Special Topic - VLAN&QinQ (V1.0)
Special Topic - VLAN&QinQ (V1.0)
Special Topic - VLAN&QinQ (V1.0)
& QinQ
Issue 1.0
Date 2013-11-29
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: [email protected]
Overview
This document describes the principles of VLAN & QinQ access, its implementation on Huawei
routers and switches, and configuration guide.
NE40E/80E All versions QinQ mapping has been supported since V600R002.
CX600 The following functions have been supported since
ME60 V600R007:
l Push operation: A sub-interface adds a VLAN tag to
packets it receives.
l PW-tag operation: A PW in tagged mode adds a P-tag
to packets to be forwarded over the PW.
S9300&S930 All versions The following functions have been supported since
0E V100R006:
l MAC address-based VLAN classification
l IP subnet-based VLAN classification
l Protocol-based VLAN classification
l Policy-based VLAN classification
l VLAN Switch switch-vlan
l VLAN Switch stack-vlan
S6300/S5300 All versions The following functions have been supported since
V100R006:
l MAC address-based VLAN classification
l IP subnet-based VLAN classification
l Protocol-based VLAN classification
l Policy-based VLAN classification
S3300 All versions The following functions have been supported since
V100R006:
l MAC address-based VLAN classification
l IP subnet-based VLAN classification
l Protocol-based VLAN classification
Intended Audience
This document is intended for:
Change History
Issue Release Date Change History
Contents
4 Configuration Guide...................................................................................................................55
4.1 Configuring VLAN Stacking........................................................................................................................................56
4.2 Configuring QinQ Stacking..........................................................................................................................................58
4.3 Configuring VLAN Switch stack-vlan.........................................................................................................................60
4.4 Configuring Dot1q VLAN Tag Termination Sub-interfaces........................................................................................61
4.5 Configuring a QinQ VLAN Tag Termination Sub-interface.......................................................................................64
4.6 Configuring user-vlan...................................................................................................................................................66
4.7 Configuring Dot1q Sub-interfaces................................................................................................................................67
4.8 Configuring a VE Sub-interface...................................................................................................................................69
4.9 Configuring VLANIF Interfaces..................................................................................................................................71
4.10 Configuring VLAN Mapping.....................................................................................................................................72
4.11 Configuring QinQ Mapping.......................................................................................................................................74
4.12 Configuring VLAN Switch switch-vlan.....................................................................................................................75
4.13 Configuring VLAN Swap...........................................................................................................................................76
4.14 Configuring VLL........................................................................................................................................................77
4.15 Configuring VPLS......................................................................................................................................................78
4.16 Configuring VLAN protocol-transparent...................................................................................................................81
Datac NE40 Acces Receives the frame and Accepts the frame if the Removes the VLAN tag and
om E, s adds a default VLAN VLAN ID of the frame is then sends the frame.
devic NE80 tag. the same as the default
es E, VLAN ID of the port.
CX60 Discard the frame if the
0, VLAN ID of the frame is
ME60 different from the default
, ATN VLAN ID of the port.
Trunk Directly discards the Accepts the frame if the Transparently transmits the
frame. VLAN ID of the frame is frame without processing it.
in the range of VLANs
Hybri Adds the default VLAN from which frames are Removes the VLAN tag and
d ID to the frame and allowed to pass through sends the frame if the VLAN
accepts the frame if the the port. Discards the ID of the frame is the same as
default VLAN ID is in frame if the VLAN ID of the default VLAN ID and is
the range of VLANs the frame is not in the also in the range of VLANs
from which frames are range of VLANs from from which frames are
allowed to pass through which frames are allowed allowed to pass through the
the port. Adds the to pass through the port. port. Retains the VLAN tag
default VLAN ID to the and sends the frame if the
frame and discards the VLAN ID is different from the
frame if the default default VLAN ID but is in the
VLAN ID is not in the range of VLANs from which
range of VLANs from frames are allowed to pass
which frames are through the port.
allowed to pass through
the port.
The S Acces Receives the frame and Accepts the frame if the Removes the VLAN tag and
series s adds a default VLAN VLAN ID of the frame is then sends the frame.
switc tag. the same as the default
h, VLAN ID of the port.
Data Discard the frame if the
center VLAN ID of the frame is
switc different from the default
h, the VLAN ID of the port.
AR
series
router
Type Prod Port Received Untagged Received Tagged Send VLAN Frames
uct Type Frames Frames
Serie
s
Trunk Adds the default VLAN Accepts the frame if the Removes the VLAN tag and
ID to the frame and VLAN ID of the frame is sends the frame if the VLAN
accepts the frame if the in the range of VLANs ID of the frame is the same as
default VLAN ID is in from which frames are the default VLAN ID and is
the range of VLANs allowed to pass through also in the range of VLANs
from which frames are the port. Discards the from which frames are
allowed to pass through frame if the VLAN ID of allowed to pass through the
the port. Adds the the frame is not in the port. Retains the VLAN tag
default VLAN ID to the range of VLANs from and sends the frame if the
frame and discards the which frames are allowed VLAN ID is different from the
frame if the default to pass through the port. default VLAN ID but is in the
VLAN ID is not in the range of VLANs from which
range of VLANs from frames are allowed to pass
which frames are through the port.
allowed to pass through
Hybri the port. The port can be configured to
d send tagged or untagged
frames. If the port is
configured to send tagged
frames, after receiving a
frame, the port transparently
transmits the frame if the
VLAN ID of the frame is in the
range of VLANs from which
frames are allowed to pass
through the port. If the port is
configured to send untagged
frames, after receiving a
frame, the port removes the
VLAN tag and sends the frame
if the VLAN ID of the frame is
in the range of VLANs from
which frames are allowed to
pass through the port.
Trans MST Acces Adds the default VLAN Directly discards the Removes the VLAN tag and
port P s ID and VLAN priority to frame. then sends the frame.
the frame and then
transparently transmits
the frame.
Type Prod Port Received Untagged Received Tagged Send VLAN Frames
uct Type Frames Frames
Serie
s
Hybri Adds the default VLAN Transparently transmits Removes the VLAN tag and
d ID and VLAN priority to the frame without then sends the frame if the
the frame and then processing it. VLAN ID of the frame is the
transparently transmits same as the default VLAN ID
the frame. of the port. Transparently
transmits the frame without
processing it if the VLAN ID
of the frame is different from
the default VLAN ID of the
port.
Acce MA5 Processes the frame based on the configured VLAN translation policy.
ss 600T
Switch MAC VLANs do not The network MAC address- 1. Create a VLAN.
address- need to be administrator must based VLAN 2. Associate a MAC
based classified again configure the classification address with the VLAN.
VLAN if the physical terminals' MAC applies to
classificati location of addresses on a networks with high 3. Configure port
on users change. device before security and attributes.
This associating the MAC mobility 4. Configure the port to
configuration addresses with requirements. allow packets from the
improves VLANs. If a MAC address-based
terminal user network has a large VLAN to pass through.
security and number of terminals, 5. Configure the port to
access the configuration prefer MAC address-
flexibility. workload is heavy at based VLAN
the beginning. classification.
6. Enable MAC address-
based VLAN
classification.
NE40E/ Port-based VLAN Adds a VLAN tag Deployed on user-side Port-based VLAN
NE80E/ stacking (QinQ to untagged frames Layer 2 interfaces of stacking applies where
CX600/ tunnel) it receives. Adds access devices. there is no need to
ME60/ATN/ the same outer distinguish users and
Switch/AR/ VLAN tag to services.
Data center single-tagged or
switch double-tagged
frames it receives.
NE40E/CX/ QinQ Stacking Directly discards Deployed on sub- QinQ stacking applies
ME/ATN untagged frames it interfaces of public to L2VPNs.
receives. Adds network edge devices.
outer VLAN tags
that are
automatically
assigned to single-
tagged or double-
tagged frames it
receives.
Table 2-1 Processing of VLAN tags on different types of interfaces (not in VPLS access scenarios)
NE40E/ QinQ Sub-interface that Accepts the packet and removes Adds double VLAN IDs that
NE80E/ VLAN tag has QinQ the double VLAN tags if the have been planned to the
CX600/ termination termination inner and outer VLAN IDs of packet.
ME60/ sub- configured the packet are the same as that
ATN/ interface encapsulated on the sub-
Switch/ interface.
AR Discards the packet if the inner
and outer VLAN IDs of the
packet are different from that
encapsulated on the sub-
interface.
NE40E/ user-vlan Sub-interface that Accepts the packet and removes Adds the single or double
NE80E/ has a user-vlan the single or double VLAN tags VLAN IDs that have been
CX600/ configured if the single or double VLAN planned to the packet.
ME60/ IDs of the packet are the same as
ATN/ that encapsulated on the sub-
Switch/ interface.
AR Discards the packet if the single
or double VLAN IDs of the
packet are different from that
encapsulated on the sub-
interface.
NE40E/ Dot1q Sub-interface that Accepts the packet and removes Adds a single VLAN tag.
NE80E/ VLAN tag has Dot1q the VLAN tag if the VLAN ID Dot1q sub-interfaces and
CX600/ termination termination of the packet is the same as that Dot1q VLAN tag termination
ME60/ sub- configured encapsulated on the sub- sub-interfaces are different in
ATN/ interface interface. the following aspects:
Switch/ Discard the packet if the VLAN A Dot1q sub-interface can
AR ID of the packet is different from encapsulate only one VLAN
that encapsulated on the sub- tag, meaning that the inbound
NE40E/ Dot1q sub- Sub-interface that
interface. interface can remove only a
NE80E/ interface has vlan-type dot1q
VLAN tag with a specific ID
CX600/ configured
and the outbound interface
ME60/
can add only a VLAN tag
ATN/
with a specific ID.
Switch/
AR A Dot1q VLAN tag
termination sub-interface can
encapsulate multiple
VLANs, meaning that the
inbound interface can remove
VLAN tags in a VLAN range
and the outbound interface
can add VLAN tags in a
VLAN range.
NE40E/ VLANIF A Layer 3 logical Accepts the packet and removes Transparently transmits the
NE80E/ interface interface configured the VLAN tag if the VLAN ID packet without processing it
CX600/ for a VLAN Before of the packet is the same as the if the encapsulation type is
ME60/ running the interface ID of the VLANIF interface. default.
ATN/ vlanif command to Discards the packet if the VLAN Adds a single VLAN tag if
Switch/ configure a VLANIF ID of the packet is different from the encapsulation type is
AR interface for a the ID of the VLANIF interface. trunk.
VLAN, ensure that
the VLAN has been
created.
VLAN Ethernet frames sent The user-side encapsulation mode can be configured using the
between CEs and PEs carry encapsulation { ethernet | vlan } command in the VSI view.
a VLAN tag in the Ethernet By default, VLAN encapsulation is used for user-side packets
frame header, known as the on VPLS network.
provider-tag (P-tag). This
tag a service delimiter used
on an ISP network for user
differentiation.
P-tag function: The P-tag carries the CoS value. If the DiffServ mode is set to short-pipe, the peer end of the PW
performs priority scheduling based on CoS values.
Table 2-3 Processing of VLAN tags on different types of interfaces (in VPLS access scenarios)
(Note: QinQ VLAN tag termination sub-interfaces can access VPLS networks in symmetrical
or asymmetrical mode.)
QinQ VLAN In symmetrical mode, removes In symmetrical mode, replaces the outer VLAN
VLAN tag the outer VLAN tag and adds a tag. In asymmetrical mode, removes a VLAN tag
termination VLAN tag. In asymmetrical and adds double VLAN tags.
sub- mode, removes double VLAN
interface tags and adds a VLAN tag.
Ethernet In symmetrical mode, removes In symmetrical mode, adds an outer VLAN tag. In
the outer VLAN tag. In asymmetrical mode, adds double VLAN tags.
asymmetrical mode, removes
double VLAN tags.
Dot1q VLAN Retains the VLAN tag without Replaces the VLAN tag.
VLAN tag processing it.
termination
sub- Ethernet Removes the VLAN tag. Adds a VLAN tag.
interface
Dot1q sub- VLAN Retains the VLAN tag without Replaces the VLAN tag.
interface processing it.
VLANIF VLAN Retains the VLAN tag without Removes the VLAN tag if the encapsulation type
interface processing it. is default. Replaces the VLAN tag if the
encapsulation type if trunk.
Ethernet Removes the VLAN tag. No action is required if the encapsulation type is
default. Adds a VLAN tag if the encapsulation
type is trunk.
NE40E/ VLAN Swap Swaps inner and outer Deployed on Applies to public
NE80E/CX/ VLAN tags. interfaces or sub- network edge
ME interfaces of public devices that receive
network edge devices. double-tagged
packets, with the
outer VLAN tag
identifying users and
the inner VLAN tag
identifying services.
Table 2-4 Processing of VLAN tags on different types of interfaces with the push operation
QinQ VLAN In symmetrical mode: removes the outer In symmetrical mode: removes the
VLAN tag VLAN tag, performs the push operation to outer VLAN tag and replaces the outer
termination add a VLAN tag, and then adds another VLAN tag in double VLAN tags. In
sub- VLAN tag. In asymmetrical mode: removes asymmetrical mode, removes double
interface double VLAN tags, performs the push VLAN tags and adds double VLAN
operation to add a VLAN tag, and then adds tags.
another VLAN tag.
Ethernet In symmetrical mode, removes the outer In symmetrical mode, removes the
VLAN tag and performs the push operation outer VLAN tag and adds an outer
to add a VLAN tag. In asymmetrical mode, VLAN tag. In asymmetrical mode,
removes double VLAN tags and performs removes an outer VLAN tag and adds
the push operation to add a VLAN tag. double VLAN tags.
Dot1q VLAN Retains the original VLAN tag and Removes the outer VLAN tag and
VLAN tag performs the push operation to add another replaces the retained VLAN tag.
termination VLAN tag.
sub-
interface Ethernet Removes the VLAN tag and performs the Removes the VLAN tag and adds
push operation to add another VLAN tag. another VLAN tag.
Dot1q sub- VLAN Retains the original VLAN tag and Removes the outer VLAN tag and
interface performs the push operation to add another replaces the retained VLAN tag.
VLAN tag.
Ethernet Removes the VLAN tag and performs the Removes the VLAN tag and adds
push operation to add another VLAN tag. another VLAN tag.
QinQ VLAN For single-tagged packets, performs the Removes the outer VLAN tag and
stacking push operation to add a VLAN tag and then replaces the outer VLAN tag in double
sub- Ethernet adds another VLAN tag. For double-tagged VLAN tags. Removes double VLAN
interface packets, performs the push operation to add tags and replaces the outer VLAN tag
a VLAN tag and then adds another VLAN in double VLAN tags.
tag. The original inner VLAN tag is
transparently transmitted as data.
The VLAN tag added after the push operation is performed is the P-tag to enter the PW.
Raw Packets transmitted over a PW cannot carry P-tags. For packets sent from
a CE to a PE: If the PE receives packets that carry the P-tag, the PE removes
the P-tag and adds double MPLS labels (outer tunnel label and inner VC
label) before forwarding the packets. If the PE receives packets that do not
carry the P-tag, the PE adds double MPLS labels (outer tunnel label and
inner VC label) and forwards the packets. For packets sent from a PE to a
CE, the PE determines whether to add the P-tag based on actual
configurations before forwarding the packets to the CE. The PE is not
allowed to rewrite or remove an existing VLAN tag.
Tagged Packets transmitted over a PW must carry P-tags. For packets sent from a
CE to a PE: If the PE receives packets that carry the P-tag, the PE retains
the P-tag and adds double MPLS labels (outer tunnel label and inner VC
label) before forwarding the packets. If the PE receives packets that do not
carry the P-tag, the PE adds a null tag and adds double MPLS labels (outer
tunnel label and inner VC label) before forwarding the packets. For packets
sent from a PE to a CE, the PE determines whether to rewrite, remove, or
retain the P-tag based on actual configurations before forwarding the
packets to the CE.
Table 2-6 P-Tag values on different types of interfaces after the PW-tag operation is performed
(Note: The PW-tag operation is supported only on the NE40E/NE80E/CX600/ME60, and the
PW must work in tagged mode.)
Interface Type Default P-Tag Value P-Tag Value After the PW-tag
Operation
QinQ VLAN tag Outer VLAN tag Modified VLAN tag after the PW-tag
termination sub- operation is performed
interface
Dot1q sub-interface
On this network, two PE-AGGs connect to a BRAS and an SR, respectively. Each PE-AGG has
multiple UPEs attached, and each UPE has multiple DSLAMs attached. Enterprise leased lines
directly connect to the UPEs.
l Residential services
Residential services access DSLAMs using ADSL or access LSWs using Ethernet links.
HSI services are transparently transmitted to the BRAS over the metro Ethernet network
and are terminated on the BRAS. VoIP, VoD, and BTV services are transparently
transmitted to the SR over the metro Ethernet network and are terminated on the SR.
NOTE
VoD services are a type of IPTV service. Unlike BTV services that are multicast services, VoD
services are unicast services.
l Leased line services
Leased line service packets with single or double VLAN tags are directly transmitted to
the UPEs and are transparently transmitted using VPLS.
NOTE
IPTV services include VoD and BTV services. VoD services are unicast services, and BTV services are
multicast services. The same multicast VLAN is used for multicast services on the entire network.
NOTE
If an enterprise exclusively uses a physical link of a UPE, the UPE can use a QinQ stacking sub-interface
for the enterprise user to access the metro Ethernet, without needing to design VLANs. If different sites of
the same enterprise connect to different UPEs and the UPEs use QinQ stacking sub-interfaces for these
sites to access the metro Ethernet, VLAN design is not needed either.
If multiple enterprises access a UPE through an aggregation switch, selective QinQ must be used on the
UPE so that the UPE can add different VLAN tags to packets from different enterprise users. These VLAN
tags differentiate the enterprise users. The UPE then uses QinQ VLAN tag termination sub-interfaces for
the enterprise users to access the metro Ethernet. In this situation, the outer VLAN tags must be planned
for all enterprise users on the public network. If different sites of the same enterprise connect to different
UPEs, the outer VLAN tags of packets from this enterprise can be the same or not the same.
HSI 1000-1999
VoD 2000-2500
VoIP 2501-2999
BTV 10
Each city on the metro Ethernet designs inner VLAN tags of residential services and enterprise
leased line services. Table 3-2 shows an example.
Service VLAN IDs preset on HGs (One VLAN tag is designed 4-9
for each type of service, and all HGs have the same
configuration.)
VLAN IDs reserved for services that are transmitted among 3501-4094
devices attached to UPEs but are not transmitted to UPEs or
upper-layer metro Ethernet core devices
4 Configuration Guide
Port-based VLAN stacking is generally used in scenarios in which the enterprise CPE directly
connects to a UPE that rents an entire port to this enterprise. To isolate the enterprise services
from other services on the public network, the UPE assigns an outer VLAN to this enterprise so
that all packets received by this port are added with the assigned outer VLAN tag.
In this example, the outer VLAN ID 3111 is assigned to the enterprise on the public network.
After enterprise leased line service packets arrive at an QinQ tunnel, all packets are added with
the same VLAN tag with the ID of 3111.
UPE Configuration
#
vlan batch 3111
#
interface GigabitEthernet 1/0/1
portswitch
description for Enterprise
undo shutdown
port link-type dot1q-tunnel
port default vlan 3111
If the VLANs of the LSW do not meet VLAN requirements on the public network, configure
VLAN-based VLAN stacking. PUPSPV is used on the LSW to allow the VLAN range
1000-1500 to identify HSI services as well as access device locations (DSLAM/LSW),
1501-2000 to identify VoIP services, and 2001-2500 to identify VoD services. The UPE adds
different outer VLAN tags based on the VLAN range:
l Adds an outer VLAN tag with the ID of 1999 to packets with VLAN IDs in the range
1000-1500.
l Adds an outer VLAN tag with the ID of 2999 to packets with VLAN IDs in the range
1501-2000.
l Adds an outer VLAN tag with the ID of 2500 to packets with VLAN IDs in the range
2001-2500.
LSW Configuration
#
vlan batch 1999 2500 2999
#
interface GigabitEthernet 1/0/1
description to HG
undo shutdown
port vlan-stacking vlan 1000 to 1500 stack-vlan 1999
port vlan-stacking vlan 1501 to 2000 stack-vlan 2999
port vlan-stacking vlan 2001 to 2500 stack-vlan 2500
All devices attached to the UPE use PUPV for VLAN design, and different 802.1p priorities are
used to identify services. In this example, the 802.1p priority is 0 for HSI services, 1 for VoD
services, 2 for VoIP services, and 3 for BTV services. If S+C is used for HSI services on the
BRAS/SR, configure the UPE to add outer VLAN tags based on the 802.1p priority to
differentiate services.
LSW Configuration
#
vlan batch 1999
#
interface GigabitEthernet 1/0/1
description to HG
undo shutdown
port vlan-stacking vlan 1000 to 1500 8021p 0 stack-vlan 1999
QinQ stacking sub-interfaces are used for L2VPN (VLL/VPLS) access. Different users or
services access the UPE through different sub-interfaces on the UPE. The UPE automatically
assigns the same outer VLAN tag to all packets from the same sub-interface to identify users or
services. This allows a physical interface to provide access services for multiple users.
In this example, for residential HSI services, the outer VLAN ID 1999 is assigned on the public
network, and the VLAN ID is converted to 2500 for VoD services, 2999 for VoIP services, and
10 for BTV services. Once a QinQ stacking sub-interface receives service packets, the sub-
interface identifies the packets. If the VLAN tags carried by the packets are the same as that
encapsulated on the sub-interface, the sub-interface adds an outer VLAN tag automatically
allocated by the system to the packets.
UPE Configuration
#
interface GigabitEthernet 1/0/1
description to LSW
undo shutdown
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for HSI
qinq stacking vid 1999
l2 binding vsi HSI
#
interface GigabitEthernet 1/0/1.2
description for VoD
qinq stacking vid 2500
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.3
description for VoIP
qinq stacking vid 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.4
description for BTV
qinq stacking vid 10
l2 binding vsi BTV
PE-AGG1 Configuration
#
interface GigabitEthernet 1/0/1
description to BRAS
undo shutdown
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for HSI
qinq stacking vid 1999
l2 binding vsi HSI
PE-AGG2 Configuration
#
interface GigabitEthernet 1/0/1
description to SR
undo shutdown
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for VoD
qinq stacking vid 2500
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
qinq stacking vid 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.3
description for BTV
qinq stacking vid 10
l2 binding vsi BTV
NOTE
In this example, for residential HSI services, the outer VLAN ID 1999 is assigned on the public
network, and the inner VLAN ID in the range 1000-1500 is planned by users. Once a Layer 2
interface that has VLAN Switch stack-vlan enabled receives HSI service packets, the interface
identifies the packets. If the packets carry the VLAN ID in the range 1000-1500, the interface
adds an outer VLAN tag with the ID of 1999 to the packets.
LSW Configuration
#
vlan batch 1999
#
interface GigabitEthernet 1/0/1
description to HG
undo shutdown
vlan-switch HSI interface GigabitEthernet 1/0/1 vlan 1000 to 1500 interface
GigabitEthernet 1/0/2 stack-vlan 1999
l Removes the single VLAN tag from single-tagged frames it receives and implements
L2VPN transparent transmission or Layer 3 forwarding.
l Adds VLAN tags that have been planned to frames before sending them out to terminals.
In this example, for residential HSI services, the outer VLAN range 1000-1999 is assigned on
the public network, and the VLAN ID is converted to a value in the range 2000-2500 for VoD
services, 2501-2999 for VoIP services, and 10 for BTV services. Once a Dot1q VLAN tag
termination sub-interface receives service packets, the sub-interface identifies the packets. If the
VLAN tags carried by the packets are the same as that encapsulated on the sub-interface, the
sub-interface removes the VLAN tags when the packets are received and adds VLAN tags when
the packets are sent out.
UPE Configuration
#
interface GigabitEthernet 1/0/1
description to LSW
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for HSI
control-vid 1999 dot1q-termination
dot1q termination vid 1000 to 1999
l2 binding vsi HSI
#
interface GigabitEthernet 1/0/1.2
description for VoD
control-vid 2500 dot1q-termination
dot1q termination vid 2000 to 2500
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.3
PE-AGG1 Configuration
#
interface GigabitEthernet 1/0/1
description to BRAS
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for HSI
control-vid 1999 dot1q-termination
dot1q termination vid 1000 to 1999
l2 binding vsi HSI
PE-AGG2 Configuration
#
interface GigabitEthernet 1/0/1
description to SR
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for VoD
control-vid 2500 dot1q-termination
dot1q termination vid 2000 to 2500
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
control-vid 2999 dot1q-termination
dot1q termination vid 2501 to 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.3
description for BTV
control-vid 10 dot1q-termination
dot1q termination vid 10
l2 binding vsi BTV
SR Configuration
#
interface GigabitEthernet 1/0/1
description to PE-AGG2
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for VoD
control-vid 2500 dot1q-termination
dot1q termination vid 2000 to 2500
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
control-vid 2999 dot1q-termination
dot1q termination vid 2501 to 2999
l Removes the double VLAN tags from double-tagged frames it receives and then performs
Layer 3 forwarding.
l Adds double VLAN tags that have been planned to frames before sending them out to
terminals.
If a QinQ VLAN tag termination sub-interface receives triple-tagged frames, the sub-interface
removes the outer two VLAN tags and then transparently transmits the inner VLAN tag as data.
In this example, for residential HSI services, the outer VLAN range 1000-1999 is assigned on
the public network, and the inner VLAN range 1000-1500 is planned by users. Once a QinQ
VLAN tag termination sub-interface receives service packets, the sub-interface identifies the
packets. If the VLAN tags carried by the packets are the same as that encapsulated on the sub-
interface, the sub-interface removes the VLAN tags when the packets are received and adds
VLAN tags when the packets are sent out.
BRAS Configuration
#
interface GigabitEthernet 1/0/1
description to PE-AGG1
mode user-termination
#
interface GigabitEthernet 1/0/1.1
In this example, for residential HSI services, the outer VLAN range 1000-1999 is assigned on
the public network, and the inner VLAN range 1000-1500 is planned by users. Once a user-vlan
sub-interface receives service packets, the sub-interface identifies the packets. If the VLAN tags
carried by the packets are the same as that encapsulated on the sub-interface, the sub-interface
removes the VLAN tags when the packets are received and adds VLAN tags when the packets
are sent out.
BRAS Configuration
#
interface GigabitEthernet 1/0/1
description to PE-AGG1
#
interface GigabitEthernet 1/0/1.1
description for HSI
user-vlan 1000 to 1500 qinq 1000 to 1999
l Removes the single VLAN tag from single-tagged frames it receives and implements
L2VPN transparent transmission or Layer 3 forwarding.
l Adds VLAN tags that have been planned to frames before sending them out to terminals.
NOTE
Dot1q sub-interfaces support only a single VLAN. Only users or services in the same VLAN are allowed
to access the same sub-interface.
In this example, the VLAN ID is converted to 2000 for VoD services, 2999 for VoIP services,
and 10 for BTV services. Once a Dot1q sub-interface receives service packets, the sub-interface
identifies the packets. If the VLAN tags carried by the packets are the same as that encapsulated
on the sub-interface, the sub-interface removes the VLAN tags when the packets are received
and adds VLAN tags when the packets are sent out.
UPE Configuration
#
interface GigabitEthernet 1/0/1
description to LSW
#
interface GigabitEthernet 1/0/1.1
description for VoD
vlan-type dot1q 2000
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
vlan-type dot1q 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.3
description for BTV
vlan-type dot1q 10
l2 binding vsi BTV
PE-AGG2 Configuration
#
interface GigabitEthernet 1/0/1
description to SR
#
interface GigabitEthernet 1/0/1.1
description for VoD
vlan-type dot1q 2000
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
vlan-type dot1q 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.3
description for BTV
vlan-type dot1q 10
l2 binding vsi BTV
SR Configuration
#
interface GigabitEthernet 1/0/1
description to PE-AGG2
#
interface GigabitEthernet 1/0/1.1
description for VoD
vlan-type dot1q 2000
l2 binding vsi VoD
#
interface GigabitEthernet 1/0/1.2
description for VoIP
vlan-type dot1q 2999
l2 binding vsi VoIP
#
interface GigabitEthernet 1/0/1.3
description for BTV
vlan-type dot1q 10
l2 binding vsi BTV
l L2VE sub-interface: carries L2VPN services in L2VPN accessing L3VPN scenarios. The
L2VPN service supported can be VLL or VPLS services.
l L3VE sub-interface: carries L3VPN services in L2VPN accessing L3VPN scenarios. L3VE
sub-interface can also carry IP services on the public network.
In this example, for residential HSI services, the outer VLAN ID 1999 is assigned on the public
network, and the inner VLAN ID 1000 is planned by users.
l When service packets arrive at an L2VE Dot1q sub-interface, the sub-interface adds an
outer VLAN tag to the packets.
l When service packets arrive at an L3VE QinQ VLAN tag termination sub-interface, the
sub-interface removes double VLAN tags from the packets.
NPE Configuration
#
ip vpn-instance HSI
ipv4-family
route-distinguisher 100:1
vpn-target 111:1
export-extcommunity
vpn-target 111:1
import-extcommunity
#
interface Virtual-Ethernet2/0/0
description for L2VPN
ve-group 1 l2-terminate
#
interface Virtual-Ethernet2/0/0.1
description for HSI
vlan-type dot1q 1999
mpls l2vc 1.1.1.1 101
#
interface Virtual-Ethernet2/0/1
description for L3VPN
ve-group 1 l3-access
mode user-termination
#
interface Virtual-Ethernet2/0/1.1
description for HSI
control-vid 1 qinq-termination
qinq termination pe-vid 1999 ce-vid 1000
ip binding vpn-instance HSI
A VLANIF interface functions as the gateway for the device connecting to its corresponding
physical interface to implement inter-VLAN communication.
A VLANIF interface maps to a VLAN. Multiple VLANs must have multiple VLANIF interfaces
configured.
UPE1 Configuration
#
vlan batch 2501 2502
#
interface Vlanif2501
description for Enterprise1
ip address 1.1.1.10 255.255.255.0
#
interface Vlanif2502
description for Enterprise2
ip address 2.2.2.10 255.255.255.0
#
interface GigabitEthernet 1/0/1
portswitch
description to LSW1
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2501 2502
UPE-2 Configuration
#
vlan batch 2600 2601
#
interface Vlanif2600
description for Enterprise3
ip address 3.3.3.20 255.255.255.0
#
interface Vlanif2601
description for Enterprise4
ip address 4.4.4.20 255.255.255.0
#
interface GigabitEthernet 1/0/1
portswitch
description to LSW2
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2600 2601
In this example:
l For enterprise services, the VLAN ID assigned on the public network is 3999, and the
VLAN ID planned by the enterprise is 2999. Once a Layer 2 interface that has VLAN
mapping enabled receives service packets, the interface identifies the packets. If the packets
from the enterprise carry the VLAN ID of 2999, the interface changes it to VLAN 3999
assigned by the public network.
l For residential services, PSPV is used for VLAN design on the HGs to allow different types
of services to have different VLAN tags. All HGs add the same VLAN tag to the same type
of service.
If S+C is used for HSI services on the BRAS, VLAN mapping can be configured on the
LSW to map service VLAN IDs to user VLAN IDs in inner VLAN tags. Then an outer
VLAN tag that identifies services can be added to HSI service packets. For example, the
VLAN ID of 4 is planned for HSI services on the HG, and the VLAN ID is converted to
1000 on the LSW.
LSW Configuration
#
vlan batch 1000
#
interface GigabitEthernet 1/0/1
description to HG
undo shutdown
port vlan-mapping vlan 4 map-vlan 1000
UPE Configuration
#
vlan batch 3999
#
interface GigabitEthernet 1/0/1
portswitch
description for Enterprise
undo shutdown
port vlan-mapping vlan 2999 map-vlan 3999
l VLAN IDs deployed on new sites and old sites conflict, but the new sites need to
communicate with the old sites.
l Sites that access to the public network have asymmetrical VLAN planning.
UPE1 Configuration
#
vlan batch 1999
#
interface GigabitEthernet 1/0/1
description to LSW1
undo shutdown
mode user-termination
#
interface GigabitEthernet 1/0/1.1
qinq mapping pe-vid 1999 ce-vid 333 map-vlan vid 1999
l2 binding vsi Old-site
VLAN Switch switch-vlan applies to small-scale networks that have fixed environment.
NOTE
UPE1 Configuration
#
vlan batch 20
#
interface GigabitEthernet 1/0/1
description to LSW1
undo shutdown
vlan-switch old-to-new interface GigabitEthernet 1/0/1 vlan 10 interface
GigabitEthernet 1/0/2 stack-vlan 20
For residential services, PSPV is used for VLAN design on the HGs to allow different types of
services to have different VLAN tags. All HGs add the same VLAN tag to the same type of
service.
For HSI services, the VLAN ID is planned on the HG, and the LSW adds an outer VLAN tag
to identify users to implement C+S. VLAN swap is configured on the UPE to exchange between
inner and outer VLAN tags to implement S+C. In this example, the VLAN ID 4 is planned on
the HG, and the LSW adds an outer VLAN ID of 1000 to packets. VLAN swap is configured
on the UPE to swap inner and outer VLAN tags so that the packets have an inner VLAN ID of
1000 and an outer VLAN ID of 4.
UPE Configuration
#
interface GigabitEthernet 1/0/1
description to LSW
undo shutdown
mode user-termination
#
interface GigabitEthernet 1/0/1.1
description for HSI
vlan-swap enable
qinq termination pe-vid 4 ce-vid 1000
l2 binding vsi HSI
In VLL, an entire interface is leased to an enterprise user that only has P2P interconnection
requirements. The inner and outer VLAN tags do not need to be assigned on the public network.
UPE Configuration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
interface GigabitEthernet1/0/1
description to LSW
undo shutdown
#
interface GigabitEthernet1/0/1.1
description for HSI
vlan-type dot1q 1999
mpls l2vc 2.2.2.2 101
PE-AGG Configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
interface GigabitEthernet1/0/1
description to BRAS
undo shutdown
#
interface GigabitEthernet1/0/1.1
description for HSI
vlan-type dot1q 1999
mpls l2vc 1.1.1.1 101
In this example, the VLAN ID is converted to 2000 for VoD services, 2999 for VoIP services,
and 10 for BTV services. Dot1q VLAN tag termination sub-interfaces are configured on the
UPE and PE-AGGs and bound to the VSI for VPLS access. Packets are broadcast within the
VSI.
l When service packets enter the VPLS network, the Dot1q VLAN tag termination sub-
interface removes VLAN tags.
l When service packets leave the VPLS network, the Dot1q VLAN tag termination sub-
interface adds VLAN tags.
The PE-AGGs forward the service packets to the SR without modifying the packets,
implementing transparent transmission of packets over the VPLS network.
UPE Configuration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
vsi VoD static
pwsignal ldp
vsi-id 102
peer 2.2.2.2
peer 3.3.3.3
#
vsi VoD static
pwsignal ldp
vsi-id 103
peer 2.2.2.2
peer 3.3.3.3
#
vsi BTV static
pwsignal ldp
vsi-id 104
peer 2.2.2.2
peer 3.3.3.3
#
interface GigabitEthernet1/0/1
description to LSW
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
description for VoD
control-vid 2000 dot1q-termination
dot1q termination vid 2000
l2 binding vsi VoD
#
interface GigabitEthernet1/0/1.2
description for VoIP
control-vid 2999 dot1q-termination
dot1q termination vid 2999
l2 binding vsi VoIP
#
interface GigabitEthernet1/0/1.3
description for BTV
control-vid 10 dot1q-termination
dot1q termination vid 10
l2 binding vsi BTV
PE-AGG1 Configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
vsi VoD static
pwsignal ldp
vsi-id 102
peer 1.1.1.1
peer 3.3.3.3
#
vsi VoIP static
pwsignal ldp
vsi-id 103
peer 1.1.1.1
peer 3.3.3.3
#
vsi BTV static
pwsignal ldp
vsi-id 104
peer 1.1.1.1
peer 3.3.3.3
#
interface GigabitEthernet1/0/1
description to SR1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
description for VoD
control-vid 2000 dot1q-termination
dot1q termination vid 2000
l2 binding vsi VoD
#
interface GigabitEthernet1/0/1.2
description for VoIP
control-vid 2999 dot1q-termination
dot1q termination vid 2999
l2 binding vsi VoIP
#
interface GigabitEthernet1/0/1.3
description for BTV
control-vid 10 dot1q-termination
dot1q termination vid 10
l2 binding vsi BTV
PE-AGG2 Configuration
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
vsi VoD static
pwsignal ldp
vsi-id 102
peer 1.1.1.1
peer 2.2.2.2
#
vsi VoIP static
pwsignal ldp
vsi-id 103
peer 1.1.1.1
peer 2.2.2.2
#
vsi BTV static
pwsignal ldp
vsi-id 104
peer 1.1.1.1
peer 2.2.2.2
#
interface GigabitEthernet1/0/1
description to SR2
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
description for VoD
control-vid 2000 dot1q-termination
dot1q termination vid 2000
l2 binding vsi VoD
#
interface GigabitEthernet1/0/1.2
description for VoIP
control-vid 2999 dot1q-termination
dot1q termination vid 2999
l2 binding vsi VoIP
#
interface GigabitEthernet1/0/1.3
description for BTV
control-vid 10 dot1q-termination
dot1q termination vid 10
l2 binding vsi BTV
VLAN protocol-transparent applies to enterprise virtual leased line services. Hosts in different
departments are identified by different VLAN tags, and hosts in the same VLAN are identified
by the same VLAN tag. This accelerates intra-department communication and reduces
communication costs.
NOTE
In this example, an enterprise has multiple branches, and these branches communicate with the
HQ through VLAN 3000. To reduce communication costs and enhance system performance,
configure VLAN protocol-transparent to transparently transmit data.
UPE1 Configuration
#
vlan batch 3000
#
vlan 3000
protocol-transparent
#
interface GigabitEthernet1/0/1
description to Enterprise
undo shutdown
port link-type trunk
port trunk allow-pass vlan 3000
UPE-2 Configuration
#
vlan batch 3000
#
vlan 3000
protocol-transparent
#
interface GigabitEthernet1/0/1
description to Enterprise
undo shutdown
port link-type trunk
port trunk allow-pass vlan 3000
#
interface GigabitEthernet1/0/2
description to Enterprise
undo shutdown
port link-type trunk
port trunk allow-pass vlan 3000
AC Attachment Circuit
BTV Broadcast TV
CE Customer Edge
DR Designated Router
HG Home Gateway
PC Personal Computer
PE Provider Edge
PE-AGG PE Aggregation
PW Pseudo-Wire