The configuration of selective QinQ for processing private network packets by their types on H3C S3100-EI

The configuration of selective QinQ for processing private network packets by their types on H3C S3100-EI

 

I            Requirement for the diagram

(1)Ethernet 1/0/3 of Switch A provides public network access for PC users and IP phone users. PC users belong to VLAN 100 through VLAN 108, and IP phone users belong to VLAN 200 through VLAN 230. Ethernet 1/0/5 of Switch A is connected to the public network. The peer end of Switch A is Switch B.

(2)Ethernet 1/0/11 of Switch B is connected to the  public network. Ethernet 1/0/12 and Ethernet1/0/13 of Switch B provide network access for PC servers belonging to VLAN 100 through VLAN 108 and voice gateways (for IP phone users) belonging to VLAN 200 through VLAN 230 respectively.

(3)The public network permits packets of VLAN 1000 and VLAN 1200. Apply QoS policies for these packets to reserve bandwidth for packets of VLAN 1200. That is, packets of VLAN 1200 have higher transmission priority over packets of VLAN 1000.

(4)Employ the selective QinQ feature on Switch A and Switch B to differentiate traffic of PC users from that of IP phone users, for the purpose of using QoS policies to guarantee higher priority for voice traffic.

(5)To reduce broadcast packets in the network, enable the inter-VLAN MAC address replicating feature for selective QinQ.

II          Network topology

III        Steps of configuration

(1)Configure Switch A.

# Create VLAN 1000, VLAN 1200 and VLAN 5 (the default VLAN of Ethernet 1/0/3) on SwitchA.

<SwitchA> system-view

[SwitchA] vlan 1000

[SwitchA-vlan1000] quit

[SwitchA] vlan 1200

[SwitchA-vlan1200] quit

[SwitchA] vlan 5

[SwitchA-vlan5] quit

# Configure Ethernet 1/0/5 as a hybrid port and configure it not to remove VLAN tags when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.

[SwitchA] interface Ethernet 1/0/5

[SwitchA-Ethernet1/0/5] port link-type hybrid

[SwitchA-Etherent1/0/5] port hybrid vlan 5 1000 1200 tagged

[SwitchA-Ethernet1/0/5] quit

# Configure Ethernet 1/0/3 as a hybrid port and configure VLAN 5 as its default VLAN. Configure Ethernet 1/0/3 to remove VLAN tags when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.

[SwitchA] interface Ethernet 1/0/3

[SwitchA-Ethernet1/0/3] port link-type hybrid

[SwitchA-Ethernet1/0/3] port hybrid pvid vlan 5

[SwitchA-Etherent1/0/3] port hybrid vlan 5 1000 1200 untagged

# Configure global tag mapping rules for selective QinQ to insert VLAN 1000 tag as the outer VLAN tag in packets with the tags of VLAN 100 through VLAN 108 as the inner tags, and insert VLAN 1200 tag as the outer VLAN tag in packets with the tags of VLAN 200 through VLAN 230 as the inner tags.

[SwitchA-Ethernet1/0/3] quit

[SwitchA] vlan-vpn vid 1000

[SwitchA-vid-1000] raw-vlan-id inbound 100 to 108

[SwitchA-vid-1000] quit

[SwitchA] vlan-vpn vid 1200

[SwitchA-vid-1200] raw-vlan-id inbound 200 to 230

# Enable the selective QinQ feature on Ethernet 1/0/3.

[SwitchA-vid-1200] quit

[SwitchA] interface Ethernet 1/0/3

[SwitchA-Ethernet1/0/3] vlan-vpn selective enable

After the above configuration, packets of VLAN 100 through VLAN 108 (that is, packets of PC users) are tagged with the tag of VLAN 1000 as the outer VLAN tag when they are forwarded to the public network by Switch A; and packets of VLAN 200 through VLAN 230 (that is, packets of IP phone users) are tagged with the tag of VLAN 1200 as the outer VLAN tag when they are forwarded to the public network.

(2)Configure Switch B.

# Create VLAN 1000, VLAN 1200, VLAN 12 (the default VLAN of Ethernet1/0/12) and VLAN 13 (the default VLAN of Ethernet1/0/13) on Switch B.

<SwitchB> system-view

[SwitchB] vlan 1000

[SwitchB-vlan1000] quit

[SwitchB] vlan 1200

[SwitchB-vlan1200] quit

[SwitchB] vlan 12 to 13

# Configure Ethernet 1/0/11 as a hybrid port, and configure Ethernet 1/0/11 not to remove VLAN tags when forwarding packets of VLAN 12, VLAN 13, VLAN 1000, and VLAN 1200.

<SwitchB> system-view

[SwitchB] interface Ethernet 1/0/11

[SwitchB-Etherent1/0/11] port link-type hybrid

[SwitchB-Etherent1/0/11] port hybrid vlan 12 13 1000 1200 tagged

# Configure Ethernet1/0/12 as a hybrid port and configure VLAN 12 as its default VLAN . Configure Ethernet 1/0/12 to remove VLAN tags when forwarding packets of VLAN 12 and VLAN 1000.

[SwitchB] interface Ethernet 1/0/12

[SwitchB-Etherent1/0/12] port link-type hybrid

[SwitchB-Etherent1/0/12] port hybrid pvid  vlan 12

[SwitchB-Etherent1/0/12] port hybrid vlan 12 1000 untagged

[SwitchB-Ethernet1/0/12] quit

# Configure Ethernet 1/0/13 as a hybrid port and configure VLAN 13 as its default VLAN . Configure Ethernet 1/0/13 to remove VLAN tags when forwarding packets of VLAN 13 and VLAN 1200.

[SwitchB] interface Ethernet 1/0/13

[SwitchB-Etherent1/0/13] port link-type hybrid

[SwitchB-Etherent1/0/13] port hybrid pvid vlan 13

[SwitchB-Etherent1/0/13] port hybrid vlan 13 1200 untagged

After the above configuration, Switch B can forward packets of VLAN 1000 and VLAN 1200 to the corresponding servers through Ethernet 1/0/12 and Ethernet 1/0/13 respectively.

To make the packets from the servers be transmitted to the clients in the same way, you need to configure the selective QinQ feature on SwitchB. The configuration on Switch B is similar to that on Switch A and is thus omitted.

IV       Key notes in the configuration

(1)A selective QinQ-enabled device tags a user packet with an outer VLAN tag regardless of the VLAN tag of the user packet, so there is no need to configure user VLANs on the device.

(2)Make sure the packets of the default VLAN of a selective QinQ-enabled port are permitted on both the local port and the port connecting to the public network.