01-07 VLAN Mapping Configuration

CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 7 VLAN Mapping Configuration
7 VLAN Mapping Configuration
This chapter describes how to configure VLAN mapping. VLAN mapping

technology changes VLAN tags in packets to implement the mapping between
different VLANs.
7.1 Overview of VLAN Mapping

7.2 Understanding VLAN Mapping
7.3 Application Scenarios for VLAN Mapping
7.4 Licensing Requirements and Limitations for VLAN Mapping
7.5 Configuring VLAN Mapping
7.6 Configuration Examples for VLAN Mapping
7.1 Overview of VLAN Mapping
Definition
VLAN mapping technology changes VLAN tags in packets to implement the
mapping between different VLANs.
Purpose
In some scenarios, two Layer 2 user networks in the same VLAN are connected
through the backbone network. To implement Layer 2 connectivity between users
and deploy Layer 2 protocols such as MSTP uniformly, the two user networks need
to seamlessly interwork with each other. In this case, the backbone network needs
to transmit VLAN packets from the user networks. Generally, VLAN plan on the
backbone network and user network is different, so the backbone network cannot
directly transmit VLAN packets from a user network.
One method is to configure a Layer 2 tunneling technology such as QinQ or VPLS
to encapsulate VLAN packets into packets on the backbone network so that VLAN
packets are transparently transmitted. However, this method increases extra cost
because packets are encapsulated. In addition, Layer 2 tunneling technology may
not support transparent transmission of packets of some protocol packets. The
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 398

Switches
other method is to configure VLAN mapping. When VLAN packets from a user
network enter the backbone network, an edge device on the backbone network
changes the C-VLAN ID to the S-VLAN ID. After the packets are transmitted to the
other side, the edge device changes the S-VLAN ID to the C-VLAN ID. This method
implements seamless interworking between two user networks.
VLAN IDs in two directly connected Layer 2 networks are different because of
different plans. The user needs to manage the two networks as a single Layer 2
network. For example, Layer 2 connectivity and Layer 2 protocols need to be
deployed uniformly. VLAN mapping can be configured on the switch connecting
the two user networks to map VLAN IDs on the two user networks. This
implements Layer 2 connectivity and uniform management.
7.2 Understanding VLAN Mapping
Basic Principles
After receiving a tagged packet, the switch determines to replace a single tag,
double tags, or the outer tag in double tags based on the VLAN mapping mode.
Then the switch learns the MAC addresses contained in the packet. Based on the
source MAC address and mapped VLAN ID, the switch updates the MAC address
entries in the VLAN mapping table. Based on the destination MAC address and the
mapped VLAN ID, the switch searches for the MAC address entries. If the
destination MAC address matches no entry, the switch broadcasts the packet in
the specified VLAN; if the destination MAC address matches an entry, the switch
forwards the packet through the corresponding outbound interface.
As shown in Figure 7-1, VLAN mapping between VLAN 2 and VLAN 3 is
configured on Interface1. Before sending packets from VLAN 2 to VLAN 3,
Interface1 replaces the VLAN tags with VLAN 3 tags. When receiving packets from
VLAN 3, Interface1 replaces the VLAN tags with VLAN 2 tags. Then packets are
forwarded according to the Layer 2 forwarding process. This implements
communication between devices in VLAN 2 and VLAN 3.

Switches
Figure 7-1 VLAN mapping

VLAN2 VLAN3
2 3
Interface1
3
SwitchA SwitchB
2 3
2 3
172.16.0.1/16 172.16.0.7/16
NOTE
If devices in two VLANs need to communicate through VLAN mapping, the IP addresses of
these devices must be on the same network segment. If IP addresses of these devices are
on different network segments, communication between devices is implemented through
Layer 3 routes. In this case, VLAN mapping is invalid.
Implementation Modes
The device supports VLAN-based and MQC-based VLAN mapping. There are three
VLAN-based VLAN mapping modes:
● 1 to 1 VLAN mapping
When an interface configured with VLAN mapping receives a single-tagged
packet, the interface maps the VLAN tag in the packet to a new VLAN tag.
When an interface configured with VLAN mapping receives a double-tagged
packet, the interface maps the outer tag of the packet to a specified tag and
transparently transmits the inner tag as the data.
When an interface configured with VLAN mapping receives a double-tagged
packet, the interface maps the inner and outer VLAN tags in the packet to
new inner and outer VLAN tags.
MQC-based VLAN mapping uses a traffic classifier to classify packets based on

VLAN IDs, associates the traffic classifier with a traffic behavior defining VLAN
mapping so that the device can re-mark the VLAN ID in packets matching the
traffic classifier. MQC-based VLAN mapping implements differentiated services.

Switches
7.3 Application Scenarios for VLAN Mapping
VLAN-based VLAN Mapping

As shown in Figure 7-2, on a data center network, a network administrator
deploys a new branch that is on the same network segment as the
headquarters. However, VLAN IDs in the new branch and headquarters are
inconsistent and VLAN deployment in the headquarters cannot be changed.
To implement communication between the new branch and headquarters,
configure 1 to 1 VLAN mapping on Switch2.
Figure 7-2 Networking of 1 to 1 VLAN mapping
Headqu
VLAN6
arters
Switch3
Switch2
Switch1
New branch
VLAN5
1 to 1 VLAN Mapping
As shown in Figure 7-3, on a data center network, the office server and
production server are deployed in the old branch, and the servers are
connected to the core network through the access and aggregation switches.
The network administrator deploys a new branch. To save VLAN resources
and isolate different services, configure QinQ on the aggregation switch. To
retain VLAN deployment of core switch Switch5, configure VLAN mapping on
Switch5.

Switches
Internet
Core Switch IP 501 2

IP 502 3
Switch5
IP 201 2
Switch3 Switch4
Aggregation Switch IP 201 3
Switch1 Switch2
Access Switch
Office Production Office Production 2 to 1 VLAN Mapping

service service service service
VLAN2 VLAN3 VLAN2 VLAN3
Old branch New branch
As shown in Figure 7-4, two branches of a data center are deployed in
different positions. To save VLAN resources and plan private VLAN IDs in the
data center, QinQ is used. That is, packets from branches to the ISP network
carry double tags. Because VLAN IDs in packets from branches are different
from the VLAN IDs allocated by the ISP network, user packets are discarded.
As a result, communication between branches is interrupted. Configure 2 to 2
VLAN mapping on Switch2 and Switch3 to map double tags on the branch
network to double tags on the ISP network so that branches can
communicate.

Switches
ISP
Switch2 outside tag:50 Switch3
inner tag:60
Switch1 Switch4
Branch 1 Branch 2
outside tag:100 outside tag:200
inner tag:10 inner tag:20
2 to 2 VLAN Mapping
MQC-based VLAN Mapping

As shown in Figure 7-5, on a data center network, servers store video and data
information. Users are classified into gold and silver users, and gold and silver
users belong to VLAN 200 and VLAN 300 respectively and access servers through
the enterprise backbone network. The enterprise backbone network allocates
VLAN 2 to gold users and VLAN 3 to silver users. Switch2 and Switch3 are edge
devices of the enterprise backbone network. VLAN IDs planned by the video and
data servers and enterprise backbone network are different. To ensure that gold
users can access the video server and silver users can access the data server,
configure MQC-based VLAN mapping on Switch2 and Switch3.
Figure 7-5 Networking of MQC-based VLAN mapping

VLAN200
Video server
VLAN200
Switch1 Switch2 Switch3 Switch4 Gold user
Enterprise backbone
network
Data server VLAN2 VLAN3
Silver user
VLAN Mapping VLAN300

VLAN300
Traffic direction
7.4 Licensing Requirements and Limitations for VLAN

Mapping
Involved Network Element

Other network elements are not required.

Switches
Licensing Requirements
VLAN mapping is a basic function of the switch, and as such is controlled by the
license for basic software functions. The license for basic software functions has
been loaded and activated before delivery. You do not need to manually activate
it.
Version Requirements
Table 7-1 Products and minimum version supporting VLAN mapping
Product Minimum Version Required
CE8860EI V100R006C00
CE8861EI/CE8868EI V200R005C10
CE8850-32CQ-EI V200R002C50
CE8850-64CQ-EI V200R005C00
CE7850EI V100R003C00
CE7855EI V200R001C00
CE6810EI V100R003C00
CE6810-48S4Q-LI/CE6810-48S- V100R003C10
LI
CE6810-32T16S4Q-LI/ V100R005C10
CE6810-24S2Q-LI
CE6850EI V100R003C00
CE6850-48S6Q-HI V100R005C00
CE6850-48T6Q-HI/CE6850U-HI/ V100R005C10
CE6851HI
CE6855HI V200R001C00
CE6856HI V200R002C50
CE6857EI V200R005C10
CE6860EI V200R002C50
CE6865EI V200R005C00
CE6870-24S6CQ-EI V200R001C00
CE6870-48S6CQ-EI V200R001C00
CE6870-48T6CQ-EI V200R002C50
CE6875-48S4CQ-EI V200R003C00
CE6880EI V200R002C50

Switches
Product Minimum Version Required
CE6881, CE6820, CE6863 V200R005C20
CE6881K V200R019C10
CE6881E V200R019C10
CE6863K V200R019C10
CE5810EI V100R003C00
CE5850EI V100R003C00
CE5850HI V100R003C00
CE5855EI V100R005C10
CE5880EI V200R005C10
CE5881 V200R020C00
NOTE
For details about the mapping between software versions and switch models, see the
Hardware Query Tool.
Feature Limitations
● VLAN-based VLAN mapping can only be configured on a trunk or hybrid
interface, and the interface must be added to the VLAN after mapping in
tagged mode.
● When an interface receives double-tagged packets, the TPID in the inner tag
must be 0x8100. Otherwise, mapping of the inner tag does not take effect.
● Before configuring VLAN-based VLAN mapping, do not enable TRILL on the
interface.
● If forwarding resources exceed the specifications, VLAN mapping can be
configured. However, after the device restarts, the invalid VLAN mapping
configuration may become valid and valid VLAN mapping configuration may
become invalid.
● If VLAN mapping is configured on an interface corresponding to the VLAN,
VBST negotiation for this VLAN will fail.
● For CE6870EI and CE6875EI, supports 1 to 1 VLAN mapping, and does not
support MQC-based VLAN Mapping.
● VLAN mapping cannot be used with IGMP or IGMP snooping.
● Starting from V200R003C00, for the CE6875EI and CE6870EI, when original
packets carry three VLAN tags and the device is configured with IPv6 VXLAN
and VLAN mapping, tags in forwarded packets are incorrect. Please deploy
VLAN mapping on the neighboring device.
● DHCP snooping can only be configured with 1-to-1 VLAN mapping.
● If a traffic classifier references an ACL rule that matches the outer VLAN ID
and the VLAN mapping function is configured:

Switches
– For the CE6870EI and CE6875EI: The translated VLAN ID after VLAN
mapping is matched in the inbound direction, and the original VLAN ID
before VLAN mapping is matched in the outbound direction.
– For other models: The translated VLAN ID after VLAN mapping is
matched in both the inbound and outbound directions.
● M-LAG cannot be configured together with VLAN Mapping or VLAN Stacking.
7.5 Configuring VLAN Mapping
7.5.1 Configuring VLAN-based VLAN Mapping
Context
VLAN mapping allows an interface to map the single VLAN tag, double VLAN
tags, or outer VLAN tag in double VLAN tags in received single-tagged or double-
tagged packets to the public VLAN tag or tags.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Configure the link type of the interface as trunk or hybrid.
NOTE
● VLAN mapping can only be configured on a trunk or hybrid interface. The interface
must be added to the VLAN after mapping in tagged mode.
● When 2 to 1 or 2 to 2 VLAN mapping is configured, the VLAN ID allowed by the
interface enabled with VLAN mapping must be the outer VLAN ID.
● On the CE5810EI, if remark-8021p 8021p-value is specified, 7.5.2 Configuring MQC-
based VLAN Mapping is recommended. Do not configure 2 to 1 or 2 to 2 VLAN
mapping in this situation.
Run either of the following commands as needed:

● Set the link type of the interface to trunk.
a. Run port link-type trunk
The link type of the interface is set to trunk.
b. Run port trunk allow-pass vlan { vlan-id1 [ to vlan-id2 ] } &<1-40>
The VLAN allowed by the interface configured with VLAN mapping is
specified. Here, the VLAN is the one after VLAN mapping.
● Set the link type of the interface to hybrid.
a. Run port link-type hybrid
The link type of the interface is set to hybrid.

Switches
b. Run port hybrid tagged vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The VLAN allowed by the interface configured with VLAN mapping is
specified. Here, the VLAN is the one after VLAN mapping.
Step 4 Configure VLAN mapping. (CE6870EI and CE6875EI only support 1 to 1 VLAN
mapping.)
Run the following command as required.
NOTE
If the trill enable command has been executed, delete the trill enable command
configuration before running the port vlan-mapping command.
● Configure 1 to 1 VLAN mapping.
Run port vlan-mapping vlan vlan-id1 map-vlan vlan-id3 [ remark-8021p
8021p-value ]
The interface is configured to map a single tag of packets to a specified tag.
Run port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 map-vlan vlan-id3
[ remark-8021p 8021p-value ]
The interface is configured to map the outer VLAN tag in double-tagged
packets to a specified tag and to transparently transmit the inner VLAN tag.
Run port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 map-vlan vlan-id3
map-inner-vlan vlan-id4 [ remark-8021p 8021p-value ]
The interface is configured to map double tags of packets to specified double
tags.
Step 5 Run commit
The configuration is committed.
----End
Verifying the Configuration

● Run the display vlan vlan-id command to check whether the interface is
added to the VLAN specified by the mapped public VLAN ID.
● Run the display current-configuration command to check the VLAN
mapping configuration on an interface.
7.5.2 Configuring MQC-based VLAN Mapping
Context
MQC-based VLAN mapping uses a traffic classifier to classify packets based on
VLAN IDs, associates the traffic classifier with a traffic behavior defining VLAN
mapping so that the device can re-mark the VLAN ID in packets matching the
traffic classifier.

Switches
NOTE
The CE6870EI and CE6875EI do not support this function.
Procedure
1. Configure a traffic classifier.
a. Run system-view
b. Run traffic classifier classifier-name [ type { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or
the view of an existing traffic classifier is displayed.
and is the logical operator between rules in a traffic classifier, which
means that:
▪ If a traffic classifier contains ACL rules, packets match the traffic

classifier only if they match one ACL rule and all the non-ACL rules.
▪ If a traffic classifier does not contain any ACL rules, packets match
the traffic classifier only if they match all the rules in the classifier.
The logical operator or means that packets match a traffic classifier if
they match one or more rules in the classifier.
By default, the relationship between rules in a traffic classifier is or.
c. Run if-match
Matching rules are defined for the traffic classifier.
For details about matching rules in a traffic classifier, see "Configuring a
Traffic Classifier" in "MQC Configuration" of the CloudEngine 8800, 7800,
6800, and 5800 Series Switches Configuration Guide - QoS Configuration
Guide.
d. Run commit
e. Run quit
Exit from the traffic behavior view.
2. Configure a traffic behavior.
a. Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed, or
the view of an existing traffic behavior is displayed.
b. Run vlan-mapping vlan vlan-id
The interface is configured to replace the outer VLAN tag in packets.
c. (Optional) Run vlan-mapping inner-vlan inner-vlan-id
The interface is configured to replace the inner VLAN tag in packets.
d. Run commit
e. Run quit
Exit from the traffic behavior view.

Switches
f. Run quit
Exit from the system view.
3. Configure a traffic policy.
a. Run system-view
b. Run traffic policy policy-name
A traffic policy is created and the traffic policy view is displayed, or the
view of an existing traffic policy is displayed.
c. Run classifier classifier-name behavior behavior-name [ precedence
precedence-value ]
A traffic behavior is bound to a traffic classifier in the traffic policy.
d. Run commit
e. Run quit
Exit from the traffic policy view.
f. Run quit
Exit from the system view.
4. Apply the traffic policy.
NOTE
● For details about the configuration guidelines of applying traffic policies in

different views on the CE switches excluding CE6870EI and CE6875EI, see Licensing
Requirements and Limitations for MQC (CE Switches Excluding the CE6870EI and
CE6875EI).
– Applying a traffic policy to an interface
i. Run system-view
ii. Run interface interface-type interface-number
The interface view is displayed.
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the interface.
iv. Run commit
– Applying a traffic policy to a VLAN
i. Run system-view
ii. Run vlan vlan-id
The VLAN view is displayed.
iii. Run traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the VLAN.
The system applies traffic policing to the packets that belong to the
VLAN and match traffic classification rules in the inbound or
outbound direction.

Switches
iv. Run commit

– Applying a traffic policy to the system
i. Run system-view
ii. Run traffic-policy policy-name global [ slot slot-id ] { inbound |
outbound }
A traffic policy is applied to the system.
iii. Run commit
– Applying a traffic policy to a QoS group
i. Run system-view
ii. Run qos group group-name
The QoS group view is displayed.
iii. Run the following commands as required:
○ Run the group-member interface { interface-type interface-
number1 [ to interface-type interface-number2 ] } &<1-8>
command to add interfaces to the QoS group.
○ Run the group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8>
command to add VLANs to the QoS group.
○ Run the group-member ip source ip-address { mask | mask-
length } command to add source IP addresses to the QoS group.
iv. Run traffic-policy policy-name [ inbound | outbound ]
A traffic policy is applied to the QoS group.
v. Run commit
– Applying a traffic policy to a BD
i. Run system-view
ii. Run bridge-domain bd-id
The BD view is displayed.
iii. Run traffic-policy policy-name outbound
A traffic policy is applied to the BD.
iv. Run commit
Verifying the Configuration

● Run the display traffic classifier [ classifier-name ] command to check the
traffic classifier configuration.
● Run the display traffic behavior [ behavior-name ] command to check the
traffic behavior configuration on the device.

Switches
● Run the display traffic policy [ policy-name [ classifier classifier-name ] ]

command to check the traffic policy configuration.
● Run the display traffic-policy applied-record [ policy-name ] [ global [ slot
slot-id ] | interface interface-type interface-number | vlan vlan-id | vpn-
instance vpn-instance-name | qos group group-id | bridge-domain bd-id ]
[ inbound | outbound ] command to check the application records of a
specified traffic policy.
NOTE
The CE6810LI does not support the vpn-instance vpn-instance-name parameter.

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, CE6810EI, and CE6850EI do
not support the bridge-domain bd-id command.
● Run the display system tcam fail-record [ slot slot-id ] command to display
TCAM delivery failures.
● Run the display system tcam service brief [ slot slot-id ] command to
display the group index and rule count occupied by different services.
● Run the display system tcam service { cpcar slot slot-id | service-name slot
slot-id [ chip chip-id ] } command to display IDs of entries delivered by
services on the specified chip or in the specified slot.
● Run one of the following commands to display data of a traffic policy that
has been applied:
– display system tcam service traffic-policy { global | vlan vlan-id |
interface interface-type interface-number | vpn-instance vpn-instance-
name | qos group group-id | bridge-domain bd-id } policy-name
{ inbound | outbound } [ slot slot-id [ chip chip-id ] ]
NOTE
The CE6810LI does not support the vpn-instance vpn-instance-name parameter.

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, CE6810EI, and CE6850EI
do not support the bridge-domain bd-id command.
– display system tcam service traffic-policy slot slot-id policy-name
{ inbound | outbound } [ chip chip-id ]
● (For the CE6870EI and CE6875EI) Run the display system tcam match-rules
slot slot-id [ [ ingress | egress | group group-id ] | [ chip chip-id ] ] *
command to display matched entries.
7.6 Configuration Examples for VLAN Mapping

This section only provides configuration examples for individual features. For
details about multi-feature configuration examples, feature-specific configuration
examples, interoperation examples, protocol or hardware replacement examples,
and industry application examples, see the Typical Configuration Examples.

Switches
7.6.1 Example for Configuring VLAN-based 1 to 1 VLAN

Mapping
Networking Requirements
As shown in Figure 7-6, on a data center network, as services increase, the
network administrator plans a new branch that belongs to VLAN 5. The
headquarters belongs to VLAN 6, and the headquarters and branch belong to the
same network segment. The new branch needs to communicate with the
headquarters.
Figure 7-6 Networking for configuring 1 to 1 VLAN mapping

VLAN6
Headqu
Server3 Server4
arters
Switch3
10GE1/0/1
10GE1/0/2
Switch2
10GE1/0/1
10GE1/0/3
Switch1
10GE1/0/1 10GE1/0/2
New branch
VLAN5
Server1 Server2
1 to 1 VLAN Mapping
Configuration Roadmap
The configuration roadmap is as follows:
1. Add the downlink interface on Switch1 connected to the new branch to VLAN
5.
2. Configure 1 to 1 VLAN mapping on Switch2 to implement communication
between the new branch and headquarters.

Switches
Procedure
Step 1 Add the downlink interface on Switch1 to VLAN 5 and configure the uplink
interfaces to allow the VLAN5.
<HUAWEI> system-view
[~HUAWEI] sysname Switch1
[*HUAWEI] commit
[~Switch1] vlan 5
[*Switch1-vlan5] quit
[*Switch1] interface 10ge 1/0/1
[*Switch1-10GE1/0/1] port default vlan 5
[*Switch1-10GE1/0/1] quit
[*Switch1-10GE1/0/3] port link-type trunk
[*Switch1-10GE1/0/3] port trunk allow-pass vlan 5
[*Switch1] commit
Step 2 Configure VLAN mapping on Switch2.

[*HUAWEI] commit
[~Switch2] vlan 6
[*Switch2-10GE1/0/1] port vlan-mapping vlan 5 map-vlan 6
[*Switch2] commit
Step 3 Configure Layer 2 forwarding on Swicth3.

[*HUAWEI] commit
[~Switch3] vlan 6
[*Switch3] commit
Step 4 Verify the configuration.

Configure servers in the new branch and headquarters on the same network
segment. For example, configure IP addresses 172.16.0.1/16 and 172.16.0.7/16 for
servers in the new branch and headquarters respectively so that the new branch
can communication with the headquarters. This example pings Server3 in the
headquarters from Server1 in the new branch.
<Server1> ping 172.16.0.7
Pinging 172.16.0.7 with 32 bytes of data:
Reply from 172.16.0.7: bytes=32 time<1ms TTL=128
Ping statistics for 172.16.0.7:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Switches
Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms
----End
Configuration Files
● Configuration file of Switch1
#
sysname Switch1
#
vlan batch 5
#
interface 10GE1/0/1
port default vlan 5
#
interface 10GE1/0/2
port default vlan 5
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
return
#
sysname Switch2
#
vlan batch 6
#
interface 10GE1/0/1
port vlan-mapping vlan 5 map-vlan 6
#
interface 10GE1/0/2
#
return
#
sysname Switch3
#
vlan batch 6
#
interface 10GE1/0/1
#
return

Mapping
As shown in Figure 7-7, on a data center network, the office server and
production server in the old branch belong to VLAN 2 and VLAN 3 respectively,
and the servers are connected to the core network through the access and
aggregation switches. The network administrator plans a new branch. The office
server and production server belong to VLAN 2 and VLAN 3 respectively. Devices

Switches
transmitting the same service on old and new branches are located on the same
network segment. To ensure that the same servers can communicate and different
servers are isolated, and save VLAN resources, configure QinQ on aggregation
switches. To retain VLAN deployment of core switch, configure VLAN mapping on
the core switch.
Internet
10GE1/0/3
Core Switch MAC 501 2
10GE1/0/2 10GE1/0/1 MAC 502 3
Switch5
10GE1/0/2 10GE1/0/2 MAC 201 2

Switch3 Aggregation Switch4
Switch MAC 201 3
10GE1/0/1 10GE1/0/1
10GE1/0/3 10GE1/0/3
Switch1 Switch2
Access Switch
10GE1/0/1 10GE1/0/2 10GE1/0/1 10GE1/0/2
Office Production Office Production

service service service service
server1 server3 server2 server4
VLAN2 VLAN3 VLAN2 VLAN3
2 to 1 VLAN Mapping
1. Add interfaces on Switch1 and Switch2 connected to servers to VLANs.
2. Deploy QinQ on Switch3 and Switch4 to save VLAN resources.
3. Configure 2 to 1 VLAN mapping on Switch5 so that the same service can be
transmitted and different services are isolated in old and new branches.

Switches
Procedure
Step 1 Add downlink interfaces on Switch1 and Switch2 to VLANs and configure the
uplink interfaces to allow the VLANs.
# Configure Switch1.
[*HUAWEI] commit
[~Switch1] vlan batch 2 3
[*Switch1-10GE1/0/3] port trunk allow-pass vlan 2 3
[*Switch1] commit
[*HUAWEI] commit
[*Switch2] commit
Step 2 Configure QinQ on Switch3 and Switch4.

# Configure the type of 10GE1/0/1 on Switch3 as QinQ and the outer VLAN tag as
VLAN 201.
[*HUAWEI] commit
[~Switch3] vlan batch 201
[*Switch3-10GE1/0/1] port link-type dot1q-tunnel
[*Switch3] commit
VLAN 201.
[*HUAWEI] commit

Switches

[*Switch4] commit
Step 3 Configure VLAN mapping on Switch5.

[*HUAWEI] commit
[*Switch5-10GE1/0/1] port vlan-mapping vlan 201 inner-vlan 2 map-vlan 501
[*Switch5] commit

● Configure office server Server1 in the new branch and office server Server2 in
the old branch on the same network segment. For example, configure IP
addresses 172.16.0.1/24 and 172.16.0.2/24 for Server1 and Server2
respectively.
● Configure production server Server3 in the new branch and production server
Server4 in the old branch on the same network segment. For example,
configure IP addresses 172.16.1.1/24 and 172.16.1.2/24 for Server3 and
Server4 respectively.
Server1 and Server2, and Server 3 and Server 4 can communicate, and Server1
and Server2 are isolated from Server3 and Server4.
This example pings Server2 in the old branch from Server1 in the new branch.

This example pings Server4 in the old branch from Server1 in the new branch.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Switches

----End
Configuration Files
#
sysname Switch1
#
vlan batch 2 to 3
#
interface 10GE1/0/1
port default vlan 2
#
interface 10GE1/0/2
port default vlan 3
#
interface 10GE1/0/3
port trunk allow-pass vlan 2 to 3
#
return

#
sysname Switch2
#
vlan batch 2 to 3
#
interface 10GE1/0/1
port default vlan 2
#
interface 10GE1/0/2
port default vlan 3
#
interface 10GE1/0/3
#
return

#
sysname Switch3
#
vlan batch 201
#
interface 10GE1/0/1
port link-type dot1q-tunnel
port default vlan 201
#
interface 10GE1/0/2
#
return

#
sysname Switch4
#
vlan batch 201
#
interface 10GE1/0/1

Switches

#
interface 10GE1/0/2
#
return

#
sysname Switch5
#
vlan batch 501 to 502
#
interface 10GE1/0/1
port vlan-mapping vlan 201 inner-vlan 2 map-vlan 501
#
interface 10GE1/0/2
#
interface 10GE1/0/3
#
return

Mapping
As shown in Figure 7-8, two branches of a data center are deployed in different
positions and located on the same network segment. To plan private VLAN IDs in
the data center, QinQ is used. That is, packets from Switch2 to the ISP network
carry double tags. Because the two VLAN IDs are different from VLAN IDs on the
ISP network, packets from branches cannot pass through the ISP network. As a
result, branches cannot communicate. It is required that branches 1 and 2
communicate.

Switches

10GE1/0/2 10GE1/0/2
ISP
Switch3 outside tag:50 Switch4
inner tag:60
10GE1/0/1 10GE1/0/1
10GE1/0/2 10GE1/0/2
Switch2 Switch5
10GE1/0/1 10GE1/0/1
10GE1/0/2 10GE1/0/2
Switch1 Switch6
10GE1/0/1 10GE1/0/1
Branch1 Branch2
Server1 Server2
VLAN 10 VLAN 30
2 to 2 VLAN Mapping
1. Add the downlink interface on Switch1 connected to branch 1 to VLAN 10 and
downlink interface on Switch6 connected to branch 2 to VLAN 30.
2. Configure QinQ on Switch2 and Switch5 so that packets sent to the ISP
network carry double tags.
3. Deploy 2 to 2 VLAN mapping on Switch3 and Switch4 to map inner and outer
VLAN IDs of packets to VLAN IDs allowed by the ISP network so that
branches can communicate.
Procedure
Step 1 Add downlink interfaces on Switch1 and Switch6 to VLANs and configure the
uplink interfaces to allow the VLANs.
[*HUAWEI] commit
[~Switch1] vlan 10

Switches

[*Switch1] commit
[*HUAWEI] commit
[~Switch6] vlan 30
[*Switch6] commit
Step 2 Configure QinQ on Switch2 and Switch5 so that packets sent to the ISP network
carry double tags.
VLAN 20.
[*HUAWEI] commit
[~Switch2] vlan 20
[*Switch2] commit
VLAN 40.
[*HUAWEI] commit
[~Switch5] vlan 40
[*Switch5] commit
Step 3 Configure VLAN mapping on Switch3 and Switch4.

[*HUAWEI] commit

Switches

[*Switch3-10GE1/0/1] port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan 60
[*Switch3] commit
[*HUAWEI] commit
[*Switch4-10GE1/0/1] port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan 60
[*Switch4] commit

Configure Server1 in branch 1 and Server2 in branch 2 on the same network
segment. For example, configure IP addresses 172.16.0.5/16 and 172.16.0.6/16 for
Server1 and Server2 respectively so that branch 1 can communication with branch
2. This example pings Server2 in branch 2 from Server1 in branch 1.

----End
Configuration Files
#
sysname Switch1
#
vlan batch 10
#
interface 10GE1/0/1
#
interface 10GE1/0/2
#
return

#
sysname Switch2

Switches
#
vlan batch 20
#
interface 10GE1/0/1
#
interface 10GE1/0/2
#
return

#
sysname Switch3
#
vlan batch 50
#
interface 10GE1/0/1
port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan 60
#
interface 10GE1/0/2
#
return

#
sysname Switch4
#
vlan batch 50
#
interface 10GE1/0/1
port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan 60
#
interface 10GE1/0/2
#
return

#
sysname Switch5
#
vlan batch 40
#
interface 10GE1/0/1
#
interface 10GE1/0/2
#
return

#
sysname Switch6
#
vlan batch 30
#

Switches
interface 10GE1/0/1
#
interface 10GE1/0/2
#
return
7.6.4 Example for Configuring MQC-based VLAN Mapping
As shown in Figure 7-9, on a data center network, servers store video and data
information. Users are classified into gold and silver users, and gold and silver
users belong to VLAN 200 and VLAN 300 respectively and access servers through
the enterprise backbone network. The enterprise backbone network allocates
VLAN 2 to gold users and VLAN 3 to silver users. Switch2 and Switch3 are edge
devices of the enterprise backbone network. VLAN IDs planned by the video and
data servers and enterprise backbone network are different. To ensure that gold
users can access the video server and silver users can access the data server,
configure MQC-based VLAN mapping on Switch2 and Switch3.
Figure 7-9 Networking for configuring MQC-based VLAN mapping

VLAN200
Video server
VLAN200
10
/2 Gold user
G
Switch1 Switch2 Switch3 Switch4 1/0

E1
GE
/0
10GE1/0/1 Enterpris backbone 10GE1/0/1 0

/2
1
network
VLAN2 VLAN3 10
Data server /3
/0 10GE1/0/1 10GE1/0/2 10GE1/0/2 10GE1/0/1 GE1/0/3
E1
10G Silver user
VLAN Mapping VLAN300

VLAN300
Traffic direction
1. Create VLAN 2 and VLAN 3 on Switch2 and Switch3.

2. Configure traffic classifiers, traffic behaviors, and traffic policies on Switch2
and Switch3.
3. Configure types of interfaces on Switch2 and Switch3, and add the interfaces
to corresponding VLANs.
4. Apply MQC to interfaces on Switch2 and Switch3 to implement VLAN
mapping.

Switches
Procedure
Step 1 Create VLANs.
# Create VLAN 200 and VLAN 300 on Switch1 and add interfaces connected to
servers to VLANs.
[*HUAWEI] commit
[*Switch1] commit
# Create VLAN 200 and VLAN 300 on Switch4 and add interfaces connected to
users to VLAN 200 and VLAN 300. The configuration of Switch1 is similar to the
configuration of Switch4, and the configuration details are not mentioned here.
# On Switch2, create VLAN 2 and VLAN 3.
[*HUAWEI] commit
[*Switch2] commit
# On Switch3, create VLAN 2 and VLAN 3.

[*HUAWEI] commit
[*Switch3] commit
Step 2 Configure traffic classifiers, traffic behaviors, and traffic policies on Switch2 and
Switch3.
# Configure traffic classifiers, traffic behaviors, and traffic policies on Switch2.
[~Switch2] traffic classifier name1
[*Switch2-classifier-name1] if-match vlan 200
[*Switch2-classifier-name1] quit
[*Switch2] traffic behavior name1
[*Switch2-behavior-name1] vlan-mapping vlan 2
[*Switch2-behavior-name1] quit
[*Switch2] traffic classifier name2
[*Switch2] traffic policy name1
[*Switch2-trafficpolicy-name1] classifier name1 behavior name1
[*Switch2-trafficpolicy-name1] quit
[*Switch2] commit
# Configure traffic classifiers, traffic behaviors, and traffic policies on Switch3.

[~Switch3] traffic classifier name1

Switches

[*Switch3] traffic classifier name2
[*Switch3] traffic policy name1
[*Switch3-trafficpolicy-name1] quit
[*Switch3] commit
Step 3 Apply traffic policies to interfaces to implement VLAN mapping.
# Configure 10GE1/0/1 on Switch2.

[~Switch2] interface 10ge 1/0/1
[*Switch2-10GE1/0/1] traffic-policy name1 inbound
[*Switch2] commit
# Configure 10GE1/0/2 on Switch3.

[*Switch3-10GE1/0/2] traffic-policy name1 inbound
[*Switch3] commit
Step 4 Configure other interfaces.
# Add 10GE1/0/1 on Switch1 to VLAN 200 and VLAN 300. The configuration of
10GE1/0/1 on Switch4 is similar to the configuration of Switch1, and the
configuration details are not mentioned here.
[*Switch1] commit
After the preceding configuration is complete, gold users can access the video
server and silver users can access the data server.
----End
Configuration Files
#
sysname Switch1
#
vlan batch 200 300
#
interface 10GE1/0/1
port trunk allow-pass vlan 200 300
#
interface 10GE1/0/2
#
interface 10GE1/0/3

Switches
#
return
#
sysname Switch2
#
vlan batch 2 to 3
#
traffic classifier name1 type or
if-match vlan 200
#
if-match vlan 300
#
traffic behavior name1
vlan-mapping vlan 2
#
vlan-mapping vlan 3
#
traffic policy name1
classifier name1 behavior name1 precedence 5
#
interface 10GE1/0/1
traffic-policy name1 inbound
#
return
#
sysname Switch3
#
vlan batch 2 to 3
#
if-match vlan 2
#
if-match vlan 3
#
vlan-mapping vlan 200
#
vlan-mapping vlan 300
#
traffic policy name1
#
interface 10GE1/0/2
traffic-policy name1 inbound
#
return
#
sysname Switch4
#
vlan batch 200 300
#
interface 10GE1/0/1
port trunk allow-pass vlan 200 300
#
interface 10GE1/0/2
#

Switches
interface 10GE1/0/3
#
return

01-07 VLAN Mapping Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-07 VLAN Mapping Configuration

Uploaded by

Copyright:

Available Formats

CloudEngine 8800, 7800, 6800, and 5800 Series

7 VLAN Mapping Configuration

This chapter describes how to configure VLAN mapping. VLAN mapping

7.1 Overview of VLAN Mapping

7.1 Overview of VLAN Mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 398

7.2 Understanding VLAN Mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 399

Figure 7-1 VLAN mapping

MQC-based VLAN mapping uses a traffic classifier to classify packets based on

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 400

7.3 Application Scenarios for VLAN Mapping

VLAN-based VLAN Mapping

Figure 7-2 Networking of 1 to 1 VLAN mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 401

Figure 7-3 Networking of 2 to 1 VLAN mapping

Core Switch IP 501 2

Office Production Office Production 2 to 1 VLAN Mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 402

Figure 7-4 Networking of 2 to 2 VLAN mapping

MQC-based VLAN Mapping

Figure 7-5 Networking of MQC-based VLAN mapping

Switch1 Switch2 Switch3 Switch4 Gold user

VLAN Mapping VLAN300

7.4 Licensing Requirements and Limitations for VLAN

Involved Network Element

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 403

Table 7-1 Products and minimum version supporting VLAN mapping

Product Minimum Version Required

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 404

Product Minimum Version Required

CE6881, CE6820, CE6863 V200R005C20

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 405

7.5 Configuring VLAN Mapping

7.5.1 Configuring VLAN-based VLAN Mapping

Run either of the following commands as needed:

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 406

b. Run port hybrid tagged vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

Run the following command as required.

Step 5 Run commit

The configuration is committed.

Verifying the Configuration

7.5.2 Configuring MQC-based VLAN Mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 407

The CE6870EI and CE6875EI do not support this function.

▪ If a traffic classifier contains ACL rules, packets match the traffic

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 408

● For details about the configuration guidelines of applying traffic policies in

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 409

iv. Run commit

Verifying the Configuration

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 410

● Run the display traffic policy [ policy-name [ classifier classifier-name ] ]

The CE6810LI does not support the vpn-instance vpn-instance-name parameter.

The CE6810LI does not support the vpn-instance vpn-instance-name parameter.

7.6 Configuration Examples for VLAN Mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 411

7.6.1 Example for Configuring VLAN-based 1 to 1 VLAN

Figure 7-6 Networking for configuring 1 to 1 VLAN mapping

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 412

Step 2 Configure VLAN mapping on Switch2.

Step 3 Configure Layer 2 forwarding on Swicth3.

Step 4 Verify the configuration.

Ping statistics for 172.16.0.7: