Configuring Selective QinQ
Selective QinQ adds different outer VLAN tags to packets with different inner VLAN tags on an interface, and is more flexible than QinQ.
Configuring VLAN ID-based Selective QinQ
Context
Selective QinQ based on the VLAN ID enables the device to add different outer VLAN tags to received data frames according to VLAN IDs in the frames.
- Selective QinQ based on the VLAN ID can be only enabled on hybrid or trunk interfaces in the inbound direction.
- The outer VLAN ID must exist and the interface must be added to the outer VLAN in untagged mode.
- The interface learns the MAC address in the VLAN specified by the outer VLAN tag of packets.
- The MUX VLAN and selective QinQ based on the VLAN ID cannot be configured on the same interface.
- The original VLAN specified in the port vlan-stacking command cannot be the same as the outer VLAN configured on a QinQ Layer 2 sub-interface.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run port link-type { hybrid | trunk }
The link type of the interface is configured as hybrid or trunk.
By default, the link type of an interface is access.
- Add the interface to a VLAN.
Run the following command as required.
Trunk interface
Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-40> | all } command to add the trunk interface to the stacked VLAN.
Hybrid interface
Run the port hybrid untagged vlan vlan-id command to add the hybrid interface to the stacked VLAN in untagged mode.
The VLAN ID specified by vlan-id must already exist on the device. The original VLAN can be not created.
- Run port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3
Selective QinQ based on the VLAN ID is configured.
If the port vlan-stacking command has been executed at least three times with specified VLAN ranges and VLAN ranges are combined twice at least, the configuration of each command must be committed. Otherwise, packets may be lost. For example, when port vlan-stacking vlan 31 to 60 stack-vlan 100, port vlan-stacking vlan 20 to 30 stack-vlan 100, and port vlan-stacking vlan 61 to 70 stack-vlan 100 commands are used, VLAN ranges 20 to 60 and 20 to 70 are combined twice. Therefore, commit the configuration of each command.
For the CE12800E equipped with FD-X series cards, the qinq protocol and port vlan-stacking commands cannot be configured together.
- Run commit
The configuration is committed.
Configuring MQC-based Selective QinQ
Context
MQC-based selective QinQ uses a traffic classifier to classify packets based on VLAN IDs and associates the traffic classifier with a traffic behavior that defines the action of adding outer VLAN tags, so that the device can add outer VLAN tags to packets matching the traffic classifier.
Only the CE12800E supports configuring MQC-based selective QinQ.
Procedure
- Configure a traffic classifier.
Run system-view
The system view is displayed.
- Run traffic classifier classifier-name [ type { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.
and is the logical operator between rules in a traffic classifier, which means that:If a traffic classifier contains ACL rules, packets match the traffic classifier only if they match one ACL rule and all the non-ACL rules.
If a traffic classifier does not contain any ACL rules, packets match the traffic classifier only if they match all the rules in the classifier.
By default, the relationship between rules in a traffic classifier is or.
Run if-match
Matching rules are defined for the traffic classifier.
For details about matching rules in a traffic classifier, see "Configuring a Traffic Classifier" in "MQC Configuration" of the CloudEngine 12800 and 12800E Series Switches Configuration Guide - QoS Configuration Guide.
Run commit
The configuration is committed.
Run quit
Exit from the traffic behavior view.
- Configure a traffic behavior.
Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.
Run vlan-stacking vlan vlan-id
An action of adding an outer VLAN tag is configured in the traffic behavior.
Run commit
The configuration is committed.
Run quit
Exit from the traffic behavior view.
Run quit
Exit from the system view.
- Configure a traffic policy.
Run system-view
The system view is displayed.
Run traffic policy policy-name
A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.
Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]
A traffic behavior is bound to a traffic classifier in the traffic policy.
Run commit
The configuration is committed.
Run quit
Exit from the traffic policy view.
Run quit
Exit from the system view.
- Apply the traffic policy.
A traffic policy containing vlan-stacking cannot be applied to the outbound direction.
For details about the configuration guidelines of applying traffic policies in different views on the CE12800E, see Licensing Requirements and Limitations for MQC (CE12800E).
For the CE12800 and the CE12800E equipped with FD-X series cards, run the display traffic-policy pre-state { global [ slot slot-id ] | interface { interface-type interface-number } | vlan vlan-id | bridge-domain bd-id } policy-name { inbound | outbound } command before committing the configuration to check the information about resources occupied by the traffic policy to be applied and determine whether the traffic policy can be successfully applied based on the information.
- If a traffic policy needs to be applied to multiple VLANs and interfaces or multiple traffic classifiers for matching packets from different source IP addresses need to be bound to the same traffic policy, you are advised to add these VLANs, source IP addresses, and interfaces to the same QoS group and apply the traffic policy to the QoS group.
- Applying a traffic policy to an interface
Run system-view
The system view is displayed.
Run interface interface-type interface-number
The interface view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the interface in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to a VLAN
Run system-view
The system view is displayed.
Run vlan vlan-id
The VLAN view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the VLAN in the inbound direction.
After a traffic policy is applied to a VLAN, the system performs traffic policing for the packets that come from the VLAN and match traffic classification rules in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to the system or an LPU
Run system-view
The system view is displayed.
Run traffic-policy policy-name global [ slot slot-id ] inbound
A traffic policy is applied to the system or an LPU in the inbound direction.
Run commit
The configuration is committed.
Verifying the Configuration
- Run the display traffic classifier [ classifier-name ] command to check the traffic classifier configuration.
- Run the display traffic behavior [ behavior-name ] command to check the traffic behavior configuration on the device.
Run the display traffic policy [ policy-name [ classifier classifier-name ] ] command to check the traffic policy configuration.
Run the display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id ] [ inbound | outbound ] command to check the application records of a specified traffic policy.
The CE12800E does not support the vsi vsi-name parameter.
- Run the display system tcam fail-record [ slot slot-id ] command to display TCAM delivery failures.
- Run the display system tcam service brief [ slot slot-id ] command to display the group index and rule count occupied by different services.
- Run the display system tcam service { cpcar slot slot-id | service-name slot slot-id [ chip chip-id ] } command to display IDs of entries delivered by services on the specified chip or in the specified slot.
- Run one of the following commands to display data of a traffic policy that has been applied:
- display system tcam service traffic-policy { global | vlan vlan-id | interface interface-type interface-number | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } policy-name { inbound | outbound } [ slot slot-id [ chip chip-id ] ]
The CE12800E does not support the vsi vsi-name parameter.
- display system tcam service traffic-policy slot slot-id policy-name { inbound | outbound } [ chip chip-id ]
- display system tcam service traffic-policy { global | vlan vlan-id | interface interface-type interface-number | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } policy-name { inbound | outbound } [ slot slot-id [ chip chip-id ] ]
- (For the CE12800) Run the display system tcam match-rules slot slot-id [ [ ingress | egress | group group-id ] | [ chip chip-id ] ] * command to display matched entries.
- (For the CE12800E configured with FD-X series cards) Run the display system tcam match-rules slot slot-id [ [ ingress | egress | group group-id ] | [ delay-time time-value ] ] * command to display matched entries.
- (For the CE12800E configured with ED-E, EG-E, and EGA-E series cards) Run the display system tcam match-rules slot slot-id chip chip-id index index-id command to display matched entries.