Example for Configuring Traffic Selective QinQ and Traffic Policy
Networking Requirements
In Figure 10-12, low-end switches at the user side connect to the Internet through the Switch.
The IPTV and Internet access services are deployed at the user side. User PCs obtain IP addresses from ME60-A to connect to the Internet, and the set top boxes (STBs) obtain IP addresses from ME60-B to provide the IPTV service.
The DSLAMs add different VLAN tags to packets of different services so that the PCs do not obtain IP addresses from ME60-B.
The carrier assigns VLANs 100-999 to PPPoE packets and assigns VLANs 1000-1999 to DHCP packets.
The STBs are provided by the carrier. The carrier can obtain MAC addresses of STBs but cannot obtain MAC addresses of PCs. The MAC address segment of STBs is 00e0-8e00-0000/ffff-ff00-0000.
When a user starts a PC, a DHCP packet is sent to apply for an IP address. The DHCP packet should be rejected, and the user must obtain an IP address using PPPoE.
Configuration Roadmap
The configuration roadmap is as follows:
Create VLANs on the Switch.
Configure GE1/0/0 and GE2/0/0 on the Switch as hybrid interfaces and configure selective QinQ on the two interfaces.
Configure a traffic classifier based on VLAN IDs and MAC addresses, a traffic behavior, and a traffic policy.
Apply the traffic policy in the inbound direction of GE1/0/0 and GE2/0/0 to prevent PCs from obtaining IP addresses through DHCP packets.
Procedure
- Configure selective QinQ.
# Create VLANs.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 10 20
# Add interfaces to VLANs.
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port link-type hybrid [Switch-GigabitEthernet1/0/0] port hybrid untagged vlan 10 20 [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] port link-type hybrid [Switch-GigabitEthernet2/0/0] port hybrid untagged vlan 10 20 [Switch-GigabitEthernet2/0/0] quit [Switch] interface gigabitethernet 3/0/0 [Switch-GigabitEthernet3/0/0] port link-type hybrid [Switch-GigabitEthernet3/0/0] port hybrid tagged vlan 10 [Switch-GigabitEthernet3/0/0] quit [Switch] interface gigabitethernet 4/0/0 [Switch-GigabitEthernet4/0/0] port link-type hybrid [Switch-GigabitEthernet4/0/0] port hybrid tagged vlan 20 [Switch-GigabitEthernet4/0/0] quit
# Configure selective QinQ on interfaces.
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port vlan-stacking vlan 100 to 999 stack-vlan 10 [Switch-GigabitEthernet1/0/0] port vlan-stacking vlan 1000 to 1999 stack-vlan 20 [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] port vlan-stacking vlan 100 to 999 stack-vlan 10 [Switch-GigabitEthernet2/0/0] port vlan-stacking vlan 1000 to 1999 stack-vlan 20 [Switch-GigabitEthernet2/0/0] quit
- Configure a traffic policy.
# Configure an ACL to filter packets based on source MAC addresses.
[Switch] acl number 4001 [Switch-acl-L2-4001] rule 1 permit source-mac 00e0-8e00-0000 ffff-ff00-0000 [Switch-acl-L2-4001] quit
# Configure a traffic classifier.
[Switch] traffic classifier STB operator and [Switch-classifier-STB] if-match vlan-id 20 [Switch-classifier-STB] if-match acl 4001 [Switch-classifier-STB] quit
# Configure a traffic behavior.
[Switch] traffic behavior PermitMAC [Switch-behavior-PermitMAC] permit [Switch-behavior-PermitMAC] quit
# Configure a traffic policy.
[Switch] traffic policy PermitMAC [Switch-trafficpolicy-PermitMAC] classifier STB behavior PermitMAC [Switch-trafficpolicy-PermitMAC] quit
# Apply the traffic policy in the inbound direction of GE1/0/0 and GE2/0/0.
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] traffic-policy PermitMAC inbound [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] traffic-policy PermitMAC inbound [Switch-GigabitEthernet2/0/0] quit
- Verify the configuration.
The IPTV and Internet access services are available. STBs obtain IP addresses from ME60-B, and PCs obtain IP addresses from ME60-A.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 10 20 # acl number 4001 rule 1 permit source-mac 00e0-8e00-0000 ffff-ff00-0000 # traffic classifier STB operator and precedence 5 if-match vlan-id 20 if-match acl 4001 # traffic behavior PermitMAC permit # traffic policy PermitMAC match-order config classifier STB behavior PermitMAC # interface GigabitEthernet1/0/0 port link-type hybrid port hybrid untagged vlan 10 20 port vlan-stacking vlan 100 to 999 stack-vlan 10 port vlan-stacking vlan 1000 to 1999 stack-vlan 20 traffic-policy PermitMAC inbound # interface GigabitEthernet2/0/0 port link-type hybrid port hybrid untagged vlan 10 20 port vlan-stacking vlan 100 to 999 stack-vlan 10 port vlan-stacking vlan 1000 to 1999 stack-vlan 20 traffic-policy PermitMAC inbound # interface GigabitEthernet3/0/0 port link-type hybrid port hybrid tagged vlan 10 # interface GigabitEthernet4/0/0 port link-type hybrid port hybrid tagged vlan 20 # return