No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring QinQ

Configuring QinQ

Configuring Basic QinQ

After basic QinQ is configured, the device adds a public VLAN tag to an incoming packet so that the user packet can be forwarded on the public network.

Background Information

To separate private networks from the public network and save VLAN resources, configure double 802.1Q tags on QinQ interfaces of the device. Private VLAN tags are used on private networks such as enterprise networks, and public VLAN tags are used on external networks such as ISP networks. QinQ expands the VLAN space to 4094 x 4094 and allows packets on different private networks with same VLAN IDs to be transparently transmitted.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The outer VLAN is created.

  3. Run:

    quit

    Return to the system view.

  4. Run:

    interface interface-type interface-number

    The interface view is displayed.

  5. Run:

    port link-type dot1q-tunnel

    The link type of the interface is set to dot1q-tunnel.

    By default, the link type of an interface is Access.

    Dot1q-tunnel interfaces do not support Layer 2 multicast.

  6. Run:

    port default vlan vlan-id

    The VLAN ID (default VLAN) in the outer VLAN tag is specified.

    By default, all ports are added to VLAN 1.

  7. Run:

    commit

    The configuration is committed.

Checking the Configuration

  • Run the display current-configuration interface interface-type interface-number command to check the QinQ configuration on the interface.

Configuring Selective QinQ

Selective QinQ adds different outer VLAN tags to packets with different inner VLAN tags on an interface, and is more flexible than QinQ.

Configuring VLAN ID-based Selective QinQ

Context

Selective QinQ based on the VLAN ID enables the device to add different outer VLAN tags to received data frames according to VLAN IDs in the frames.

  • Selective QinQ based on the VLAN ID can only be enabled on hybrid interfaces in the inbound direction.
  • The outer VLAN ID must exist and the interface must be added to the outer VLAN in untagged mode.
  • The interface learns the MAC address in the VLAN specified by the outer VLAN tag of packets.
  • The MUX VLAN and selective QinQ based on the VLAN ID cannot be configured on the same interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    port link-type hybrid

    The link type of the interface is configured as hybrid.

    By default, the link type of an interface is access.

  4. Run:

    port hybrid untagged vlan vlan-id

    The interface is added to the VLAN in untagged mode.

    The VLAN ID specified by vlan-id must already exist on the device. The original VLAN can be not created.

  5. Run:

    port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3 [ remark-8021p 8021p-value ]

    Selective QinQ based on the VLAN ID is configured.

    If the port vlan-stacking command has been executed at least three times with specified VLAN ranges and VLAN ranges are combined twice at least, the configuration of each command must be committed. Otherwise, packets may be lost. For example, when port vlan-stacking vlan 30 to 60 stack-vlan 100, port vlan-stacking vlan 20 to 30 stack-vlan 100, and port vlan-stacking vlan 60 to 70 stack-vlan 100 commands are used, VLAN ranges 20 to 60 and 20 to 70 are combined twice. Therefore, commit the configuration of each command.

  6. Run:

    commit

    The configuration is committed.

Checking the Configuration

  • Run the display current-configuration interface interface-type interface-number command to check the configuration of selective QinQ based on the VLAN ID on the interface.

Configuring MQC-based Selective QinQ

Background

MQC-based selective QinQ uses a traffic classifier to classify packets based on VLAN IDs and associates the traffic classifier with a traffic behavior that defines the action of adding outer VLAN tags so that outer VLAN tags are added to packets matching the traffic classifier.

Procedure

  1. Configure a traffic classifier.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic classifier classifier-name [ type { and | or } ]

      A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.

      and indicates that rules are ANDed with each other.
      • If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.

      • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

      or indicates that rules are ORed with each other. Packets match a traffic classifier as long as packets match one rule of the traffic classifier.

      By default, the relationship between rules in a traffic classifier is OR.

    3. Run the following commands as required.

      Matching Rule

      Command

      Remarks

      Inner VLAN IDs in QinQ packets

      if-match inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

      -

      802.1p priority in VLAN packets

      if-match 8021p 8021p-value &<1-8>

      Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of 802.1p priorities, the packet that matches one 802.1p priority matches the traffic classifier.

      Inner 802.1p priority in QinQ packets

      if-match inner-8021p 8021p-value &<1-8>

      -

      Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

      if-match vlan start-vlan-id [ to end-vlan-id ] [ inner-vlan inner-vlan-id ] or if-match vlan vlan-id [ inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ] ]

      -

      Drop packet

      if-match discard

      -

      Double tags in QinQ packets

      if-match double-tag

      -

      Destination MAC address

      if-match destination-mac mac-address [ mac-address-mask ]

      -

      Source MAC address

      if-match source-mac mac-address [ mac-address-mask ]

      -

      Protocol type field encapsulated in the Ethernet frame header

      if-match l2-protocol { arp | ip | rarp | protocol-value }

      -

      All packets

      if-match any

      -

      DSCP priority in IP packets

      if-match [ ipv6 ] dscp dscp-value &<1-8>

      • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of DSCP priorities, the packet that matches one DSCP priority matches the traffic classifier.

      • If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

      IP precedence in IP packets

      if-match ip-precedence ip-precedence-value &<1-8>

      • The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

      • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of IP priorities, the packet that matches one IP priority matches the traffic classifier.

      SYN Flag in the TCP packet header

      if-match tcp-flag { tcp-flag-value | { ack | fin | psh | rst | syn | urg }* }

      -

      Outbound interface

      if-match outbound-interface interface-type interface-number

      The traffic policy containing this matching rule cannot be applied to the outbound direction.

      ACL rule

      if-match acl { acl-number | acl-name }

      NOTE:

      When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.

      Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if an ACL defines many rules, the packet that matches a single ACL rule matches the ACL.

      ACL6 rule

      if-match ipv6 acl { acl-number | acl-name }

      NOTE:

      When an ACL6 is used to define a traffic classification rule, it is recommended that the ACL6 be configured first.

      -

    4. Run:

      commit

      The configuration is committed.

    5. Run:

      quit

      The traffic classifier view is quitted.

  2. Configure a traffic behavior.
    1. Run:

      traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed.

    2. Run:

      vlan-stacking vlan vlan-id

      An action of adding outer VLAN tags is configured in the traffic behavior.

    3. Run:

      commit

      The configuration is committed.

    4. Run:

      quit

      Exit from the traffic behavior view.

    5. Run:

      quit

      Exit from the system view.

  3. Configure a traffic policy.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic policy policy-name

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

    3. Run:

      classifier classifier-name behavior behavior-name [ precedence precedence-value ]

      A traffic behavior is bound to a traffic classifier in a traffic policy.

    4. Run:

      commit

      The configuration is committed.

    5. Run:

      quit

      The traffic policy view is quitted.

  4. Apply the traffic policy.
    • Applying a traffic policy to an interface
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        interface interface-type interface-number

        The interface view is displayed.

      3. Run:

        traffic-policy policy-name inbound

        A traffic policy is applied to the interface in the inbound direction.

      4. Run:

        commit

        The configuration is committed.

    • Applying a traffic policy to a VLAN
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        vlan vlan-id

        The VLAN view is displayed.

      3. Run:

        traffic-policy policy-name inbound

        A traffic policy is applied to the VLAN in the inbound direction.

        After a traffic policy is applied, the system performs traffic policing for the packets that belong to a VLAN and match traffic classification rules in the inbound direction.

      4. Run:

        commit

        The configuration is committed.

    • Applying a traffic policy to the system
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        traffic-policy policy-name global [ slot slot-id ] inbound

        A traffic policy is applied to the system in the inbound direction.

      3. Run:

        commit

        The configuration is committed.

    A traffic policy containing vlan-stacking cannot be applied to the outbound direction.

Checking the Configuration

  • Run the display traffic classifier [ classifier-name ] command to check the traffic classifier configuration on the device.
  • Run the display traffic behavior [ behavior-name ] command to check the traffic behavior configuration on the device.
  • Run the display traffic policy [ policy-name [ classifier classifier-name ] ] command to check the traffic policy configuration on the device.

  • Run the display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id ] [ inbound | outbound ] command to check the record of the specified traffic policy.

Configuring the TPID Value for an Outer VLAN Tag

To ensure that devices from different vendors can communicate with each other, set the TPID value of an outer VLAN tag.

Context

Devices from different vendors or different network plans may use different values for TPID fields in outer VLAN tags of QinQ packets. To be compatible with an existing network plan, the AR router supports configuration of the TPID value. You can set the TPID value on the AR router to be the same as the TPID value in the network plan so that the AR router can be compatible on the existing network.

  • To implement the connectivity between the devices of different vendors, ensure that the protocol type in the outer VLAN tag can be identified by the peer device.
  • The qinq protocol command identifies incoming packets, and adds or changes the TPID value of outgoing packets.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    qinq protocol protocol-id

    The protocol type in the outer VLAN tag is set.

    The qinq protocol command cannot be used on the interface of dot1q tunnel type.

    The TPID value can be 0x8100, 0x9100, or 0x88a8.

    By default, the TPID value in the outer VLAN tag is 0x8100.

  4. Run:

    commit

    The configuration is committed.

Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 59866

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next