How does the S2700 implement VLAN mapping and what scenarios need to be concerned


When configuring VLAN mapping on the S2700, pay attention to the following points:

Working principle of VLAN mapping

After VLAN mapping is enabled on an interface, the interface replaces VLAN tags of packets based on the C-VLAN ID and the result of the modulo operation against 128.

For example, if the C-VLAN IDs range from 1 to 10 and the S-VLAN ID is 100, then:

If the VLAN ID of an incoming packet is 130, the modulo result of 128 is 2, which is within the range of 1 to 10. Therefore, the interface changes the VLAN ID of the incoming packet with 100 and then forwards the packet.

If the VLAN ID of an incoming packet is 140, the modulo result is 12, which is out of the range of 1 to 10. According to the initial configuration, VLAN 12 is mapped to VLAN 12. Thus interface changes the VLAN ID of the incoming packet to 12 and forwards the packet, as long as the interface has already been added to VLAN 12.

VLAN translation is configured as follows during initialization:

VLANs 1 to 127 are translated in the format of X -> X, that is, not translated.

VLAN 0 is translated to VLAN 128.

VLAN translation is configured as follows during the VLAN mapping configuration:

When the C-VLAN ID is greater than 128, the system performs the modulo operation on the C-VLAN ID against 128 and uses the modulo result as the C-VLAN ID.

Other VLANs are not translated.

No qinq vlan-translation miss-drop command

The VLAN tags of all packets are translated according to the modulo result. Untagged packets are processed according to whether the default VLAN of the interface is configured by the port default vlan command. If the default VLAN is configured, untagged packets are added the PVID and forwarded. Otherwise, untagged packets are discarded.

Scenarios to be concerned

If C-VLANs 1 to 10 are mapped to S-VLAN 100 in the VLAN mapping configuration, packets of VLAN 130 that should be transmitted transparently are forwarded after their VLAN tags are changed to VLAN 100. In this case, services may be affected.

To enable packets of VLAN 130 to be transmitted transparently, you need to configure the mapping from VLAN 130 to VLAN 130. Therefore, limit the VLAN ID to 128 during the early network planning so that packets from all VLANs can be forwarded normally.

Other related questions:
How to implement port mapping on an AR router
Run the port-mapping command on an AR router to configure port mapping based on basic ACLs (number 2000 to 2999). Port mapping is implemented after packets match an ACL rule. To filter packets based on the ACLs, port mapping tries to match the destination IP addresses in the packets with the IP addresses defined in the basic ACL rules.
# Set the mapping port of the HTTP service to 10. If packets comply with the rules defined in the ACL 2000, the mapping relationship takes effect.
[Huawei] acl 2000
[Huawei-acl-basic-2000] rule permit
[Huawei-acl-basic-2000] quit
[Huawei] port-mapping http port 10 acl 2000

How many VLANs does the S2709TP-EI support
The S2700 series switches support 4K IEEE-based VLANs.

What are the limitations for configuring VLAN mapping on the S2700
A maximum of 16 VLANs can be mapped on an interface. The C-VLAN ID must be different from the value obtained through the modulo operation against 128 on the VLAN allowed by the interface (VLAN ID mod 128); otherwise, a conflict occurs. For example, if the interface allows VLAN 130 to pass, the result of VLAN ID mod 128 is 2. In this case, the C-VLAN ID cannot be set to 2. The S2700SI does not support VLAN mapping.

Application and support of SSM mapping on an S series switch
The source-specific multicast (SSM) model conserves multicast addresses and is more secure than the any-source multicast (ASM) model. Only IGMPv3 supports SSM. A host running IGMPv3 can specify multicast source addresses in Report messages. Some hosts can only run IGMPv1 or IGMPv2. To enable these hosts to receive the SSM service, multicast devices need to offer the IGMP snooping SSM mapping function. IGMP snooping SSM mapping is a Layer 2 SSM mapping feature used on IPv4 multicast networks. After static SSM mapping entries are configured on a Layer 2 device, the device can convert (*, G) information in IGMPv1 and IGMPv2 Report messages to (S, G) information to provide the SSM service for IGMPv1 and IGMPv2 hosts. S indicates the multicast source, G indicates the multicast group, and the asterisk (*) indicates any multicast source. S series switches excluding the S1700 support IGMP snooping SSM mapping.

Do S series switches support dynamic VLAN delivery through the RADIUS server
Dynamic VLAN delivery through the RADIUS server is to deliver VLAN attributes through the RADIUS server to dynamically authorize online users. For S series switches (except the S1700), the S2700SI and S2710SI running V100R006 do not support this function. However, other switch models running V100R006 and all switch models running versions later than V100R006 support this function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top