NetEngine AR600, AR6100, AR6200, and AR6300 V300R019 CLI-based Configuration Guide - Ethernet Switching
Example for Configuring VLAN ID-based VLAN Mapping
Networking Requirements
As shown in Figure 9-4, enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs are assigned.
Because of plan or operation causes, department 1 in branch 1 uses VLAN 10, and branch 2 assigns VLAN 100 to department 1.
- VLANs are assigned independently in enterprise A, and are independent of carrier VLANs or VLANs of other enterprises.
- Traffic between two branches of enterprise A is transparently transmitted through the public network, users using the same service in different branches of enterprise A are allowed to communicate, and users using different services must be isolated.
- Department 1 in two branches can communicate.
Configuration Roadmap
The configuration roadmap is as follows:
You can configure VLAN Mapping and Dot1q Tunnel on the CE connected to the PE and implement communication between two branches of enterprise A through VLAN 20 provided by the carrier. VLAN mapping is configured on a user-side interface of CE2 so that department 1 in two branches can communicate.
Create a bridge group and add a sub-interface to the bridge group.
Configure VLANs allowed by a sub-interface.
Configure QinQ mapping on a user-side interface of CE2 to map VLAN 100 to VLAN 10 so that department 1 in two branches can communicate.
Configure dot1q tunnel on the CE interface connected to the PE so that the CE can add the S-VLAN tag to user packets.
Add interfaces of the PE and P to VLAN 20 so that packets from VLAN 20 are allowed to pass through.
Procedure
- Create a bridge group and add a sub-interface to the bridge group.
<Huawei> system-view [Huawei] sysname CE1 [CE1] bridge 1 [CE1-bridge1] quit [CE1] interface gigabitethernet 0/0/0.1 [CE1-GigabitEthernet0/0/0.1] bridge 1 [CE1-GigabitEthernet0/0/0.1] bridge vlan-transmit enable [CE1-GigabitEthernet0/0/0.1] quit [CE1] interface gigabitethernet 0/0/1.1 [CE1-GigabitEthernet0/0/1.1] bridge 1 [CE1-GigabitEthernet0/0/1.1] bridge vlan-transmit enable [CE1-GigabitEthernet0/0/1.1] quit
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
- Configure VLANs allowed by a sub-interface.
# Configure VLANs allowed by a sub-interface on the CE1.
[CE1] interface gigabitethernet 0/0/0.1 [CE1-GigabitEthernet0/0/0.1] vlan allow-pass vid 10 to 50 [CE1-GigabitEthernet0/0/0.1] quit [CE1] interface gigabitethernet 0/0/1.1 [CE1-GigabitEthernet0/0/1.1] vlan allow-pass vid 10 to 50 [CE1-GigabitEthernet0/0/1.1] quit
# Configure VLANs allowed by a sub-interface on the CE2.[CE2] interface gigabitethernet 0/0/0.1 [CE2-GigabitEthernet0/0/0.1] vlan allow-pass vid 10 to 50 [CE2-GigabitEthernet0/0/0.1] quit [CE2] interface gigabitethernet 0/0/1.1 [CE2-GigabitEthernet0/0/1.1] vlan allow-pass vid 11 to 50 [CE2-GigabitEthernet0/0/1.1] vlan allow-pass vid 100 [CE2-GigabitEthernet0/0/1.1] quit
- Configure VLAN mapping on a user-side interface of CE2 to map VLAN 100 to VLAN 10.
[CE2] interface gigabitethernet 0/0/1.1 [CE2-GigabitEthernet0/0/1.1] vlan mapping vid 100 map-vlan 10 [CE2-GigabitEthernet0/0/1.1] quit
- Configure CE1 interface connected to the PE to add a VLAN tag to user packets.
[CE1] interface gigabitethernet 0/0/0.1 [CE1-GigabitEthernet0/0/0.1] vlan dot1q-tunnel 20 [CE1-GigabitEthernet0/0/0.1] quit
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
- Add GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 in trunk mode.
<Huawei> system-view [Huawei] sysname PE1 [PE1] vlan batch 20 [PE1] interface gigabitethernet 0/0/0 [PE1-GigabitEthernet0/0/0] port link-type trunk [PE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20 [PE1-GigabitEthernet0/0/0] quit [PE1] interface gigabitethernet 0/0/1 [PE1-GigabitEthernet0/0/1] port link-type trunk [PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 [PE1-GigabitEthernet0/0/1] quit
The configurations of PE2 and P are similar to the configuration of PE1, and are not mentioned here.
- Verify the configuration.
# Ping a PC in VLAN 100 of branch 2 from a PC in VLAN 10 of branch 1. The ping operation succeeds, indicating that department 1 in different branches can communicate.
Configuration Files
Configuration file of CE1
# sysname CE1 # bridge 1 # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/0.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 10 to 50 vlan dot1q-tunnel 20 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 10 to 50 # return
Configuration file of CE2
# sysname CE2 # bridge 1 # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/0.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 10 to 50 vlan dot1q-tunnel 20 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 11 to 50 vlan allow-pass vid 100 vlan mapping vid 100 map-vlan 10 # return
Configuration file of PE1
# sysname PE1 # vlan batch 20 # interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 # return
Configuration file of PE2
# sysname PE2 # vlan batch 20 # interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 # return
Configuration file of P
# sysname P # vlan batch 20 # interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 # return