Hi, everyone! Today I’m going to introduce an example for configuring flow-based selective QinQ.
QinQ Overview
802.1Q-in-802.1Q (QinQ) expands VLAN space by adding an additional 802.1Q tag to 802.1Q tagged packets. It allows services in a private VLAN to be transparently transmitted over a public network.
Selective QinQ, also called VLAN stacking or QinQ stacking, is an extension of QinQ. Selective QinQ is performed based on interfaces and VLAN IDs. In addition to functions of basic QinQ, selective QinQ takes different actions for packets received by the same interface based on VLANs.
Flow-based selective QinQ adds outer VLAN tags based on traffic policies. It can provide differentiated services based on service types.
Configuration Notes
When configuring selective QinQ on the switch, pay attention to the following points:
You are advised to configure selective QinQ on a hybrid interface. Selective QinQ can take effect on the interface only in the inbound direction.
The outer VLAN must be created before Selective QinQ is performed.
When an interface configured with VLAN stacking needs to remove the outer tag from outgoing frames, the interface must join the VLAN specified by stack-vlan in untagged mode. If the outer VLAN does not need to be removed, the interface must join the VLAN specified by stack-vlan in tagged mode.
The device configured with selective QinQ can add only one outer VLAN tag to a frame with an inner VLAN tag on an interface.
If only single-tagged packets from a VLAN need to be transparently transmitted, do not specify the VLAN as the inner VLAN of selective QinQ.
This example applies to all versions of the modular switches.
Networking Requirements
As shown in Figure 6-22, Internet access users (using PCs) and VoIP users (using VoIP phones) connect to the ISP network through SwitchA and SwitchB and communicate with each other through the ISP network.
It is required that packets of PCs and VoIP phones are tagged VLAN 2 and VLAN 3 respectively when the packets are transmitted through the ISP network. Flow-based selective QinQ can be configured to meet the requirement.
Configuration Roadmap
The configuration roadmap is as follows:
Create VLANs on SwitchA and SwitchB.
Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA and SwitchB.
Configure link types of interfaces on SwitchA and SwitchB and add the interfaces to VLANs.
Apply the traffic policies to interfaces on SwitchA and SwitchB to implement selective QinQ.
Procedure
Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be added.
<HUAWEI> system-view[HUAWEI] sysname SwitchA[SwitchA] vlan batch 2 3
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be added.
<HUAWEI> system-view[HUAWEI] sysname SwitchB[SwitchB] vlan batch 2 3
Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA and SwitchB.
# Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchA.
[SwitchA] traffic classifier name1 //Configure a traffic classifier named name1.[SwitchA-classifier-name1] if-match vlan-id 100 to 200 //Configure a matching rule to match packets from VLANs 100 to 200.[SwitchA-classifier-name1] quit[SwitchA] traffic behavior name1 //Configure a traffic behavior named name1.[SwitchA-behavior-name1] nest top-most vlan-id 2 //Configure an action of adding VLAN 2 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchA-behavior-name1] quit[SwitchA] traffic classifier name2 //Configure a traffic classifier named name2.[SwitchA-classifier-name2] if-match vlan-id 300 to 400 //Configure a matching rule to match packets from VLANs 300 to 400.[SwitchA-classifier-name2] quit[SwitchA] traffic behavior name2 //Configure a traffic behavior named name2.[SwitchA-behavior-name2] nest top-most vlan-id 3 //Configure an action of adding VLAN 3 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchA-behavior-name2] quit[SwitchA] traffic policy name1 //Configure a traffic policy named name1.[SwitchA-trafficpolicy-name1] classifier name1 behavior name1 [SwitchA-trafficpolicy-name1] classifier name2 behavior name2 [SwitchA-trafficpolicy-name1] quit
# Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchB.
[SwitchB] traffic classifier name1 //Configure a traffic classifier named name1.[SwitchB-classifier-name1] if-match vlan-id 100 to 200 //Configure a matching rule to match packets from VLANs 100 to 200.[SwitchB-classifier-name1] quit[SwitchB] traffic behavior name1 //Configure a traffic behavior named name1.[SwitchB-behavior-name1] nest top-most vlan-id 2 //Configure an action of adding VLAN 2 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchB-behavior-name1] quit[SwitchB] traffic classifier name2 //Configure a traffic classifier named name2.[SwitchB-classifier-name2] if-match vlan-id 300 to 400 //Configure a matching rule to match packets from VLANs 300 to 400.[SwitchB-classifier-name2] quit[SwitchB] traffic behavior name2 //Configure a traffic behavior named name2.[SwitchB-behavior-name2] nest top-most vlan-id 3 //Configure an action of adding VLAN 3 in an outer VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.[SwitchB-behavior-name2] quit[SwitchB] traffic policy name1 //Configure a traffic policy named name1.[SwitchB-trafficpolicy-name1] classifier name1 behavior name1 [SwitchB-trafficpolicy-name1] classifier name2 behavior name2 [SwitchB-trafficpolicy-name1] quit
Apply the traffic policies to interfaces on SwitchA and SwitchB to implement selective QinQ.
# Configure GE1/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 1/0/1[SwitchA-GigabitEthernet1/0/1] port link-type hybrid[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 2 3[SwitchA-GigabitEthernet1/0/1] traffic-policy name1 inbound //Apply the traffic policy name1 to the interface in the inbound direction.[SwitchA-GigabitEthernet1/0/1] quit
# Configure GE1/0/1 on SwitchB.
[SwitchB] interface gigabitethernet 1/0/1[SwitchB-GigabitEthernet1/0/1] port link-type hybrid[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 2 3[SwitchB-GigabitEthernet1/0/1] traffic-policy name1 inbound //Apply the traffic policy name1 to the interface in the inbound direction.[SwitchB-GigabitEthernet1/0/1] quit
Configure other interfaces.
# Add GE1/0/2 on SwitchA to VLAN 2 and VLAN 3.
[SwitchA] interface gigabitethernet 1/0/2[SwitchA-GigabitEthernet1/0/2] port link-type trunk[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 3[SwitchA-GigabitEthernet1/0/2] quit
# Add GE1/0/2 on SwitchB to VLAN 2 and VLAN 3.
[SwitchB] interface gigabitethernet 1/0/2[SwitchB-GigabitEthernet1/0/2] port link-type trunk[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 3[SwitchB-GigabitEthernet1/0/2] quit
Verify the configuration.
If the configurations on SwitchA and SwitchB are correct, you can obtain the following information:
PCs can communicate with each other through the ISP network.
VoIP phones can communicate with each other through the ISP network.
Configuration Files
Configuration file of SwitchA
# sysname SwitchA # vlan batch 2 to 3 # traffic classifier name1 operator or precedence 5 if-match vlan-id 100 to 200 traffic classifier name2 operator or precedence 10 if-match vlan-id 300 to 400 # traffic behavior name1 permit nest top-most vlan-id 2 traffic behavior name2 permit nest top-most vlan-id 3 # traffic policy name1 match-order config classifier name1 behavior name1 classifier name2 behavior name2 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 2 to 3 traffic-policy name1 inbound # interface GigabitEthernet1/0/2 port link-type trunk port trunk allow-pass vlan 2 to 3 # return
Configuration file of SwitchB
# sysname SwitchB # vlan batch 2 to 3 # traffic classifier name1 operator or precedence 5 if-match vlan-id 100 to 200 traffic classifier name2 operator or precedence 10 if-match vlan-id 300 to 400 # traffic behavior name1 permit nest top-most vlan-id 2 traffic behavior name2 permit nest top-most vlan-id 3 # traffic policy name1 match-order config classifier name1 behavior name1 classifier name2 behavior name2 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 2 to 3 traffic-policy name1 inbound # interface GigabitEthernet1/0/2 port link-type trunk port trunk allow-pass vlan 2 to 3 # return
See more please click
If you have any problems, please post them in our Community. We are happy to solve them for you!
