No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

TechNotes-Understanding and Configuring Layer 2 Forwarding Policy 01
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Understanding and Configuring Layer 2 Forwarding Policy

Understanding and Configuring Layer 2 Forwarding Policy


The , as Layer 2 network equipment, supports the ability to transparently transmit or forward packets at Layer 2. Traditionally, Layer 2 packet forwarding is based on VLANs and MAC addresses of packets (VLAN+MAC). If the destination MAC address of a packet becomes ineffective due to dynamic MAC address aging, VLAN+MAC searching fails. The packet becomes an unknown unicast packet and is broadcast within the VLAN, which poses a security threat. In addition, VLAN+MAC forwarding is subject to MAC spoofing and attacks, which lead to security problems.

To address the preceding problems, you can use S-VLAN+C-VLAN forwarding instead.

In S-VLAN+C-VLAN forwarding, two VLAN tags form a Layer 2 forwarding mapping relationship. Packets are forwarded based on VLANs rather than MAC addresses.


The supports VLAN+MAC forwarding, S-VLAN+C-VLAN forwarding, and two other forwarding modes derived from the first two: VLAN+MAC+CoS and S-VLAN+C-VLAN+CoS.

VLAN+MAC Forwarding

With the VLAN+MAC forwarding policy, the system automatically learns the mapping between the VLAN, source MAC address, and incoming port when packets enter the system. According to the VLAN and destination MAC address, the system then searches for the outgoing port and transmits the packets through this port.

In the VLAN+MAC forwarding policy, if the source MAC address is a broadcast or unicast MAC address, packets are broadcast in the VLAN. That is, packets are duplicated and transmitted to every port in the VLAN.

S-VLAN+C-VLAN Forwarding

The two VLANs (S-VLAN and C-VLAN) are an extension of VLAN. This expands the VLAN ID range. In addition, S and C have different meanings. S stands for service, and C stands for customer (user). Each S-VLAN+C-VLAN uniquely identifies a user service, and S-VLAN+C-VLAN forwarding can be implemented.

In S-VLAN+C-VLAN forwarding, two VLAN tags form a Layer 2 forwarding mapping relationship to implement VLAN-based forwarding. S-VLAN+C-VLAN forwarding is classified into non-strict S-VLAN+C-VLAN forwarding and strict S-VLAN+C-VLAN forwarding. Strict S-VLAN+C-VLAN forwarding entries do not need to be learned dynamically. The system automatically creates static forwarding entries during the establishment of service flows. Non-strict S-VLAN+C-VLAN forwarding entries need to be learned dynamically on main control board. Static forwarding entries need to be configured on service board. According to the forwarding entries, upstream packets are transmitted through the corresponding upstream port and downstream packets are transmitted through the corresponding service port.

Figure 1-1 Strict S-VLAN+C-VLAN forwarding model
Figure 1-2 Non-strict S-VLAN+C-VLAN forwarding model

VLAN+MAC+CoS and S-VLAN+C-VLAN+CoS Forwarding

VLAN+MAC+CoS and S-VLAN+C-VLAN+CoS forwarding policies are derived from VLAN+MAC and S-VLAN+C-VLAN forwarding policies of the respectively after class of service (CoS) identification is introduced based on service port bundles. The forwarding policies based on CoS resolve the problem of different service flows with the same VLAN+MAC or S-VLAN+C-VLAN and therefore improve service planning flexibility.

Figure 1-3 shows the CoS-based forwarding model.
Figure 1-3 VLAN+MAC+CoS and S-VLAN+C-VLAN+CoS forwarding model

Upstream direction

All service flows from the same user converge to a service port bundle. The learns the service port bundle identifier of the service flows, creates a service port bundle entry, and performs Layer 2 packet forwarding based on VLAN+MAC or S-VLAN+C-VLAN.

Downstream direction

The OLT determines a unique user based on VLAN+MAC or S-VLAN+C-VLAN, queries the service port bundle entries, finds the service flows based on CoS, and forwards packets.

Configuring a Layer 2 Forwarding Policy

Layer 2 forwarding policy configuration is the basis of VLAN configuration and an important step to ensure correct service forwarding. Before configuring services, ensure that the VLAN forwarding policy has been configured as planned.


  • VLAN IDs have been created correctly.
  • VLAN attributes have been set correctly.


A VLAN forwarding policy is a type of Layer 2 forwarding policy. Two types of VLAN forwarding policy are available: vlan-connect or vlan-mac. vlan-mac indicates VLAN+MAC forwarding and vlan-connect indicates S-VLAN+C-VLAN forwarding.

To implement VLAN+MAC+CoS or S-VLAN+C-VLAN+CoS forwarding, configure the VLAN forwarding policy and service port bundles separately.

Default Configuration

Table 1-1 lists the default VLAN forwarding policy settings.

Table 1-1 Default VLAN forwarding policy settings


Default Value




  • Configure VLAN+MAC forwarding.

    You can configure a VLAN forwarding policy using two methods. Select an appropriate one as follows:
    • To configure a VLAN forwarding policy for a single VLAN, use the first method.
    • To configure the same forwarding policy for multiple VLANs with the same service profile parameters, use the second method (batch configuration using a service profile).

    • Method 1
    1. In global configuration mode, run the vlan forwarding command.
    • Method 2
    1. Run the vlan service-profile command to create a VLAN service profile and enter the VLAN service profile mode.
    2. Run the forwarding command to configure a VLAN forwarding policy.
    3. Run the commit command for the profile configuration to take effect.
    4. Run the quit command to quit the VLAN service profile mode.
    5. Run the vlan bind service-profile command to bind a VLAN to the VLAN service profile.
  • Configure S-VLAN+C-VLAN forwarding.
    1. Run the vlan command to add a VLAN.
    2. Run the vlan attrib command to change the VLAN attribute to QinQ or stacking.
    3. Run the vlan forwarding or forwarding command to configure a VLAN forwarding policy.
    4. Run the port vlan command to associate upstream ports with S-VLANs and C-VLANs.
    5. Run the service-port command to create a service port.


After the configuration, service flows can be created based on the configured VLANs and users connected to the MA5800 can ping the upstream equipment.


Example: Configure the forwarding policy of VLAN 50 as S-VLAN+C-VLAN.

huawei(config)#vlan forwarding 50 vlan-connect

Example: Configure the forwarding policy of VLAN 65 as strict S-VLAN+C-VLAN. VLAN 73 indicates an enterprise VLAN on which MAC address learning is disabled.

huawei(config)#vlan 65 smart
huawei(config)#vlan attrib 65 stacking
huawei(config)#vlan service-profile profile-id 200
huawei(config-vlan-srvprof-200)#mac-address learning fabric disable
huawei(config-vlan-srvprof-200)#forwarding vlan-connect
huawei(config)#vlan bind service-profile 65 profile-id 200
huawei(config)#port vlan 65 inner-vlan-list 73 0/9 0
huawei(config)#service-port 100 uplink-port 0/9/0 vlan 65 eth 0/2/1 multi-service user-vlan 73 rx-cttr 10 tx-cttr 10 
Updated: 2019-09-19

Document ID: EDOC1100105780

Views: 338

Downloads: 29

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next