Saturday, June 6, 2015

Huawei - Switch: Basic QinQ Tunnel (aka 802.1Q Tunneling)

How to Configure Basic QinQ?

Posted on December 8, 2014

 

Networking Requirements

As shown in the below figure, there are two enterprises on the network, Enterprise 1 and Enterprise 2. Enterprise 1 has two office locations, and Enterprise 2 has 2 office locations. The office locations of the two enterprises access SwitchA and SwitchB of the ISP network. A non-Huawei device with the TPID value 0x9100 exists on the public network.

The requirements are as follows:

  • Enterprise 1 and Enterprise 2 plans their VLANs independently.
  • Traffic of the two branches is transparently transmitted on the public network. Users using the same services in the two branches are allowed to communicate and users using different services are isolated.

You can configure QinQ to meet the preceding requirements. VLAN 100 provided by the public network can be used to implement communication of Enterprise 1 in the two branches and VLAN 200 is used for Enterprise 2. You can set the TPID value in the outer VLAN on the interface that connects the non-Huawei device to implement communication between devices.

Note: This example can be applied to Huawei switches higher level than Quidway S2700 and with EI version.

 

Configuring basic QinQ

configuring-basic-qinq

 

Configuration Roadmap

The configuration roadmap is as follows:

  • Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB. Set the link type of the interface to QinQ and add the interfaces to VLAN. In this way, different outer VLAN tags are added to different services.
  • Add interfaces connecting to the public network on SwitchA and SwitchB to VLAN 100 and VLAN 200 to permit packets from these VLANs to pass through.
  • Set the TPID values in the outer VLAN tag on interfaces connecting to the public network on SwitchA and SwitchB to implement communication between the device with devices from other vendors.

Procedure

 

Create VLANs.

# Create VLAN 100 and VLAN 200 on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200

# Create VLAN 100 and VLAN 200 on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200

 

Set the link type of the interface to QinQ.

# Configure GE0/0/1 and GE0/0/2 of SwitchA as QinQ interfaces. Set the VLAN of GE0/0/1 to VLAN 100 and the VLAN of GE0/0/2 to VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
[SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/2] port default vlan 200
[SwitchA-GigabitEthernet0/0/2] quit

Configure the interface connecting to the public network on the switch.

# Add GE0/0/3 of SwitchA to VLAN 100 and VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[SwitchA-GigabitEthernet0/0/3] quit

Configure the TPID value for an outer VLAN tag

# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] qinq protocol 9100

# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchB.
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] qinq protocol 9100

Verify the configuration.

In Enterprise 1, ping a PC of a VLAN in a branch from a PC of the same VLAN in another branch. If the two PCs can ping each other, internal users of Enterprise 1 can communicate.

In Enterprise 2, ping a PC of a VLAN in a branch from a PC of the same VLAN in another branch. If the two PCs can ping each other, internal users of Enterprise 2 can communicate.

Ping a PC in a VLAN of Enterprise 2 in a branch from a PC in the same VLAN of Enterprise 1 in either branch. If the two PCs cannot ping each other, users in Enterprise 1 and Enterprise 2 are isolated.

 

Configuration Files

# Configuration file of SwitchA
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return


#Configuration file of SwitchB
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return

The more information about technical support you can consult with our engineer – Bill, and his e-mail address is as below:

bill@huanetwork.com

Taken From: http://www.huanetwork.com/blog/how-to-configure-basic-qinq/