Flexible QinQ configuration for the Huawei S8500 switch I. Simple introduction of the principle although common QinQ can solve VLAN expansion and simple L2 VPN functions, however, only a fixed outer TAG can be added to a port, which cannot meet the requirements of adding different outer VLAN tags to users of different services. For example, VLAN 100 ~ 200 for a business user, the outer label 10 is required; VLAN 201 ~ 300 for another service, the outer tag 20 is required; VLAN 10 ~ 20 business requirements are not tagged, and such application requirements cannot be met by QinQ. Www.2cto.com flexible QINQ allows you to configure specific ACL rules to add the specified vlan tag or change the vlan tag of the incoming packet to our specified vlan tag, to achieve our flexible application.
Ii. S8500 typical configuration instance 2.1 networking requirement network, each user is isolated on DSLAM through VLAN, VLAN 1000 ~ 2999 is a common online service. It is required to add the outer tag 10 and send it to BRAS for processing after the S8500 is reached. BTV services are sent to DSLAM through vlan 3000 by GSR. DSLAM performs multicast replication and copies multicast streams to user VLANs. In this case, the S8500 must access port g2/1/1 from vlan 1000 to vlan ~ 2999 of packets are added with tags 10 and forwarded to BRAS through vlan 10. If no tag is added for packets entered by VLAN 3000, layer-2 multicast packets can be forwarded in vlan 3000. For this requirement, 85 can be implemented by adding different tags to different VLANs according to ACL rules. DSLAM maps Internet users to vlan 1000 ~ 2999. Configure multicast vlan 3000, And the multicast sub-vlan is vlan 1000-2999. the uplink port is connected to S8500, and vlan 1000-is required ~ 3000 passed. 2.2 Networking Diagram
2.3 configure the basic configuration of command 8500: # configure to match vlan 1000 ~ 2999 ACL [S8500] acl number 4000 [S8500-acl-link-4000] rule 0 permit ingress 1000 to 2999 [S8500] vlan 10 3000 www.2cto.com # configure the port to connect to DSLAM, ports can pass through VLAN 10 and VLAN 3000. The VLAN filter attribute of the port is canceled, configure the nested-vlan to add packets that match the ACL 4000 rule vlan tag 10 [S8500] interface GigabitEthernet 2/1/1 [S8500-GigabitEthernet2/1/1] port link-type hybrid [S8500-GigabitEthernet2/1/1] port hybrid vlan 10 untagged [S8500-GigabitEthernet2/1/1] port hybrid vlan 3000 tagged [S8500-GigabitEthernet2/1/1] vlan filter disable [S8500-GigabitEthernet2/1/1] traffic-redirect inbound link-group 4000 rule 0nested-vlan 10
# Configure Ports connecting GSR and BRAS [S8500] interface g2/1/2 [S8500-GigabitEthernet2/1/2] port link-type trunk [S8500-GigabitEthernet2/1/2] port trunk permit vlan 3000 [S8500-GigabitEthernet2/1/2] interface g2/1/3 [S8500-GigabitEthernet2/1/3] port link-type trunk [S8500-GigabitEthernet2/1/3] port trunk permit vlan 10 # enable Layer 2 Multicast on VLAN 3000 [S8500] igmp-snooping enable [S8500] vlan 3000 [S8500-vlan3000] igmp-snooping enable configure BRAS and GSR devices: Configure BRAS to process packets with dual-vlan tags and terminate PPPOE packets. Configure GSR to enable Layer-3 multicast as the multicast router.