ODL010024 QinQ Laboratory Exercise Guide ISSUE 1.

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

Contents

Contents
About This Test .................................................................................................................................1 Test Instructions...........................................................................................................................1 Version Introduction .....................................................................................................................1 Test Objectives ............................................................................................................................1 Test Tasks ...................................................................................................................................1 Relevant Materials .......................................................................................................................1 Chapter 1 QinQ VLAN-VPN Tunnel Configuration Guide ..............................................................2 1.1 Networking and Service Description ......................................................................................2 1.2 Command Line List ................................................................................................................2 1.3 Configuration flow ..................................................................................................................3 1.4 Configuration procedure ........................................................................................................3 1.5 Result Verification ..................................................................................................................4 1.6 Configuration Reference ........................................................................................................5 1.6.1 Switch A configuration.................................................................................................5 1.6.2 Switch B configuration.................................................................................................5 1.6.3 Switch C / S8500A Configuration ................................................................................6 1.6.4 Switch D / S8500B Configuration ................................................................................7

Confidential Information of Huawei. No Spreading without Permission

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

About This Test

Test Instructions
This test introduces the specific implementation and application of QinQ from the operation aspect. This course covers VLAN-VPN Tunnel application configurations and processes for QinQ

Version Introduction
This Guide is applicable to VRP versions 3.10, RELEASE 1270

Test Objectives
To get familiar with the basic configurations and basic principles for QinQ. To get familiar with information monitor of QinQ To grasp troubleshooting for QinQ

Test Tasks
Configure QinQ VLAN-VPN Tunnel

Relevant Materials
Quidway S8500 Routing Switch Operation and Maintains Manual Quidway S8500 Routing Switch Command Manual

Confidential Information of Huawei. No Spreading without Permission

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

Chapter 1 QinQ VLAN-VPN Tunnel Configuration Guide

1.1 Networking and Service Description
Switch C Switch D

E 4/1/1

E 4/1/48 E 4/1/48

E 4/1/1

Switch A
E 1/0/24 E 1/0/1

S8500A

S8500B

E 1/0/24 E 1/0/1

Figure 1-1 Networking diagram for QinQ hands-on In this test, this is a typical network topology for VLAN-VPN application. Switch A and Switch B belong to the same VPN custom. Configuring VLAN-VPN Tunnel to realize transferring user data and user BPDU packets transparently between custom network and ISP network. The two S8500 switches are used as ISP access equipments, realize VPN-VPN Tunnel, in the topology, the two S8500 are Switch C, Switch D; S3000 are used as custom network access equipments, are Switch A, Switch B.

1.2 Command Line List

Table 1-1

Operation
Enable VLAN VPN on a port Enable VLAN-VPN TUNNEL in the system view Set outer VLAN tags for the packets matching the ACL rules

Version
VRP 3.10 VRP 3.10 VRP 3.10

Command
vlan-vpn enable vlan-vpn tunnel traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] { nested-vlan nested-vlanid | modified-vlan modified-vlanid }

Huawei

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Modify outer VLAN tags for the packets matching the ACL flow rules VRP 3.10 traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] modified-vlan modified-vlanid

1.3 Configuration flow

Configure regular VLAN and STP in Custom Switch

Configure regular VLAN and STP in S8500

Enable vlan-vpn tunnel and vlan-vpn in S8500

Figure 1-2 vlan-vpnTunnel Configuration flow

1.4 Configuration procedure

1) Custom switch configuration

In the custom switch, Switch A and Switch B, create 2 private VLANs, VLAN 100 and 200, enable STP, the uplink port which connect to S8500 need to be encapsulated to Trunk port. 2) S8500 basic configuration

In the ISP switch, Switch C and Switch D, create a public VLAN 10 to encapsulate private VLAN, add the port which connect to S3000 to this public VLAN, and encapsulate the ports which connect two S8500 to trunk port 3) S8500 VLAN-VPN Tunnel configuration

In the system view, enable VLAN-VPN Tunnel, and in the port view, enable VLAN-VPN in the downlink port which connect to Switch A or Switch B, and disenable STP in these ports.

Huawei.

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

1.5 Result Verification

1) After the configuration VLAN-VPN Tunnel, verify whether can ping through between Switch A and Switch B, the result is that the PCs in the same VLAN can communicate with each other, different VLANs can not ping though.

C:\Documents and Settings\Administrator>ping 10.1.1.2

Pinging 10.1.1.2 with 32 bytes of data: Reply Reply Reply Reply from from from from 10.1.1.2: 10.1.1.2: 10.1.1.2: 10.1.1.2: bytes=32 bytes=32 bytes=32 bytes=32 time<1ms time<1ms time<1ms time<1ms TTL=128 TTL=128 TTL=128 TTL=128

Ping statistics for 10.1.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

2)

Monitor the VLAN tag in the S8500, the result is S8500 only dispose the outer VLAN Tag. [S8505A]display mac-address
MAC ADDR VLAN ID TIME(s) 0014-220b-7768 10 00e0-fc09-bcf9 10 0014-2247-182d 10 000f-e207-f2e0 10 000f-e207-f2e0 1 --STATE Learned Learned Learned Learned Learned --PORT INDEX Ethernet4/1/1 Ethernet4/1/1 Ethernet4/1/48 Ethernet4/1/48 Ethernet4/1/48 AGING AGING AGING AGING AGING AGING

5 mac address(es) found

3)

Monitor the STP information in the custom switch, Switch A and Switch B. [SW1]display stp
-------[CIST Global CIST Bridge Bridge Times CIST Root/ERPC CIST RegRoot/IRPC CIST RootPortId BPDU-Protection TC or TCN received Time since last TC [SW2]display stp -------[CIST Global CIST Bridge Bridge Times CIST Root/ERPC CIST RegRoot/IRPC CIST RootPortId BPDU-Protection TC or TCN received Time since last TC Info][Mode RSTP]------:32768.00e0-fc58-274a :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 :32768.000f-e212-fb4b / 199999 :32768.00e0-fc58-274a / 0 :128.24 :disabled :1 :0 days 0h:13m:41s

Info][Mode RSTP]------:32768.000f-e212-fb4b :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 :32768.000f-e212-fb4b / 0 :32768.000f-e212-fb4b / 0 :0.0 :disabled :0 :0 days 0h:48m:28s

From the result, we can see, spanning public ISP network, Switch A and Switch B can transfer private BPDU packets transparently, then calculate STP. In this case, Switch B of MAC000f-e212-fb4b is elected as Root Bridge.

Huawei

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

1.6 Configuration Reference

1.6.1 Switch A configuration
[SW1]display current-configuration # local-server nas-ip 127.0.0.1 key huawei # domain default enable system # queue-scheduler wrr 1 2 3 4 5 9 13 15 # radius scheme system # domain system # stp mode rstp stp enable # vlan 1 # vlan 100 // Create 2 private VLAN,100 and 200 # vlan 200 # interface Aux1/0/0 # interface Ethernet1/0/1 port access vlan 100 # interface Ethernet1/0/2 port access vlan 200 # interface Ethernet1/0/3 # # interface Ethernet1/0/24 //Encapsulate TRUNK permit VLAN 100 200 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 100 200 # interface GigabitEthernet1/1/1 # interface GigabitEthernet1/1/2 # interface GigabitEthernet1/1/3 # interface GigabitEthernet1/1/4 # sysname SW1 undo irf-fabric authentication-mode # interface NULL0 # user-interface aux 0 7 user-interface vty 0 4 # return

1.6.2 Switch B configuration

Switch B configuration Is the same as Switch A configuration

Huawei.

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

1.6.3 Switch C / S8500A Configuration

<S8505A>display current-configuration # config-version S8500-VRP310-r1270 # sysname S8505A # local-server nas-ip 127.0.0.1 key huawei # Xbar load-single # router route-limit 128K router VRF-limit 256 # temperature-limit 2 10 65 temperature-limit 4 10 65 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain # domain system scheme radius-scheme system vlan-assignment-mode integer access-limit disable state active idle-cut disable self-service-url disable domain default enable system # stp enable # vlan 1 # vlan 10 //Create public VLAN 10 # interface Aux0/0/1 # interface M-Ethernet0/0/0 # interface Ethernet4/1/1 //Disenable port STP enable VLAN-VPN stp disable port access vlan 10 vlan-vpn enable # interface Ethernet4/1/2 # # interface Ethernet4/1/48 //Encapsulate Trunk to S8500 interlink port port link-type trunk port trunk permit vlan all # # interface NULL0 # vlan-vpn tunnel // Enable VLAN-VPN Tunnel in the system view, transfer BPDU packets transparently # user-interface con 0 user-interface aux 0 user-interface vty 0 4 # //Enable STP in the system view

Huawei

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

return

1.6.4 Switch D / S8500B Configuration

Switch D configuration Is the same as Switch C configuration

Huawei.