ODL010024 QinQ Laboratory Exercise

Guide
ISSUE 1.0
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Contents

Contents

About This Test................................................................................................................................ 1

Test Instructions......................................................................................................................... 1
Version Introduction................................................................................................................... 1
Test Objectives........................................................................................................................... 1
Test Tasks.................................................................................................................................. 1
Relevant Materials..................................................................................................................... 1
Chapter 1 QinQ VLAN-VPN Tunnel Configuration Guide.............................................................2
1.1 Networking and Service Description....................................................................................2
1.2 Command Line List.............................................................................................................. 2
1.3 Configuration flow................................................................................................................ 3
1.4 Configuration procedure....................................................................................................... 3
1.5 Result Verification................................................................................................................ 4
1.6 Configuration Reference...................................................................................................... 5
1.6.1 Switch A configuration................................................................................................5
1.6.2 Switch B configuration............................................................................................... 5
1.6.3 Switch C / S8500A Configuration...............................................................................6
1.6.4 Switch D / S8500B Configuration...............................................................................7

Confidential Information of Huawei. No Spreading without Permission i

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 About This Test

About This Test

Test Instructions
This test introduces the specific implementation and application of QinQ from the
operation aspect. This course covers VLAN-VPN Tunnel application configurations
and processes for QinQ

Version Introduction
This Guide is applicable to VRP versions 3.10, RELEASE 1270

Test Objectives
 To get familiar with the basic configurations and basic principles for QinQ.
 To get familiar with information monitor of QinQ
 To grasp troubleshooting for QinQ

Test Tasks
Configure QinQ VLAN-VPN Tunnel

Relevant Materials
 Quidway S8500 Routing Switch Operation and Maintains Manual
 Quidway S8500 Routing Switch Command Manual

Confidential Information of Huawei. No Spreading without Permission 1

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide

Chapter 1 QinQ VLAN-VPN Tunnel Configuration

Guide

1.1 Networking and Service Description

Figure 1.1 Networking diagram for QinQ hands-on

In this test, this is a typical network topology for VLAN-VPN application. Switch A and
Switch B belong to the same VPN custom. Configuring VLAN-VPN Tunnel to realize
transferring user data and user BPDU packets transparently between custom network
and ISP network.
The two S8500 switches are used as ISP access equipments, realize VPN-VPN
Tunnel, in the topology, the two S8500 are Switch C, Switch D; S3000 are used as
custom network access equipments, are Switch A, Switch B.

1.2 Command Line List

Table 1.1
Operation Version Command
Enable VLAN VPN on a port VRP 3.10 vlan-vpn enable
Enable VLAN-VPN TUNNEL in the VRP 3.10 vlan-vpn tunnel
system view
Set outer VLAN tags for the packets VRP 3.10 traffic-redirect inbound ip-group {
matching the ACL rules acl-number | acl-name } [ rule
rule ] link-group { acl-number |
acl-name } [ rule rule ] { nested-
vlan nested-vlanid | modified-
vlan modified-vlanid }

2 Confidential Information of Huawei. No Spreading without Permission

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide

Modify outer VLAN tags for the packets
matching the ACL flow rules
VRP 3.10 traffic-redirect inbound ip-group {
acl-number | acl-name } [ rule rule ]
link-group { acl-number | acl-name }
[ rule rule ] modified-vlan modified-
vlanid

1.3 Configuration flow

Configure regular
VLAN and STP in
Custom Switch

Configure regular
VLAN and STP in
S8500

Enable vlan-vpn
tunnel and vlan-vpn in
S8500

Figure 1.2 vlan-vpnTunnel Configuration flow

1.4 Configuration procedure

1) Custom switch configuration
In the custom switch, Switch A and Switch B, create 2 private VLANs, VLAN 100 and
200, enable STP, the uplink port which connect to S8500 need to be encapsulated to
Trunk port.
2) S8500 basic configuration
In the ISP switch, Switch C and Switch D, create a public VLAN 10 to encapsulate
private VLAN, add the port which connect to S3000 to this public VLAN, and
encapsulate the ports which connect two S8500 to trunk port
3) S8500 VLAN-VPN Tunnel configuration
In the system view, enable VLAN-VPN Tunnel, and in the port view, enable VLAN-
VPN in the downlink port which connect to Switch A or Switch B, and disenable STP
in these ports.

Confidential Information of Huawei. No Spreading without Permission 3

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide

1.5 Result Verification

1) After the configuration VLAN-VPN Tunnel, verify whether can ping through
between Switch A and Switch B, the result is that the PCs in the same VLAN can
communicate with each other, different VLANs can not ping though.
C:\Documents and Settings\Administrator>ping 10.1.1.2

Pinging 10.1.1.2 with 32 bytes of data:

Reply from 10.1.1.2: bytes=32 time<1ms TTL=128

Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128

Ping statistics for 10.1.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

2) Monitor the VLAN tag in the S8500, the result is S8500 only dispose the
outer VLAN Tag.
[S8505A]display mac-address

MAC ADDR VLAN ID STATE PORT INDEX

AGING TIME(s)
0014-220b-7768 10 Learned Ethernet4/1/1
AGING
00e0-fc09-bcf9 10 Learned Ethernet4/1/1
AGING
0014-2247-182d 10 Learned Ethernet4/1/48
AGING
000f-e207-f2e0 10 Learned Ethernet4/1/48
AGING
000f-e207-f2e0 1 Learned Ethernet4/1/48
AGING

--- 5 mac address(es) found ---

3) Monitor the STP information in the custom switch, Switch A and Switch B.

[SW1]display stp

-------[CIST Global Info][Mode RSTP]-------

CIST Bridge :32768.00e0-fc58-274a
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-e212-fb4b / 199999
CIST RegRoot/IRPC :32768.00e0-fc58-274a / 0
CIST RootPortId :128.24
BPDU-Protection :disabled
TC or TCN received :1
Time since last TC :0 days 0h:13m:41s

[SW2]display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.000f-e212-fb4b
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-e212-fb4b / 0
CIST RegRoot/IRPC :32768.000f-e212-fb4b / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :0
Time since last TC :0 days 0h:48m:28s

4 Confidential Information of Huawei. No Spreading without Permission

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide

From the result, we can see, spanning public ISP network, Switch A and
Switch B can transfer private BPDU packets transparently, then calculate
STP. In this case, Switch B of MAC000f-e212-fb4b is elected as Root
Bridge.

1.6 Configuration Reference

1.6.1 Switch A configuration

[SW1]display current-configuration
#
local-server nas-ip 127.0.0.1 key huawei
#
domain default enable system
#
queue-scheduler wrr 1 2 3 4 5 9 13 15
#
radius scheme system
#
domain system
#
stp mode rstp
stp enable
#
vlan 1
#
vlan 100 // Create 2 private VLAN,100 and 200
#
vlan 200
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port access vlan 100
#
interface Ethernet1/0/2
port access vlan 200
#
interface Ethernet1/0/3
#
……
#
interface Ethernet1/0/24 //Encapsulate TRUNK，permit VLAN 100 200
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
#
interface GigabitEthernet1/1/4
#
sysname SW1
undo irf-fabric authentication-mode
#
interface NULL0
#
user-interface aux 0 7
user-interface vty 0 4
#
return

Confidential Information of Huawei. No Spreading without Permission 5

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide

1.6.2 Switch B configuration

Switch B configuration Is the same as Switch A configuration

1.6.3 Switch C / S8500A Configuration

<S8505A>display current-configuration
#
config-version S8500-VRP310-r1270
#
sysname S8505A
#
local-server nas-ip 127.0.0.1 key huawei
#
Xbar load-single
#
router route-limit 128K
router VRF-limit 256
#
temperature-limit 2 10 65
temperature-limit 4 10 65
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
scheme radius-scheme system
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable

domain default enable system

#
stp enable //Enable STP in the system view
#
vlan 1
#
vlan 10 //Create public VLAN 10
#
interface Aux0/0/1
#
interface M-Ethernet0/0/0
#
interface Ethernet4/1/1 //Disenable port STP，enable VLAN-VPN
stp disable
port access vlan 10
vlan-vpn enable
#
interface Ethernet4/1/2
#
……
#
interface Ethernet4/1/48 //Encapsulate Trunk to S8500 interlink port
port link-type trunk
port trunk permit vlan all
#
……
#
interface NULL0
#

6 Confidential Information of Huawei. No Spreading without Permission

 Chapter 1 QinQ VLAN-VPN Tunnel
ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Configuration Guide
vlan-vpn tunnel // Enable VLAN-VPN Tunnel in the system view,
transfer BPDU packets transparently
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return

1.6.4 Switch D / S8500B Configuration

Switch D configuration Is the same as Switch C configuration

Confidential Information of Huawei. No Spreading without Permission 7