Example for Configuring Flow-based Selective QinQ

23 0 0 0

QinQ Overview

802.1Q-in-802.1Q (QinQ) expands VLAN space by adding an additional 802.1Q tag to 802.1Q tagged packets. It allows services in a private VLAN to be transparently transmitted over a public network.

Selective QinQ, also called VLAN stacking or QinQ stacking, is an extension of QinQ. Selective QinQ is performed based on interfaces and VLAN IDs. In addition to functions of basic QinQ, selective QinQ takes different actions for packets received by the same interface based on VLANs.

Flow-based selective QinQ adds outer VLAN tags based on traffic policies. It can provide differentiated services based on service types.

Configuration Notes

When configuring selective QinQ on the switch, pay attention to the following points:

  • You are advised to configure selective QinQ on a hybrid interface. Selective QinQ can take effect on the interface only in the inbound direction.
  • The outer VLAN must be created before Selective QinQ is performed.
  • When an interface configured with VLAN stacking needs to remove the outer tag from outgoing frames, the interface must join the VLAN specified by stack-vlan in untagged mode. If the outer VLAN does not need to be removed, the interface must join the VLAN specified by stack-vlan in tagged mode.
  • The device configured with selective QinQ can add only one outer VLAN tag to a frame with an inner VLAN tag on an interface.
  • If only single-tagged packets from a VLAN need to be transparently transmitted, do not specify the VLAN as the inner VLAN of selective QinQ.
  • This example applies to all versions of the modular switches.

Networking Requirements

As shown in Figure 6-22, Internet access users (using PCs) and VoIP users (using VoIP phones) connect to the ISP network through SwitchA and SwitchB and communicate with each other through the ISP network.

It is required that packets of PCs and VoIP phones are tagged VLAN 2 and VLAN 3 respectively when the packets are transmitted through the ISP network. Flow-based selective QinQ can be configured to meet the requirement.

Figure 6-22  Networking of flow-based selective QinQ 
imgDownload?uuid=a77a914534da4e84b1cae58

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs on SwitchA and SwitchB.

  2. Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA and SwitchB.

  3. Configure link types of interfaces on SwitchA and SwitchB and add the interfaces to VLANs.

  4. Apply the traffic policies to interfaces on SwitchA and SwitchB to implement selective QinQ.

Procedure

  1. Create VLANs.

    # On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be added.

    <HUAWEI> system-view[HUAWEI] sysname SwitchA[SwitchA] vlan batch 2 3

    # On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be added.

    <HUAWEI> system-view[HUAWEI] sysname SwitchB[SwitchB] vlan batch 2 3

  2. Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA and SwitchB.

    # Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchA.

    [SwitchA] traffic classifier name1  //Configure a traffic classifier named name1.[SwitchA-classifier-name1] if-match vlan-id 100 to 200  //Configure a matching rule to match packets from VLANs 100 to 200.[SwitchA-classifier-name1] quit[SwitchA] traffic behavior name1  //Configure a traffic behavior named name1.[SwitchA-behavior-name1] nest top-most vlan-id 2  //Configure an action of adding VLAN 2 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchA-behavior-name1] quit[SwitchA] traffic classifier name2  //Configure a traffic classifier named name2.[SwitchA-classifier-name2] if-match vlan-id 300 to 400  //Configure a matching rule to match packets from VLANs 300 to 400.[SwitchA-classifier-name2] quit[SwitchA] traffic behavior name2  //Configure a traffic behavior named name2.[SwitchA-behavior-name2] nest top-most vlan-id 3  //Configure an action of adding VLAN 3 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchA-behavior-name2] quit[SwitchA] traffic policy name1  //Configure a traffic policy named name1.[SwitchA-trafficpolicy-name1] classifier name1 behavior name1 [SwitchA-trafficpolicy-name1] classifier name2 behavior name2 [SwitchA-trafficpolicy-name1] quit

    # Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchB.

    [SwitchB] traffic classifier name1 //Configure a traffic classifier named name1.[SwitchB-classifier-name1] if-match vlan-id 100 to 200  //Configure a matching rule to match packets from VLANs 100 to 200.[SwitchB-classifier-name1] quit[SwitchB] traffic behavior name1  //Configure a traffic behavior named name1.[SwitchB-behavior-name1] nest top-most vlan-id 2  //Configure an action of adding VLAN 2 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchB-behavior-name1] quit[SwitchB] traffic classifier name2  //Configure a traffic classifier named name2.[SwitchB-classifier-name2] if-match vlan-id 300 to 400  //Configure a matching rule to match packets from VLANs 300 to 400.[SwitchB-classifier-name2] quit[SwitchB] traffic behavior name2  //Configure a traffic behavior named name2.[SwitchB-behavior-name2] nest top-most vlan-id 3  //Configure an action of adding VLAN 3 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchB-behavior-name2] quit[SwitchB] traffic policy name1  //Configure a traffic policy named name1.[SwitchB-trafficpolicy-name1] classifier name1 behavior name1 [SwitchB-trafficpolicy-name1] classifier name2 behavior name2 [SwitchB-trafficpolicy-name1] quit

  3. Apply the traffic policies to interfaces on SwitchA and SwitchB to implement selective QinQ.

    # Configure GE1/0/1 on SwitchA.

    [SwitchA] interface gigabitethernet 1/0/1[SwitchA-GigabitEthernet1/0/1] port link-type hybrid[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 2 3[SwitchA-GigabitEthernet1/0/1] traffic-policy name1 inbound  //Apply the traffic policy name1 to the interface in the inbound direction.[SwitchA-GigabitEthernet1/0/1] quit

    # Configure GE1/0/1 on SwitchB.

    [SwitchB] interface gigabitethernet 1/0/1[SwitchB-GigabitEthernet1/0/1] port link-type hybrid[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 2 3[SwitchB-GigabitEthernet1/0/1] traffic-policy name1 inbound  //Apply the traffic policy name1 to the interface in the inbound direction.[SwitchB-GigabitEthernet1/0/1] quit

  4. Configure other interfaces.

    # Add GE1/0/2 on SwitchA to VLAN 2 and VLAN 3.

    [SwitchA] interface gigabitethernet 1/0/2[SwitchA-GigabitEthernet1/0/2] port link-type trunk[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 3[SwitchA-GigabitEthernet1/0/2] quit

    # Add GE1/0/2 on SwitchB to VLAN 2 and VLAN 3.

    [SwitchB] interface gigabitethernet 1/0/2[SwitchB-GigabitEthernet1/0/2] port link-type trunk[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 3[SwitchB-GigabitEthernet1/0/2] quit

  5. Verify the configuration.

    If the configurations on SwitchA and SwitchB are correct, you can obtain the following information:

    • PCs can communicate with each other through the ISP network.

    • VoIP phones can communicate with each other through the ISP network.

Configuration Files

  • Configuration file of SwitchA

    #
    sysname SwitchA
    #
    vlan batch 2 to 3
    #
    traffic classifier name1 operator or precedence 5
     if-match vlan-id 100 to 200
    traffic classifier name2 operator or precedence 10
     if-match vlan-id 300 to 400
    #
    traffic behavior name1
     permit
     nest top-most vlan-id 2
    traffic behavior name2
     permit
     nest top-most vlan-id 3
    #
    traffic policy name1 match-order config
     classifier name1 behavior name1
     classifier name2 behavior name2
    #
    interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 2 to 3
     traffic-policy name1 inbound
    #
    interface GigabitEthernet1/0/2
     port link-type trunk
     port trunk allow-pass vlan 2 to 3
    #
    return
  • Configuration file of SwitchB

    #
    sysname SwitchB
    #
    vlan batch 2 to 3
    #
    traffic classifier name1 operator or precedence 5
     if-match vlan-id 100 to 200
    traffic classifier name2 operator or precedence 10
     if-match vlan-id 300 to 400
    #
    traffic behavior name1
     permit
     nest top-most vlan-id 2
    traffic behavior name2
     permit
     nest top-most vlan-id 3
    #
    traffic policy name1 match-order config
     classifier name1 behavior name1
     classifier name2 behavior name2
    #
    interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 2 to 3
     traffic-policy name1 inbound
    #
    interface GigabitEthernet1/0/2
     port link-type trunk
     port trunk allow-pass vlan 2 to 3
    #
    return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top