Example for Configuring Basic QinQ
Networking Requirements
As shown in Figure 6-7, tenant 1 and tenant 2 in a data center are located in different positions. SwitchA and SwitchB are at the edge of the data center and connected through the core/backbone network.
- Tenant 1 and tenant 2 plan their VLANs independently.
- Traffic of the two tenants is transparently transmitted on the core/backbone network. Devices using the same services in the two branches are allowed to communicate and devices using different services are isolated.
Configuration Roadmap
The configuration roadmap is as follows:
Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB, and set the link type of interfaces connected to tenants to QinQ and add the interfaces to VLAN so that different outer VLAN tags are added to different tenants.
Add interfaces connected to the core/backbone network on SwitchA and SwitchB to VLAN 100 and VLAN 200 to permit packets from these VLANs to pass through.
Procedure
- Create VLANs.
# Create VLAN 100 and VLAN 200 on SwitchA.
<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] vlan batch 100 200 [*SwitchA] commit
# Create VLAN 100 and VLAN 200 on SwitchB.
<HUAWEI> system-view [~HUAWEI] sysname SwitchB [*HUAWEI] commit [~SwitchB] vlan batch 100 200 [*SwitchB] commit
- Set the link type of interfaces to QinQ.
# Configure 10GE1/0/1 and 10GE1/0/2 on SwitchA as QinQ interfaces, and set outer VLAN tags of 10GE1/0/1 and 10GE1/0/2 to VLAN 100 and VLAN 200 respectively. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[~SwitchA] interface 10ge 1/0/1 [~SwitchA-10GE1/0/1] port link-type dot1q-tunnel [*SwitchA-10GE1/0/1] port default vlan 100 [*SwitchA-10GE1/0/1] quit [*SwitchA] interface 10ge 1/0/2 [*SwitchA-10GE1/0/2] port link-type dot1q-tunnel [*SwitchA-10GE1/0/2] port default vlan 200 [*SwitchA-10GE1/0/2] quit [*SwitchA] commit
- Configure the interface connected to the core/backbone
network on the switch.
# Add 10GE1/0/3 on SwitchA to VLAN 100 and VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[~SwitchA] interface 10ge 1/0/3 [~SwitchA-10GE1/0/3] port link-type trunk [*SwitchA-10GE1/0/3] port trunk allow-pass vlan 100 200 [*SwitchA-10GE1/0/3] commit [~SwitchA-10GE1/0/3] quit
- Verify the configuration.
On a server in a VLAN of tenant 1, ping another server in the same VLAN. The ping operation succeeds, indicating that devices in tenant 1 can communicate with each other.
On a server in a VLAN of tenant 2, ping another server in the same VLAN. The ping operation succeeds, indicating that devices in tenant 2 can communicate with each other.
On a server in a VLAN of tenant 2, ping another server in the same VLAN. The ping operation fails, indicating that tenants are isolated.
Configuration Files
SwitchA configuration file
# sysname SwitchA # vlan batch 100 200 # interface 10GE1/0/1 port link-type dot1q-tunnel port default vlan 100 # interface 10GE1/0/2 port link-type dot1q-tunnel port default vlan 200 # interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 100 200 # return
SwitchB configuration file
# sysname SwitchB # vlan batch 100 200 # interface 10GE1/0/1 port link-type dot1q-tunnel port default vlan 100 # interface 10GE1/0/2 port link-type dot1q-tunnel port default vlan 200 # interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 100 200 # return