video] quit
# Configure SVLAN tagging and 802.1p priority marking behaviors for Customer A's three traffic types.
[PE_B] traffic behavior customer_A_pc
[PE_B-behavior-customer_A_pc] nest top-most vlan 1001
[PE_B-behavior-customer_A_pc] remark dot1p 3
[PE_B-behavior-customer_A_pc] quit
[PE_B] traffic behavior customer_A_voice
[PE_B-behavior-customer_A_voice] nest top-most vlan 1002
[PE_B-behavior-customer_A_voice] remark dot1p 5
[PE_B-behavior-customer_A_voice] quit
[PE_B] traffic behavior customer_A_video
[PE_B-behavior-customer_A_video] nest top-most vlan 1003
[PE_B-behavior-customer_A_video] remark dot1p 7
[PE_B-behavior-customer_A_video] quit
# Create the QoS policy customer_A for Customer A, and associate the classes with their respective behaviors in the QoS policy.
[PE_B] qos policy customer_A
[PE_B-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_B-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_B-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_B-qospolicy-customer_A] quit
# Apply the QoS policy customer_A to the inbound direction of GigabitEthernet 1/0/2.
[PE_B] interface gigabitethernet 1/0/2
[PE_B-GigabitEthernet1/0/2] qos apply policy customer_A inbound
[PE_B-GigabitEthernet1/0/2] quit
# Create traffic classes for matching Customer B's three traffic types.
[PE_B] traffic classifier customer_B_pc
[PE_B-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_B-classifier-customer_B_pc] quit
[PE_B] traffic classifier customer_B_voice
[PE_B-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_B-classifier-customer_B_voice] quit
[PE_B] traffic classifier customer_B_storage
[PE_B-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_B-classifier-customer_B_storage] quit
# Configure SVLAN tagging and 802.1p priority marking behaviors for Customer B's three traffic types.
[PE_B] traffic behavior customer_B_pc
[PE_B-behavior-customer_B_pc] nest top-most vlan 2001
[PE_B-behavior-customer_B_pc] remark dot1p 3
[PE_B-behavior-customer_B_pc] quit
[PE_B] traffic behavior customer_B_voice
[PE_B-behavior-customer_B_voice] nest top-most vlan 2002
[PE_B-behavior-customer_B_voice] remark dot1p 5
[PE_B-behavior-customer_B_voice] quit
[PE_B] traffic behavior customer_B_storage
[PE_B-behavior-customer_B_storage] nest top-most vlan 2003
[PE_B-behavior-customer_B_storage] remark dot1p 7
[PE_B-behavior-customer_B_storage] quit
# Create the QoS policy customer_B for Customer B, and associate the classes with their respective behaviors in the QoS policy.
[PE_B] qos policy customer_B
[PE_B-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_B-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_B-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_B-qospolicy-customer_B] quit
# Apply the QoS policy customer_B to the inbound direction of GigabitEthernet 1/0/1.
[PE_B] interface gigabitethernet 1/0/1
[PE_B-GigabitEthernet1/0/1] qos apply policy customer_B inbound
[PE_B-GigabitEthernet1/0/1] quit
Configuring devices between PE A and PE B
# Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.)
# Configure all ports on the path between PE A and PE B allow frames from VLANs 1001 through 1003 and VLANs 2001 through 2003 to pass through without removing the VLAN tag. (Details not shown.)
Verifying the configuration
# Verify the configuration on each port. This example uses GigabitEthernet 1/0/1 of PE A.
[PE_A] interface gigabitethernet 1/0/1
[PE_A-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
Return
[PE_A-GigabitEthernet1/0/1] quit
# Verify the QoS configuration on each port. This example uses GigabitEthernet 1/0/1 of PE A.
[PE_A] display qos policy interface gigabitethernet 1/0/1
Interface: GigabitEthernet1/0/1
Direction: Inbound
Policy: customer_A
Classifier: customer_A_pc
Operator: AND
Rule(s) :
If-match customer-vlan-id 10 to 20
Behavior: customer_A_pc
Nesting:
Nest top-most vlan-id 1001
Marking:
Remark dot1p 3
Classifier: customer_A_voice
Operator: AND
Rule(s) :
If-match customer-vlan-id 21 to 30
Behavior: customer_A_voice
Nesting:
Nest top-most vlan-id 1002
Marking:
Remark dot1p 5
Classifier: customer_A_video
Operator: AND
Rule(s) :
If-match customer-vlan-id 31 to 40
Behavior: customer_A_video
Nesting:
Nest top-most vlan-id 1003
Marking:
Remark dot1p 7
Configuration files
|
|
IMPORTANT: The port link-mode bridge command is available only on the following switches: · S6520XE-HI switch series. · S5560X-EI switch series. · S5500V2-EI switch series. · MS4520V2-30F switch. |
· PE A:
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
remark dot1p 3
#
traffic behavior customer_A_voice
nest top-most vlan 1002
remark dot1p 5
#
traffic behavior customer_A_video
nest top-most vlan 1003
remark dot1p 7
#
traffic behavior customer_B_pc
nest top-most vlan 2001
remark dot1p 3
#
traffic behavior customer_B_voice
nest top-most vlan 2002
remark dot1p 5
#
traffic behavior customer_B_storage
nest top-most vlan 2003
remark dot1p 7
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_B inbound
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· PE B:
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
remark dot1p 3
#
traffic behavior customer_A_voice
nest top-most vlan 1002
remark dot1p 5
#
traffic behavior customer_A_video
nest top-most vlan 1003
remark dot1p 7
#
traffic behavior customer_B_pc
nest top-most vlan 2001
remark dot1p 3
#
traffic behavior customer_B_voice
nest top-most vlan 2002
remark dot1p 5
#
traffic behavior customer_B_storage
nest top-most vlan 2003
remark dot1p 7
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_B inbound
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
Example: Configuring one-to-one and many-to-one VLAN mapping
Network configuration
As shown in Figure 6:
· Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through DHCP.
· On the home gateways, PC, VoD, and VoIP service traffic is assigned to VLANs 1, 2, and 3, respectively.
To isolate traffic of the same service type from different households, configure one-to-one VLAN mapping on the wiring-closet switches. This feature assigns one VLAN to each type of traffic from each household.
To save VLAN resources, configure many-to-one VLAN mapping on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN. Use VLANs 501, 502, and 503 for PC, VoD, and VoIP traffic, respectively.
Table 3 VLAN mapping scheme for each service
|
Service |
VLANs on home gateways |
VLANs on wiring-closet switches (Switch A and Switch B) |
VLANs on campus switch (Switch C) |
|
PC |
VLAN 1 |
VLANs 101, 102, 103, 104 |
VLAN 501 |
|
VoD |
VLAN 2 |
VLANs 201, 202, 203, 204 |
VLAN 502 |
|
VoIP |
VLAN 3 |
VLANs 301, 302, 303, 304 |
VLAN 503 |
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S6520XE-HI switch series |
Supported in Release 11xx |
|
S5560X-EI switch series |
Supported in Release 111x |
|
S5500V2-EI switch series |
Supported in Release 111x |
|
MS4520V2-30F switch |
Supported in Release 111x |
|
S5560S-EI switch series S5560S-SI switch series |
Supported in Release 612x |
|
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series |
Supported in Release 612x |
|
S5120V2-SI switch series S5120V2-LI switch series |
Supported in Release 612x |
|
S3100V3-EI switch series S3100V3-SI switch series |
Supported in Release 612x |
|
S5110V2 switch series |
Supported in Release 612x |
|
S5110V2-SI switch series |
Supported in Release 612x |
|
S5000V3-EI switch series |
Supported in Release 612x |
|
S5000E-X switch series |
Supported in Release 612x |
|
WAS6000 switch series |
Supported in Release 612x |
|
E128C switch E152C switch E500C switch series E500D switch series |
Supported in Release 612x |
|
MS4520V2 switch series (except the MS4520V2-30F switch) |
Supported in Release 612x |
|
MS4320V2 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series |
Supported in Release 612x |
|
WS5850-WiNet switch series |
Supported in Release 612x |
|
WS5820-WiNet switch series WS5810-WiNet switch series |
Supported in Release 612x |
Procedures
Configuring Switch A
# Create the original VLANs 2 and 3. (VLAN 1 is the system default VLAN and already exists.)
<SwitchA> system-view
[SwitchA] vlan 2 to 3
# Create the translated VLANs 101 through 102, 201 through 202, and 301 through 302.
[SwitchA] vlan 101 to 102
[SwitchA] vlan 201 to 202
[SwitchA] vlan 301 to 302
# Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
# Assign GigabitEthernet 1/0/1 to the original VLANs and translated VLANs.
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301
# Configure one-to-one VLAN mapping on GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively.
[SwitchA-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101
[SwitchA-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201
[SwitchA-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301
[SwitchA-GigabitEthernet1/0/1] quit
# Configure the customer-side port GigabitEthernet 1/0/2 as a trunk port.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
# Assign GigabitEthernet 1/0/2 to the original VLANs and translated VLANs.
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3 102 202 302
# Configure one-to-one VLAN mapping on GigabitEthernet 1/0/2 to map VLANs 1, 2, and 3 to VLANs 102, 202, and 302, respectively.
[SwitchA-GigabitEthernet1/0/2] vlan mapping 1 translated-vlan 102
[SwitchA-GigabitEthernet1/0/2] vlan mapping 2 translated-vlan 202
[SwitchA-GigabitEthernet1/0/2] vlan mapping 3 translated-vlan 302
[SwitchA-GigabitEthernet1/0/2] quit
# Configure the network-side port GigabitEthernet 1/0/3 as a trunk port.
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
# Remove GigabitEthernet 1/0/3 from VLAN 1 and assign GigabitEthernet 1/0/3 to the translated VLANs.
[SwitchA-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 101 201 301 102 202 302
[SwitchA-GigabitEthernet1/0/3] quit
Configuring Switch B
# Configure Switch B in the same way Switch A is configured. (Details not shown.)
Configuring Switch C
1. Configure basic settings required for many-to-one VLAN mapping:
# Enable DHCP snooping.
<SwitchC> system-view
[SwitchC] dhcp snooping enable
# Create the original VLANs 101 through 104, 201 through 204, and 301 through 304, and enable ARP detection for these VLANs.
[SwitchC] vlan 101
[SwitchC-vlan101] arp detection enable
[SwitchC-vlan101] vlan 201
[SwitchC-vlan201] arp detection enable
[SwitchC-vlan201] vlan 301
[SwitchC-vlan301] arp detection enable
[SwitchC-vlan301] vlan 102
[SwitchC-vlan102] arp detection enable
[SwitchC-vlan102] vlan 202
[SwitchC-vlan202] arp detection enable
[SwitchC-vlan202] vlan 302
[SwitchC-vlan302] arp detection enable
[SwitchC-vlan302] vlan 103
[SwitchC-vlan103] arp detection enable
[SwitchC-vlan103] vlan 203
[SwitchC-vlan203] arp detection enable
[SwitchC-vlan203] vlan 303
[SwitchC-vlan303] arp detection enable
[SwitchC-vlan303] vlan 104
[SwitchC-vlan104] arp detection enable
[SwitchC-vlan104] vlan 204
[SwitchC-vlan204] arp detection enable
[SwitchC-vlan204] vlan 304
[SwitchC-vlan304] arp detection enable
# Create the translated VLANs 501 through 503, and enable ARP detection for these VLANs.
[SwitchC-vlan304] vlan 501
[SwitchC-vlan501] arp detection enable
[SwitchC-vlan501] vlan 502
[SwitchC-vlan502] arp detection enable
[SwitchC-vlan502] vlan 503
[SwitchC-vlan503] arp detection enable
[SwitchC-vlan503] quit
2. Configure the customer-side port GigabitEthernet 1/0/1:
# Configure the port as a trunk port.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
# Remove the port from VLAN 1, and assign the port to the original VLANs and translated VLANs.
[SwitchC-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302 501 to 503
# Configure the user-side many-to-one VLAN mapping to map VLANs for PC, VoD, and VoIP traffic to VLANs 501, 502, and 503, respectively.
[SwitchC-GigabitEthernet1/0/1] vlan mapping uni range 101 to 102 translated-vlan 501
[SwitchC-GigabitEthernet1/0/1] vlan mapping uni range 201 to 202 translated-vlan 502
[SwitchC-GigabitEthernet1/0/1] vlan mapping uni range 301 to 302 translated-vlan 503
# Enable DHCP snooping entry recording.
[SwitchC-GigabitEthernet1/0/1] dhcp snooping binding record
[SwitchC-GigabitEthernet1/0/1] quit
3. Configure the customer-side port GigabitEthernet 1/0/2:
# Configure the port as a trunk port.
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
# Remove the port from VLAN 1, and assign the port to the original VLANs and translated VLANs.
[SwitchC-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 103 104 203 204 303 304 501 to 503
# Configure the user-side many-to-one VLAN mapping to map VLANs for PC, VoD, and VoIP traffic to VLANs 501, 502, and 503, respectively.
[SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 103 to 104 translated-vlan 501
[SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 203 to 204 translated-vlan 502
[SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503
# Enable DHCP snooping entry recording.
[SwitchC-GigabitEthernet1/0/2] dhcp snooping binding record
[SwitchC-GigabitEthernet1/0/2] quit
4. Configure the network-side port GigabitEthernet 1/0/3:
# Enable the network-side VLAN mapping function on the port.
[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] vlan mapping nni
# Configure the port as a trunk port.
[SwitchC-GigabitEthernet1/0/3] port link-type trunk
# Remove the port from VLAN 1, and assign the port to the translated VLANs 501 through 503.
[SwitchC-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 to 503
# Configure the port as a DHCP snooping trusted and ARP trusted port.
[SwitchC-GigabitEthernet1/0/3] dhcp snooping trust
[SwitchC-GigabitEthernet1/0/3] arp detection trust
[SwitchC-GigabitEthernet1/0/3] quit
Configuring Switch D
# Create the translated VLANs 501 through 503.
<SwitchD> system-view
[SwitchD] vlan 501 to 503
# Configure GigabitEthernet 1/0/1 as a trunk port.
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type trunk
# Assign GigabitEthernet 1/0/1 to the translated VLANs 501 through 503.
[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 501 to 503
[SwitchD-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify VLAN mapping information on the wiring-closet switches, for example, Switch A.
[SwitchA] display vlan mapping
Interface GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 101 N/A
2 N/A 201 N/A
3 N/A 301 N/A
Interface GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 102 N/A
2 N/A 202 N/A
3 N/A 302 N/A
# Verify VLAN mapping information on Switch C.
[SwitchC] display vlan mapping
Interface GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
101-102 N/A 501 N/A
201-202 N/A 502 N/A
301-302 N/A 503 N/A
Interface GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
103-104 N/A 501 N/A
203-204 N/A 502 N/A
303-304 N/A 503 N/A
Configuration files
|
|
IMPORTANT: The port link-mode bridge command is available only on the following switches: · S6520XE-HI switch series. · S5560X-EI switch series. · S5500V2-EI switch series. · MS4520V2-30F switch. |
· Switch A:
#
vlan 1
#
vlan 2 to 3
#
vlan 101 to 102
#
vlan 201 to 202
#
vlan 301 to 302
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 3 101 201 301
vlan mapping 1 translated-vlan 101
vlan mapping 2 translated-vlan 201
vlan mapping 3 translated-vlan 301
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 3 102 202 302
vlan mapping 1 translated-vlan 102
vlan mapping 2 translated-vlan 202
vlan mapping 3 translated-vlan 302
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 101 to 102 201 to 202 301 to 302
#
· Switch B:
#
vlan 1
#
vlan 2 to 3
#
vlan 103 to 104
#
vlan 203 to 204
#
vlan 303 to 304
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 3 103 203 303
vlan mapping 1 translated-vlan 103
vlan mapping 2 translated-vlan 203
vlan mapping 3 translated-vlan 303
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 3 104 204 304
vlan mapping 1 translated-vlan 104
vlan mapping 2 translated-vlan 204
vlan mapping 3 translated-vlan 304
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 103 to 104 203 to 204 303 to 304
#
· Switch C:
#
dhcp snooping enable
#
vlan 101
arp detection enable
#
vlan 102
arp detection enable
#
vlan 103
arp detection enable
#
vlan 104
arp detection enable
#
vlan 201
arp detection enable
#
vlan 202
arp detection enable
#
vlan 203
arp detection enable
#
vlan 204
arp detection enable
#
vlan 301
arp detection enable
#
vlan 302
arp detection enable
#
vlan 303
arp detection enable
#
vlan 304
arp detection enable
#
vlan 501
arp detection enable
#
vlan 502
arp detection enable
#
vlan 503
arp detection enable
#
interface GigabitEthernet1/0/1
port link-mode bridge
undo port trunk permit vlan 1
port link-type trunk
port trunk permit vlan 101 to 102 201 to 202 301 to 302 501 to 503
vlan mapping uni range 101 to 102 translated-vlan 501
vlan mapping uni range 201 to 202 translated-vlan 502
vlan mapping uni range 301 to 302 translated-vlan 503
dhcp snooping binding record
#
interface GigabitEthernet1/0/2
port link-mode bridge
undo port trunk permit vlan 1
port link-type trunk
port trunk permit vlan 103 to 104 203 to 204 303 to 304 501 to 503
vlan mapping uni range 103 to 104 translated-vlan 501
vlan mapping uni range 203 to 204 translated-vlan 502
vlan mapping uni range 303 to 304 translated-vlan 503
dhcp snooping binding record
#
interface GigabitEthernet1/0/3
port link-mode bridge
undo port trunk permit vlan 1
port link-type trunk
port trunk permit vlan 501 to 503
vlan mapping nni
arp detection trust
dhcp snooping trust
#
· Switch D:
#
vlan 501 to 503
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 501 to 503
#
Example: Configuring two-to-two VLAN mapping
Network configuration
As shown in Figure 7:
· A company assigns its branch sites (Site 1 and Site 2) to VLAN 10, and the headquarters provides services in VLAN 30.
· Service provider A uses SVLAN 100 to transmit VLAN 10 traffic for the branch sites.
· Service provider B uses SVLAN 200 to transmit VLAN 30 traffic for the headquarters.
Configure two-to-two VLAN mapping to permit the two branch sites to access VLAN 30 of the headquarters without changing their VLAN assignment.
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S6520XE-HI switch series |
Supported in Release 11xx |
|
S5560X-EI switch series |
Supported in Release 111x |
|
S5500V2-EI switch series |
Supported in Release 111x |
|
MS4520V2-30F switch |
Supported in Release 111x |
|
S5560S-EI switch series S5560S-SI switch series |
Supported in Release 612x |
|
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series |
Supported in Release 612x |
|
S5120V2-SI switch series S5120V2-LI switch series |
Supported in Release 612x |
|
S3100V3-EI switch series S3100V3-SI switch series |
Supported in Release 612x |
|
S5110V2 switch series |
Supported in Release 612x |
|
S5110V2-SI switch series |
Supported in Release 612x |
|
S5000V3-EI switch series |
Supported in Release 612x |
|
S5000E-X switch series |
Supported in Release 612x |
|
WAS6000 switch series |
Supported in Release 612x |
|
E128C switch E152C switch E500C switch series E500D switch series |
Supported in Release 612x |
|
MS4520V2 switch series (except the MS4520V2-30F switch) |
Supported in Release 612x |
|
MS4320V2 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series |
Supported in Release 612x |
|
WS5850-WiNet switch series |
Supported in Release 612x |
|
WS5820-WiNet switch series WS5810-WiNet switch series |
Supported in Release 612x |
Restrictions and guidelines
Configure two-to-two VLAN mapping on one of the edge devices between the two service provider networks. This example uses Switch C.
Procedures
Configuring Switch A
# Create CVLAN 10 and SVLAN 100.
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] vlan 100
[SwitchA-vlan100] quit
# Configure a one-to-two VLAN mapping on the customer-side port (GigabitEthernet 1/0/1) to add SVLAN tag 100 to packets from VLAN 10.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] vlan mapping nest single 10 nested-vlan 100
# Configure GigabitEthernet 1/0/1 as a hybrid port.
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
# Assign GigabitEthernet 1/0/1 to VLAN 10 as a tagged member.
[SwitchA-GigabitEthernet1/0/1] port hybrid vlan 10 tagged
# Assign GigabitEthernet 1/0/1 to VLAN 100 as an untagged member.
[SwitchA-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
# Remove GigabitEthernet 1/0/1 from VLAN 1.
[SwitchA-GigabitEthernet1/0/1] undo port hybrid vlan 1
[SwitchA-GigabitEthernet1/0/1] quit
# Configure the network-side port GigabitEthernet 1/0/2 as a trunk port.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
# Assign GigabitEthernet 1/0/2 to VLAN 100.
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100
# Remove GigabitEthernet 1/0/2 from VLAN 1.
[SwitchA-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchA-GigabitEthernet1/0/2] quit
Configuring Switch B
# Create CVLAN 10 and SVLAN 100.
<SwitchB> system-view
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] vlan 100
[SwitchB-vlan100] quit
# Configure a one-to-two VLAN mapping on the customer-side port (GigabitEthernet 1/0/3) to add SVLAN tag 100 to packets from VLAN 10.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] vlan mapping nest single 10 nested-vlan 100
# Configure GigabitEthernet 1/0/3 as a hybrid port.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type hybrid
# Assign GigabitEthernet 1/0/3 to VLAN 10 as a tagged member.
[SwitchB-GigabitEthernet1/0/3] port hybrid vlan 10 tagged
# Assign GigabitEthernet 1/0/3 to VLAN 100 as an untagged member.
[SwitchB-GigabitEthernet1/0/3] port hybrid vlan 100 untagged
# Remove GigabitEthernet 1/0/3 from VLAN 1.
[SwitchB-GigabitEthernet1/0/3] undo port hybrid vlan 1
[SwitchB-GigabitEthernet1/0/3] quit
# Configure GigabitEthernet 1/0/1 as a trunk port.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
# Assign GigabitEthernet 1/0/1 to VLAN 100.
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100
# Remove GigabitEthernet 1/0/1 from VLAN 1.
[SwitchB-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchB-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
# Assign GigabitEthernet 1/0/2 to VLAN 100.
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 100
# Remove GigabitEthernet 1/0/2 from VLAN 1.
[SwitchB-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchB-GigabitEthernet1/0/2] quit
Configuring Switch C
# Create SVLANs 100 and 200.
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] quit
[SwitchC] vlan 200
[SwitchC-vlan200] quit
# Configure GigabitEthernet 1/0/1 as a trunk port.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
# Assign GigabitEthernet 1/0/1 to VLANs 100 to 200.
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 100 200
# Remove GigabitEthernet 1/0/1 from VLAN 1.
[SwitchC-GigabitEthernet1/0/1] undo port trunk permit vlan 1
# Configure a two-to-two VLAN mapping on GigabitEthernet 1/0/1 to map SVLAN 100 and CVLAN 10 to SVLAN 200 and CVLAN 30.
[SwitchC-GigabitEthernet1/0/1] vlan mapping tunnel 100 10 translated-vlan 200 30
[SwitchC-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port.
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
# Assign GigabitEthernet 1/0/2 to VLAN 200.
[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 200
# Remove GigabitEthernet 1/0/2 from VLAN 1.
[SwitchC-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/2] quit
Configuring Switch D
# Create CVLAN 30 and SVLAN 200.
<SwitchD> system-view
[SwitchD] vlan 30
[SwitchD-vlan30] quit
[SwitchD] vlan 200
[SwitchD-vlan200] quit
# Configure the link type of GigabitEthernet 1/0/1 as trunk.
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type trunk
# Assign GigabitEthernet 1/0/1 to VLAN 200.
[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 200
# Remove GigabitEthernet 1/0/1 from VLAN 1.
[SwitchD-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchD-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a hybrid port.
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-type hybrid
# Assign GigabitEthernet 1/0/2 to VLAN 30 as a tagged member.
[SwitchD-GigabitEthernet1/0/2] port hybrid vlan 30 tagged
# Assign GigabitEthernet 1/0/2 to VLAN 200 as an untagged member.
[SwitchD-GigabitEthernet1/0/2] port hybrid vlan 200 untagged
# Remove GigabitEthernet 1/0/2 from VLAN 1.
[SwitchD-GigabitEthernet1/0/2] undo port hybrid vlan 1
[SwitchD-GigabitEthernet1/0/2] quit
# Configure a one-to-two VLAN mapping on the customer-side port (GigabitEthernet 1/0/2) to add SVLAN tag 200 to packets from VLAN 30.
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] vlan mapping nest single 30 nested-vlan 200
[SwitchD-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify VLAN mapping information on Switch C.
[SwitchC] display vlan mapping
Interface GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
100 10 200 30
Configuration files
|
|
IMPORTANT: The port link-mode bridge command is available only on the following switches: · S6520XE-HI switch series. · S5560X-EI switch series. · S5500V2-EI switch series. · MS4520V2-30F switch. |
· Switch A:
#
vlan 10
vlan 100
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
· Switch B:
#
vlan 10
vlan 100
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
vlan 100
#
vlan 200
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
vlan mapping tunnel 100 10 translated-vlan 200 30
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
· Switch D:
#
vlan 30
vlan 200
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
port hybrid vlan 30 tagged
port hybrid vlan 200 untagged
vlan mapping nest single 30 nested-vlan 200
#
