Example for Configuring Basic QinQ-based Layer 2 Protocol Tunneling
Networking Requirements
As shown in Figure 14-8, CEs are edge devices on two private networks of an enterprise located in different areas, and PE1 and PE2 are edge devices on the enterprise backbone network. VLAN 100 and VLAN 200 are Layer 2 networks for different users and are connected through the ISP network. STP is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only on the private networks so that spanning trees can be generated correctly.
All the devices in VLAN 100 participate in calculation of a spanning tree.
All the devices in VLAN 200 participate in calculation of a spanning tree.
Because of shortage of public VLAN resources, VLAN IDs on carrier networks must be saved.
Configuration Roadmap
The configuration roadmap is as follows:
Configure STP on CEs to prevent loops on Layer 2 networks.
Configure CEs to send STP packets with specified VLAN tags to PEs so that calculation of a spanning tree is complete independently in VLAN 100 and VLAN 200.
Configure VLAN-based Layer 2 protocol tunneling on PEs so that STP packets are not sent to the CPUs of PEs for processing.
Configure basic QinQ on PEs so that PEs add outer VLAN tag 10 to STP packets sent from CEs, saving public network VLAN IDs.
Procedure
- Enable STP on CEs.
# Configure CE1.
<HUAWEI> system-view [~HUAWEI] sysname CE1 [*HUAWEI] commit [~CE1] stp enable [*CE1] commit
# Configure CE2.
<HUAWEI> system-view [~HUAWEI] sysname CE2 [*HUAWEI] commit [~CE2] stp enable [*CE2] commit
# Configure CE3.
<HUAWEI> system-view [~HUAWEI] sysname CE3 [*HUAWEI] commit [~CE3] stp enable [*CE3] commit
# Configure CE4.
<HUAWEI> system-view [~HUAWEI] sysname CE4 [*HUAWEI] commit [~CE4] stp enable [*CE4] commit
- Configure CE1 and CE2 to send STP packets with VLAN tag 100 to PEs, and configure CE3 and CE4 to send STP packets with VLAN tag 200 to PEs.
# Configure CE1.
[~CE1] vlan 100[*CE1-vlan100] quit[*CE1] interface 10ge 1/0/1
[*CE1-10GE1/0/1] port link-type trunk
[*CE1-10GE1/0/1] port trunk allow-pass vlan 100
[*CE1-10GE1/0/1] stp bpdu vlan 100
[*CE1-10GE1/0/1] quit
[*CE1] commit# Configure CE2.
[~CE2] vlan 100[*CE2-vlan100] quit[*CE2] interface 10ge 1/0/1
[*CE2-10GE1/0/1] port link-type trunk
[*CE2-10GE1/0/1] port trunk allow-pass vlan 100
[*CE2-10GE1/0/1] stp bpdu vlan 100
[*CE2-10GE1/0/1] quit
[*CE2] commit# Configure CE3.
[~CE3] vlan 200[*CE3-vlan200] quit[*CE3] interface 10ge 1/0/1
[*CE3-10GE1/0/1] port link-type trunk
[*CE3-10GE1/0/1] port trunk allow-pass vlan 200
[*CE3-10GE1/0/1] stp bpdu vlan 200
[*CE3-10GE1/0/1] quit
[*CE3] commit# Configure CE4.
[~CE4] vlan 200[*CE4-vlan200] quit[*CE4] interface 10ge 1/0/1
[*CE4-10GE1/0/1] port link-type trunk
[*CE4-10GE1/0/1] port trunk allow-pass vlan 200
[*CE4-10GE1/0/1] stp bpdu vlan 200
[*CE4-10GE1/0/1] quit
[*CE4] commit - Configure basic QinQ-based Layer 2 protocol tunneling on PEs so that STP packets with VLAN tags 100 and 200 are tagged with outer VLAN 10 by PEs and can be transmitted on the ISP network.
# Configure PE1.
[~PE1] vlan 10[*PE1-vlan10] quit[*PE1] interface 10ge 1/0/2
[*PE1-10GE1/0/2] port link-type dot1q-tunnel
[*PE1-10GE1/0/2] port default vlan 10
[*PE1-10GE1/0/2] l2protocol-tunnel stp vlan 10
[*PE1-10GE1/0/2] quit
[*PE1] interface 10ge 1/0/3
[*PE1-10GE1/0/3] port link-type dot1q-tunnel
[*PE1-10GE1/0/3] port default vlan 10
[*PE1-10GE1/0/3] l2protocol-tunnel stp vlan 10
[*PE1-10GE] quit
[*PE1] commit# Configure PE2.
[~PE2] vlan 10[*PE2-vlan10] quit[*PE2] interface 10ge 1/0/2
[*PE2-10GE1/0/2] port link-type dot1q-tunnel
[*PE2-10GE1/0/2] port default vlan 10
[*PE2-10GE1/0/2] l2protocol-tunnel stp vlan 10
[*PE2-10GE1/0/2] quit
[*PE2] interface 10ge 1/0/3
[*PE2-10GE1/0/3] port link-type dot1q-tunnel
[*PE2-10GE1/0/3] port default vlan 10
[*PE2-10GE1/0/3] l2protocol-tunnel stp vlan 10
[*PE2-10GE1/0/3] quit
[*PE2] commitIf the remote device sends packets of non-standard protocols, first run the l2protocol-tunnel user-defined-protocol protocol-name protocol-mac protocol-mac [ encap-type { { ethernetii | snap } protocol-type protocol-type-value | llc dsap dsap-value ssap ssap-value } ] group-mac { group-mac | default-group-mac } command to define characteristics information about the Layer 2 transparent transmission protocol. Then run the l2protocol-tunnel user-defined-protocol protocol-name vlan { low-id [ to high-id ] } &<1-10> command to enable basic QinQ-based Layer 2 protocol tunneling.
- Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[~PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011 [*PE1] commit
# Configure PE2.
[~PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011 [*PE2] commit
- Verify the configuration.
After the configuration is complete, run the display l2protocol-tunnel group-mac command on PEs. You can view the protocol type or name, multicast destination MAC address, group MAC address, and priority of Layer 2 protocol packets to be transparently transmitted.
The display on PE1 is used as an example.
[~PE1] display l2protocol-tunnel group-mac stp Protocol EncapeType ProtocolType Protocol-MAC Group-MAC Pri ----------------------------------------------------------------------------- stp llc dsap 0x42 0180-c200-0000 0100-5e00-0011 0 ssap 0x42Run the display stp brief command on CE1 and CE2 to view the root in the MSTP region. You can find that a spanning tree is calculated between CE1 and CE2. 10GE1/0/1 on CE1 is the root port and 10GE1/0/1 on CE2 is the designated port.
[~CE1] display stp brief MSTID Port Role STP State Protection Cost Edged 0 10GE1/0/1 ROOT forwarding none 2000 disable[~CE2] display stp brief MSTID Port Role STP State Protection Cost Edged 0 10GE1/0/1 DESI forwarding none 2000 disableRun the display stp brief command on CE3 and CE4 to view the root in the MSTP region. You can find that a spanning tree is calculated between CE3 and CE4. 10GE1/0/1 on CE3 is the root port and 10GE1/0/1 on CE4 is the designated port.
[~CE3] display stp brief MSTID Port Role STP State Protection Cost Edged 0 10GE1/0/1 ROOT forwarding none 2000 disable[~CE4] display stp brief MSTID Port Role STP State Protection Cost Edged 0 10GE1/0/1 DESI forwarding none 2000 disableRun the display vlan command on PEs to view the QinQ configuration.
The display on PE1 is used as an example.
[~PE1] display vlan 10 verbose * : Management-VLAN --------------------- VLAN ID : 10 VLAN Name : VLAN Type : Common Description : VLAN 0010 Status : Enable Broadcast : Enable MAC Learning : Enable Smart MAC Learning : Disable Current MAC Learning Result : Enable Statistics : Disable Property : Default VLAN State : Up ---------------- Untagged Port: 10GE1/0/1 10GE1/0/2 ---------------- Active Untag Port: 10GE1/0/1 10GE1/0/2 ------------------- Interface Physical 10GE1/0/1 Up 10GE1/0/2 Up
Configuration Files
Configuration file of CE1
# sysname CE1 # vlan batch 100 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100 stp bpdu vlan 100 # return
Configuration file of CE2
# sysname CE2 # vlan batch 100 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100 stp bpdu vlan 100 # return
Configuration file of CE3
# sysname CE3 # vlan batch 200 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200 stp bpdu vlan 200 # return
Configuration file of CE4
# sysname CE4 # vlan batch 200 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200 stp bpdu vlan 200 # return
Configuration file of PE1
# sysname PE1 # vlan batch 10 # l2protocol-tunnel stp group-mac 0100-5e00-0011 # interface 10GE1/0/2 port link-type dot1q-tunnel port default vlan 10 l2protocol-tunnel stp vlan 10 # interface 10GE1/0/3 port link-type dot1q-tunnel port default vlan 10 l2protocol-tunnel stp vlan 10 # return
Configuration file of PE2
# sysname PE2 # vlan batch 10 # l2protocol-tunnel stp group-mac 0100-5e00-0011 # interface 10GE1/0/2 port link-type dot1q-tunnel port default vlan 10 l2protocol-tunnel stp vlan 10 # interface 10GE1/0/3 port link-type dot1q-tunnel port default vlan 10 l2protocol-tunnel stp vlan 10 # return
