H3C S3100 Series Operating instructions

Brand: H3C

Model: S3100 Series

Category: Network switches

Type: Operating instructions

H3C S3100 Series, a line of powerful and versatile Ethernet switches, empowers you with a comprehensive suite of features to optimize your network infrastructure. Experience the benefits of:

Seamless VLAN-VPN Integration: Establish secure and isolated virtual private networks (VPNs) over public networks, enabling efficient and secure data transmission.
Selective QinQ Configuration: Implement fine-grained control over QinQ tags, ensuring proper traffic segregation and efficient network resource utilization.
Flexible VLAN Mapping: Effortlessly map private network VLAN tags to public network VLAN tags, simplifying network management and enhancing interoperability.

H3C S3100 Series, a line of powerful and versatile Ethernet switches, empowers you with a comprehensive suite of features to optimize your network infrastructure. Experience the benefits of:

Seamless VLAN-VPN Integration: Establish secure and isolated virtual private networks (VPNs) over public networks, enabling efficient and secure data transmission.
Selective QinQ Configuration: Implement fine-grained control over QinQ tags, ensuring proper traffic segregation and efficient network resource utilization.
Flexible VLAN Mapping: Effortlessly map private network VLAN tags to public network VLAN tags, simplifying network management and enhancing interoperability.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 VLAN-VPN Configuration............................................................................................1-1

1.1 VLAN-VPN Overview.........................................................................................................1-1

1.1.1 Introduction to VLAN-VPN ......................................................................................1-1

1.1.2 Implementation of VLAN-VPN.................................................................................1-2

1.1.3 Configuring the TPID for VLAN-VPN Packets ........................................................1-2

1.2 VLAN-VPN Configuration ..................................................................................................1-3

1.2.1 VLAN-VPN Configuration Task List ........................................................................1-3

1.2.2 Enabling the VLAN-VPN Feature for a Port............................................................1-3

1.2.3 Configuring the TPID Value for VLAN-VPN Packets..............................................1-4

1.3 Displaying and Maintaining VLAN-VPN Configuration......................................................1-4

1.4 VLAN-VPN Configuration Example ...................................................................................1-4

1.4.1 Transmitting User Packets through a Tunnel in the Public Network by Using

VLAN-VPN .......................................................................................................................

1-4

Chapter 2 Selective QinQ Configuration.....................................................................................2-1

2.1 Selective QinQ Overview...................................................................................................2-1

2.1.1 Selective QinQ Overview........................................................................................2-1

2.2 Selective QinQ Configuration ............................................................................................2-2

2.2.1 Selective QinQ Configuration Task List..................................................................2-2

2.2.2 Configuring Global Tag Mapping Rules for Selective QinQ....................................2-2

2.2.3 Enabling the Selective QinQ Feature for a Port......................................................2-3

2.3 Selective QinQ Configuration Example.............................................................................2-3

2.3.1 Processing Private Network Packets by Their Types.............................................2-3

Chapter 3 VLAN Mapping Configuration.....................................................................................3-1

3.1 VLAN Mapping Overview...................................................................................................3-1

3.1.1 Introduction to VLAN Mapping................................................................................3-1

3.1.2 VLAN Mapping Implementation ..............................................................................3-1

3.2 Configuring VLAN Mapping...............................................................................................3-2

3.2.1 VLAN Mapping Configuration Task List..................................................................3-2

3.2.2 Enabling the VLAN Mapping Function Based on a Global VLAN Mapping Rule............3-2

3.2.3 Enabling the VLAN Mapping Function Based on a Port-level VLAN Mapping Rule............. 3-3

3.3 VLAN Mapping Configuration Example.............................................................................3-4

3.3.1 Replacing the Private Network VLAN Tag through VLAN Mapping .......................3-4

Chapter 4 BPDU Tunnel Configuration.......................................................................................4-1

4.1 BPDU Tunnel Overview.....................................................................................................4-1

4.1.1 Introduction to the BPDU Tunnel Feature............................................................... 4-1

4.1.2 BPDU Tunnel Fundamental....................................................................................4-1

4.2 BPDU Tunnel Configuration ..............................................................................................4-3

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Table of Contents

4.2.1 Configuration Prerequisites.....................................................................................4-4

4.2.2 Configuring a BPDU Tunnel....................................................................................4-4

4.3 Displaying and Maintaining BPDU Tunnel Configuration..................................................4-5

4.4 BPDU Tunnel Configuration Example ...............................................................................4-5

4.4.1 Transmitting STP Packets Through a Tunnel.........................................................4-5

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-1

Chapter 1 VLAN-VPN Configuration

When configuring VLAN-VPN, go to these sections for information you are interested

in:

z VLAN-VPN Overview

z VLAN-VPN Configuration

z Displaying and Maintaining VLAN-VPN Configuration

z VLAN-VPN Configuration Example

1.1 VLAN-VPN Overview

1.1.1 Introduction to VLAN-VPN

Virtual private network (VPN) is a new technology that emerges with the expansion of

the Internet. It can be used for establishing private networks over the public network.

With VPN, you can specify to process packets on the client or the access end of the

service provider in specific ways, establish dedicated tunnels for user traffic on public

network devices, and thus improve data security.

VLAN-VPN feature is a simple yet flexible Layer 2 tunneling technology. It tags private

network packets with outer VLAN tags, thus enabling the packets to be transmitted

through the service providers’ backbone networks with both inner and outer VLAN tags.

In public networks, packets of this type are transmitted by their outer VLAN tags (that is,

the VLAN tags of public networks), and the inner VLAN tags are treated as part of the

payload.

Figure 1-1 describes the structure of the packets with single-layer VLAN tags.

Figure 1-1 Structure of packets with single-layer VLAN tags

Figure 1-2 describes the structure of the packets with double-layer VLAN tags.

Figure 1-2 Structure of packets with double-layer VLAN tags

Compared with MPLS-based Layer 2 VPN, VLAN-VPN has the following features:

z It provides Layer 2 VPN tunnels that are simpler.

z VLAN-VPN can be implemented through manual configuration. That is, signaling

protocol-related configuration is not needed.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-2

The VLAN-VPN feature provides you with the following benefits:

z Saves public network VLAN ID resource.

z You can have VLAN IDs of your own, which is independent of public network

VLAN IDs.

z Provides simple Layer 2 VPN solutions for small-sized MANs or intranets.

1.1.2 Implementation of VLAN-VPN

With the VLAN-VPN feature enabled, no matter whether or not a received packet

already carries a VLAN tag, the switch will tag the received packet with the default

VLAN tag of the receiving port and add the source MAC address to the MAC address

table of the default VLAN. When a packet reaches a VLAN-VPN-enabled port:

z If the packet already carries a VLAN tag, the packet becomes a dual-tagged

packet.

z Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.

1.1.3 Configuring the TPID for VLAN-VPN Packets

A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of

the tag. The value of this field is 0x8100 for IEEE 802.1Q.

Figure 1-3 illustrates the structure of the IEEE 802.1Q VLAN tag in an Ethernet frame.

Figure 1-3 The structure of the VLAN tag in an Ethernet frame

An S3100 switch determines whether a received frame is VLAN tagged by comparing

its own TPID with the TPID field in the received frame. If they match, the frame is

considered as a VLAN tagged frame. If not, the switch tags the frame with the default

VLAN tag of the receiving port.

By default, S3100 series switches adopt the IEEE 802.1Q TPID value 0x8100. Some

vendors, however, use other TPID values such as 0x9100. For compatibility with these

systems, the S3100 series switches allow you to change the TPID that a port uses

when tagging a received VLAN-VPN frame as needed. When doing that, you should set

the same TPID on both the customer-side port and the service provider-side port.

The TPID in an Ethernet frame has the same position with the protocol type field in a

frame without a VLAN tag. To avoid problems in packet forwarding and handling, you

cannot set the TPID value to any of the values in the table below.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-3

Table 1-1 Commonly used protocol type values in Ethernet frames

Protocol type Value

ARP 0x0806

IP 0x0800

MPLS 0x8847/0x8848

IPX 0x8137

IS-IS 0x8000

LACP 0x8809

802.1x 0x888E

1.2 VLAN-VPN Configuration

1.2.1 VLAN-VPN Configuration Task List

Complete the following tasks to configure VLAN-VPN:

Task Remarks

Enabling the VLAN-VPN Feature for a Port Required

Configuring the TPID Value for VLAN-VPN Packets Optional

1.2.2 Enabling the VLAN-VPN Feature for a Port

Follow these steps to enable the VLAN-VPN feature for a port:

To do... Use the command... Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type

interface-number

—

Enable the VLAN-VPN

feature on the port

vlan-vpn enable

Required

By default, the VLAN-VPN

feature is disabled on a

port.

Caution:

The VLAN mapping function and the VLAN VPN function are mutually exclusive on the

same port.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-4

1.2.3 Configuring the TPID Value for VLAN-VPN Packets

For your device to correctly identify the VLAN tagged frames from the public network,

make sure that the TPID you will use is the same as that used on the peer device in the

public network.

Follow these steps to configure the TPID for VLAN-VPN packets :

To do... Use the command... Remarks

Enter system view

system-view

—

Set the TPID value on the

port

vlan-vpn tpid value

Required

Do not set the TPID value

to any of the protocol type

values listed in

Table 1-1.

For H3C series switches,

the TPID defaults to

0x8100.

1.3 Displaying and Maintaining VLAN-VPN Configuration

To do... Use the command... Remarks

Display the VLAN-VPN

configurations of all the

ports

display port vlan-vpn

Available in any view

1.4 VLAN-VPN Configuration Example

1.4.1 Transmitting User Packets through a Tunnel in the Public Network by

Using VLAN-VPN

I. Network requirements

As shown in Figure 1-4, Switch A and Switch B are both S3100 series switches. They

connect the users to the servers through the public network.

z PC users and PC servers are in VLAN 100 created in the private network, while

terminal users and terminal servers are in VLAN 200, which is also created in the

private network. The VLAN VPN connection is established in VLAN 1040 of the

public network.

z Switches of other vendors’ are used in the public network. They use the TPID

value 0x9200.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-5

z Employ VLAN-VPN on Switch A and Switch B to enable the PC users and PC

servers to communicate with each through a VPN, and employ VLAN-VPN on

Switch A and Switch B to enable the Terminal users and Terminal servers to

communicate with each other through a VPN.

II. Network diagram

TPID=0x9200

VLAN 1040

Eth1/0/11

Eth1/0/12

Eth1/0/21

Eth1/0/22

VLAN 100

VLAN 200

PC User

Terminal User

SwitchA

SwitchB

VLAN 100

VLAN 200

PC Serve

Terminal Server

Figure 1-4 Network diagram for VLAN-VPN configuration

III. Configuration procedure

z Configure Switch A.

# Enable the VLAN-VPN feature on Ethernet 1/0/11 of Switch A and tag the packets

received on this port with the tag of VLAN 1040 as the outer VLAN tag.

<SwitchA> system-view

[SwitchA] vlan 1040

[SwitchA-vlan1040] port Ethernet 1/0/11

[SwitchA-vlan1040] quit

[SwitchA] interface Ethernet 1/0/11

[SwitchA-Ethernet1/0/11] vlan-vpn enable

[SwitchA-Ethernet1/0/11] quit

# Set the global TPID value to 0x9200 (for intercommunication with the devices in the

public network) and configure Ethernet 1/0/12 as a trunk port permitting packets of

VLAN 1024.

[SwitchA] vlan-vpn tpid 9200

[SwitchA] interface Ethernet 1/0/12

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-6

[SwitchA-Ethernet1/0/12] port link-type trunk

[SwitchA-Ethernet1/0/12] port trunk permit vlan 1040

z Configure Switch B.

# Enable the VLAN-VPN feature on Ethernet 1/0/21 of Switch B and tag the packets

received on this port with the tag of VLAN 1040 as the outer VLAN tag.

<SwitchB> system-view

[SwitchB] vlan 1040

[SwitchB-vlan1040] port Ethernet 1/0/21

[SwitchB-vlan1040] quit

[SwitchB] interface Ethernet 1/0/21

[SwitchB-Ethernet1/0/21] vlan-vpn enable

# Set the global TPID value to 0x9200 (for intercommunication with the devices in the

public network) and set Ethernet 1/0/22 as a trunk port permitting packets of VLAN

1024.

[SwitchB-Ethernet1/0/21] quit

[SwitchB] vlan-vpn tpid 9200

[SwitchB] interface Ethernet 1/0/22

[SwitchB-Ethernet1/0/22] port link-type trunk

[SwitchB-Ethernet1/0/22] port trunk permit vlan 1040

 Note:

z Do not configure VLAN 1040 as the default VLAN of Ethernet 1/0/12 of Switch A and

Ethernet 1/0/22 of Switch B. Otherwise, the outer VLAN tag of a packet will be

removed during transmission.

z In this example, both Ethernet1/0/11 of Switch A and Ethernet1/0/21 of Switch B are

access ports. In cases where the ports are trunk ports or hybrid ports, you need to

configure the two ports to remove the outer VLAN tags before transmitting packets

of VLAN 1040. Refer to VLAN in this manual for detailed configuration.

z Configure the devices in the public network

# As the devices in the public network are from other vendors, only the basic principles

are introduced here. That is, you need to configure the devices connecting to Ethernet

1/0/12 of Switch A and Ethernet 1/0/22 of Switch B to permit the corresponding ports to

transmit tagged packets of VLAN 1040.

IV. Data transfer process

The following describes how a packet is forwarded from Switch A to Switch B in this

example.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration

1-7

1) As Ethernet 1/0/11 of Switch A is a VLAN-VPN port, when a packet from the

customer’s network side reaches this port, it is tagged with the default VLAN tag of

the port (VLAN 1040).

2) The TPID value of the outer VLAN tag is set to 0x9200 before the packet is

forwarded to the public network through Ethernet1/0/12 of Switch A.

3) The outer VLAN tag of the packet remains unchanged while the packet travels in

the public network, till it reaches Ethernet1/0/22 of Switch B.

4) After the packet reaches Switch B, it is forwarded through Ethernet1/0/21 of

Switch B. As the port belongs to VLAN 1040 and is an access port, the outer VLAN

tag (the tag of VLAN 1040) of the packet is removed before the packet is

forwarded, which restores the packet to a packet tagged with only the private

VLAN tag and enables it to be forwarded to its destination networks.

5) It is the same case when a packet travels from Switch B to Switch A.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-1

Chapter 2 Selective QinQ Configuration

When configuring selective QinQ, go to these sections for information you are

interested in:

z Selective QinQ Overview

z Selective QinQ Configuration

z Selective QinQ Configuration Example

2.1 Selective QinQ Overview

2.1.1 Selective QinQ Overview

Selective QinQ is an enhanced application of the VLAN-VPN feature. With the selective

QinQ feature, you can configure inner-to-outer VLAN tag mapping, according to which

you can add different outer VLAN tags to the packets with different inner VLAN tags.

The selective QinQ feature makes the service provider network structure more flexible.

You can classify the terminal users on the port connecting to the access layer device

according to their VLAN tags, and add different outer VLAN tags to these users. In the

public network, you can configure QoS policies based on outer VLAN tags to assign

different priorities to different packets, thus providing differentiated services. See

Figure

2-1 for details.

Figure 2-1 Diagram for a selective QinQ implementation

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-2

In this implementation, Switch A is an access device of the service provider. The users

connecting to it include common customers (in VLAN 8 to VLAN 100), VIPs (in VLAN

101 to VLAN 200), and IP telephone users (in VLAN 201 to VLAN 300). Packets of all

these users are forwarded by Switch A to the public network.

After the selective QinQ feature and the inner-to-outer tag mapping feature are enabled

on the port connecting Switch A to these users, the port will add different outer VLAN

tags to the packets according to their inner VLAN tags. For example, you can configure

to add the tag of VLAN 1002 to the packets of IP telephone users in VLAN 201 to VLAN

300 and forward the packets to the VoIP device, which is responsible for processing IP

telephone services.

To guarantee the quality of voice packet transmission, you can configure QoS policies

in the public network to reserve bandwidth for packets of VLAN 1002 and forward them

preferentially.

In this way, you can configure different forwarding policies for data of different type of

users, thus improving the flexibility of network management. On the other hand,

network resources are well utilized, and users of the same type are also isolated by

their inner VLAN tags. This helps to improve network security.

2.2 Selective QinQ Configuration

2.2.1 Selective QinQ Configuration Task List

Complete the following tasks to configure selective QinQ:

Task Remarks

Configuring Global Tag Mapping Rules for Selective QinQ Required

Enabling the Selective QinQ Feature for a Port Optional

2.2.2 Configuring Global Tag Mapping Rules for Selective QinQ

Table 2-1 Configure global tag mapping rules for selective QinQ

Operation Command Description

Enter system view

system-view —

Configure the outer VLAN

tag and enter QinQ view

vlan-vpn vid vlan-id

Required

Configure to add outer

VLAN tags to the packets

with the specific inner

VLAN tags

raw-vlan-id inbound

vlan-id-list

Required

By default, the feature of

adding an outer VLAN tag

to the packets with the

specific inner VLAN tags

is disabled.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-3

 Note:

Do not enable both the selective QinQ function and the DHCP snooping function on a

switch. Otherwise, the DHCP snooping function may operate improperly.

2.2.3 Enabling the Selective QinQ Feature for a Port

Table 2-2 Enable the selective QinQ feature

Operation Command Description

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type

interface-number

—

Enable the selective QinQ

feature

vlan-vpn selective

enable

Required

By default, the selective

QinQ feature is not

enabled on a port.

2.3 Selective QinQ Configuration Example

2.3.1 Processing Private Network Packets by Their Types

I. Network requirements

z Ethernet 1/0/3 of Switch A provides public network access for PC users and IP

phone users. PC users belong to VLAN 100 through VLAN 108, and IP phone

users belong to VLAN 200 through VLAN 230. Ethernet 1/0/5 of Switch A is

connected to the public network. The peer end of Switch A is Switch B.

z Ethernet 1/0/11 of Switch B is connected to the public network. Ethernet 1/0/12

and Ethernet1/0/13 of Switch B provide network access for PC servers belonging

to VLAN 100 through VLAN 108 and voice gateways (for IP phone users)

belonging to VLAN 200 through VLAN 230 respectively.

z The public network permits packets of VLAN 1000 and VLAN 1200. Apply QoS

policies for these packets to reserve bandwidth for packets of VLAN 1200. That is,

packets of VLAN 1200 have higher transmission priority over packets of VLAN

1000.

z Employ the selective QinQ feature on Switch A and Switch B to differentiate traffic

of PC users from that of IP phone users, for the purpose of using QoS policies to

guarantee higher priority for voice traffic.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-4

z To reduce broadcast packets in the network, enable the inter-VLAN MAC address

replicating feature for selective QinQ.

II. Network diagram

Public Network

VLAN1000/VLAN1200

PC User

VLAN100~108

IP Phone User

VLAN200~230

Eth1/0/3

Eth1/0/5

For PC User

VLAN100~108

For IP Phone

VLAN200~230

SwitchA

SwitchB

Eth1/0/11

Eth1/0/12

Eth1/0/13

Figure 2-2 Network diagram for selective QinQ configuration

III. Configuration procedure

z Configure Switch A.

# Create VLAN 1000, VLAN 1200 and VLAN 5 (the default VLAN of Ethernet 1/0/3) on

SwitchA.

<SwitchA> system-view

[SwitchA] vlan 1000

[SwitchA-vlan1000] quit

[SwitchA] vlan 1200

[SwitchA-vlan1200] quit

[SwitchA] vlan 5

[SwitchA-vlan5] quit

# Configure Ethernet 1/0/5 as a hybrid port and configure it not to remove VLAN tags

when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.

[SwitchA] interface Ethernet 1/0/5

[SwitchA-Ethernet1/0/5] port link-type hybrid

[SwitchA-Etherent1/0/5] port hybrid vlan 5 1000 1200 tagged

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-5

[SwitchA-Ethernet1/0/5] quit

# Configure Ethernet 1/0/3 as a hybrid port and configure VLAN 5 as its default VLAN.

Configure Ethernet 1/0/3 to remove VLAN tags when forwarding packets of VLAN 5,

VLAN 1000, and VLAN 1200.

[SwitchA] interface Ethernet 1/0/3

[SwitchA-Ethernet1/0/3] port link-type hybrid

[SwitchA-Ethernet1/0/3] port hybrid pvid vlan 5

[SwitchA-Etherent1/0/3] port hybrid vlan 5 1000 1200 untagged

# Configure global tag mapping rules for selective QinQ to insert VLAN 1000 tag as the

outer VLAN tag in packets with the tags of VLAN 100 through VLAN 108 as the inner

tags, and insert VLAN 1200 tag as the outer VLAN tag in packets with the tags of VLAN

200 through VLAN 230 as the inner tags.

[SwitchA-Ethernet1/0/3] quit

[SwitchA] vlan-vpn vid 1000

[SwitchA-vid-1000] raw-vlan-id inbound 100 to 108

[SwitchA-vid-1000] quit

[SwitchA] vlan-vpn vid 1200

[SwitchA-vid-1200] raw-vlan-id inbound 200 to 230

# Enable the selective QinQ feature on Ethernet 1/0/3.

[SwitchA-vid-1200] quit

[SwitchA] interface Ethernet 1/0/3

[SwitchA-Ethernet1/0/3] vlan-vpn selective enable

After the above configuration, packets of VLAN 100 through VLAN 108 (that is, packets

of PC users) are tagged with the tag of VLAN 1000 as the outer VLAN tag when they

are forwarded to the public network by Switch A; and packets of VLAN 200 through

VLAN 230 (that is, packets of IP phone users) are tagged with the tag of VLAN 1200 as

the outer VLAN tag when they are forwarded to the public network.

z Configure Switch B.

# Create VLAN 1000, VLAN 1200, VLAN 12 (the default VLAN of Ethernet1/0/12) and

VLAN 13 (the default VLAN of Ethernet1/0/13) on Switch B.

<SwitchB> system-view

[SwitchB] vlan 1000

[SwitchB-vlan1000] quit

[SwitchB] vlan 1200

[SwitchB-vlan1200] quit

[SwitchB] vlan 12 to 13

# Configure Ethernet 1/0/11 as a hybrid port, and configure Ethernet 1/0/11 not to

remove VLAN tags when forwarding packets of VLAN 12, VLAN 13, VLAN 1000, and

VLAN 1200.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration

2-6

<SwitchB> system-view

[SwitchB] interface Ethernet 1/0/11

[SwitchB-Etherent1/0/11] port link-type hybrid

[SwitchB-Etherent1/0/11] port hybrid vlan 12 13 1000 1200 tagged

# Configure Ethernet1/0/12 as a hybrid port and configure VLAN 12 as its default VLAN .

Configure Ethernet 1/0/12 to remove VLAN tags when forwarding packets of VLAN 12

and VLAN 1000.

[SwitchB] interface Ethernet 1/0/12

[SwitchB-Etherent1/0/12] port link-type hybrid

[SwitchB-Etherent1/0/12] port hybrid pvid vlan 12

[SwitchB-Etherent1/0/12] port hybrid vlan 12 1000 untagged

[SwitchB-Ethernet1/0/12] quit

# Configure Ethernet 1/0/13 as a hybrid port and configure VLAN 13 as its default

VLAN . Configure Ethernet 1/0/13 to remove VLAN tags when forwarding packets of

VLAN 13 and VLAN 1200.

[SwitchB] interface Ethernet 1/0/13

[SwitchB-Etherent1/0/13] port link-type hybrid

[SwitchB-Etherent1/0/13] port hybrid pvid vlan 13

[SwitchB-Etherent1/0/13] port hybrid vlan 13 1200 untagged

After the above configuration, Switch B can forward packets of VLAN 1000 and VLAN

1200 to the corresponding servers through Ethernet 1/0/12 and Ethernet 1/0/13

respectively.

To make the packets from the servers be transmitted to the clients in the same way, you

need to configure the selective QinQ feature on SwitchB. The configuration on Switch B

is similar to that on Switch A and is thus omitted.

 Note:

z A selective QinQ-enabled device tags a user packet with an outer VLAN tag

regardless of the VLAN tag of the user packet, so there is no need to configure user

VLANs on the device.

z Make sure the packets of the default VLAN of a selective QinQ-enabled port are

permitted on both the local port and the port connecting to the public network.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration

3-1

Chapter 3 VLAN Mapping Configuration

3.1 VLAN Mapping Overview

3.1.1 Introduction to VLAN Mapping

The VLAN mapping function can replace the private network VLAN tag of a customer

packet with a public network VLAN tag, so that the customer packet can be transmitted

within the public network in a way conforming to the public network layout. When the

packet reaches the peer customer network, the VLAN tag of the packet is restored to

the previous private network VLAN tag. In this way, the packet is transmitted to the

destination properly.

With the VLAN mapping function enabled, when the switch receives a packet tagged

with a network VLAN tag, it looks up the mapping rules configured for the matched

VLAN tag and then replaces the existing VLAN tag with the corresponding one (if the

matched mapping rule exists).

Figure 3-1 shows the structure of a packet tagged with a private network VLAN tag.

Figure 3-1 The structure of a packet tagged with a private network VLAN tag

Figure 3-2 shows the structure of a packet after VLAN tag replacement.

Figure 3-2 The structure of a packet tagged with a public network VLAN tag

Different from VLAN VPN and selective QinQ, the VLAN mapping function does not

cause a packet to carry multiple VLAN tags. A packet is transmitted with only one VLAN

tag. Therefore, you need to make sure the private network VLAN tags can be restored

before customer packets enter the destination private network for customer packets to

be transmitted properly.

3.1.2 VLAN Mapping Implementation

You can configure VLAN mapping rules for each port of an S3100 series switch. With

the VLAN mapping function enabled on a port, the port maps private network VLAN

tags to the corresponding public network VLAN tags for packets to be forwarded to the

public network and performs the converse operation for the packets to be forwarded to

the destination private network.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration

3-2

3.2 Configuring VLAN Mapping

3.2.1 VLAN Mapping Configuration Task List

Table 3-1 VLAN mapping configuration task list

Task Description

Enabling the VLAN Mapping Function Based on a Global

VLAN Mapping Rule

Enabling the VLAN Mapping Function Based on a Port-level

VLAN Mapping Rule

Use either of the

tasks

Caution:

The VLAN mapping function and the VLAN VPN function are mutually exclusive on the

same port.

3.2.2 Enabling the VLAN Mapping Function Based on a Global VLAN Mapping

Rule

Table 3-2 Enable the VLAN mapping function based on a global VLAN mapping rule

Operation Command Description

Enter system view

system-view

—

Define a VLAN mapping rule

vlan-mapping vlan

old-vlan-id remark

new-vlan-id

Required

By default, no VLAN

mapping rule is defined.

Enter Ethernet port view

interface

interface-type

interface-number

—

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration

3-3

Operation Command Description

Enable the VLAN mapping

function

vlan-mapping

enable

Required

By default, the VLAN

mapping function is

disabled.

 Note:

z A port that is in a link aggregation port group cannot have the VLAN Mapping

feature enabled.

z The VLAN mapping function and the protocol-based VLAN function are mutually

exclusive on the same port.

z Enabling the VLAN mapping function based on a global VLAN mapping rule for a

port also enables the selective QinQ function on the port.

3.2.3 Enabling the VLAN Mapping Function Based on a Port-level VLAN Mapping

Rule

Table 3-3 Enable the VLAN mapping function based on a port-level VLAN mapping

rule

Operation Command Description

Enter system view

system-view

—

Enter Ethernet port

view

interface interface-type

interface-number

—

Define a VLAN

mapping rule

vlan-mapping vlan

old-vlan-id remark

new-vlan-id

Required

This command also enables the

VLAN mapping function for the

port.

By default, no VLAN mapping rule

is defined, and the VLAN

mapping function is not enabled

on a port.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration

3-4

 Note:

z A port that is in a link aggregation port group cannot have the VLAN Mapping

feature enabled.

z When configuring a VLAN mapping rule, make sure that the mapping relationship

between private network VLANs and public network VLANs is one-to-one.

z To modify a VLAN mapping relationship, you need to delete the corresponding

VLAN mapping rule and then define a new one.

z The VLAN mapping function based on global VLAN mapping rules is mutually

exclusive with the VLAN mapping function based on port-level VLAN mapping rules.

z The VLAN mapping function and the protocol-based VLAN function are mutually

exclusive on the same port.

z To use the VLAN mapping function together with the ARP detection function, you

need to enable ARP detection in both the initial VLAN and the mapped VLAN. For

detailed description of the ARP detection function, refer to the ARP part of the

manual.

z You are not allowed to configure both the VLAN mapping function and the IP filtering

function on the device. For description of the IP filter function, refer to the DHCP part

of the manual.

3.3 VLAN Mapping Configuration Example

3.3.1 Replacing the Private Network VLAN Tag through VLAN Mapping

I. Network requirements

Two customer networks are connected to the public network through Switch A and

Switch B. Configure the VLAN mapping function to enable packets to be exchanged

between the two networks through the public network VLANs.

z Switch A provides network access for terminal devices in VLAN 100 and VLAN

200 through Ethernet 1/0/11 and Ethernet 1/0/12. On the other side of the public

network, Switch B provides network access for servers in VLAN 100 and VLAN

200 through Ethernet 1/0/15 and Ethernet 1/0/16.

z Ethernet 1/0/10 of Switch A connects the customer network to the public network,

and so does Ethernet 1/0/17 of Switch B.

z It is required that packets of VLAN 100 and the packets of VLAN 200 of the two

customer networks are transmitted in the public network carrying the tag of VLAN

500 and the tag of VLAN 600.

Operation Manual (For Soliton) – VLAN-VPN

H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration

3-5

II. Network diagram

Figure 3-3 Network diagram for VLAN mapping configuration

III. Configuration procedure

 Note:

In this example, the VLAN mapping function is enabled based on port-level VLAN

mapping rules.

# Create customer VLANs VLAN 100 and VLAN 200 and service VLANs VLAN 500 and

VLAN 600 on Switch A.

<SwitchA> system-view

[SwitchA] vlan 100

[SwitchA-vlan100] quit

[SwitchA] vlan 200

[SwitchA-vlan200] quit

[SwitchA] vlan 500

[SwitchA-vlan500] quit

[SwitchA] vlan 600

[SwitchA-vlan600] quit

Page is loading ...

H3C S3100 Series Operating instructions

Brand: H3C

Model: S3100 Series

Category: Network switches

Type: Operating instructions

H3C S3100 Series, a line of powerful and versatile Ethernet switches, empowers you with a comprehensive suite of features to optimize your network infrastructure. Experience the benefits of:

Seamless VLAN-VPN Integration: Establish secure and isolated virtual private networks (VPNs) over public networks, enabling efficient and secure data transmission.
Selective QinQ Configuration: Implement fine-grained control over QinQ tags, ensuring proper traffic segregation and efficient network resource utilization.
Flexible VLAN Mapping: Effortlessly map private network VLAN tags to public network VLAN tags, simplifying network management and enhancing interoperability.

Download PDF

report

H3C S3100 Series Operating instructions

H3C S3100 Series Operating instructions

Related papers

Other documents