01-10 QinQ Configuration

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 10 QinQ Configuration
10 QinQ Configuration
About This Chapter
This chapter describes how to configure 802.1Q-in-802.1Q (QinQ).
10.1 Overview of QinQ

10.2 Understanding QinQ
10.3 Application Scenarios for QinQ
10.4 Summary of QinQ Configuration Tasks
10.5 Licensing Requirements and Limitations for QinQ
10.6 Configuring Basic QinQ
10.7 Configuring Selective QinQ
10.8 Configuring the TPID Value in an Outer VLAN Tag
10.9 Configuring QinQ Stacking on a VLANIF Interface
10.10 Configuring the Device to Add Double VLAN Tags to Untagged Packets
10.11 Configuring QinQ Mapping
10.12 Displaying VLAN Translation Resource Usage
10.13 Configuration Examples for QinQ
10.14 Troubleshooting QinQ
10.15 FAQ About QinQ
10.1 Overview of QinQ
Definition
QinQ expands VLAN space by adding an additional 802.1Q tag to 802.1Q tagged
packets. It allows services in a private VLAN to be transparently transmitted over a
Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 456

Switches
public network. A packet transmitted on the backbone network carries two 802.1Q
tags: a public VLAN tag and a private VLAN tag.
Purpose
Ethernet is widely used on ISP networks, but 802.1Q VLANs are unable to identify
and isolate large numbers of users on metro Ethernet networks because the 12-bit
VLAN tag field defined in IEEE 802.1Q only identifies a maximum of 4096 VLANs.
QinQ was developed to expand VLAN space beyond 4096 VLANs so that a larger
number of users can be identified on a metro Ethernet network.
QinQ was originally developed to expand VLAN space by adding an additional

802.1Q tag to an 802.1Q-tagged packet. In this way, the number of VLANs
increases to 4094 x 4094.
In addition to expanding VLAN space, QinQ is applied in other scenarios with the
development of metro Ethernet networks and carriers' requirements on refined
service operation. The outer and inner VLAN tags can be used to differentiate
packets based on users and services. For example, the inner tag represents a user,
while the outer tag represents a service. Moreover, QinQ is used as a simple and
practical VPN technology because inner tags of QinQ packets are transparently
transmitted over a public network. It extends core MPLS VPN services to metro
Ethernet networks to establish an end-to-end VPN.
Since QinQ technology is easy to use, it has been widely applied in Internet
Service Provider (ISP) networks. For example, QinQ is combined with multiple
services in metro Ethernet solutions. Selective QinQ (VLAN stacking) makes QinQ
more popular among ISPs. As the metro Ethernet develops, equipment vendors
have developed their own metro Ethernet solutions, in which the simple and
flexible QinQ technology plays an important role.
Benefits
QinQ offers the following benefits:
● Extends the VLAN space to isolate and identify more users.
● Facilitates service deployment by allowing the inner and outer tags to
represent different information. For example, the inner tag identifies a user
and the outer tag identifies a service.
● Allows ISPs to implement refined service operation by providing diversified
encapsulation and termination modes.
10.2 Understanding QinQ
10.2.1 QinQ Fundamentals

QinQ expands VLAN space by adding an additional 802.1Q VLAN tag to an
802.1Q-tagged packet. Devices forward packets over the public network according
to outer VLAN tags of the packets, and learn MAC addresses from the outer VLAN
tags. The private VLAN tags in the packets are forwarded as payload of the
packets.

Switches
Figure 10-1 Typical QinQ application

VLAN 1~20 VLAN 1~10
CE2 CE3 CE4

Customer Customer
network B network A
VLAN 4 VLAN 3
PE1 Pubilc PE2

network
VLAN 3 VLAN 4
Customer Customer
network A network B
CE1 CE2
VLAN 1~10 VLAN 1~20
As shown in Figure 10-1, customer network A is divided into private VLANs 1 to

10, and customer network B is divided into private VLANs 1 to 20. The carrier
allocates public VLANs 3 and 4 to customer networks A and B respectively. When
tagged packets from networks A and B arrive at the carrier network, the packets
are tagged outer VLANs 3 and 4. Therefore, the packets from different customer
networks are separated on the carrier network, even though the customer
networks use overlapping VLAN ranges. When the packets reach the PE on the
other side of the carrier network, the PE removes public VLAN tags from the
packets and forwards the packets to the CE of the respective customer network.
QinQ Packet Encapsulation Format

A QinQ packet has a fixed format, in which an 802.1Q tag is added outside the
existing 802.1Q tag of the packet. A QinQ packet has 4 more bytes than an
802.1Q packet.
NOTE
Because a QinQ packet has 4 more bytes than an 802.1Q packet, the maximum frame
length allowed by each interface on the carrier network should be at least 1504 bytes. The
default frame length allowed by interfaces of a switch is larger than 1504 bytes, so you do
not need to adjust it. For details on how to configure the frame length allowed by an
interface, see Setting the Jumbo Frame Length Allowed on an Interface in "Ethernet
Interface Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - Interface Management.

Switches
Figure 10-2 802.1Q encapsulation

802.1Q Encapsulation
DA SA 802.1Q TAG LEN/ETYPE DATA FCS
6 Bytes 6 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes
QinQ Encapsulation
DA SA 802.1Q TAG 802.1Q TAG LEN/ETYPE DATA FCS

6 Bytes 6 Bytes 4 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes
TPID Priority CFI VLAN ID
QinQ Implementation
QinQ can be implemented in either of the following ways:
1. Basic QinQ
Basic QinQ is implemented based on interfaces. After basic QinQ is
configured on an interface, the device adds the default VLAN tag of this
interface to all packets regardless of whether the packets carry VLAN tags.
– If a single-tagged packet is received, the packet becomes a double-
tagged packet.
– If an untagged packet is received, the packet is tagged with the default
VLAN ID of the local interface.
2. Selective QinQ
Selective QinQ is implemented based on interfaces and VLAN IDs. That is, an
interface can forward packets based on a single VLAN tag or double VLAN
tags. In addition, the device processes packets received on an interface as
follows based on their VLAN IDs:
– Adds different outer VLAN tags to packets carrying different inner VLAN
IDs.
– Marks outer 802.1p fields and adds different outer VLAN tags to packets
according to the 802.1p fields in inner VLAN tags.
In addition to separating carrier and customer networks, selective QinQ
provides extensive service features and allows flexible networking.
QinQ Encapsulation
QinQ encapsulation changes a single-tagged packet into a double-tagged packet,
and is usually performed on underlayer provider edge (UPE) interfaces connected
to customer networks.
Depending on the data encapsulated, QinQ encapsulation is applied as interface-
based or flow-based QinQ encapsulation. Additionally, QinQ encapsulation can be
performed on routed sub-interfaces.
● Interface-based QinQ encapsulation

Switches
This encapsulation mode is also called QinQ tunneling. It encapsulates

packets arriving at the same interface with the same outer VLAN tag, and
therefore cannot distinguish users and services at the same time.
● Flow-based QinQ encapsulation
This encapsulation mode classifies packets arriving at an interface into
different flows, and then determines whether to add outer VLAN tags and
which outer VLAN tags to add on a per flow basis. This mode is also called
selective QinQ.
Traffic can be classified based on VLAN ID ranges if a customer uses different
VLAN IDs for different services. For example, PC users access the Internet
through VLANs 101 to 200, IPTV users through VLANs 201 to 300, and VIPs
through VLANs 301 to 400. When receiving service data, the UPE adds outer
tag 100 to packets from PCs, outer tag 300 to packets from IPTV users, and
outer tag 500 to packets from VIPs.
● QinQ encapsulation on sub-interfaces
QinQ encapsulation can be performed on both Layer 2 interfaces and Layer 3
sub-interfaces.
When service data is transparently transmitted over an MPLS/IP core network
using PWE3/VLL/VPLS, a network-end provider edge (NPE) sub-interface adds
an outer VLAN tag to a packet based on the inner VLAN tag. Then the packet
is transmitted on the VLL/PWE3/VPLS network using the outer VLAN tag.
Packets from multiple private VLANs can be transparently transmitted
through a sub-interface, which is called a QinQ stacking sub-interface.
QinQ encapsulation on a sub-interface is also a form of flow-based QinQ
encapsulation. The QinQ stacking sub-interface must be used with the L2VPN
service (PWE3/VLL/VPLS), and cannot support Layer 3 forwarding.
10.2.2 Basic QinQ

Basic QinQ, also called QinQ tunneling, is performed based on interfaces. After
basic QinQ is configured on an interface, packets received on the interface are
tagged with the default VLAN ID of the interface. After being processed by basic
QinQ on an interface, single-tagged packets change into double-tagged packets,
and untagged packets change into single-tagged packets with the default VLAN
tag of the interface.
Basic QinQ can be configured to expand VLAN space when multiple VLANs are
required.
As shown in Figure 10-3, Department 1 has two offices and Department 2 has
three offices. These offices are connected to PE1 and PE2 respectively. Department
1 and Department 2 can plan their own VLANs as required.

Switches
Figure 10-3 Networking diagram of QinQ tunneling

Department 2 Department 2
PE2
Port1 Port2
…… Port3 ……
PE1 Port4
VLAN1000 VLAN4094 VLAN500 VLAN2500
Port1 Port2
Port3
…… ……
……
VLAN2 VLAN500 VLAN1000 VLAN2000 VLAN100 VLAN500
Department 1 Department 2 Department 1
Table 10-1 shows the outer VLAN tag plan for Department 1 and Department 2.
Table 10-1 VLAN plan for Department 1 and Department 2

Department VLAN ID Range Outer VLAN ID
Department 1 2 to 500 10
Department 2 500 to 4094 20
QinQ tunneling is configured on PE1 and PE2 in the following way to implement
communication within each department and isolate the two departments:
● Configure PE1 to add the outer VLAN 10 to packets received on Port1 and
Port2 and outer VLAN 20 to packets received on Port3.
● Configure PE2 to add the outer VLAN 20 to packets received on Port1 and
Port2.
● Configure Port4 on PE1 and Port3 on PE2 to allow packets of VLAN 20 to
pass.

Switches
10.2.3 Selective QinQ

Selective QinQ, also called VLAN stacking or QinQ stacking, is performed based on
interfaces and VLAN IDs. In addition to basic QinQ functions, selective QinQ has
the following functions:
● VLAN ID-based selective QinQ: adds outer VLAN tags based on inner VLAN
IDs.
● 802.1p priority-based selective QinQ: adds outer VLAN tags based on 802.1p
priorities in inner VLAN tags.
● Traffic policy-based selective QinQ: adds outer VLAN tags based on traffic
policies so that differentiated services can be provided based on service types.
Selective QinQ is an extension of basic QinQ and is more flexible. The difference is
as follows:
● Basic QinQ: adds the same outer VLAN tag to all packets arriving at a Layer 2
interface.
● Selective QinQ: adds different outer VLAN tags to packets arriving at a Layer
2 interface based on inner VLAN tags.
As shown in Figure 10-4, Department 1 and Department 2 have multiple offices.
Figure 10-4 Networking diagram of selective QinQ

PE2
Port1 Port2
…… Port3 ……
PE1 Port3

Port1 Port2
……
……
……
VLAN100 VLAN500
Department 1

Switches
Table 10-2 VLAN plan for Department 1 and Department 2

Device Interface VLAN ID Range Outer VLAN ID
PE1 Port1 2 to 500 10
Port1 1000 to 2000 20
Port2 100 to 500 10
PE2 Port1 1000 to 4094 20
Port2 500 to 2500 20
● Department 1 uses VLANs 2 to 500.

● Department 2 uses VLANs 500 to 4094.
● Port1 on PE1 receives packets from VLANs of Department 1 and Department
2 simultaneously.
Selective QinQ is configured on PE1 and PE2 in the following way to implement
communication within each department and isolate the two departments.
● Configure outer VLAN tags for packets received on interfaces of PE1 and PE2
according to Table 10-2.
● Configure Port3 on PE1 and Port3 on PE2 to allow packets of VLAN 20 to
pass.
10.2.4 VLAN Stacking on a VLANIF Interface

As shown in Figure 10-5, DeviceA is connected to DeviceB through a third-party
network. DeviceB is configured with the management VLAN. The management
VLAN ID is the same as the VLAN ID of the downstream user connected to
DeviceA but different from the S-VLAN ID.
Figure 10-5 Networking diagram of VLAN stacking on a VLANIF interface

IP 10 20 DeviceB
Internet
DeviceA
IP 10 Management VLAN 10
Interface VLANIF 10
user2
user1
VLAN 10

Switches
To log in to DeviceB and manage VLANs from DeviceA, you can configure VLAN
stacking on the VLANIF interface corresponding to the management VLAN on
DeviceB.
● If the double-tagged packets sent to the ISP network have the same outer
VLAN tags as the S-VLAN tags, the packets can be transparently transmitted
to DeviceB over the ISP network.
DeviceB enabled with QinQ stacking compares the VLAN tag of the received
packets with the VLAN tag on the VLANIF interface. If the packets have the
same outer tag as that on the VLANIF interface, DeviceB removes the outer
VLAN tag and sends the packet to the IP layer for processing.
● The VLANIF interface enabled with QinQ stacking on DeviceB adds outer
VLAN tags to received data packets. The outer VLAN tag is the same as the S-
VLAN tag. In this case, the double-tagged packets can be transparently
transmitted to DeviceA over the ISP network. After receiving the packets,
DeviceA removes the outer VLAN tag and forwards the packets to local users.
10.2.5 TPID
The Tag Protocol Identifier (TPID) specifies the protocol type of a VLAN tag. The
TPID value defined in IEEE 802.1Q is 0x8100.
Figure 10-6 shows the Ethernet packet format defined in IEEE 802.1Q. An IEEE
802.1Q tag, containing the TPID, lies between the Source Address field and the
Length/Type field. A device checks the TPID value in a received packet to
determine whether the VLAN tag is an S-VLAN tag or C-VLAN tag. The device
compares the configured TPID value with the TPID value in the packet. For
example, if a frame carries the VLAN tag with TPID 0x8100 but the TPID
configured for a customer network on a device is 0x8200, the device considers the
frame untagged.
Figure 10-6 802.1Q encapsulation

802.1Q Encapsulation
DA SA 802.1Q TAG Length/Type Data FCS
6 Bytes 6 Bytes 4 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes
TPID 2 Bytes TCI 2 Bytes
0X8100 Priority CFI VLAN ID

3bits 1bit 12bits
Carrier's systems may use different TPID values in outer VLAN tags. When a
Huawei device needs to interoperate with such a carrier system, set the TPID value
to the value used by the carrier so that QinQ packets sent from the Huawei device
can be transmitted across the carrier network. To prevent errors in packet
forwarding and processing, do not set the TPID to any of values listed in Table
10-3.

Switches
Table 10-3 Protocol types and values
Protocol Type Value
ARP 0x0806
RARP 0x8035
IP 0x0800
IPv6 0x86DD
PPPoE 0x8863/0x8864
MPLS 0x8847/0x8848
IPX/SPX 0x8137
LACP 0x8809
802.1x 0x888E
HGMP 0x88A7
Reserved 0xFFFD/0xFFFE/0xFFFF
10.2.6 QinQ Mapping
Implementation
QinQ mapping is performed after packets are received on the inbound interface
and before packets are forwarded through the outbound interface.
● Before sending a packet from a local VLAN, a sub-interface replaces the VLAN
tag of the packet sent with a specified VLAN tag.
● After receiving a packet, a sub-interface replaces the VLAN tag of packet with
a local VLAN tag.
In real-world applications, QinQ mapping can map customer VLAN (C-VLAN) tags
to a service VLAN (S-VLAN) tag to shield different customer VLANs.
QinQ mapping is generally deployed on edge devices of a metro Ethernet and

often used to map a VLAN tag carried in a packet to a specified VLAN tag before
the packet is transmitted on the public network. QinQ mapping applies to the
following scenarios:
● The VLAN IDs deployed in new sites and old sites conflict, but new sites need
to communicate with old sites.
● Sites connected to the public network use conflicting VLAN IDs but do not
need to communicate with one another.
● The VLAN IDs on both ends of the public network are different.
Currently, the device supports the following QinQ mapping modes:

● 1-to-1 mapping

Switches
When a sub-interface receives a single-tagged packet, it maps the VLAN tag

to a specified tag.
● 2-to-1 mapping
When a sub-interface receives a double-tagged packet, it maps the outer
VLAN tag to a specified tag and retains the inner VLAN tag.
Figure 10-7 QinQ mapping

IP 50 IP 50
Device2 ISP Device3
GE0/0/2 VLAN Tag:50
GE0/0/2
GE0/0/1.1 GE0/0/1.1
QinQ Mapping
IP 20 IP 40
Device1 Device4
PC1 PC2
172.16.0.1/24 172.16.0.7/24
As shown in Figure 10-7, 1-to-1 QinQ mapping is configured on GE0/0/1.1

interfaces of Device2 and Device3. Frames sent from PC1 to PC2 are processed as
follows:
1. PC1 sends an untagged frame to Device1. After receiving the frame, Device1
adds VLAN tag 20 to the frame.
2. Device1 forwards the frame with VLAN tag 20 to Device2. Device2 replaces
VLAN tag 20 with S-VLAN tag 50 on sub-interface GE0/0/1.1.
3. Device2 sends the frame with S-VLAN tag 50 through GE0/0/2.
4. The frame is transparently transmitted on the ISP network.
5. When the frame arrives at GE0/0/1.1 of Device3, Device3 replaces VLAN tag
50 with VLAN tag 40.
Frames sent from PC2 to PC1 are processed in a similar way.
QinQ mapping allows PC1 to communicate with PC2.
Comparison Between QinQ Mapping and VLAN Mapping

Table 10-4 compares QinQ mapping and VLAN mapping.

Switches
Table 10-4 Comparison between QinQ mapping and VLAN mapping

Mapping Similarity Difference
1-to-1 The interface maps the ● QinQ mapping is performed on sub-

tag in a received single- interfaces and used for VPLS access.
tagged packet to a ● VLAN mapping is performed on main
specified tag. interfaces and applies to Layer 2
networks where packets are
forwarded based on VLANs.
2-to-1 The interface maps the ● QinQ mapping is performed on sub-

outer tag of a received interfaces and used for VPLS access.
double-tagged packet ● VLAN mapping is performed on main
to a specified tag and interfaces and applies to Layer 2
retains the inner tag. networks where packets are
The inner tag is forwarded based on VLANs.
transparently
transmitted as service
data.
10.3 Application Scenarios for QinQ

Switches
10.3.1 Public User Services on a Metro Ethernet Network

Figure 10-8 QinQ application on a metro Ethernet network
Core Network
NPE NPE
VLAN 1001 VLAN 1XX
VLAN 2001 VLAN 3XX
VLAN 1000 VLAN 1XX VRRP VLAN 3001 VLAN 5XX
VLAN 2000 VLAN 3XX Metro
VLAN 3000 VLAN 5XX Ethernet
UPE
VLAN 101 VLAN 101
VLAN 301 VLAN 301
VLAN 501 VLAN 501
HSI VOIP IPTV HSI VOIP IPTV
PVC101
PVC301
PVC501
As shown in Figure 10-8, the digital subscriber line access multiplexers (DSLAMs)
support multiple permanent virtual channels (PVCs) so that a same user can use
multiple services, such as High-Speed Internet (HSI), Internet Protocol Television
(IPTV), and voice over IP (VoIP).
The carrier assigns different PVCs and VLAN ranges to HSI, IPTV, and VoIP services,
as described in Table 10-5.
Table 10-5 Example of VLAN assignment
Service VLAN Range
HSI 101 to 300
VoIP 301 to 500
IPTV 501 to 700

Switches
A user accesses the VoIP service. When a VoIP packet reaches a DSLAM through a
specified PVC, the DSLAM marks the packet with a VLAN in the VLAN range
mapped to the PVC, such as 301. When the VoIP packet reaches the UPE, the UPE
tags the packets with an outer VLAN ID mapping the VoIP VLAN ID range, such as
2000. The inner VLAN ID represents user information and the outer VLAN ID
represents service information and the location of the DSLAM (packets from
different DSLAMs are tagged with different outer VLAN IDs). When the packet
reaches the NPE indicated by the outer VLAN tag, the VLAN tag is terminated on
the QinQ termination sub-interface. According to the core network configuration,
the packet is forwarded on the IP network or enters the corresponding VPN.
HSI and IPTV services are processed in the same manner, except that VLAN tags of
HSI services are terminated on a broadband remote access server (BRAS).
The NPE can perform HQoS scheduling based on double tags and generate a
DHCP binding table to avoid network attacks. In addition, the NPE can implement
DHCP authentication based on double tags or other information. You can also
configure VRRP on QinQ termination sub-interfaces to ensure service reliability.
10.3.2 Enterprise Network Connection Through Private Lines

As shown in Figure 10-9, an enterprise has two sites in different places. Each site
has three networks: Finance, Marketing, and Others. To ensure network security,
the enterprise requires that users belonging to different networks be unable to
communicate with each other.
Figure 10-9 Private line connection between enterprise users

Outside:VLAN 1000 Inside:VLAN 100 Outside:VLAN 1000 Inside:VLAN 100
ME MPLS/IP ME
UPE NPE NPE UPE
VLAN 100 VLAN 100 VLAN 100
Others
Others
Finance Finance VLAN 300
VLAN 300
VLAN 100 VLAN 100
Marketing Marketing
VLAN 200 VLAN 200
The carrier uses VPLS technology on the MPLS/IP core network and QinQ
technology on the metro Ethernet network. Each site is assigned three VLANs 100,
200 and 300, which represent Finance, Marketing, and Others departments
respectively. The UPEs at two ends tag received packets with outer VLAN 1000
(different outer VLAN tags are allowed on two ends), and the same VSI is

Switches
configured on the NPEs. This configuration ensures that only users of the same
VLAN in different sites can communicate with each other.
10.4 Summary of QinQ Configuration Tasks

Table 10-6 describes the QinQ configuration tasks.
Table 10-6 QinQ configuration tasks

Scenario Description Task
Configure basic QinQ After basic QinQ is 10.6 Configuring Basic

configured, the switch QinQ
adds a public tag to
incoming packets so that
user packets can be
forwarded on the public
network.
Configure selective QinQ Selective QinQ based on 10.7 Configuring

the VLAN ID enables the Selective QinQ
switch to add different
outer VLAN tags to
received data frames
according to VLAN IDs in
the frames.
Set the TPID value in an This configuration allows 10.8 Configuring the
outer VLAN tag a Huawei device to TPID Value in an Outer
communicate with a VLAN Tag
non-Huawei device.
Configure QinQ stacking To log in to a remote 10.9 Configuring QinQ

on a VLANIF interface device and manage the Stacking on a VLANIF
device, configure QinQ Interface
stacking on the VLANIF
interface corresponding
to the management
VLAN of the remote
device.
Configure the device to The device can be 10.10 Configuring the

add double VLAN tags to configured to add double Device to Add Double
untagged packets VLAN tags to untagged VLAN Tags to Untagged
packets. Packets
Configure QinQ mapping QinQ mapping maps C- 10.11 Configuring QinQ

VLAN tags to S-VLAN Mapping
tags to shield different
C-VLAN tags.

Switches
10.5 Licensing Requirements and Limitations for QinQ
Involved Network Elements

Other network elements are not required.
Licensing Requirements
QinQ configuration commands are available only after the S1720GW, S1720GWR,
and S1720X have the license (WEB management to full management Electronic
RTU License) loaded and activated and the switches are restarted. QinQ
configuration commands on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.
Version Requirements
Table 10-7 Products and versions supporting QinQ
Product Product Software Version

Model
S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GWR
S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GWR
-E
S1720X, V200R011C00, V200R011C10

S1720X-E
Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.
S2700 S2700SI Not supported
S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

NOTE
The S2700EI does not support selective QinQ.
S2710SI Not supported
S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10

Switches

Model
S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10
S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)
S3700EI V100R005C01, V100R006(C00&C01&C03&C05)
S3700HI V100R006C01, V200R001C00
S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10
S5710-C-LI V200R001C00
S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)
S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00
S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)
S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10
S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI
S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10
S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)
S5710HI V200R003C00, V200R005(C00&C02&C03)
S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S5730SI V200R011C10

Switches

Model
S5730S-EI V200R011C10
S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)
S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10
S6720LI, V200R011C00, V200R011C10

S6720S-LI
S6720SI, V200R011C00, V200R011C10

S6720S-SI
NOTE
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
● For the points of attention when configuring QinQ on a sub-interface, see 8.4
Licensing Requirements and Limitations for VLAN Termination.
● The devices listed in Table 10-8 can add double tags to untagged packets.
Table 10-8 Products and versions supporting the function of adding double
tags to untagged packets

Model
S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S1720GW, V200R010C00, V200R011C00, V200R011C10

S1720GW
R
S1720GW- V200R010C00, V200R011C00, V200R011C10

E,
S1720GW
R-E
S1720X, V200R011C00, V200R011C10

S1720X-E
Other Models that cannot be configured using

S1700 commands. For details about features and
models versions, see S1700 Documentation Bookshelf.

Switches

Model
S2700EI Not supported
S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10
S2750EI V200R003C00, V200R005C00SPC300,

V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S3700HI Not supported
S5700 S5700LI V200R003 (C00&C02&C10),

V200R005C00SPC300, V200R006C00,
V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10
S5700S-LI V200R003C00, V200R005C00SPC300,

V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S5710-C- Not supported

LI
S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S5710EI V200R003C00, V200R005 (C00&C02)
S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10
S5720LI, V200R010C00, V200R011C00, V200R011C10

S5720S-LI
S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10
S5700HI V200R002C00, V200R003C00, V200R005

(C00SPC500&C01&C02)
S5710HI V200R003C00, V200R005(C00&C02&C03)

Switches

Model
S5720HI V200R006C00, V200R007(C00&C10),

V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10
S5730SI V200R011C10
S5730S-EI V200R011C10
S6700 S6700EI V200R003C00, V200R005 (C00&C01&C02)
S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10
S6720LI, V200R011C00, V200R011C10

S6720S-LI
S6720SI, V200R011C00, V200R011C10

S6720S-SI
● The switch forwards packets based only on their outer VLAN tags and learns
MAC address entries based on the outer VLAN tags.
● Selective QinQ is recommended to be enabled on a hybrid interface and the
qinq vlan-translation enable command must have been executed to enable
VLAN translation. Selective QinQ can only take effect on the interface in the
inbound direction.
● When an interface configured with VLAN stacking needs to remove the outer
tag from outgoing frames, the interface must join the VLAN specified by
stack-vlan in untagged mode. If the outer VLAN does not need to be
removed, the interface must join the VLAN specified by stack-vlan in tagged
mode.
● The device configured with selective QinQ can only add an outer VLAN tag to
a frame with an inner VLAN tag on an interface, and the outer VLAN ID must
exist. Otherwise, the services where selective QinQ is configured are
unavailable.
● A VLAN bound to a BD cannot be specified as the value of stack-vlan (that is,
the outer VLAN ID added to frames) in VLAN stacking commands. Similarly, a
VLAN specified as the value of stack-vlan in VLAN stacking commands cannot
be bound to a BD.
● If only single-tagged packets from a VLAN need to be transparently
transmitted, do not specify the VLAN as the inner VLAN for selective QinQ.
After selective QinQ is configured on the S3700EI, S3700SI, or S5700EI, VLAN
mapping, for example, port vlan-mapping vlan 20 map-vlan 20, must be
configured to map the VLAN to itself from which single-tagged packets need
to be transparently transmitted.
● When VLAN stacking is configured, do not configure stack-vlan to the VLAN
corresponding to the VLANIF interface.

Switches
● VLAN-based flow mirroring allows the device to identify only outer VLAN tags
of QinQ packets.
● The globally configured traffic-limit command that takes effect for all
interfaces in the inbound direction is invalid for QinQ packets.
● ND snooping and adding double tags to untagged packets can be configured
together on the S5720EI, S5720HI, S6720EI and S6720S-EI.
● SAVI and adding double tags to untagged packets can be configured together
on the S5720EI, S5720HI, S6720EI and S6720S-EI.
● If the PW-side interface is a Layer 3 interface switched by the undo
portswitch command, the AC-side interface cannot be a Layer 3 interface or
subinterface belonging to a Layer 3 interface; otherwise, traffic forwarding is
abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.
10.6 Configuring Basic QinQ
Background
Basic QinQ enables the device to add a public tag to incoming packets so that
user packets can be forwarded on the public network. To separate private
networks from public networks and conserve VLAN resources, configure double
802.1Q tags on QinQ interfaces of the device. Private VLAN tags are used on
private networks such as enterprise networks, and public VLAN tags are used on
external networks such as ISP networks. QinQ expands VLAN space to 4094x4094
and allows packets on different private networks with the same VLAN IDs to be
transparently transmitted.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN used on the public network is created.
Step 3 Run quit
Exit from the VLAN view.
Step 4 Run interface interface-type interface-number
The interface view is displayed.
The interface can be a physical interface or an Eth-Trunk interface.
Step 5 Run port link-type dot1q-tunnel
The link type of the interface is set to Dot1q-tunnel.
By default, the link type of an interface on the S1720GFR, S1720GW, S1720GWR,

S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2750EI, S2720EI, S5700LI, S5700S-
LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI, S5730SI, S5730S-EI,

Switches
S6720SI, S6720S-SI, S5720SI, and S5720S-SI is negotiation-auto, and the link type
of an interface on other models is negotiation-desirable.
Dot1q-tunnel interfaces do not support Layer 2 multicast.
Step 6 Run port default vlan vlan-id
The VLAN ID of the public VLAN tag, that is, the default VLAN of the interface, is
configured.
By default, VLAN 1 is the default VLAN of all interfaces.
----End
Verifying the Configuration

● Run the display current-configuration interface interface-type interface-
number command to check the QinQ configuration on the interface.
10.7 Configuring Selective QinQ

Selective QinQ is implemented based on interfaces and VLAN IDs.
Pre-configuration Tasks
Before configuring selective QinQ, create the outer VLAN.
10.7.1 Configuring VLAN ID-based Selective QinQ
Context
VLAN ID-based selective QinQ allows an interface to add outer VLAN tags to
packets based on VLAN IDs of the packets.
NOTE
● Selective QinQ is recommended to be enabled on a hybrid interface and the qinq vlan-
translation enable command must have been executed to enable VLAN translation.
Selective QinQ can only take effect on the interface in the inbound direction.
● The device configured with selective QinQ can only add an outer VLAN tag to a frame with
an inner VLAN tag on an interface, and the outer VLAN ID must exist. Otherwise, the
services where selective QinQ is configured are unavailable.
● When an interface configured with VLAN stacking needs to remove the outer tag from
outgoing frames, the interface must join the VLAN specified by stack-vlan in untagged
mode. If the outer VLAN does not need to be removed, the interface must join the VLAN
specified by stack-vlan in tagged mode.
Procedure

Switches
The interface can be a physical interface or an Eth-Trunk interface.

Step 3 Run port link-type hybrid
The link type of the interface is set to hybrid.
Step 4 Run port hybrid untagged vlan vlan-id
The interface is added to the VLAN in untagged mode.
The specified VLAN ID in the command must exist on the device. You do not need
to create a VLAN specified by the original VLAN tag of a received packet.
Step 5 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.
Step 6 When configuring selective QinQ, perform the following configurations as
required:
● Configure only selective QinQ.
Run the port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3
[ remark-8021p 8021p-value1 ] command to configure only selective QinQ.
By default, the priority in the outer VLAN tag is the same as that in the inner
VLAN tag.
● Configure selective QinQ and VLAN mapping.
Run the port vlan-stacking vlan vlan-id1 stack-vlan vlan-id2
[ remark-8021p 8021p-value1 ] map-vlan vlan-id4 [ remark-inner-8021p
8021p-value2 ] command to configure selective QinQ and VLAN mapping.
By default, the priority in the outer VLAN tag is the same as that in the inner
VLAN tag.
NOTE
When map-vlan vlan-id4 is configured to perform VLAN stacking and VLAN mapping
concurrently, on switches other than the S5720EI, S5720HI, S6720EI, and S6720S-EI,
the same outer VLAN tag cannot be added to packets from different user VLANs. On
the S5720EI, S5720HI, S6720EI, and S6720S-EI, the same outer VLAN tag cannot be
added to packets from different user VLANs, and different inner VLAN tags in packets
from different user VLANs cannot be matched to the same VLAN tag. For example, if
packets containing VLAN IDs 10 and 20 respectively are received on an interface, the
port vlan-stacking vlan 10 stack-vlan 100 map-vlan 200 and port vlan-stacking
vlan 20 stack-vlan 100 map-vlan 200 commands cannot be configured together.
Step 7 Run quit

Exit from the interface view.
The view of another interface is displayed.
This interface is the outbound interface for QinQ packets, different from the
interface specified in step 2.

Switches
Step 9 Run port link-type trunk

The link type of the interface is set to trunk.
Step 10 Run port trunk allow-pass vlan vlan-id3
The outer VLAN ID (stack-vlan) added to the original tagged packet is set.
----End

● Run the display current-configuration interface interface-type interface-
number command to check the selective QinQ configuration on the interface.
Configuration Tips
Deleting QinQ configuration
Use either of the following methods to delete the selective QinQ configuration on
an interface:
● Run the undo port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] [ stack-vlan
vlan-id3 ] command in the interface view to delete a selective QinQ entry on
the interface.
● Run the undo port vlan-stacking all command in the interface view to
delete all the selective QinQ entries on the interface.
10.7.2 Configuring MQC-based Selective QinQ

Context
A traffic policy is configured by associating traffic classifiers with traffic behaviors.
You can specify a VLAN ID or other information in a traffic classifier and associate
the traffic classifier with a traffic behavior to implement selective QinQ. Then the
device adds the specified outer VLAN tag to packets matching the traffic classifier.
Traffic policy-based selective QinQ enables the device to provide differentiated
services based on service types.
NOTE
Only the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-
SI support this configuration.
Procedure
1. Configure a traffic classifier.
a. Run system-view
b. Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or
the existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier,
which means that:

Switches
▪ If the traffic classifier contains ACL rules, packets match the traffic
classifier only when they match one ACL rule and all the non-ACL
rules.
▪ If the traffic classifier does not contain any ACL rules, packets match
the traffic classifier only when they match all the rules in the
classifier.
The logical operator or means that packets match the traffic classifier as
long as they match one of rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
c. Configure matching rules according to the following table.
Matchin Command Remarks
g Rule
Outer if-match vlan-id start-vlan-id -

VLAN ID [ to end-vlan-id ] [ cvlan-id
or inner cvlan-id ]
and outer
VLAN IDs
of QinQ
packets
Inner and if-match cvlan-id start-vlan-id -

outer [ to end-vlan-id ] [ vlan-id
VLAN IDs vlan-id ]
in QinQ
packets
802.1p if-match 8021p 8021p-value If you enter multiple

priority in &<1-8> 802.1p priority values in
VLAN one command, a packet
packets matches the traffic
classifier as long as it
matches any one of the
802.1p priorities,
regardless of whether the
relationship between
rules in the traffic
classifier is AND or OR.
Destinati if-match destination-mac -

on MAC mac-address [ mac-address-
address mask ]
Source if-match source-mac mac- -
MAC address [ mac-address-mask ]
address

Switches

g Rule
Protocol if-match l2-protocol { arp | ip -

type field | mpls | rarp | protocol-value }
in the
Ethernet
frame
header
All if-match any -

packets
DSCP if-match dscp dscp-value ● If you enter multiple

priority in &<1-8> DSCP values in one
IP command, a packet
packets matches the traffic
classifier as long as it
matches any one of
the DSCP values,
regardless of whether
the relationship
between rules in the
traffic classifier is AND
or OR.
● If the relationship
between rules in a
traffic classifier is AND,
the if-match dscp and
if-match ip-
precedence
commands cannot be
used in the traffic
classifier
simultaneously.

Switches

g Rule
IP if-match ip-precedence ip- ● The if-match dscp and

preceden precedence-value &<1-8> if-match ip-
ce in IP precedence
packets commands cannot be
configured in a traffic
classifier in which the
rules is AND.
● If you enter multiple IP
precedence values in
one command, a
packet matches the
traffic classifier as long
as it matches any one
of the IP precedence
values, regardless of
whether the
Layer 3 if-match protocol { ip | ipv6 } -

protocol
type
SYN Flag if-match tcp syn-flag { syn- -

in the flag-value | ack | fin | psh | rst
TCP | syn | urg }
packet
Inbound if-match inbound-interface A traffic policy containing

interface interface-type interface- this matching rule cannot
number be applied to the
outbound direction or in
the interface view.

Switches

g Rule
ACL rule if-match acl { acl-number | ● When an ACL is used

acl-name } to define a traffic
classification rule, it is
recommended that the
ACL be configured first.
● If an ACL in a traffic
classifier defines
multiple rules, a packet
matches the ACL as
long as it matches one
of rules, regardless of
whether the
ACL6 rule if-match ipv6 acl { acl- Before specifying an ACL6

number | acl-name } in a matching rule,
configure the ACL6.
d. Run quit
Exit from the traffic classifier view.
2. Configure a traffic behavior.
a. Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed.
b. Run add-tag vlan-id vlan-id
The outer VLAN ID is specified in the traffic behavior.
You must specify an existing VLAN ID on the device in this command. You
do not need to create a VLAN specified by the original VLAN tag of a
received packet.
c. Run quit
Exit from the traffic behavior view.
d. Run quit
Exit from the system view.
3. Configure a traffic policy.
a. Run system-view
b. Run traffic policy policy-name
A traffic policy is created and the traffic policy view is displayed, or the
view of an existing traffic policy is displayed.
After a traffic policy is applied, you cannot use the traffic policy
command to modify the matching order of traffic classifiers in the traffic
policy. To modify the matching order, delete the traffic policy, create a
traffic policy, and specify the matching order.

Switches
When creating a traffic policy, you can specify the matching order of its
matching rules. The matching order can be either automatic order or
configuration order:
▪ Automatic order: Traffic classifiers are matched based on the

priorities of their types. Traffic classifiers based on the following
information are in descending order of priority: Layer 2 and IPv4
Layer 3 information, advanced ACL6 information, basic ACL6
information, Layer 2 information, IPv4 Layer 3 information, and user-
defined ACL information. If data traffic matches multiple traffic
classifiers, and the traffic behaviors conflict with each other, the
traffic behavior corresponding to the highest priority rule takes
effect.
▪ Configuration order: Traffic classifiers are matched based on the

sequence in which traffic classifiers were bound to traffic behaviors.
NOTE
If more than 128 ACL rules defining CAR are configured, a traffic policy must be
applied to an interface, a VLAN, and the system in sequence in the outbound
direction. In the preceding situation, if you need to update ACL rules, delete the
traffic policy from the interface, VLAN, and system and reconfigure it in
sequence.
c. Run classifier classifier-name behavior behavior-name
A traffic behavior is bound to a traffic classifier in the traffic policy.
d. Run quit
Exit from the traffic policy view.
e. Run quit
Exit from the system view.
4. Apply the traffic policy.
– Applying a traffic policy to an interface
i. Run system-view
ii. Run interface interface-type interface-number
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the interface.
A traffic policy can be applied to only one direction on an interface,
but a traffic policy can be applied to different directions on different
interfaces. After a traffic policy is applied to an interface, the system
performs traffic policing for all the incoming or outgoing packets
that match traffic classification rules on the interface.
– Applying a traffic policy to a VLAN
i. Run system-view
ii. Run vlan vlan-id
The VLAN view is displayed.

Switches
iii. Run traffic-policy policy-name { inbound | outbound }

A traffic policy is applied to the VLAN.
Only one traffic policy can be applied to a VLAN in the inbound or
outbound direction.
After a traffic policy is applied, the system performs traffic policing
for the packets that belong to a VLAN and match traffic classification
rules in the inbound or outbound direction.
– Applying a traffic policy to the system
i. Run system-view
ii. Run traffic-policy policy-name global { inbound | outbound } [ slot
slot-id ]
A traffic policy is applied to the system.
Only one traffic policy can be applied to the system or slot in one
direction. A traffic policy cannot be applied to the same direction in
the system and slot simultaneously.
○ In a stack, a traffic policy that is applied to the system takes
effect on all the interfaces and VLANs of all the member
switches in the stack. The system then performs traffic policing
for all the incoming and outgoing packets that match traffic
classification rules on all the member switches. A traffic policy
that is applied to a specified slot takes effect on all the
interfaces and VLANs of the member switch with the specified
stack ID. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on this member switch.
○ On a standalone switch, a traffic policy that is applied to the
system takes effect on all the interfaces and VLANs of the local
switch. The system then performs traffic policing for all the
incoming and outgoing packets that match traffic classification
rules on the local switch. Traffic policies applied to the slot and
system have the same functions.

● Run the display traffic classifier user-defined [ classifier-name ] command
to check the traffic classifier configuration on the device.
● Run the display traffic behavior user-defined [ behavior-name ] command
to check the traffic behavior configuration on the device.
● Run the display traffic policy user-defined [ policy-name [ classifier
classifier-name ] ] command to check the user-defined traffic policy
configuration.
● Run the display traffic-applied [ interface [ interface-type interface-
number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to
check traffic actions and ACL rules associated with the system, a VLAN, or an
interface.
● Run the display traffic policy { interface [ interface-type interface-number ]
| vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the
traffic policy configuration on the device.

Switches
● Run the display traffic-policy applied-record [ policy-name ] command to

check the record of the specified traffic policy.
10.8 Configuring the TPID Value in an Outer VLAN Tag
Context
Devices from different vendors or in different network plans may use different
TPID values in VLAN tags of VLAN packets. To adapt to an existing network plan,
the switch supports TPID value configuration. You can set the TPID value on the
switch to be the same as the TPID value in the network plan to ensure
compatibility with the current network.
NOTE
● To implement interoperability with a non-Huawei device, ensure that the protocol type
in the outer VLAN tag added by the switch can be identified by the non-Huawei device.
● The qinq protocol command identifies incoming packets, and adds or changes the TPID
value of outgoing packets.
● The protocol ID configured on an interface by the qinq protocol command must be
different from other commonly used protocol IDs; otherwise, the interface cannot
distinguish packets of these protocols. For example, protocol-id cannot be set to 0x0806,
which is the ARP protocol ID.
Procedure
Step 3 Run qinq protocol protocol-id
The protocol type in the outer VLAN tag is set.
The qinq protocol command cannot be used on Dot1q-tunnel interfaces.
By default, the TPID value in the outer VLAN tag is 0x8100.
----End

Run the display this command in the interface view to check the configured
protocol type of the outer VLAN tag.
10.9 Configuring QinQ Stacking on a VLANIF Interface

Switches
Context
To log in to a remote device from the local device to manage the remote device,
configure QinQ stacking on the VLANIF interface corresponding to the
management VLAN on the remote device. As shown in Figure 10-10, SwitchA is
connected to SwitchB through a third-party network. The management VLAN on
SwitchB is the same as the VLAN for users connected to SwitchA and is different
from the VLAN provided by the carrier.
Figure 10-10 Networking for QinQ stacking on a VLANIF interface

20 10 IP SwitchB
Internet
SwitchA
10 IP Management VLAN 10
Interface VLANIF 10
user2
user1
VLAN 10
To log in to SwitchB from SwitchA, you can configure QinQ stacking on the
VLANIF interface corresponding to the management VLAN on SwitchB.
● Packet sent from SwitchA to SwitchB
The user-side interface on SwitchA configured with QinQ sends double-tagged
packets to the ISP network. The outer VLAN tag is the same as the VLAN tag
provided by the carrier so that the packets can be transparently transmitted to
SwitchB over the ISP network.
When SwitchB receives a double-tagged packet, it compares the VLAN tag of
the packet with the VLAN tag configured on the VLANIF interface. If the outer
tag of the packet is the same as the VLAN tag configured on the VLANIF
interface, SwitchB removes the outer tag and sends the packet to the IP layer
for processing.
● Packet sent from SwitchB to SwitchA
When the VLANIF interface of SwitchB receives a data packet, SwitchB adds a
VLAN tag to the packet according to the QinQ stacking configuration. The
new outer VLAN tag is the same as the VLAN tag provided by the carrier so
that the double-tagged data packet can be transparently transmitted to
SwitchA over the ISP network. SwitchA removes the outer VLAN tag of the
packet and forwards the packet.
Before configuring QinQ stacking on a VLANIF interface, complete the following
tasks:

Switches
● Create a VLAN.
● Configure a management VLAN.
Procedure
Step 2 Run interface vlanif vlan-id
The VLANIF interface corresponding to the management VLAN is created.
Before running this command, ensure that the management VLAN exists.
Step 3 Run qinq stacking vlan vlan-id
QinQ stacking is configured on the VLANIF interface.
NOTE
● When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF
interface corresponds to the management VLAN. VLANIF interfaces corresponding to
other VLANs do not support QinQ stacking.
● Before changing the configured outer VLAN, run the undo qinq stacking vlan
command to delete the original QinQ stacking.
● The qinq stacking vlan and icmp host-unreachable send commands cannot be used
together, so you must run the undo icmp host-unreachable send command before
using the qinq stacking vlan command.
● The outer VLAN added to packets must be an existing VLAN with no VLANIF interface
configured.
----End
Follow-up Procedure
● Run the display vlan [ vlan-id [ verbose ] ] command to check the
management VLAN.
● Run the display this command in the VLANIF interface view to check the
QinQ stacking configuration.
10.10 Configuring the Device to Add Double VLAN Tags

to Untagged Packets
Context
Generally, two devices are required to add double tags to packets. Configuring one
device to add double VLAN tags to untagged packets can simplify configuration.
In addition, a Layer 2 interface can add double tags to untagged packets to
differentiate services or users.

Switches
Procedure
Step 2 Run vlan vlan-id
The outer VLAN is created.
Step 3 Run quit
Return to the system view.
Step 5 Run port link-type hybrid
The link type of the interface is set to hybrid.
Step 6 Run qinq vlan-translation enable
VLAN translation is enabled on the interface.
Step 7 Run port hybrid untagged vlan vlan-id
The interface is added to the outer VLAN.
Step 8 Run port vlan-stacking untagged stack-vlan vlan-id1 stack-inner-vlan vlan-id2
The interface is configured to add double VLAN tags to untagged packets.

Switches
NOTE
To enable an interface to add double VLAN tags to an untagged packet, you must set the
link type of the interface to hybrid and add the interface to the outer VLAN specified by
stack-vlan on the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI,
S5710-X-LI, S6720SI, S6720S-SI, S5730SI, S5730S-EI, S5720SI, and S5720S-SI. On other
devices, you need to set the link type of the interface to hybrid or trunk, and add the
interface to the outer VLAN specified by stack-vlan .
If the PVID of an interface is not VLAN 1, restore the PVID to VLAN 1 before running the
port vlan-stacking untagged command.
The port vlan-stacking untagged command actually configures a VLAN assignment mode.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,
S2750EI, S2720EI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5710-X-LI,
S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720SI, and S5720S-SI, different VLAN assignment
modes are in the following order of priority: interface-based VLAN assignment > voice
VLAN include-untagged > MAC address-based VLAN assignment > IP subnet-based VLAN
assignment > port vlan-stacking untagged > protocol-based VLAN assignment >
interface-based VLAN assignment. On other models, different VLAN assignment modes are
in the following order of priority: policy-based VLAN assignment > voice VLAN include-
untagged > MAC address-based VLAN assignment > IP subnet-based VLAN assignment >
protocol-based VLAN assignment > interface-based VLAN assignment.
----End
10.11 Configuring QinQ Mapping
Before configuring QinQ mapping, complete the following tasks:
● Connect the device correctly.
● Configure the VLANs that users belong to so that user packets carry one or
double VLAN tags.
● Ensure that the device is not a VCMP client.
10.11.1 Configuring 1-to-1 QinQ Mapping
Context
1-to-1 QinQ mapping allows a sub-interface to map a tag in a received single-
tagged packet to a specified tag.
Procedure
Step 3 Run port link-type { hybrid | trunk }

Switches
The port link-type is set.
Step 4 Run quit
Step 5 Run interface interface-type interface-number.subinterface-number
The view of the CE-side Ethernet or Eth-Trunk sub-interface of the PE is displayed.
Step 6 Run qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
The sub-interface is configured to map a tag of a packet to a specified tag.
The original VLAN IDs of single-tagged packets specified in the command must be
different from the outer VLAN IDs specified on all the other sub-interfaces.
NOTE
● QinQ mapping cannot be used with stacking, QinQ termination, and Dot1q termination
commands on the same sub-interface.
● If the PW-side interface is a Layer 3 interface switched by the undo portswitch
command, the AC-side interface cannot be a Layer 3 interface or subinterface belonging
to a Layer 3 interface; otherwise, traffic forwarding is abnormal. This rule applies to
S5720EI, S6720EI, and S6720S-EI.
----End
10.11.2 Configuring 2-to-1 QinQ Mapping
Context
2-to-1 QinQ mapping allows a sub-interface to map an outer tag in a received
double-tagged packet to a specified tag and retain the inner VLAN tag.
Procedure
Step 3 Run port link-type { hybrid | trunk }
The port link-type is set.
Step 4 Run quit
Step 5 Run interface interface-type interface-number.subinterface-number
The view of the CE-side Ethernet or Eth-Trunk sub-interface of the PE is displayed.
Step 6 Run qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid
vlan-id4

Switches
The sub-interface is configured to map the outer tag of double-tagged packets to

a specified tag.
The original outer tag of double-tagged packets specified in the command must
be different from outer tags specified on all the other sub-interfaces.
NOTE
● QinQ mapping cannot be used with stacking, QinQ termination, and Dot1q termination
commands on the same sub-interface.
● If the PW-side interface is a Layer 3 interface switched by the undo portswitch
command, the AC-side interface cannot be a Layer 3 interface or subinterface belonging
to a Layer 3 interface; otherwise, traffic forwarding is abnormal. This rule applies to
S5720EI, S6720EI, and S6720S-EI.
----End
10.12 Displaying VLAN Translation Resource Usage
Context
During QinQ configuration (excluding basic QinQ configuration), VLAN translation
resources may be insufficient. You can run commands to view the total number of
inbound/outbound VLAN translation resources, the number of used VLAN
translation resources, and the number of remaining VLAN translation resources.
The command output helps you locate faults.
Procedure
Step 1 Run the display vlan-translation resource [ slot slot-number ] command in any
view to view VLAN translation resource usage.
NOTE
Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support this command.
Step 2 Run the display spare-bucket resource [ slot slot-number ] command in any
view to view the usage of backup resources when VLAN translation resources
conflict.
NOTE
Only the S5720HI supports this command.
----End
10.13 Configuration Examples for QinQ
10.13.1 Example for Configuring Basic QinQ

Switches
Networking Requirements
As shown in Figure 10-11, there are two enterprises on the network, Enterprise 1
and Enterprise 2. Both of them have two office locations, which connect to
SwitchA and SwitchB of the ISP network. A non-Huawei device on the ISP network
uses the TPID value of 0x9100.
The requirements are as follows:

● Enterprise 1 and Enterprise 2 use independent VLAN plans that do not affect
each other.
● Traffic of an enterprise's branches is transparently transmitted on the ISP
network. Users accessing the same service in an enterprise are allowed to
communicate, and users accessing different services are isolated.
You can configure QinQ to meet the preceding requirements. VLAN 100 and VLAN
200 provided by the ISP network can be used to transmit traffic for Enterprise 1
and Enterprise 2 respectively, thereby implementing communication within an
enterprise and isolating the two enterprises. To implement interoperation with the
non-Huawei device, set the TPID value in outer VLAN tags to 0x9100 on the
interfaces of the Huawei devices connected to the non-Huawei device.
Figure 10-11 Networking for configuring basic QinQ
ISP
VLAN 100,200
TPID=0x9100
GE0/0/3 GE0/0/3
Switch A Switch B
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
Enterprise 1 Enterprise 2 Enterprise 1 Enterprise 2

VLAN 10 to 50 VLAN 20 to 60 VLAN 10 to 50 VLAN 20 to 60
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLAN 100 and VLAN 200 on SwitchA and SwitchB. Configure interfaces
connected to the two enterprises as QinQ interfaces and add them to VLAN
100 and VLAN 200 respectively, so that packets from the two enterprises are
tagged with different outer VLAN tags.
2. Add interfaces of SwitchA and SwitchB connected to the ISP network to VLAN
100 and VLAN 200 so that packets from the two VLANs are allowed to pass
through.

Switches
3. On the interfaces of SwitchA and SwitchB connected to the ISP network, set
the TPID in outer VLAN tags to the value used on the non-Huawei device so
that SwitchA and SwitchB can interwork with the non-Huawei device.
Procedure
Step 1 Create VLANs.
# Create VLAN 100 and VLAN 200 on SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200
# Create VLAN 100 and VLAN 200 on SwitchB.

[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200
Step 2 Set the link type of interfaces to Dot1q-tunnel.
# Configure GE0/0/1 and GE0/0/2 on SwitchA as QinQ interfaces, and set the
default VLAN of GE0/0/1 to VLAN 100 and the default VLAN of GE0/0/2 to VLAN
200. The configuration of SwitchB is similar to the configuration of SwitchA, and is
not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/2] port default vlan 200
Step 3 Configure the interfaces of SwitchA and SwitchB connected to the ISP network.
# Add GE0/0/3 of SwitchA to VLAN 100 and VLAN 200. The configuration of
SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
Step 4 Configure the TPID value in outer VLAN tags.
# Set the TPID value in outer VLAN tags to 0x9100 on SwitchA.

[SwitchA-GigabitEthernet0/0/3] qinq protocol 9100
# Set the TPID value in outer VLAN tags to 0x9100 on SwitchB.

[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] qinq protocol 9100
Step 5 Verify the configuration.
In Enterprise 1, ping a PC in a VLAN of a branch from a PC in the same VLAN of

another branch. If the ping operation is successful, internal users of Enterprise 1
can communicate.

Switches
In Enterprise 2, ping a PC in a VLAN of a branch from a PC in the same VLAN of

another branch. If the ping operation is successful, internal users of Enterprise 2
can communicate.
Ping a PC in any VLAN of Enterprise 2 from a PC in the same VLAN of Enterprise

1. If the ping operation fails, users in Enterprise 1 and Enterprise 2 are isolated.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
#
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return
● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100 200
#
#
#
qinq protocol 9100
port trunk allow-pass vlan 100 200
#
return
Related Content
Videos
Configuring QinQ
10.13.2 Example for Configuring Selective QinQ

Switches
As shown in Figure 10-12, Internet access users (using PCs) and VoIP users (using
VoIP terminals) connect to the ISP network through SwitchA and SwitchB and
communicate with each other through the ISP network.
The enterprise assigns VLAN 100 to PCs and VLAN 300 to VoIP terminals. Packets
from PCs and VoIP terminals need to be transmitted over the ISP network in VLAN
2 and VLAN 3 respectively.
Figure 10-12 Networking diagram for configuring selective QinQ
SwitchA SwitchB
GE0/0/2 Carrier GE0/0/2
network
GE0/0/1 GE0/0/1
PC VoIP VoIP PC
1. Create VLANs on SwitchA and SwitchB.
2. Configure link types of interfaces on SwitchA and SwitchB and add the
interfaces to VLANs.
3. Configure selective QinQ on interfaces of SwitchA and SwitchB.
Procedure
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.

Switches
Step 2 Configure selective QinQ on interfaces.

# Configure GE0/0/1 on SwitchA.
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchA-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 100 stack-vlan 2
# Configure GE0/0/1 on SwitchB.

[SwitchB-GigabitEthernet0/0/1] port link-type hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchB-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchB-GigabitEthernet0/0/1] port vlan-stacking vlan 100 stack-vlan 2
[SwitchB-GigabitEthernet0/0/1] port vlan-stacking vlan 300 stack-vlan 3
[SwitchB-GigabitEthernet0/0/1] quit
Step 3 Configure other interfaces.

# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchA.
# Add GE0/0/2 to VLAN 2 and VLAN 3 on SwitchB.

[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3

If the configurations on SwitchA and SwitchB are correct, the following situations
occur:
● PCs can communicate with each other through the ISP network.
● VoIP terminals can communicate with each other through the ISP network.
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 2 to 3
#
port link-type hybrid
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
#
port trunk allow-pass vlan 2 to 3

Switches
#
return

#
sysname SwitchB
#
vlan batch 2 to 3
#
#
#
return
10.13.3 Example for Configuring Selective QinQ and VLAN

Mapping
As shown in Figure 10-13, Internet access, IPTV, and VoIP services are provided for
users through home gateways.
The corridor switches allocate VLANs to the services as follows:
● VLANs for the Internet access service of different users: VLAN 1000 to VLAN
1100
● Shared VLAN for the IPTV service: VLAN 1101
● Shared VLAN for the VoIP service: VLAN 1102
● Shared VLAN for home gateways: VLAN 1103
Each community switch is connected to 50 downstream corridor switches, and
maps VLAN IDs in packets of the Internet access service from the corridor switches
to VLANs 101-150.
The aggregation switch of the carrier is connected to 50 downstream community
switches, and adds outer VLAN IDs 21-70 to packets sent from the community
switches.

Switches
Figure 10-13 Networking diagram for configuring selective QinQ and VLAN
mapping
ME60
Internet
Aggregate switch of carrier SwitchA

GE0/0/1
…… ……
GE0/0/2
Community SwitchB
switch
GE0/0/1
…… …… …… ……
Corridor
switch
…… …… …… ……
Home
gateway

2. Configure VLAN mapping on SwitchB and add GE 0/0/1 and GE 0/0/2 to
VLANs.
3. Configure selective QinQ on SwitchA and add GE 0/0/1 to VLANs.
4. Add other downlink interfaces of SwitchA and SwitchB to VLANs. The
configurations are similar to the configurations of GE 0/0/1 interfaces, and
are not mentioned here.
5. Configure other community switches. The configuration is similar to the
configuration of SwitchB, and is not mentioned here.
Procedure
Step 1 Configure SwitchA.
# Create VLANs.
[SwitchA] vlan batch 21 to 70 1101 to 1103
# Add downlink interface gigabitethernet 0/0/1 to VLANs.

Switches

[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 21
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 1101 to 1103
# Configure selective QinQ on gigabitethernet 0/0/1.

[SwitchA-GigabitEthernet0/0/1] port vlan-stacking vlan 101 to 150 stack-vlan 21
Step 2 Configure SwitchB.

# Create VLANs.
[SwitchB] vlan batch 101 to 150 1000 to 1103
# Add interfaces to VLANs.

[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 101 1000 to 1103
[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 101 to 150 1101 to 1103
# Configure VLAN mapping on downlink interface gigabitethernet 0/0/1.

[SwitchB-GigabitEthernet0/0/1] qinq vlan-translation enable
[SwitchB-GigabitEthernet0/0/1] port vlan-mapping vlan 1000 to 1100 map-vlan 101

The Internet access service, IPTV service, and VoIP service are available.
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 21 to 70 1101 to 1103
#
port hybrid tagged vlan 1101 to 1103
port hybrid untagged vlan 21
port vlan-stacking vlan 101 to 150 stack-vlan 21
#
return

#
sysname SwitchB
#
vlan batch 101 to 150 1000 to 1103
#

Switches
port hybrid tagged vlan 101 1000 to 1103
port vlan-mapping vlan 1000 to 1100 map-vlan 101
#
port hybrid tagged vlan 101 to 150 1101 to 1103
#
return
10.13.4 Example for Configuring Flow-based Selective QinQ
As shown in Figure 10-14, Internet access users (using PCs) and VoIP users (using
VoIP terminals) connect to the ISP network through SwitchA and SwitchB. These
users communicate with each other through the ISP network.
Packets from PCs and VoIP terminals need to be transmitted over the ISP network
in VLAN 2 and VLAN 3 respectively.
You can configure a traffic policy to implement selective QinQ on the Switch.
NOTE
Only the S1720X, S1720X-E, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-
SI support this example.
Figure 10-14 Networking diagram for configuring flow-based selective QinQ
SwitchA SwitchB
GE0/0/2 Carrier GE0/0/2
network
GE0/0/1 GE0/0/1
PC VoIP VoIP PC
VLAN100~200 VLAN300~400 VLAN300~400 VLAN100~200

Switches

2. Configure traffic classifiers, traffic behaviors, and bind them in a traffic policy
on SwitchA and SwitchB.
3. Configure link types of interfaces on SwitchA and SwitchB, and add the
interfaces to VLANs.
4. Apply the traffic policy to interfaces of SwitchA and SwitchB to implement
selective QinQ.
Procedure
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs in the outer VLAN
tags to be added.
Step 2 Configure a traffic policy on SwitchA.

Configure traffic classifiers, traffic behaviors, and a traffic policy on SwitchA.
[SwitchA] traffic classifier name1
[SwitchA-classifier-name1] if-match vlan-id 100 to 200
[SwitchA-classifier-name1] quit
[SwitchA] traffic behavior name1
[SwitchA-behavior-name1] add-tag vlan-id 2
[SwitchA-behavior-name1] quit
[SwitchA] traffic classifier name2
[SwitchA-classifier-name2] if-match vlan-id 300 to 400
[SwitchA-classifier-name2] quit
[SwitchA] traffic behavior name2
[SwitchA-behavior-name2] add-tag vlan-id 3
[SwitchA-behavior-name2] quit
[SwitchA] traffic policy name1
[SwitchA-trafficpolicy-name1] classifier name1 behavior name1
[SwitchA-trafficpolicy-name1] classifier name2 behavior name2
[SwitchA-trafficpolicy-name1] quit
# Configure traffic classifiers, traffic behaviors, and a traffic policy on SwitchB.

[SwitchB] traffic classifier name1
[SwitchB-classifier-name1] if-match vlan-id 100 to 200
[SwitchB-classifier-name1] quit
[SwitchB] traffic behavior name1
[SwitchB-behavior-name1] add-tag vlan-id 2
[SwitchB-behavior-name1] quit
[SwitchB] traffic classifier name2
[SwitchB-classifier-name2] if-match vlan-id 300 to 400
[SwitchB-classifier-name2] quit
[SwitchB] traffic behavior name2
[SwitchB-behavior-name2] add-tag vlan-id 3
[SwitchB-behavior-name2] quit
[SwitchB] traffic policy name1
[SwitchB-trafficpolicy-name1] classifier name1 behavior name1
[SwitchB-trafficpolicy-name1] classifier name2 behavior name2
[SwitchB-trafficpolicy-name1] quit

Switches
Step 3 Apply the traffic policy to interfaces of SwitchA and SwitchB to implement
selective QinQ.
# Configure GE 0/0/1 on SwitchA.
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchA-GigabitEthernet0/0/1] traffic-policy name1 inbound
# Configure GE 0/0/1 on SwitchB.

[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 2 3
[SwitchB-GigabitEthernet0/0/1] traffic-policy name1 inbound
Step 4 Configure other interfaces.

# Add GE 0/0/2 on SwitchA to VLAN 2 and VLAN 3.
# Add GE 0/0/2 on SwitchB to VLAN 2 and VLAN 3.

[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3

If the configurations on SwitchA and SwitchB are correct, the following situations
occur:
● PCs can communicate with each other through the ISP network.
● VoIP terminals can communicate with each other through the ISP network.
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 2 to 3
#
traffic classifier name1 operator or
if-match vlan-id 100 to 200
#
traffic behavior name1
add-tag vlan-id 2
add-tag vlan-id 3
#
traffic policy name1
classifier name1 behavior name1

Switches
#
traffic-policy name1 inbound
#
#
return

#
sysname SwitchB
#
vlan batch 2 to 3
#
#
add-tag vlan-id 2
add-tag vlan-id 3
#
traffic policy name1
#
traffic-policy name1 inbound
#
#
return
10.13.5 Example for Connecting a Single-Tag VLAN Mapping

Sub-Interface to a VLL Network
As shown in Figure 10-15, CE1 and CE2 are connected to PE1 and PE2 respectively
through VLANs.
A Martini VLL is set up between CE1 and CE2.
NOTE
● Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support this example.
● VLAN termination sub-interfaces cannot be created on a VCMP client.

Switches
Figure 10-15 Networking diagram for connecting a single-tag VLAN mapping

sub-interface to a VLL network
Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/1 Martini GE0/0/1
CE1 CE2
Switch Interface VLANIF Interface IP Address
PE1 GigabitEthernet0/0 GigabitEthernet0/0 -

/1 /1.1
- GigabitEthernet0/0 VLANIF 20 10.1.1.1/24

/2
- Loopback1 - 1.1.1.1/32
PE2 GigabitEthernet0/0 VLANIF 30 10.2.2.1/24

/1
- GigabitEthernet0/0 GigabitEthernet0/0 -
/2 /2.1
- Loopback1 - 3.3.3.3/32
P GigabitEthernet0/0 VLANIF 30 10.2.2.2/24

/1

/2
- Loopback1 - 2.2.2.2/32
CE1 GigabitEthernet0/0 VLANIF 10 10.10.10.1/24

/1

Switches

/1
1. Configure a routing protocol on PE and P devices of the backbone network to
implement interworking, and enable MPLS.
2. Use the default tunnel policy to create an LSP for data transmission.
3. Enable MPLS L2VPN and create VC connections on PEs.
4. Create a sub-interface on the interface of PE1 connected to CE1, configure
VLAN mapping of a single tag on the sub-interface, and create a VC to
connect the sub-interface to the VLL network.
5. Configure a Dot1q sub-interface on the interface of PE2 connected to CE2,
and create a VC to connect the sub-interface to the VLL network.
Procedure
Step 1 Add interfaces of CEs, PEs, and P to VLANs and configure IP addresses for the
VLANIF interfaces according to Figure 10-15.
# Configure CE1 to ensure that packets sent from CE1 to PE1 carry a VLAN tag.
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.10.10.1 24
[CE1-Vlanif10] quit
# Configure CE2 to ensure that packets sent from CE2 to PE2 carry a VLAN tag.
[CE2] vlan batch 20
[CE2-Vlanif20] quit
# Configure PE1.
[HUAWEI] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type hybrid
[PE1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[PE1-GigabitEthernet0/0/2] port hybrid tagged vlan 20

Switches
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P
[P] vlan batch 20 30
[P] interface gigabitethernet 0/0/1
[P-GigabitEthernet0/0/1] port link-type hybrid
[P-GigabitEthernet0/0/1] port hybrid pvid vlan 30
[P-GigabitEthernet0/0/1] port hybrid tagged vlan 30
[P-GigabitEthernet0/0/1] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
[P-Vlanif30] quit
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
Step 2 Configure an IGP on the MPLS backbone network. OSPF is used in this example.
Configure PE1, P, and PE2 to advertise 32-bit loopback interface addresses as the
LSR IDs.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] router id 2.2.2.2
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

Switches

[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
# After the configuration is complete, PE1, P, and PE2 can establish OSPF neighbor
relationships. Run the display ospf peer command to verify that the OSPF
neighbor relationship status is Full. Run the display ip routing-table command to
verify that the PEs learn the route to the Loopback1 interface of each other. The
following is the display on PE1:
[PE1] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1

Neighbors
Area 0.0.0.0 interface 10.1.1.1(Vlanif20)'s neighbors

Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 00:01:16
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 3 Enable basic MPLS functions and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure P.

Switches
[P] mpls lsr-id 2.2.2.2

[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 4 Create remote LDP sessions between PEs.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE2.
After the configuration is complete, run the display mpls ldp session command
on PE1 to view the LDP session setup. You can see that an LDP session has been
set up between PE1 and PE2.
The output on PE1 is used as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:15:29 3717/3717
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
Step 5 Enable MPLS L2VPN on PEs and create VC connections.

# On PE1, create a VC connection on GigabitEthernet0/0/1.1 connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vcmp role silent
[PE1] interface gigabitethernet0/0/1
[PE1] interface gigabitethernet0/0/1.1

Switches
[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20

[PE1-GigabitEthernet0/0/1.1] mpls l2vc 3.3.3.3 101
[PE1-GigabitEthernet0/0/1.1] quit

[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
On PEs, check the L2VPN connections. You can see that an L2VC connection has
been set up and is in Up state.
The output on PE1 is used as an example:

[PE1] display mpls l2vc interface gigabitethernet0/0/1.1
*client interface : GigabitEthernet0/0/1.1 is up
Administrator PW : no
session state : up
AC status : up
Ignore AC state : disable
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
destination : 3.3.3.3
local group ID :0 remote group ID :0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
Backup TNL type : lsp , TNL ID : 0x0
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds

Switches
VC last up time : 2010/10/09 19:26:37

VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey :8
NKey :3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --
CE1 and CE2 can ping each other.

The output on CE1 is used as an example:
[CE1] ping 10.10.10.2
PING 10.10.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=255 time=31 ms
--- 10.10.10.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
port trunk allow-pass vlan 10
#
return
● PE1 configuration file

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3

Switches
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
interface GigabitEthernet0/0/1.1
qinq mapping vid 10 map-vlan vid 20
mpls l2vc 3.3.3.3 101
#
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255

Switches
#
return

#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
dot1q termination vid 20
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.10.10.2 255.255.255.0
#
#
return

Switches
10.13.6 Example for Connecting a Double-Tag VLAN Mapping

Sub-Interface to a VLL Network
through VLANs.
A Martini VLL is set up between PE1 and PE2.
Switch1 is connected to CE1 and PE1.
Selective QinQ is required on the switch interfaces connected to CEs to tag

packets sent from CEs with the VLAN IDs specified by the carrier.
When Switch1 and Switch2 add different VLAN tags to packets, configure double-
tag VLAN mapping on PE sub-interfaces and connect the sub-interfaces to the VLL
network so that CE1 and CE2 can communicate with each other.
When a Switch is connected to multiple CEs, the Switch can add the same outer
VLAN tag to packets with different VLAN tags from different CEs, thereby saving
VLAN IDs on the public network.
NOTE
Figure 10-16 Networking diagram for connecting a double-tag VLAN mapping

sub-interface to a VLL network
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
CE1 CE2

Switches
Switch Interface VLANIF Interface IP address

/1 /1.1

/2
- Loopback1 - 1.1.1.1/32

/1
/2 /2.1
- Loopback1 - 3.3.3.3/32

/1

/2
- Loopback1 - 2.2.2.2/32

/1

/1

4. Create a sub-interface on the PE1 interface connected to Switch1, configure
double-tag VLAN mapping, and create a VC to connect the QinQ sub-
interface to a VLL network.
5. Create a sub-interface on the PE2 interface connected to Switch2, and create
a VC to connect the QinQ sub-interface to a VLL network.
6. Configure selective QinQ on the switch interfaces connected to CEs.

Switches
Procedure
Step 1 Configure the VLANs on the CE, PE, and P devices, add interfaces to the VLANs,
and assign IP addresses to the corresponding VLANIF interfaces according to
Figure 10-16.
# Configure CE1 to ensure that each packet sent from CE1 to Switch1 carries one
VLAN tag.
[CE1] vlan batch 10
[CE1-Vlanif10] quit
VLAN tag.
[CE2] vlan batch 10
[CE2-Vlanif10] quit
# Configure PE1.
[PE1] vlan batch 20
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P
[P-Vlanif20] quit

Switches

[P-Vlanif30] quit
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
Step 2 Configure selective QinQ on switch interfaces and specify the VLANs allowed by
the interfaces.
# Configure Switch1.
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type hybrid
[Switch1-GigabitEthernet0/0/2] port hybrid tagged vlan 100
[Switch1-GigabitEthernet0/0/2] quit
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Switch1-GigabitEthernet0/0/1] qinq vlan-translation enable
[Switch1-GigabitEthernet0/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch2] vlan 200
LSR IDs.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0

Switches
[PE1-ospf-1] quit
# Configure P.
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit

Neighbors

DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
# Configure PE1.

Switches

[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit

# Configure PE1.
# Configure PE2.
on PE1 to view the LDP session setup. You can see that an LDP session has been
set up between PE1 and PE2.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 6 Enable MPLS L2VPN on PEs and create VC connections.

Switches

[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
# On PE2, create a VC connection on GigabitEthernet0/0/2.1 connected to

Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2-GigabitEthernet0/0/2.1] qinq termination pe-vid 200 ce-vid 10

Check the L2VPN connections on PEs. You can see that an L2VC connection has
The display on PE1 is used as an example.
session state : up
AC status : up
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
VCCV State : up
link state : up

Switches

Access-port : false
VC last up time : 2010/10/09 19:26:37
CKey :8
NKey :3
Service Class : --
Color : --
DomainId : --
Domain Name : --

The output on CE1 is used as an example:
[CE1] ping 10.10.10.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
#
return
● Switch1 configuration file

#
sysname Switch1
#
vlan batch 100
#

Switches

#
#
return
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
mpls l2vc 3.3.3.3 101
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#

Switches
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
qinq termination pe-vid 200 ce-vid 10
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255

Switches
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return

#
sysname Switch2
#
vlan batch 200
#
#
#
return

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
#
return
10.13.7 Example for Connecting a VLAN Stacking Sub-

interface to a VLL Network
through VLANs.
A Martini VLL is set up between CE1 and CE2.
Switch1 forwards the packets sent from CE1 without changing VLAN tags.
Selective QinQ needs to be configured on the interface connected to CE2 so that
Switch2 adds the carrier-specified VLAN tag to the packets sent from CE2.
The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets
sent from Switch2 to PE2 contain two VLAN tags. To allow CE1 and CE2 to
communicate with each other, configure VLAN stacking on the sub-interface of
PE1 connected to Switch1, and connect the sub-interface to a VLL network.

Switches
NOTE
Figure 10-17 Networking diagram for connecting a VLAN stacking sub-interface

to a VLL network
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/1
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
CE1 CE2

/1 /1.1

/2
- Loopback1 - 1.1.1.1/32

/1
/2 /2.1
- Loopback1 - 3.3.3.3/32

Switches

/1

/2
- Loopback1 - 2.2.2.2/32

/1

/1
4. On PE1, configure VLAN stacking on the sub-interface connected to Switch1,
and create a VC to connect the sub-interface to a VLL network.
5. On PE2, configure a QinQ sub-interface on the interface connected to
Switch2, and create a VC connect the QinQ sub-interface to a VLL network.
6. On Switch1, add the interface connected to CE1 to a specified VLAN.
7. On Switch2, configure selective QinQ on the interface connected to CE2.
Procedure
Step 1 Create VLANs on the CE, PE, and P devices, add interfaces to the VLANs, and
assign IP addresses to VLANIF interfaces according to Figure 10-17.
VLAN tag.
[CE1] vlan batch 10
[CE1-Vlanif10] quit
VLAN tag.

Switches
[CE2] vlan batch 10
[CE2-Vlanif10] quit
# Configure PE1.
[PE1] vlan batch 20
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P
[P-Vlanif20] quit
[P-Vlanif30] quit
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
the interfaces.
[Switch1] vlan 10

Switches

[Switch2] vlan 100
LSR IDs.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure P.
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit

Switches

Neighbors

DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 1 D 10.1.1.2 Vlanif20
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif20
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls

Switches
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
# Configure PE1.
# Configure PE2.
on PE1 to view the LDP session setup. You can see that an LDP session is set up
between PE1 and PE2.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 6 Enable MPLS L2VPN on PEs and set up VC connections.
# On PE1, create a VC connection on GigabitEthernet0/0/1.1 that is connected to

Switch1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
# On PE2, create a VC connection on GigabitEthernet0/0/2.1 that is connected to

Switch2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

Switches
Check the L2VPN connections on PEs. You can see that an L2VC connection has
The display on PE1 is used as an example.

session state : up
AC status : up
VC state : up
Label state :0
Token state :0
VC ID : 101
VC type : VLAN
VCCV State : up
link state : up
Access-port : false
VC last up time : 2010/10/09 19:26:37
CKey :8
NKey :3
Service Class : --
Color : --
DomainId : --
Domain Name : --
The display on CE1 is used as an example.

Switches
[CE1] ping 10.10.10.2


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0
#
#
return

#
sysname Switch1
#
vlan batch 10
#
#
#
return

#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.3

Switches
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
qinq stacking vid 10 pe-vid 100
mpls l2vc 3.3.3.3 101
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255

Switches
#
return
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
mpls l2vc 1.1.1.1 101
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
#
sysname Switch2
#
vlan batch 100
#
#
#
return
#
sysname CE2
#
vlan batch 10

Switches
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
#
return
10.13.8 Example for Connecting a Single-tag VLAN Mapping

Sub-interface to a VPLS Network
As shown in Figure 10-18, VPLS is enabled on PE1 and PE2. CE1 is connected to
PE1 and CE2 is connected to PE2. CE1 and CE2 are on the same VPLS network. To
implement communication between CE1 and CE2, use LDP as the VPLS signaling
protocol to establish PWs and configure VPLS.
NOTE
Figure 10-18 Networking diagram for connecting a single-tag VLAN mapping

sub-interface to a VPLS network
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/1 GE0/0/2
PE1 PE2
GE0/0/2 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/1 GE0/0/1
CE1 CE2

/1 /1.1

/2
- Loopback1 - 1.1.1.1/32

Switches

/1
/2 /2.1
- Loopback1 - 3.3.3.3/32

/1

/2
- Loopback1 - 2.2.2.2/32

/1

/1
1. Configure a routing protocol on the backbone network to implement
interworking between devices.
2. Set up a remote LDP session between PEs.
3. Establish tunnels between PEs to transmit service data.
4. Enable MPLS L2VPN on the PEs.
5. Create a VSI on the PEs and specify LDP as the signaling protocol.
6. Configure single-tag VLAN mapping on the PE1 sub-interface connected to
CE1 and bind the sub-interface the VSI to connect it to the VPLS network.
7. Configure a Dot1q sub-interface on the interface of PE2 connected to CE2 and
bind the sub-interface to the VSI to connect it to the VPLS network.
Procedure
Step 1 Create VLANs on the CE, PE, and P devices, add interfaces to the VLANs, and
assign IP addresses to VLANIF interfaces according to Figure 10-18.

Switches
NOTE
● The AC-side and PW-side physical interfaces of a PE cannot be added to the same
VLAN; otherwise, a loop may occur.
● After the configuration is complete, the packets sent from a CE to a PE must carry a
VLAN tag.
# Configure CE1.
[CE1] vlan batch 10
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] vlan batch 20
[CE2-Vlanif20] quit
# Configure PE1.
[PE1] vlan batch 20
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P
[P-Vlanif20] quit
[P-Vlanif30] quit

Switches
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
Step 2 Configure an IGP protocol. OSPF is used in this example.

LSR IDs.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure P.
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes that PE1, P, and PE2 have learned
from each other. The following is the display on PE1:
------------------------------------------------------------------------------

Switches

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20
Step 3 Enable basic MPLS functions and MPLS LDP.

# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
on PE1, P, and PE2. You can see that the peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls ldp command to view the MPLS LDP configuration. The
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

Switches
Step 4 Set up a remote LDP session between PEs.

# Configure PE1.
# Configure PE2.
on PE1 or PE2. You can see that the peer status is Operational, indicating that a
peer relationship has been set up between PE1 and PE2. The display on PE1 is
used as an example.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 5 Enable MPLS L2VPN on the PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 6 Configure a VSI on the PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] quit
Step 7 Bind sub-interfaces on the PEs to the VSI.

# Configure PE1.

Switches

[PE1-GigabitEthernet0/0/1.1] qinq mapping vid 10 map-vlan vid 20
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
# Configure PE2.
[PE2-GigabitEthernet0/0/2.1] dot1q termination vid 20
After the configuration is complete, run the display vsi name a2 verbose
command on PE1. You can see that the VSI a2 sets up a PW to PE2 and the VSI
status is Up.
[PE1] display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 5 minutes, 1 seconds
VSI State : up
VSI ID :2
*Peer Router ID : 3.3.3.3
Negotiation-vc-id :2
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
Broadcast Tunnel ID : 0x22
Broad BackupTunnel ID : 0x0
CKey :2
NKey :1
Stp Enable :0
PwIndex :0
Control Word : disable
Interface Name : gigabitethernet0/0/1.1

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
Total Up Time : 0 days, 0 hours, 1 minutes, 35 seconds
**PW Information:

Switches
*Peer Ip Address : 3.3.3.3

PW State : up
Local VC Label : 23552
Remote VC Label : 23552
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x22
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x22
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03
PW Total Up Time : 0 days, 0 hours, 0 minutes, 50 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#

Switches

#
return
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
#
qinq mapping vid 10 map-vlan vid 20
l2 binding vsi a2
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#

Switches
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
#
#

Switches
dot1q termination vid 20

l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return
10.13.9 Example for Connecting a Double-tag VLAN Mapping

Sub-interface to a VPLS Network
As shown in Figure 10-19, VPLS is enabled on PE1 and PE2. CE1 connects to PE1
through Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on
the same VPLS network. To implement communication between CE1 and CE2, use
LDP as the VPLS signaling protocol to establish PWs and configure VPLS.
You are required to configure selective QinQ on the switch interfaces connected to
CEs so that Switch1 and Switch2 add the VLAN tags specified by the carrier to the
packets sent from CEs.
When Switch1 and Switch2 allow different VLAN tags, configure a double-tag
VLAN mapping sub-interface on a PE and connect the sub-interface to the VPLS to
enable communication between CE1 and CE2.
When the Switch is connected to multiple CEs, the Switch can add the same outer
NOTE

Switches
Figure 10-19 Networking diagram for connecting a double-tag VLAN mapping

sub-interface to a VPLS network
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/2
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
CE1 CE2

/1 /1.1

/2
- Loopback1 - 1.1.1.1/32

/1
/2 /2.1
- Loopback1 - 3.3.3.3/32

/1

/2
- Loopback1 - 2.2.2.2/32

Switches

/1

/1
interworking.
2. Configure selective QinQ on the switch interfaces connected to CEs.
7. Configure double-tag VLAN mapping on the sub-interface connected to
Switch1 on PE1 and bind the sub-interface to the VSI to connect it to the
VPLS network.
8. Configure a QinQ sub-interface on the interface connected to Switch2 on PE2
and bind the sub-interface to the VSI to connect it to the VPLS network.
Procedure
Step 1 Create VLANs on the devices, add interfaces to the VLANs, and assign IP addresses
to VLANIF interfaces according to Figure 10-19.
NOTE
● Ensure that each packet sent from a CE to the Switch carries one VLAN tag.
# Configure CE1.
[CE1] vlan batch 10
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] vlan batch 10

Switches

[CE2-Vlanif10] quit
# Configure PE1.
[PE1] vlan batch 20
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P
[P-Vlanif20] quit
[P-Vlanif30] quit
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
the interfaces.
[Switch1] vlan 100

Switches
[Switch2] vlan 200
LSR IDs.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure P.
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit

Switches

------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20

# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit

Switches

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

# Configure PE1.
# Configure PE2.
on PE1 or PE2. You can see that the status of the peer relationship between PE1
and PE2 is Operational. That is, the peer relationship is set up. The display on PE1
is used as an example.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static

Switches
[PE2-vsi-a2] quit
Step 8 Bind sub-interfaces interfaces to the VSI on PEs.

# Configure PE1.
[PE1-GigabitEthernet0/0/1.1] qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
# Configure PE2.

status is Up.
***VSI Name : a2
VSI Index :0
PW Signaling : ldp
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID :2
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
CKey :2
NKey :1
Stp Enable :0

Switches
PwIndex :0

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x22
Ckey : 0x2
Nkey : 0x1
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03

<CE1> ping 10.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

Switches

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
return
#
sysname Switch1
#
vlan batch 100
#
#
#
return
#
sysname Switch2
#
vlan batch 200
#
#
#
return
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2

Switches
peer 3.3.3.3
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
#
qinq mapping pe-vid 100 ce-vid 10 map-vlan vid 200
l2 binding vsi a2
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#

Switches
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#
#
#
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return
10.13.10 Example for Connecting a VLAN Stacking Sub-

interface to a VPLS Network
As shown in Figure 10-20, VPLS is enabled on PE1 and PE2. CE1 connects to PE1
through Switch1 and CE2 connects to PE2 through Switch2. CE1 and CE2 are on

Switches
the same VPLS network. To implement communication between CE1 and CE2, use
LDP as the VPLS signaling protocol to establish PWs and configure VPLS.
Switch1 forwards the packets sent from CE1 without changing VLAN tags of the
packets.
You are required to configure selective QinQ on the interface connected to CE2 so
that Switch2 adds the carrier-specified VLAN tag to the packets sent from CE2.
The packets sent from Switch1 to PE1 contain only one VLAN tag, and the packets
sent from Switch2 to PE2 contain two VLAN tags. In this case, you need to
configure VLAN stacking on the sub-interface of PE1 connected to Switch1 and
connect the sub-interface to the VPLS network to enable communication between
CE1 and CE2.
NOTE
Figure 10-20 Networking diagram for connecting a VLAN stacking sub-interface

to a VPLS network
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/2
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 P GE0/0/2
GE0/0/2 GE0/0/2
Switch1 Switch2
GE0/0/1 GE0/0/1
GE0/0/1 GE0/0/1
CE1 CE2

/1 /1.1

Switches

/2
- Loopback1 - 1.1.1.1/32

/1
/2 /2.1
- Loopback1 - 3.3.3.3/32

/1

/2
- Loopback1 - 2.2.2.2/32

/1

/1
interworking.
2. Add the interface of Switch1 connected to CE1 to a specified VLAN.
3. Configure selective QinQ on the interface of Switch2 connected to CE2.
8. Configure a VLAN stacking sub-interface on the interface of PE1 connected to
Switch1 and bind the sub-interface to the VSI to connect it to the VPLS
network.
9. Configure a QinQ sub-interface on the interface of PE2 connected to Switch2
and bind the sub-interface to the VSI to connect the sub-interface to the VPLS
network.

Switches
Procedure
Step 1 Create VLANs on the devices, add interfaces to the VLANs, and assign IP addresses
to VLANIF interfaces according to Figure 10-20.
NOTE
● Ensure that each packet sent from a CE to the Switch carries one VLAN tag.
# Configure CE1.
[CE1] vlan batch 10
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] vlan batch 10
[CE2-Vlanif10] quit
# Configure PE1.
[PE1] vlan batch 20
[PE1-Vlanif20] quit
# Configure P.
[HUAWEI] sysname P

Switches
[P-Vlanif20] quit
[P-Vlanif30] quit
# Configure PE2.
[PE2] vlan batch 30
[PE2-Vlanif30] quit
the interfaces.
[Switch1] vlan 10
[Switch2] vlan 100

LSR IDs.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0

Switches
[PE1-ospf-1] quit
# Configure P.
[P-LoopBack1] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1] quit

------------------------------------------------------------------------------

2.2.2.2/32 OSPF 10 1 D 4.4.4.5 Vlanif20
3.3.3.3/32 OSPF 10 2 D 4.4.4.5 Vlanif20
4.4.4.0/24 Direct 0 0 D 4.4.4.4 Vlanif20
4.4.4.4/32 Direct 0 0 D 127.0.0.1 Vlanif20
5.5.5.0/24 OSPF 10 2 D 4.4.4.5 Vlanif20

# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure P.
[P] mpls

Switches
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------

# Configure PE1.
# Configure PE2.
on PE1 or PE2. You can see that the peer status is Operational, indicating that a
peer relationship has been set up between PE1 and PE2. The display on PE1 is
used as an example.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

Switches

------------------------------------------------------------------------------

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] quit
Step 8 Bind sub-interfaces to the VSI on the PEs.

# Configure PE1.
[PE1-GigabitEthernet0/0/1.1] qinq stacking vid 10 pe-vid 100
# Configure PE2.

status is Up.
***VSI Name : a2

Switches
VSI Index :0
PW Signaling : ldp
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID :2
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x22
CKey :2
NKey :1
Stp Enable :0
PwIndex :0

State : up
Access Port : false
Last Up Time : 2010/12/30 11:31:18
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x22
Ckey : 0x2
Nkey : 0x1
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2010/12/30 11:32:03

<CE1> ping 10.1.1.2

Switches


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname Switch1
#
vlan batch 10
#
#
#
return

#
sysname Switch2
#
vlan batch 100
#

Switches

#
#
return
#
sysname PE1
#
router id 1.1.1.1
#
vcmp role silent
#
vlan batch 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.3
#
mpls ldp
#
remote-ip 3.3.3.3
#
interface Vlanif20
ip address 4.4.4.4 255.255.255.0
mpls
mpls ldp
#
#
qinq stacking vid 10 pe-vid 100
l2 binding vsi a2
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 4.4.4.0 0.0.0.255
#
return
#
sysname P
#
router id 2.2.2.2
#
vlan batch 20 30
#

Switches
mpls lsr-id 2.2.2.2

mpls
#
mpls ldp
#
interface Vlanif20
ip address 4.4.4.5 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 5.5.5.4 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
#
return
#
sysname PE2
#
router id 3.3.3.3
#
vcmp role silent
#
vlan batch 30
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
remote-ip 1.1.1.1
#
interface Vlanif30
ip address 5.5.5.5 255.255.255.0
mpls
mpls ldp
#

Switches
#
#
l2 binding vsi a2
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 5.5.5.0 0.0.0.255
#
return
10.13.11 Example for Configuring QinQ Stacking on a VLANIF

Interface
As shown in Figure 10-21, SwitchA is connected to SwitchB through a third-party
network. The management VLAN is deployed on SwitchB. The management VLAN
ID is the same as the VLAN ID of SwitchA, and is different from the VLAN ID
provided by the carrier. To remotely log in to SwitchB from SwitchA, you can
configure VLAN stacking.
Figure 10-21 Networking diagram for configuring QinQ stacking on a VLANIF

interface
20 10 IP
SwitchB
GE0/0/2 GE0/0/2
Internet
SwitchA GE0/0/1
10 IP GE0/0/2
GE0/0/1 SwitchC
user1
VLAN 10
To remotely log in to SwitchB from SwitchA to manage VLAN services, configure

QinQ stacking on the VLANIF interface corresponding to the management VLAN
on SwitchB.

Switches
NOTE
When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF interface
corresponds to the management VLAN. VLANIF interfaces corresponding to other VLANs do
not support QinQ stacking.
1. Configure QinQ on SwitchA.
2. Perform the following configurations on SwitchB:
a. Create VLAN 10 and configure VLAN 10 as the management VLAN.
b. Create VLANIF 10.
c. Configure QinQ stacking on a VLANIF interface.
Procedure
Step 1 Configure SwitchC.
# Configure SwitchC to allow packets from VLAN 10 to pass through GE0/0/1 and
GE0/0/2.
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 10
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type hybrid
[SwitchC-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type hybrid
[SwitchC-GigabitEthernet0/0/2] port hybrid tagged vlan 10
[SwitchC-GigabitEthernet0/0/2] quit
Step 2 Configure SwitchA.

# Configure QinQ so that the packets sent from SwitchA to SwitchB carry double
tags.
[SwitchA] vlan batch 20
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet0/0/2] port hybrid tagged vlan 20
Step 3 Configure SwitchB.

# Configure SwitchB to allow packets from VLAN 20 to pass through GE0/0/2.

Switches

[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 10 20
# Configure QinQ stacking.

[SwitchB] vlan 10
[SwitchB-vlan10] management-vlan
[SwitchB-vlan10] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] undo icmp host-unreachable send
[SwitchB-Vlanif10] qinq stacking vlan 20
[SwitchB-Vlanif10] ip address 10.10.10.1 24
[SwitchB-Vlanif10] quit

You can log in to SwitchB from SwitchA to manage VLAN services.
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 20
#
#
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10
#
#
#
return
#
sysname SwitchB
#
vlan batch 10 20
#
vlan 10
management-vlan
#
interface Vlanif10
ip address 10.10.10.1 255.255.255.0

Switches
undo icmp host-unreachable send

qinq stacking vlan 20
#
port hybrid tagged vlan 10 20
#
return
10.14 Troubleshooting QinQ
10.14.1 QinQ Traffic Forwarding Fails Because the Outer

VLAN Is Not Created
Fault Symptom
After selective QinQ is configured on an interface, traffic forwarding fails.
Procedure
1. Run the display this command in the view of the interface configured with
selective QinQ to check the outer VLAN tag.
2. Run the display vlan summary command in any view to check whether the
outer VLAN has been created.
<HUAWEI> display vlan summary
Static vlan:
Total 3 static vlan.
1 9 to 10
Dynamic vlan:
Total 0 dynamic vlan.
Reserved vlan:
Total 0 reserved vlan.
– If the command output contains the outer VLAN ID, the outer VLAN has
been created. Continue to check for other common misconfigurations.
– If the command output does not contain the outer VLAN ID, the outer
VLAN is not created. Run the vlan batch command to create a VLAN and
check whether QinQ traffic can be correctly transmitted. If traffic
forwarding still fails, continue to check for other common
misconfigurations.
10.14.2 QinQ Traffic Forwarding Fails Because the Interface

Does Not Transparently Transmit the Outer VLAN ID
Fault Symptom
After selective QinQ is configured on an interface, traffic forwarding fails.
Procedure
1. Run the display this command in the view of the interface configured with
selective QinQ to check the outer VLAN tag.

Switches
2. Run the display vlan vlan-id command in any view to check whether the
interface configured with selective QinQ belongs to the outer VLAN. vlan-id
specifies the outer VLAN ID.
<HUAWEI> display vlan 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports

--------------------------------------------------------------------------------
3 common UT:GE0/0/2(U)
VID Status Property MAC-LRN Statistics Description

--------------------------------------------------------------------------------
3 enable default enable disable VLAN 0003
– If the system displays the message "Error:The VLAN does not exist.", the
outer VLAN is not created. Run the vlan batch command to create the
outer VLAN and run the display vlan vlan-id command to check whether
the interface belongs to the VLAN.
– If there is no interface configured with selective QinQ, run the port
hybrid untagged vlan vlan-id command to add the interface to the
VLAN in untagged mode.
– If the command output does not display the interface configured with
selective QinQ but the flag before the interface is not UT, run the port
hybrid untagged vlan vlan-id command to add the interface to the
VLAN in untagged mode.
– If the command output displays the interface configured with selective
QinQ and the interface has joined the VLAN in untagged mode, continue
to check for other common misconfigurations.
10.15 FAQ About QinQ
10.15.1 Does the Switch Support QinQ?

● The S2700EI supports only basic QinQ configured using the port link-type
dot1q-tunnel command, and does not support selective QinQ configured
using the port vlan-stacking vlan command.
● The S2700SI does not support basic QinQ or selective QinQ.
● Other models support both basic QinQ and selective QinQ.
10.15.2 What Are Causes for QinQ Traffic Forwarding

Failures?
Traffic forwarding on an interface configured with selective QinQ fails in the
following situations:
● The outer VLAN specified for selective QinQ is not created.

● The interface is not added to the outer VLAN specified for selective QinQ in
untagged mode.

Switches
10.15.3 Can I Rapidly Delete All QinQ Configurations of an

Interface?
On a switch running V100R006 or a later version, the undo port vlan-stacking all
command can be used to quickly delete all selective QinQ configurations from an
interface.
10.15.4 Can I Directly Delete Inner VLAN IDs from QinQ

Configuration?
● If the switch is running V100R005 or an earlier version, one or more inner
VLAN IDs in QinQ cannot be directly deleted. You must delete the current
selective QinQ configuration, and then reconfigure the inner VLAN IDs that
do not need to be deleted. For example, the port vlan-stacking vlan 10 to 20
stack-vlan 100 command is configured on the switch. To delete inner VLAN
15, perform the following operations:
a. Run the undo port vlan-stacking vlan 10 to 20 stack-vlan 100
command to delete the current selective QinQ configuration.
b. Run the port vlan-stacking vlan 10 to 14 stack-vlan 100 and port vlan-
stacking vlan 16 to 20 stack-vlan 100 commands to reconfigure the
inner VLAN IDs that do not need to be deleted.
● If the switch is running a version later than V100R005, one or more inner
VLAN IDs in QinQ can be directly deleted.
10.15.5 Can the Switch Add Double VLAN Tags to Untagged

Packets?
The switch running V200R003 and a later version can add double VLAN tags to
untagged packets, but the S5700EI and S5700SI do not support this function.
10.15.6 Which Tag Does the TPID Configured by the qinq

protocol Command Match?
The TPID configured by the qinq protocol command matches only the outer tag.
10.15.7 Which VLAN Does the Interface Enabled with VLAN

Mapping or QinQ Obtain Through MAC Address Learning?
The VLAN mapping or QinQ implementation is prior to the MAC address learning.
Thus, after the VLAN mapping or QinQ implementation, the interface obtains the
outer VLAN ID through MAC address learning.

01-10 QinQ Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-10 QinQ Configuration

Uploaded by

Copyright:

Available Formats

S1720, S2700, S5700, and S6720 Series Ethernet

About This Chapter

This chapter describes how to configure 802.1Q-in-802.1Q (QinQ).

10.1 Overview of QinQ

10.1 Overview of QinQ

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 456

QinQ was originally developed to expand VLAN space by adding an additional

10.2 Understanding QinQ

10.2.1 QinQ Fundamentals

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 457

Figure 10-1 Typical QinQ application

CE2 CE3 CE4

PE1 Pubilc PE2

VLAN 1~10 VLAN 1~20

As shown in Figure 10-1, customer network A is divided into private VLANs 1 to

QinQ Packet Encapsulation Format

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 458

Figure 10-2 802.1Q encapsulation

DA SA 802.1Q TAG 802.1Q TAG LEN/ETYPE DATA FCS

TPID Priority CFI VLAN ID

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 459

This encapsulation mode is also called QinQ tunneling. It encapsulates

10.2.2 Basic QinQ

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 460

Figure 10-3 Networking diagram of QinQ tunneling

VLAN2 VLAN500 VLAN1000 VLAN2000 VLAN100 VLAN500

Department 1 Department 2 Department 1

Table 10-1 VLAN plan for Department 1 and Department 2

Department 2 500 to 4094 20

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 461

10.2.3 Selective QinQ

As shown in Figure 10-4, Department 1 and Department 2 have multiple offices.

Figure 10-4 Networking diagram of selective QinQ

VLAN1000 VLAN4094 VLAN500 VLAN2500

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 462

Table 10-2 VLAN plan for Department 1 and Department 2

PE1 Port1 2 to 500 10

Port1 1000 to 2000 20

Port2 100 to 500 10

PE2 Port1 1000 to 4094 20

Port2 500 to 2500 20

● Department 1 uses VLANs 2 to 500.

10.2.4 VLAN Stacking on a VLANIF Interface

Figure 10-5 Networking diagram of VLAN stacking on a VLANIF interface

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 463

Figure 10-6 802.1Q encapsulation

TPID 2 Bytes TCI 2 Bytes

0X8100 Priority CFI VLAN ID

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 464

Table 10-3 Protocol types and values

Protocol Type Value

10.2.6 QinQ Mapping

QinQ mapping is generally deployed on edge devices of a metro Ethernet and

Currently, the device supports the following QinQ mapping modes:

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 465

When a sub-interface receives a single-tagged packet, it maps the VLAN tag

Figure 10-7 QinQ mapping

As shown in Figure 10-7, 1-to-1 QinQ mapping is configured on GE0/0/1.1

Comparison Between QinQ Mapping and VLAN Mapping

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 466

Table 10-4 Comparison between QinQ mapping and VLAN mapping

1-to-1 The interface maps the ● QinQ mapping is performed on sub-

2-to-1 The interface maps the ● QinQ mapping is performed on sub-

10.3 Application Scenarios for QinQ