No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

Example for Configuring Basic QinQ

Networking Requirements

As shown in Figure 5-70, tenant 1 and tenant 2 in a data center are located in different positions. SwitchA and SwitchB are at the edge of the data center and connected through the core/backbone network. A non-Huawei device with the TPID value 0x9100 exists on the core/backbone network.

The requirements are as follows:
  • Tenant 1 and Tenant 2 plan their VLANs independently.
  • Traffic of the two tenants is transparently transmitted on the core/backbone network. Users using the same services in the two branches are allowed to communicate and users using different services are isolated.
You can configure QinQ to meet the preceding requirements. VLAN 100 provided by the core/backbone network can be used to implement communication of tenant 1 and VLAN 200 is used for tenant 2. You can set the TPID value in the outer VLAN on the interface that connects the non-Huawei device to implement communication between devices.
Figure 5-70 Networking diagram for configuring QinQ

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB. Set the link type of the interface to QinQ and add the interfaces to VLAN. In this way, different outer VLAN tags are added to different tenants.

  2. Add interfaces connecting to the core/backbone network on SwitchA and SwitchB to VLAN 100 and VLAN 200 to permit packets from these VLANs to pass through.

  3. Set the TPID values in the outer VLAN tag on interfaces connecting to the core/backbone network on SwitchA and SwitchB to implement communication between the device with devices from other vendors.

Procedure

  1. Create VLANs.

    # Create VLAN 100 and VLAN 200 on SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 100 200
    [*SwitchA] commit
    

    # Create VLAN 100 and VLAN 200 on SwitchB.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] vlan batch 100 200
    [*SwitchB] commit
    

  2. Set the link type of the interface to QinQ.

    # Configure 10GE1/17/1 and 10GE1/17/2 of SwitchA as QinQ interfaces. Set the VLAN of 10GE1/17/1 to VLAN 100 and the VLAN of 10GE1/17/2 to VLAN 200.

    [~SwitchA] interface 10ge 1/17/1
    [~SwitchA-10GE1/17/1] port link-type dot1q-tunnel
    [*SwitchA-10GE1/17/1] port default vlan 100
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] interface 10ge 1/17/2
    [*SwitchA-10GE1/17/2] port link-type dot1q-tunnel
    [*SwitchA-10GE1/17/2] port default vlan 200
    [*SwitchA-10GE1/17/2] quit
    [*SwitchA] commit
    

    # Configure 10GE1/17/1 and 10GE1/17/2 of SwitchB as QinQ interfaces. Set the VLAN of 10GE1/17/1 to VLAN 100 and the VLAN of 10GE1/17/2 to VLAN 200. The configuration procedure of SwitchB is the same as that of SwitchA.

  3. Configure the interface connecting to the core/backbone network on the switch.

    # Add 10GE1/17/3 of SwitchA to VLAN 100 and VLAN 200.

    [~SwitchA] interface 10ge 1/17/3
    [~SwitchA-10GE1/17/3] port link-type trunk
    [*SwitchA-10GE1/17/3] port trunk allow-pass vlan 100 200
    [*SwitchA-10GE1/17/3] commit
    [~SwitchA-10GE1/17/3] quit

    # Add 10GE1/17/3 of SwitchB to VLAN 100 and VLAN 200. The configuration procedure of SwitchB is the same as that of SwitchA.

  4. Configure the TPID value for an outer VLAN tag

    # Set the TPID value of an outer VLAN tag to 0x9100 on SwitchA.

    [~SwitchA] interface 10ge 1/17/3
    [~SwitchA-10GE1/17/3] qinq protocol 9100
    [*SwitchA-10GE1/17/3] commit

    # Set the TPID value of an outer VLAN tag to 0x9100 on SwitchB.

    [~SwitchB] interface 10ge 1/17/3
    [~SwitchB-10GE1/17/3] qinq protocol 9100
    [*SwitchB-10GE1/17/3] commit

  5. Verify the configuration.

    On a server in a VLAN of tenant 1 in the data center, ping another server in the same VLAN. The ping operation succeeds, indicating that devices in tenant 1 can communicate with each other.

    On a server in a VLAN of tenant 2 in the data center, ping another server in the same VLAN. The ping operation succeeds, indicating that devices in tenant 2 can communicate with each other.

    On a server in a VLAN of tenant 2 in the data center, ping another server in the same VLAN. The ping operation fails, indicating that tenants are isolated

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA 
#
vlan batch 100 200 
#
interface 10GE1/17/1
 port link-type dot1q-tunnel 
 port default vlan 100 
#
interface 10GE1/17/2
 port link-type dot1q-tunnel
 port default vlan 200 
#
interface 10GE1/17/3
 qinq protocol 9100
 port link-type trunk
 port trunk allow-pass vlan 100 200
# 
return

Configuration file of SwitchB

# 
sysname SwitchB 
# 
vlan batch 100 200
# 
interface 10GE1/17/1
 port link-type dot1q-tunnel 
 port default vlan 100 
# 
interface 10GE1/17/2 
 port link-type dot1q-tunnel 
 port default vlan 200 
# 
interface 10GE1/17/3 
 qinq protocol 9100 
 port link-type trunk 
 port trunk allow-pass vlan 100 200 
# 
return

Example for Configuring VLAN ID-based Selective QinQ

Networking Requirements

As shown in Figure 5-71, in a data center, tenants lease office and production service servers. Production services are transmitted in VLANs 10 to 30, and office services are transmitted in VLANs 31 to 50. Tenants are located in positions A and B, and tenant devices are connected through SwitchA and SwitchB of the core/backbone network. To ensure service security and save VLAN IDs of the core/backbone network, it is required that traffic in positions A and B be transmitted through the core/backbone network, users using the same service be allowed to communicate, and users using different services be isolated.

Figure 5-71 Configuring VLAN ID-based selective QinQ

Configuration Roadmap

You can configure VLAN ID-based selective QinQ to meet the preceding requirement. Production service servers communicate in VLAN 100 and office service servers communicate in VLAN 200 of the core/backbone network, and different service servers are isolated.

The configuration roadmap is as follows:

  1. Create VLAN 100 and VLAN 200 on SwitchA and SwitchB, and configure selective QinQ on interfaces of SwitchA and SwitchB so that different VLAN tags are added to different packets of services.

  2. Add interfaces of SwitchA and SwitchB connected to the core/backbone network to VLANs so that packets from VLAN 100 and VLAN 200 are allowed to pass through.

Procedure

  1. Create VLANs.

    # Create VLAN 100 and VLAN 200 on SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 100 200
    [*SwitchA] commit
    

    # Create VLAN 100 and VLAN 200 on SwitchB.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] vlan batch 100 200
    [*SwitchB] commit
    

  2. Configure selective QinQ on interfaces.

    # Configure 10GE1/17/1 on SwitchA.

    [~SwitchA] interface 10ge 1/17/1
    [~SwitchA-10GE1/17/1] port link-type hybrid
    [*SwitchA-10GE1/17/1] port hybrid untagged vlan 100 200
    [*SwitchA-10GE1/17/1] port vlan-stacking vlan 10 to 30 stack-vlan 100
    [*SwitchA-10GE1/17/1] port vlan-stacking vlan 31 to 50 stack-vlan 200
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] commit
    

    # Configure 10GE1/17/1 on SwitchB.

    [~SwitchB] interface 10ge 1/17/1
    [~SwitchB-10GE1/17/1] port link-type hybrid
    [*SwitchB-10GE1/17/1] port hybrid untagged vlan 100 200
    [*SwitchB-10GE1/17/1] port vlan-stacking vlan 10 to 30 stack-vlan 100
    [*SwitchB-10GE1/17/1] port vlan-stacking vlan 31 to 50 stack-vlan 200
    [*SwitchB-10GE1/17/1] quit
    [*SwitchB] commit
    

  3. Configure interfaces of SwitchA and SwitchB connected to the core/backbone network.

    # Add 10GE1/17/2 of SwitchA to VLAN 100 and VLAN 200.

    [~SwitchA] interface 10ge 1/17/2
    [~SwitchA-10GE1/17/2] port link-type trunk
    [*SwitchA-10GE1/17/2] port trunk allow-pass vlan 100 200
    [*SwitchA-10GE1/17/2] commit
    [~SwitchA-10GE1/17/2] quit

    # Add 10GE1/17/2 of SwitchB to VLAN 100 and VLAN 200. The configuration is similar to the configuration of SwitchA, and is not mentioned here.

  4. Verify the configuration.

    From a production service server in VLANs 10 to 30 in position A, ping a production service server in the same VLAN in position B. The ping operation succeeds, indicating that production service servers can communicate with each other.

    From an office service server in VLANs 31 to 50 in position A, ping an office service server in the same VLAN in position B. The ping operation succeeds, indicating that office service servers can communicate with each other.

    From a production service server in VLANs 10 to 30 in position A, ping an office service server in VLANs 31 to 50 in position B. The ping operation fails, indicating that services are isolated.

Configuration Files

  • Configuration file of Switch ModuleA

#
sysname Switch ModuleA
#
vlan batch 100 200
#
interface 10GE1/17/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 port vlan-stacking vlan 10 to 30 stack-vlan 100
 port vlan-stacking vlan 31 to 50 stack-vlan 200
#
interface 10GE1/17/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return
  • Configuration file of Switch ModuleB

#
sysname Switch ModuleB
#
vlan batch 100 200
#
interface 10GE1/17/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 port vlan-stacking vlan 10 to 30 stack-vlan 100
 port vlan-stacking vlan 31 to 50 stack-vlan 200
#
interface 10GE1/17/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return

Example for Configuring MQC-based Selective QinQ

Networking Requirements

As shown in Figure 5-72, on a data center network, servers store video and data information. The MAC addresses of the video server and data server are 0003-0003-0003 and 0004-0004-0004 respectively. A school network transmits teachers' office service and multimedia service, and servers are accessed through the enterprise backbone network. The enterprise backbone network allocates VLAN 2 to teachers' office service and VLAN 3 to multimedia users. SwitchB and SwitchC are edge devices of the enterprise backbone network.

The requirements are as follows:

  • The video server and data server are allocated to different VLANs, so they do not affect each other.

  • Traffic is transparently transmitted on the enterprise backbone network. Teachers' office service can be only transmitted to the data server and multimedia service can be only transmitted on the video server, and services can be differentiated.

MQC-based Selective QinQ can be configured on SwitchB to meet the preceding requirements.

Figure 5-72 Networking of MQC-based selective QinQ

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs on SwitchB to add different VLAN tags to different packets of services.

  2. Configure traffic classifiers, traffic behaviors, and traffic policies on SwicthB.

  3. Apply the traffic policies to interfaces of SwicthB to implement selective QinQ.

Procedure

  1. Create VLANs.

    # Create VLAN 200 and VLAN 300 on SwitchA and add interfaces connected to servers to VLAN 200 and VLAN 300.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 200 300
    [*SwitchA] interface 10ge 1/17/2
    [*SwitchA-10GE1/17/2] port default vlan 200
    [*SwitchA-10GE1/17/2] quit
    [*SwitchA] interface 10ge 1/17/3
    [*SwitchA-10GE1/17/3] port default vlan 300
    [*SwitchA-10GE1/17/3] quit
    [*SwitchA] commit

    # Create VLAN 200 and VLAN 300 on SwitchD and add interfaces connected to users to VLAN 200 and VLAN 300. The configuration of SwitchD is similar to the configuration of SwitchA, and the configuration details are not mentioned here.

    # On SwitchB, create VLAN 2 and VLAN 3, that is, outer VLAN IDs added to packets.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] vlan batch 2 3
    [*SwitchB] commit

    # On SwitchC, create VLAN 2 and VLAN 3.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchC
    [*HUAWEI] commit
    [~SwitchC] vlan batch 2 3
    [*SwitchC] commit

  2. Configure a traffic classifier, traffic behavior, and traffic policy on SwitchB.

    [~SwitchB] traffic classifier name1
    [*SwitchB-classifier-name1] if-match source-mac 0003-0003-0003
    [*SwitchB-classifier-name1] quit
    [*SwitchB] traffic behavior name1
    [*SwitchB-behavior-name1] vlan-stacking vlan 2
    [*SwitchB-behavior-name1] quit
    [*SwitchB] traffic classifier name2
    [*SwitchB-classifier-name2] if-match source-mac 0004-0004-0004
    [*SwitchB-classifier-name2] quit
    [*SwitchB] traffic behavior name2
    [*SwitchB-behavior-name2] vlan-stacking vlan 3
    [*SwitchB-behavior-name2] quit
    [*SwitchB] traffic policy name1
    [*SwitchB-trafficpolicy-name1] classifier name1 behavior name1
    [*SwitchB-trafficpolicy-name1] classifier name2 behavior name2
    [*SwitchB-trafficpolicy-name1] quit
    [*SwitchB] commit

  3. Apply the traffic policy to interfaces of SwitchB to implement selective QinQ.

    # Configure 10GE 1/17/1 on SwitchB.

    [~SwitchB] interface 10ge 1/17/1
    [~SwitchB-10GE1/17/1] port link-type trunk
    [*SwitchB-10GE1/17/1] port trunk allow-pass vlan 2 3
    [*SwitchB-10GE1/17/1] traffic-policy name1 inbound
    [*SwitchB-10GE1/17/1] quit
    [*SwitchB] commit

    # Configure 10GE 1/17/1 on SwitchC.

    [~SwitchC] interface 10ge 1/17/1
    [~SwitchC-10GE1/17/1] port link-type hybrid
    [*SwitchC-10GE1/17/1] port hybrid untagged vlan 2 3
    [*SwitchC-10GE1/17/1] quit
    [*SwitchC] commit

  4. Configure other interfaces.

    # Add 10GE 1/17/1 on SwitchA to VLAN 200 and VLAN 300. The configuration of 10GE1/17/1 on SwitchD is similar to the configuration of SwitchA, and the configuration details are not mentioned here.

    [~SwitchA] interface 10ge 1/17/1
    [~SwitchA-10GE1/17/1] port link-type trunk
    [*SwitchA-10GE1/17/1] port trunk allow-pass vlan 200 300
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] commit

    # Add 10GE 1/17/2 on SwitchB to VLAN 2 and VLAN 3.

    [~SwitchB] interface 10ge 1/17/2
    [~SwitchB-10GE1/17/2] port link-type trunk
    [*SwitchB-10GE1/17/2] port trunk allow-pass vlan 2 3
    [*SwitchB-10GE1/17/2] quit
    [*SwitchB] commit

    # Add 10GE 1/17/2 on SwitchC to VLAN 2 and VLAN 3.

    [~SwitchC] interface 10ge 1/17/2
    [~SwitchC-10GE1/17/2] port link-type hybrid
    [*SwitchC-10GE1/17/2] port hybrid untagged vlan 2 3
    [*SwitchC-10GE1/17/2] quit
    [*SwitchC] commit

  5. Verify the configuration.

    • Ping a teacher's office PC from the data server. The ping operation succeeds, indicating that the teacher's office PC can access the data server.

    • Ping a PC in the multimedia room from the video server. The ping operation succeeds, indicating that the PC can access the video server.

    Here, pinging a teacher's office PC from the data server is used as an example. The data server and teacher's office PC are configured on the same network segment. For example, the IP address of the data server is 172.16.0.1/16, and the IP address of the teacher's office PC is 172.16.0.7/16.

    <Server> ping 172.16.0.7
    Pinging 172.16.0.7 with 32 bytes of data:
    Reply from 172.16.0.7: bytes=32 time<1ms TTL=128
    Reply from 172.16.0.7: bytes=32 time<1ms TTL=128
    Reply from 172.16.0.7: bytes=32 time<1ms TTL=128
    Reply from 172.16.0.7: bytes=32 time<1ms TTL=128
    
    Ping statistics for 172.16.0.7:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

Configuration Files

  • Configuration file of the SwitchA

    #
    sysname SwitchA
    #
    vlan batch 200 300
    #
    interface 10GE1/17/1
     port link-type trunk
     port trunk allow-pass vlan 200 300
    #
    interface 10GE1/17/2
     port default vlan 200
    #
    interface 10GE1/17/3
     port default vlan 300
    #
    return
  • Configuration file of the SwitchB

    #
    sysname SwitchB
    #
    vlan batch 2 to 3
    #
    traffic classifier name1 type or
     if-match source-mac 0003-0003-0003 ffff-ffff-ffff
    #
    traffic classifier name2 type or
     if-match source-mac 0004-0004-0004 ffff-ffff-ffff
    #
    traffic behavior name1
     vlan-stacking vlan 2
    #
    traffic behavior name2
     vlan-stacking vlan 3
    #
    traffic policy name1
     classifier name1 behavior name1 precedence 5
     classifier name2 behavior name2 precedence 10
    #
    interface 10GE1/17/1
     port link-type trunk
     port trunk allow-pass vlan 2 to 3
     traffic-policy name1 inbound
    #
    return
  • Configuration file of the SwitchC

    #
    sysname SwitchC
    #
    vlan batch 2 to 3
    #
    interface 10GE1/17/1
     port link-type hybrid
     port hybrid untagged vlan 2 to 3
    #
    interface 10GE1/17/2
     port link-type hybrid
     port hybrid untagged vlan 2 to 3
    #
    return
  • Configuration file of the SwitchD

    #
    sysname SwitchD
    #
    vlan batch 200 300
    #
    interface 10GE1/17/1
     port link-type trunk
     port trunk allow-pass vlan 200 300
    #
    interface 10GE1/17/2
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    interface 10GE1/17/3
     port link-type trunk
     port trunk allow-pass vlan 300
    #
    return
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 60238

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next