VLAN Mapping configuration (VLAN ing)

VLAN ing (VLAN ing) VLAN Mapping principle introduction VLAN Mapping is also known as VLAN ing. Its main function is to replace the private network VLAN Tag in user packets with the public network VLAN Tag, make it transmitted according to the internet plan. When a packet is sent to the peer user's private network, the VLAN Tag is restored to the original user's private network VLAN Tag according to the same rules, so that the packet reaches the destination correctly. After the switch receives a VLAN Tag with the user's private packet, it first matches the VLAN Tag of the user's private packet according to the configured ing rule. If the matching is successful, the private network VLAN Tag is replaced according to the rules. The packet structure received by the switch with the user VLAN Tag: www.2cto.com

The following figure shows the structure of the replaced packet with the user's private network VLAN Tag:

The packet structure with the public network VLAN Tag is different from the VLAN-VPN and the flexible QinQ function, the VLAN Mapping function does not encapsulate the packets in multi-layer VLAN Tag, the packet will carry only one layer of VLAN Tag during transmission. Therefore, you must ensure consistency when configuring ing rules to avoid incorrect transmission of user packets. VLAN Mapping implementation method S3100 series switches support configuring different VLAN Mapping rules for each port. When the VLAN Mapping function takes effect, this port replaces the received packets with VLAN tags according to the ing rules. When the packets of the Peer private network are returned by the public network, this port automatically performs reverse Processing Based on the ing rules configured during the connection to the receiving and reporting, replacing the VLAN Tag of the public network with the VLAN Tag of the private network. Configure the VLAN Mapping function based on the global ing rule in the VLAN Mapping menu. Operation Command instructions: Go to the system view system-view-configure the global VLAN Mapping rule vlan-mapping vlan old -vlan-id remark new-vlan-id (required by default, no global VLAN Mapping rule is configured to enter the Ethernet port View interface-type interface-number-enable the VLAN Mapping function of the current port. vlan-mapping enable is required by default, VLAN ing is not enabled for all ports & Note: l if the port is already in an aggregation group, the VLAN Mapping function of the port cannot be enabled. L The VLAN Mapping function and the Protocol VLAN function cannot be configured at the same time. L When configuring the VLAN Mapping function based on the global ing rule, enabling the VLAN Mapping function of the current port will also enable the flexible QinQ function of the port. Configure VLAN ing Based on port ing rules in www.2cto.com. Configure VLAN Mapping based on port ing rules. Operation Command instructions: Go to system view system-view-go to Ethernet port view interface-type interface-number -Configure port ing rules, at the same time, enable the VLAN Mapping function for ports. vlan-mapping vlan old-vlan-id remark new-vlan-id is required. By default, no ing rule is configured for all ports, VLAN Mapping is not enabled & Description: l When configuring VLAN Mapping rules, the private and public VLAN must correspond one to one, that is, each private VLAN can only be mapped to one public VLAN, at the same time, each public VLAN can only be mapped by one private VLAN. L if you want to modify an existing VLAN Mapping rule, you must delete the original rule and reconfigure it. L VLAN Mapping based on global ing rules and VLAN Mapping based on port ing rules cannot be configured at the same time. Www.2cto.com l when the VLAN Mapping function works with the ARP intrusion detection function, you must enable the ARP Intrusion Detection Function in the original VLAN and the mapped VLAN to ensure the correct implementation of this function. For more information about ARP intrusion detection, see the "ARP" section in this manual. L The VLAN Mapping and IP address filtering functions cannot be configured at the same time. For more information about IP address filtering, see "DHCP" in this manual. L The VLAN Mapping function and the Protocol VLAN function cannot be configured at the same time. A typical VLAN Mapping configuration example uses the VLAN Mapping function to replace the VLAN Tag of a user's private packet. the networks at both ends of the user need to access the public network through SwitchA and SwitchB respectively. The VLAN Mapping function must be configured so that the user's private network packets can be transmitted through VLAN planning on the public network. L SwitchA ports Ethernet1/0/11 and Ethernet1/0/12 are connected to the terminal devices in the user's VLAN100 and VLAN200 respectively; the ports Ethernet1/0/15 and Ethernet1/0/16 of SwitchB connect the servers in the user VLAN100 and VLAN200 respectively. L SwitchA ports Ethernet1/0/10 and SwitchB ports Ethernet1/0/17 are used to connect user networks and public networks. L The user's VLAN100 and VLAN200 packets are required to use VLAN500 and VLAN600 as VLAN identifiers during public network upload and transmission. 2. Networking Diagram

Figure VLAN Mapping typical configuration example networking Figure 3. configuration steps & Description: The following describes how to configure VLAN Mapping based on port ing rules. # Create VLAN100 and VLAN200 for the user network on SwitchA, and VLAN500 and VLAN600 for the public network. <SwitchA> system-view [SwitchA] vlan 100 www.2cto.com [SwitchA-vlan100] quit [SwitchA] vlan 200 [SwitchA-vlan200] quit [SwitchA] vlan 500 [SwitchA-vlan500] quit [SwitchA] vlan 600 [switchA-vlan600] quit
# Because the Ethernet1/0/11 of SwitchA needs to receive packets from the user VLAN and forward the packets sent from the carrier's network, the two ports must be configured as Trunk and Hybrid. The following uses the Hybrid port as an example to configure this port to allow packets of VLAN100 and VLAN500 to carry VLAN tags. [SwitchA] interface Ethernet 1/0/11 [SwitchA-Ethernet1/0/11] port link-type hybrid [SwitchA-Ethernet1/0/11] port hybrid vlan 100 tagged [SwitchA-Ethernet1/0/11] port hybrid vlan 500 tagged [SwitchA-Ethernet1 /0/11] quit # likewise, configure Ports Ethernet1/0/12 to be added to VLAN200 and VLAN600 in the same way. [SwitchA] interface Ethernet 1/0/12 [SwitchA-Ethernet1/0/12] port link-type hybrid [SwitchA-Ethernet1/0/12] port hybrid vlan 200 tagged [SwitchA-Ethernet1/0/12] port hybrid vlan 600 tagged [SwitchA-Ethernet1 /0/12] quit
& Note: l if you set ports Ethernet1/0/11 and Ethernet1/0/12 to Trunk ports, you also need to add the ports to the corresponding user VLAN and carrier VLAN. L in the preceding example, the default VLAN of all ports is VLAN1 and the port is allowed to pass through vlan1. If you change the default VLAN of a port, you must configure the port to allow the default VLAN to pass through. # Configure Ports Ethernet1/0/10 of SwitchA as the Trunk port and transmit packets of VLAN500 and VLAN600. [SwitchA] interface Ethernet 1/0/10 www.2cto.com [SwitchA-Ethernet1/0/10] port link-type trunk [SwitchA-Ethernet1/0/10] port trunk permit vlan 500 600 [SwitchA-Ethernet1/0/10] quit # configure Ethernet1/ VLAN Mapping of port 0/11, replace the VLAN Tag in the VLAN100 packet with VLAN500. [SwitchA] interface Ethernet 1/0/11 [SwitchA-Ethernet1/0/11] vlan-mapping vlan 100 remark 500 [SwitchA-Ethernet1/0/11] quit # configure VLAN Mapping for port Ethernet1/0/12, replace the VLAN Tag in the VLAN200 packet with the VLAN600. [SwitchA] interface Ethernet 1/0/12 [SwitchA-Ethernet1/0/12] vlan-mapping vlan 200 remark 600
After the above configuration, SwitchA will automatically replace the VLAN Tag of the packet according to the ing rules and send it to the public network for transmission after receiving the user's private packet. To ensure correct interaction of user packets, the same VLAN Mapping rules must be configured on SwitchB on the public network peer end. The configurations are similar to those on SwitchA. Author dengyunwen