Example for Configuring Basic QinQ

QinQ Overview

802.1Q-in-802.1Q (QinQ) expands VLAN space by adding an additional 802.1Q tag to 802.1Q tagged packets. It allows services in a private VLAN to be transparently transmitted over a public network.

Basic QinQ, also called QinQ tunneling, is performed on interfaces. When an interface enabled with basic QinQ receives a packet, the device adds the default VLAN tag of its interface to the packet. If the received packet is tagged, it has double VLAN tags. If the received packet is untagged, it has the default VLAN tag of the interface.

When too many VLANs are required, you can configure basic QinQ. Basic QinQ, by adding an outer tag, expands VLAN space and solves the VLAN shortage problem.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

As shown in Figure 1, a network has two enterprises: enterprise 1 and enterprise 2. Both enterprises have two branches. Enterprise 1 and enterprise 2 networks connect to SwitchA and SwitchB, respectively, of the ISP network. In addition, there are non-Huawei devices on the public network and the TPID in the outer VLAN tag is 0x9100.

The requirements are as follows:

VLANs need to be independently assigned to enterprise 1 and enterprise 2.
Traffic between the two branches of each enterprise is transparently transmitted through the public network. Users accessing the same service in different branches of each enterprise are allowed to communicate, and users accessing different services must be isolated.

QinQ can be used to meet the preceding requirements. Configure VLAN 100 and VLAN 200 to implement connectivity of enterprise 1 and enterprise 2 respectively and to isolate enterprise 1 and enterprise 2; configure the TPID in the outer VLAN tag on switch interfaces connected to non-Huawei devices so that Huawei switches can communicate with the non-Huawei devices.

Figure 1 Networking of basic QinQ

Configuration Roadmap

The configuration roadmap is as follows:

Create VLAN 100 and VLAN 200 on SwitchA and SwitchB, configure connected interfaces as QinQ interfaces, and add the interfaces to VLANs so that different VLAN tags are added to packets of different services.
Add interfaces of SwitchA and SwitchB that are connected to the public network to VLANs so that packets from VLAN 100 and VLAN 200 are allowed to pass through.
Configure the TPID in the outer VLAN tag on interfaces of SwitchA and SwitchB that are connected to the public network so that SwitchA and SwitchB can communicate with non-Huawei devices.

Procedure

Create VLANs.

# Create VLAN 100 and VLAN 200 on SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200

# Create VLAN 100 and VLAN 200 on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200

Set the link type of interfaces to QinQ.

# Configure GE1/0/1 and GE1/0/2 of SwitchA as QinQ interfaces, and set the default VLAN of GE1/0/1 to VLAN 100 and the default VLAN of GE1/0/2 to VLAN 200. VLAN 100 and VLAN 200 are added to outer tags. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type dot1q-tunnel //Configure the link type of the interface as QinQ.
[SwitchA-GigabitEthernet1/0/1] port default vlan 100
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type dot1q-tunnel //Configure the link type of the interface as QinQ.
[SwitchA-GigabitEthernet1/0/2] port default vlan 200
[SwitchA-GigabitEthernet1/0/2] quit

Configure switch interfaces connected to the public network.
# Add GE1/0/3 on Switch A to VLAN 100 and VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
```
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[SwitchA-GigabitEthernet1/0/3] quit
```

Configure the TPID in the outer VLAN tag.

# Set the TPID in the outer VLAN tag to 0x9100 on SwitchA.

[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] qinq protocol 9100 //Set the TPID in the outer VLAN tag to 0x9100.

# Set the TPID in the outer VLAN tag to 0x9100 on SwitchB.

[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] qinq protocol 9100 //Set the TPID in the outer VLAN tag to 0x9100.

Verify the configuration.
On a PC in a VLAN of a branch in enterprise 1, ping a PC in the same VLAN of the other branch in enterprise 1. The ping operation succeeds, indicating that branches of enterprise 1 can communicate with each other.

On a PC in a VLAN of a branch in enterprise 2, ping a PC in the same VLAN of the other branch in enterprise 2. The ping operation succeeds, indicating that branches of enterprise 2 can communicate with each other.

On a PC in a VLAN of a branch in enterprise 1, ping a PC in the same VLAN of a branch in enterprise 2. The ping operation fails, indicating that enterprise 1 and enterprise 2 are isolated.

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type dot1q-tunnel
 port default vlan 100
#
interface GigabitEthernet1/0/2
 port link-type dot1q-tunnel
 port default vlan 200
#
interface GigabitEthernet1/0/3
 qinq protocol 9100
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type dot1q-tunnel
 port default vlan 100
#
interface GigabitEthernet1/0/2
 port link-type dot1q-tunnel
 port default vlan 200
#
interface GigabitEthernet1/0/3
 qinq protocol 9100
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return