- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
10-添加或修改報文的VLAN Tag典型配置舉例
本章節下載: 10-添加或修改報文的VLAN Tag典型配置舉例 (644.94 KB)
H3C S6890產品添加或修改報文的VLAN Tag配置舉例
資料版本:6W100-20190628
Copyright © 2019 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
目 錄
本文檔介紹了使用VLAN映射功能和QoS功能添加或修改報文的VLAN Tag的配置方式。
由於802.1Q定義的VLAN ID域隻有12個比特,最多隻能提供4094個VLAN,不能滿足運營商網絡對VLAN個數的需求。因此,用戶網絡報文在進入運營商網絡時,運營商網絡可以為用戶網絡報文添加一層VLAN Tag,使運營商網絡可以利用一個VLAN為用戶網絡的多個VLAN的報文提供服務。
根據應用需求的不同,添加報文的VLAN Tag可以采用下麵方法:
· 1:2 VLAN映射:如果運營商網絡需要區分用戶網絡不同VLAN的報文,可以在運營商網絡設備連接用戶網絡的端口上配置1:2 VLAN映射功能,使端口可以為用戶網絡不同VLAN的報文添加不同的外層VLAN Tag。
· 0:2 VLAN映射:為沒有攜帶VLAN Tag的報文添加兩層VLAN Tag。
· 2:3 VLAN映射:為攜帶兩層VLAN Tag的報文添加外層VLAN Tag,使報文攜帶三層VLAN Tag。
· QoS策略:如果運營商網絡需要使用VLAN ID之外的匹配條件更靈活的匹配用戶網絡報文,或在為報文添加外層VLAN Tag時,需要同時配置其它流行為,例如重標記報文外層VLAN Tag的優先級,可以通過配置QoS策略實現。
上述添加報文VLAN Tag的方法,在滿足需求的情況下,建議依次考慮1:2 VLAN映射、QoS策略。例如,需求是為用戶網絡不同業務類型的VLAN添加不同的外層VLAN Tag,使用1:2 VLAN映射和QoS策略均可以滿足需求,建議采用1:2 VLAN映射,如果在為用戶網絡不同業務類型的VLAN添加不同的外層VLAN Tag的同時還需要重標記報文外層VLAN Tag的優先級,則需要使用QoS策略。
用戶網絡和運營商網絡各自有不同的VLAN劃分策略,因此用戶網絡和運營商網絡互聯,以及不同運營商網絡之間互聯時可能需要進行VLAN Tag的修改,從而在不修改原有配置的情況下實現互通。
根據應用需求的不同,修改報文的VLAN Tag可以采用下麵方法:
· 1:1 VLAN映射:將來自某一特定VLAN的報文所攜帶的VLAN Tag替換為新的VLAN Tag。
· N:1 VLAN映射:將來自多個VLAN的報文所攜帶的不同VLAN Tag替換為相同的VLAN Tag。
· 2:2 VLAN映射:將攜帶有兩層VLAN Tag的報文的內、外層VLAN Tag都替換為新的VLAN Tag。
· QoS策略:通過定義流分類的匹配規則,可以更靈活的匹配用戶網絡報文;通過使用流行為的remark service-vlan-id動作可以為匹配不同流分類的報文修改外層VLAN Tag。
上述修改報文VLAN Tag的方法,在滿足需求的情況下,建議優先采用VLAN映射。
端口配置添加或修改報文的VLAN Tag功能後,設備會將用戶網絡的MAC地址學習到SVLAN中。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解VLAN映射特性、QoS Nest特性和QoS重標記特性。
如圖1所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。Customer A和Customer B的網絡中各有三種不同業務類型的數據,這三種業務類型的數據需要通過運營商網絡提供的三個VLAN分開傳輸,以便運營商網絡針對不同業務類型的數據配置不同的傳輸策略。
現要求通過配置1:2 VLAN映射功能實現:
· 用戶不同業務類型的數據使用不同的外層VLAN Tag在運營商網絡中傳輸;
· 外層VLAN Tag的添加策略如表1所示,傳輸效果如圖2所示;
· 添加外層VLAN Tag時,設備複製內層VLAN Tag的802.1p優先級作為外層VLAN Tag的802.1p優先級。
圖1 1:2 VLAN映射組網圖
表1 外層VLAN Tag添加策略
|
用戶的業務類型 |
用戶網絡VLAN |
運營商網絡VLAN |
|
|
Customer A |
Video |
31 to 40 |
1003 |
|
Voice |
21 to 30 |
1002 |
|
|
Data |
10 to 20 |
1001 |
|
|
Customer B |
Storage |
36 to 40 |
2003 |
|
Voice |
26 to 35 |
2002 |
|
|
Data |
15 to 25 |
2001 |
|
· 請在PE A和PE B連接用戶網絡的端口上配置1:2 VLAN映射功能,為用戶不同業務類型的數據報文添加不同的外層VLAN Tag。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要將PE A和PE B連接用戶網絡的端口的鏈路類型配置為Hybrid,並允許運營商封裝的外層VLAN的報文不帶VLAN Tag通過。
· 為了使設備在添加外層VLAN Tag時複製內層VLAN Tag的802.1p優先級做為外層VLAN Tag的802.1p優先級,配置端口信任報文的802.1p優先級。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 在攜帶兩層VLAN Tag的報文的傳輸路徑上,配置各端口的MTU值至少為1504字節。
· 在PE A和PE B的上行端口以及運營商網絡的中間設備上,需要保證1:2 VLAN映射封裝的外層VLAN Tag不被修改或移除。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 創建CVLAN 10~40。
<PE_A> system-view
[PE_A] vlan 10 to 40
# 創建SVLAN 1001~1003和SVLAN 2001~2003。
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
(1) Ten-GigabitEthernet1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface ten-gigabitethernet 1/0/1
[PE_A-Ten-GigabitEthernet1/0/1] port link-type hybrid
# 配置端口允許CVLAN 10~40的報文攜帶VLAN Tag通過。
[PE_A-Ten-GigabitEthernet1/0/1] port hybrid vlan 10 to 40 tagged
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_A-Ten-GigabitEthernet1/0/1] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/1] quit
(2) Ten-GigabitEthernet1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface ten-gigabitethernet 1/0/2
[PE_A-Ten-GigabitEthernet1/0/2] port link-type hybrid
# 配置端口允許CVLAN 15~40的報文攜帶VLAN Tag通過。
[PE_A-Ten-GigabitEthernet1/0/2] port hybrid vlan 15 to 40 tagged
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_A-Ten-GigabitEthernet1/0/2] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/2] quit
(3) Ten-GigabitEthernet1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_A] interface ten-gigabitethernet 1/0/3
[PE_A-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_A-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_A-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-Ten-GigabitEthernet1/0/3] quit
# 創建CVLAN 10~40。
<PE_B> system-view
[PE_B] vlan 10 to 40
# 創建SVLAN 1001~1003、SVLAN 2001~2003。
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
(1) Ten-GigabitEthernet1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface ten-gigabitethernet 1/0/1
[PE_B-Ten-GigabitEthernet1/0/1] port link-type hybrid
# 配置端口允許CVLAN 15~40的報文攜帶VLAN Tag通過。
[PE_B-Ten-GigabitEthernet1/0/1] port hybrid vlan 15 to 40 tagged
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_B-Ten-GigabitEthernet1/0/1] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/1] quit
(2) Ten-GigabitEthernet1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface ten-gigabitethernet 1/0/2
[PE_B-Ten-GigabitEthernet1/0/2] port link-type hybrid
# 配置端口允許CVLAN 10~40的報文攜帶VLAN Tag通過。
[PE_B-Ten-GigabitEthernet1/0/2] port hybrid vlan 10 to 40 tagged
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_B-Ten-GigabitEthernet1/0/2] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/2] quit
(3) Ten-GigabitEthernet1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_B] interface ten-gigabitethernet 1/0/3
[PE_B-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_B-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_B-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-Ten-GigabitEthernet1/0/3] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1001~1003和VLAN 2001~2003的報文攜帶VLAN Tag通過,並配置各端口的MTU值至少為1504字節。
(1) 查看PE A上和PE B上VLAN映射的配置信息。
[PE_A] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
[PE_B] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
顯示信息表明1:2 VLAN映射的配置正確。
(2) Customer A中跨越運營商網絡的兩個分支機構中處於同一CVLAN的兩台PC互相進行Ping操作,可以Ping通,且這兩台PC能夠互相學習到對方的MAC地址。可見CVLAN信息能夠跨越運營商網絡進行透明傳輸。Customer B中的情況同理。
(3) Customer A和Customer B中處於同一CVLAN(例如VLAN 30)中的兩台PC互相進行Ping操作。在其中一台PC上查看ARP表項,發現它沒有學到對方的MAC地址。可見不同公司中同一CVLAN的流量被二層隔離。
· PE A
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· PE B
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
如圖3所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。Customer A和Customer B的網絡中各有三種不同業務類型的數據,這三種業務類型的數據需要通過運營商網絡提供的三個VLAN分開傳輸,以便運營商網絡針對不同業務類型的數據配置不同的傳輸策略。
現要求通過在運營商網絡中配置QoS策略使用戶不同業務類型的數據使用不同的外層VLAN Tag在運營商網絡中傳輸。外層VLAN Tag的添加策略如表2所示,傳輸效果如圖4所示。
圖3 QoS Nest配置組網圖
表2 外層VLAN Tag添加策略
|
用戶的業務類型 |
用戶網絡VLAN |
運營商網絡VLAN |
|
|
Customer A: |
Video |
31~40 |
1003 |
|
Voice |
21~30 |
1002 |
|
|
Data |
10~20 |
1001 |
|
|
Customer B: |
Storage |
36~40 |
2003 |
|
Voice |
26~35 |
2002 |
|
|
Data |
15~25 |
2001 |
|
· 請在PE A和PE B連接用戶網絡的端口上配置QoS策略為用戶不同業務類型的數據報文添加不同的外層VLAN Tag。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要將PE A和PE B連接用戶網絡的端口的鏈路類型配置為Hybrid,並允許運營商封裝的外層VLAN的報文不帶VLAN Tag通過。
· 本舉例中通過配置QoS策略為用戶不同業務類型的數據報文添加不同的外層VLAN Tag,您也可以使用1:2 VLAN映射功能為用戶不同業務類型的數據報文添加不同的外層VLAN Tag。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 缺省情況下,端口為報文封裝外層VLAN Tag時,如果端口信任報文的802.1p優先級,會將內層VLAN Tag的802.1p優先級複製到外層VLAN Tag的802.1p優先級,如果端口不信任報文的802.1p優先級或入報文沒有攜帶VLAN Tag,會將接收報文的端口的端口優先級作為外層VLAN Tag的802.1p優先級。
· 需要保證報文傳輸路徑上,報文的外層VLAN Tag不被修改或移除。
· 為報文加上外層VLAN Tag後,內層VLAN Tag將被當作報文的數據部分進行傳輸,報文長度將增加4個字節。因此建議用戶適當增加報文傳輸路徑上各接口的MTU值(至少為1504字節)。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 創建為用戶數據分配的VLAN,即VLAN 1001~VLAN 1003、VLAN 2001~VLAN 2003。
<PE_A> system-view
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
(1) 配置端口Ten-GigabitEthernet1/0/1
# 配置端口為Hybrid端口,允許VLAN 1001~VLAN 1003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_A] interface ten-gigabitethernet 1/0/1
[PE_A-Ten-GigabitEthernet1/0/1] port link-type hybrid
[PE_A-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
[PE_A-Ten-GigabitEthernet1/0/1] port hybrid vlan 1001 to 1003 untagged
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/1] quit
(2) 配置端口Ten-GigabitEthernet1/0/2
# 配置端口為Hybrid端口,允許VLAN 2001~VLAN 2003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_A] interface ten-gigabitethernet 1/0/2
[PE_A-Ten-GigabitEthernet1/0/2] port link-type hybrid
[PE_A-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
[PE_A-Ten-GigabitEthernet1/0/2] port hybrid vlan 2001 to 2003 untagged
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/2] quit
(3) 配置端口Ten-GigabitEthernet1/0/3
# 配置端口為Trunk端口,且允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文通過,取消允許VLAN 1通過。
[PE_A] interface ten-gigabitethernet 1/0/3
[PE_A-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_A-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_A-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-Ten-GigabitEthernet1/0/3] quit
(4) 配置QoS策略
# 為Customer A創建一個流分類,匹配規則為用戶網絡中普通業務數據對應的VLAN。
[PE_A] traffic classifier customer_A_pc
[PE_A-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_A-classifier-customer_A_pc] quit
# 按同樣方法創建匹配Customer A網絡中語音數據和視頻數據的流分類。
[PE_A] traffic classifier customer_A_voice
[PE_A-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_A-classifier-customer_A_voice] quit
[PE_A] traffic classifier customer_A_video
[PE_A-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_A-classifier-customer_A_video] quit
# 為Customer A的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag。
[PE_A] traffic behavior customer_A_pc
[PE_A-behavior-customer_A_pc] nest top-most vlan 1001
[PE_A-behavior-customer_A_pc] quit
[PE_A] traffic behavior customer_A_voice
[PE_A-behavior-customer_A_voice] nest top-most vlan 1002
[PE_A-behavior-customer_A_voice] quit
[PE_A] traffic behavior customer_A_video
[PE_A-behavior-customer_A_video] nest top-most vlan 1003
[PE_A-behavior-customer_A_video] quit
# 創建用於Customer A的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag的流行為進行一一關聯。
[PE_A] qos policy customer_A
[PE_A-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_A-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_A-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_A-qospolicy-customer_A] quit
# 將上麵創建的策略應用到Ten-GigabitEthernet 1/0/1端口的入方向。
[PE_A] interface ten-gigabitethernet 1/0/1
[PE_A-Ten-GigabitEthernet1/0/1] qos apply policy customer_A inbound
[PE_A-Ten-GigabitEthernet1/0/1] quit
# 使用類似方法為Customer B的三種業務數據創建流分類。
[PE_A] traffic classifier customer_B_pc
[PE_A-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_A-classifier-customer_B_pc] quit
[PE_A] traffic classifier customer_B_voice
[PE_A-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_A-classifier-customer_B_voice] quit
[PE_A] traffic classifier customer_B_storage
[PE_A-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_A-classifier-customer_B_storage] quit
# 為Customer B的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag。
[PE_A] traffic behavior customer_B_pc
[PE_A-behavior-customer_B_pc] nest top-most vlan 2001
[PE_A-behavior-customer_B_pc] quit
[PE_A] traffic behavior customer_B_voice
[PE_A-behavior-customer_B_voice] nest top-most vlan 2002
[PE_A-behavior-customer_B_voice] quit
[PE_A] traffic behavior customer_B_storage
[PE_A-behavior-customer_B_storage] nest top-most vlan 2003
[PE_A-behavior-customer_B_storage] quit
# 創建用於Customer B的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag的流行為進行一一關聯。
[PE_A] qos policy customer_B
[PE_A-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_A-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_A-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_A-qospolicy-customer_B] quit
# 將上麵創建的策略應用到Ten-GigabitEthernet 1/0/2端口的入方向。
[PE_A] interface ten-gigabitethernet 1/0/2
[PE_A-Ten-GigabitEthernet1/0/2] qos apply policy customer_B inbound
[PE_A-Ten-GigabitEthernet1/0/2] quit
# 創建為用戶數據分配的VLAN,即VLAN 1001~VLAN 1003、VLAN 2001~VLAN 2003。
<PE_B> system-view
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
(1) 配置端口Ten-GigabitEthernet1/0/1
# 配置端口為Hybrid端口,允許VLAN 2001~VLAN 2003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_B] interface ten-gigabitethernet 1/0/1
[PE_B-Ten-GigabitEthernet1/0/1] port link-type hybrid
[PE_B-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
[PE_B-Ten-GigabitEthernet1/0/1] port hybrid vlan 2001 to 2003 untagged
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/1] quit
(2) 配置端口Ten-GigabitEthernet1/0/2
# 配置端口為Hybrid端口,允許VLAN 1001~VLAN 1003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_B] interface ten-gigabitethernet 1/0/2
[PE_B-Ten-GigabitEthernet1/0/2] port link-type hybrid
[PE_B-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
[PE_B-Ten-GigabitEthernet1/0/2] port hybrid vlan 1001 to 1003 untagged
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/2] quit
(3) 配置端口Ten-GigabitEthernet1/0/3
# 配置端口為Trunk端口,且允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文通過,取消允許VLAN 1通過。
[PE_B] interface ten-gigabitethernet 1/0/3
[PE_B-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_B-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_B-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-Ten-GigabitEthernet1/0/3] quit
(4) 配置QoS策略
# 按PE A設備的配置方法,為Customer A的業務數據配置流分類。
[PE_B] traffic classifier customer_A_pc
[PE_B-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_B-classifier-customer_A_pc] quit
[PE_B] traffic classifier customer_A_voice
[PE_B-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_B-classifier-customer_A_voice] quit
[PE_B] traffic classifier customer_A_video
[PE_B-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_B-classifier-customer_A_video] quit
# 為Customer A的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag。
[PE_B] traffic behavior customer_A_pc
[PE_B-behavior-customer_A_pc] nest top-most vlan 1001
[PE_B-behavior-customer_A_pc] quit
[PE_B] traffic behavior customer_A_voice
[PE_B-behavior-customer_A_voice] nest top-most vlan 1002
[PE_B-behavior-customer_A_voice] quit
[PE_B] traffic behavior customer_A_video
[PE_B-behavior-customer_A_video] nest top-most vlan 1003
[PE_B-behavior-customer_A_video] quit
# 創建用於Customer A的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag的流行為進行一一關聯。
[PE_B] qos policy customer_A
[PE_B-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_B-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_B-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_B-qospolicy-customer_A] quit
# 將上麵創建的策略應用到Ten-GigabitEthernet 1/0/2端口的入方向。
[PE_B] interface ten-gigabitethernet 1/0/2
[PE_B-Ten-GigabitEthernet1/0/2] qos apply policy customer_A inbound
[PE_B-Ten-GigabitEthernet1/0/2] quit
# 使用類似方法為Customer B的三種業務數據創建流分類。
[PE_B] traffic classifier customer_B_pc
[PE_B-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_B-classifier-customer_B_pc] quit
[PE_B] traffic classifier customer_B_voice
[PE_B-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_B-classifier-customer_B_voice] quit
[PE_B] traffic classifier customer_B_storage
[PE_B-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_B-classifier-customer_B_storage] quit
# 為Customer B的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag。
[PE_B] traffic behavior customer_B_pc
[PE_B-behavior-customer_B_pc] nest top-most vlan 2001
[PE_B-behavior-customer_B_pc] quit
[PE_B] traffic behavior customer_B_voice
[PE_B-behavior-customer_B_voice] nest top-most vlan 2002
[PE_B-behavior-customer_B_voice] quit
[PE_B] traffic behavior customer_B_storage
[PE_B-behavior-customer_B_storage] nest top-most vlan 2003
[PE_B-behavior-customer_B_storage] quit
# 創建用於Customer B的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag的流行為進行一一關聯。
[PE_B] qos policy customer_B
[PE_B-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_B-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_B-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_B-qospolicy-customer_B] quit
# 將上麵創建的策略應用到Ten-GigabitEthernet 1/0/1端口的入方向。
[PE_B] interface ten-gigabitethernet 1/0/1
[PE_B-Ten-GigabitEthernet1/0/1] qos apply policy customer_B inbound
[PE_B-Ten-GigabitEthernet1/0/1] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文攜帶VLAN Tag通過,並配置各端口的MTU值為至少1504字節。
(1) 使用display this命令查看端口的配置,例如:
# 查看PE A上端口Ten-GigabitEthernet1/0/1的配置。
[PE_A] interface ten-gigabitethernet 1/0/1
[PE_A-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qos apply policy customer_A inbound
#
Return
[PE_A-Ten-GigabitEthernet1/0/1] quit
(2) 查看配置的策略是否正確下發到端口,例如:
# 查看PE A上端口Ten-GigabitEthernet 1/0/1上應用的策略。
[PE_A] display qos policy interface ten-gigabitethernet 1/0/1
Interface: Ten-GigabitEthernet1/0/1
Direction: Inbound
Policy: customer_A
Classifier: customer_A_pc
Operator: AND
Rule(s) :
If-match customer-vlan-id 10 to 20
Behavior: customer_A_pc
Nesting:
Nest top-most vlan-id 1001
Classifier: customer_A_voice
Operator: AND
Rule(s) :
If-match customer-vlan-id 21 to 30
Behavior: customer_A_voice
Nesting:
Nest top-most vlan-id 1002
Classifier: customer_A_video
Operator: AND
Rule(s) :
If-match customer-vlan-id 31 to 40
Behavior: customer_A_video
Nesting:
Nest top-most vlan-id 1003
· PE A
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
#
traffic behavior customer_A_voice
nest top-most vlan 1002
#
traffic behavior customer_A_video
nest top-most vlan 1003
#
traffic behavior customer_B_pc
nest top-most vlan 2001
#
traffic behavior customer_B_voice
nest top-most vlan 2002
#
traffic behavior customer_B_storage
nest top-most vlan 2003
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qos apply policy customer_A inbound
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qos apply policy customer_B inbound
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· ProviderB的配置
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
#
traffic behavior customer_A_voice
nest top-most vlan 1002
#
traffic behavior customer_A_video
nest top-most vlan 1003
#
traffic behavior customer_B_pc
nest top-most vlan 2001
#
traffic behavior customer_B_voice
nest top-most vlan 2002
#
traffic behavior customer_B_storage
nest top-most vlan 2003
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qos apply policy customer_B inbound
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qos apply policy customer_A inbound
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
如圖5所示:在某小區,服務提供商為每個家庭都提供了PC、VoD和VoIP這三種數據服務,每個家庭都通過各自的家庭網關接入樓道交換機。每個家庭網關都分別將PC、VoD和VoIP業務依次劃分到VLAN 1~3。
現要求通過配置1:1和N:1 VLAN映射功能實現以下功能:
· 在樓道交換機上,為了隔離不同家庭的同類業務,將每個家庭的每種業務都劃分到不同的VLAN;
· 在園區交換機上,為了節省VLAN資源,將所有家庭的同類業務都劃分到相同的VLAN,即分別將PC、VoD和VoIP業務依次劃分到VLAN 501~503。
圖5 1:1和N:1 VLAN映射組網示意圖
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 創建原始VLAN——VLAN 2~ 3(原始VLAN 1設備缺省已創建)。
<SwitchA> system-view
[SwitchA] vlan 2 to 3
# 創建轉換後VLAN——VLAN 101~102、VLAN 201~202和VLAN 301~302。
[SwitchA] vlan 101 to 102
[SwitchA] vlan 201 to 202
[SwitchA] vlan 301 to 302
# 配置下行端口Ten-GigabitEthernet1/0/1為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301
# 在端口Ten-GigabitEthernet1/0/1上配置1:1 VLAN映射功能,將VLAN 1的Tag替換為VLAN 101的Tag,將VLAN 2的Tag替換為VLAN 201的Tag,將VLAN 3的Tag替換為VLAN 301的Tag。
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置下行端口Ten-GigabitEthernet1/0/2為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3 102 202 302
# 在端口Ten-GigabitEthernet1/0/2上配置1:1 VLAN映射功能,將VLAN 1的Tag替換為VLAN 102的Tag,將VLAN 2的Tag替換為VLAN 202的Tag,將VLAN 3的Tag替換為VLAN 302的Tag。
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 1 translated-vlan 102
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 2 translated-vlan 202
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 3 translated-vlan 302
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 配置上行端口Ten-GigabitEthernet1/0/3為Trunk端口,且允許轉換後VLAN通過。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 101 201 301 102 202 302
[SwitchA-Ten-GigabitEthernet1/0/3] quit
Switch B的配置與Switch A相似,配置過程略。
# 創建原始VLAN和轉換後VLAN
<SwitchC> system-view
[SwitchC] vlan 101 to 104
[SwitchC] vlan 201 to 204
[SwitchC] vlan 301 to 304
[SwitchC] vlan 501 to 503
# 配置下行端口Ten-GigabitEthernet1/0/1為Trunk端口且允許原始VLAN通過。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302
# 在端口Ten-GigabitEthernet1/0/1上配置N:1 VLAN映射,將VLAN 101~102的Tag替換為VLAN 501的Tag,將VLAN 201~202的Tag替換為VLAN 502的Tag,將VLAN 301~302的Tag替換為VLAN 503的Tag。
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 101 to 102 translated-vlan 501
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 201 to 202 translated-vlan 502
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 301 to 302 translated-vlan 503
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 配置下行端口Ten-GigabitEthernet1/0/2為Trunk端口且允許原始VLAN通過。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 103 104 203 204 303 304
# 在端口Ten-GigabitEthernet1/0/2上配置N:1 VLAN映射,將VLAN 103~104的Tag替換為VLAN 501的Tag,將VLAN 203~204的Tag替換為VLAN 502的Tag,將VLAN 303~304的Tag替換為VLAN 503的Tag。
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 103 to 104 translated-vlan 501
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 203 to 204 translated-vlan 502
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 配置端口Ten-GigabitEthernet1/0/3為Trunk端口且允許轉換後VLAN通過。
[SwitchC-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/3] port trunk permit vlan 501 to 503
[SwitchC-Ten-GigabitEthernet1/0/3] quit
# 創建轉換後VLAN——VLAN 501~503。
<SwitchD> system-view
[SwitchD] vlan 501 to 503
# 配置端口Ten-GigabitEthernet1/0/1為Trunk端口且允許轉換後VLAN通過。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 501 to 503
[SwitchD-Ten-GigabitEthernet1/0/1] quit
(1) 查看Switch A上的VLAN映射配置信息
[SwitchA] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 101 N/A
2 N/A 201 N/A
3 N/A 301 N/A
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 102 N/A
2 N/A 202 N/A
3 N/A 302 N/A
(2) 查看Switch B上的VLAN映射配置信息
Switch B上的VLAN映射配置信息與Switch A相似,顯示信息略。
(3) 查看Switch C上的VLAN映射配置信息
[SwitchC] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
101-102 N/A 501 N/A
201-202 N/A 502 N/A
301-302 N/A 503 N/A
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
103-104 N/A 501 N/A
203-204 N/A 502 N/A
303-304 N/A 503 N/A
以上信息表明,Switch A和Switch B上的1:1 VLAN映射,以及Switch C上的N:1 VLAN映射配置成功。
· Switch A
#
vlan 1
#
vlan 2 to 3
#
vlan 101 to 102
#
vlan 201 to 202
#
vlan 301 to 302
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 to 3 101 201 301
vlan mapping 1 translated-vlan 101
vlan mapping 2 translated-vlan 201
vlan mapping 3 translated-vlan 301
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 to 3 102 202 302
vlan mapping 1 translated-vlan 102
vlan mapping 2 translated-vlan 202
vlan mapping 3 translated-vlan 302
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan 1 101 to 102 201 to 202 301 to 302
#
· Switch B
#
vlan 1
#
vlan 2 to 3
#
vlan 103 to 104
#
vlan 203 to 204
#
vlan 303 to 304
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 to 3 103 203 303
vlan mapping 1 translated-vlan 103
vlan mapping 2 translated-vlan 203
vlan mapping 3 translated-vlan 303
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 to 3 104 204 304
vlan mapping 1 translated-vlan 104
vlan mapping 2 translated-vlan 204
vlan mapping 3 translated-vlan 304
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan 1 103 to 104 203 to 204 303 to 304
#
· Switch C
#
#
vlan 101
#
vlan 102
#
vlan 103
#
vlan 104
#
vlan 201
#
vlan 202
#
vlan 203
#
vlan 204
#
vlan 301
#
vlan 302
#
vlan 303
#
vlan 304
#
vlan 501
#
vlan 502
#
vlan 503
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 101 to 102 201 to 202 301 to 302
vlan mapping uni range 101 to 102 translated-vlan 501
vlan mapping uni range 201 to 202 translated-vlan 502
vlan mapping uni range 301 to 302 translated-vlan 503
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 103 to 104 203 to 204 303 to 304
vlan mapping uni range 103 to 104 translated-vlan 501
vlan mapping uni range 203 to 204 translated-vlan 502
vlan mapping uni range 303 to 304 translated-vlan 503
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan 501 to 503
#
· Switch D
#
vlan 501 to 503
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 501 to 503
#
如圖6所示,Site 1和Site 2是同一家公司的兩個分支機構,同屬於VLAN 10,通過運營商A提供的VPN接入服務,外層VLAN Tag為VLAN 100。當該公司被另一家公司收購之後,需要Site 1和Site 2接入新公司的網絡。新公司的VPN服務由運營商B提供,外層VLAN Tag為VLAN 200,總部中能夠為Site 1和Site 2提供服務的業務VLAN為VLAN 30。
現要求通過配置2:2 VLAN映射功能,在不改變Site 1、Site 2和運營商網絡VLAN的配置的情況下,使Site 1和Site 2能夠訪問總部(Headquarts)VLAN 30的資源。
圖6 2:2 VLAN映射典型配置組網示意圖
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 2:2 VLAN映射功能隻需要在兩個運營商的邊緣設備中的其中一台上配置即可,本例中我們以在Switch C上配置為例進行介紹。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 創建VLAN 10和VLAN 100。
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] vlan 100
[SwitchA-vlan100] quit
# 在下行端口Ten-GigabitEthernet1/0/1上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping nest single 10 nested-vlan 100
# 配置Ten-GigabitEthernet1/0/1為Hybrid端口且允許VLAN 10的報文攜帶VLAN Tag通過、VLAN 100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 10 tagged
[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
[SwitchA-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置上行端口Ten-GigabitEthernet1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchA-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN 10和VLAN 100。
<SwitchB> system-view
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] vlan 100
[SwitchB-vlan100] quit
# 在下行端口Ten-GigabitEthernet1/0/3上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] vlan mapping nest single 10 nested-vlan 100
# 配置Ten-GigabitEthernet1/0/3為Hybrid端口且允許VLAN 10的報文攜帶VLAN Tag通過、VLAN100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchB-Ten-GigabitEthernet1/0/3] port link-type hybrid
[SwitchB-Ten-GigabitEthernet1/0/3] port hybrid vlan 10 tagged
[SwitchB-Ten-GigabitEthernet1/0/3] port hybrid vlan 100 untagged
[SwitchB-Ten-GigabitEthernet1/0/3] undo port hybrid vlan 1
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 配置端口Ten-GigabitEthernet1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 創建映射前外層VLAN 100和映射後外層VLAN 200。
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] quit
[SwitchC] vlan 200
[SwitchC-vlan200] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 100和VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
# 在端口Ten-GigabitEthernet1/0/1上配置2:2 VLAN映射,將外層VLAN為100、內層VLAN為10的報文的VLAN ID轉換為外層VLAN為200、內層VLAN為30。
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping tunnel 100 10 translated-vlan 200 30
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 配置端口Ten-GigabitEthernet1/0/2允許VLAN 200的報文通過。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200
[SwitchC-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN 30和VLAN 200。
<SwitchD> system-view
[SwitchD] vlan 30
[SwitchD-vlan30] quit
[SwitchD] vlan 200
[SwitchD-vlan200] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 200
[SwitchD-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 配置Ten-GigabitEthernet1/0/2為Hybrid端口且允許VLAN 30的報文攜帶VLAN Tag通過、VLAN 200的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-type hybrid
[SwitchD-Ten-GigabitEthernet1/0/2] port hybrid vlan 30 tagged
[SwitchD-Ten-GigabitEthernet1/0/2] port hybrid vlan 200 untagged
[SwitchD-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 在端口Ten-GigabitEthernet1/0/2上配置1:2 VLAN映射,為VLAN 30報文添加VLAN 200的外層VLAN Tag。
[SwitchD-Ten-GigabitEthernet1/0/2] vlan mapping nest single 30 nested-vlan 200
[SwitchD-Ten-GigabitEthernet1/0/2] quit
# 查看Switch C上的VLAN映射配置信息。
[SwitchC] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
100 10 200 30
顯示信息表明2:2 VLAN映射已經正確配置。
· Switch A
#
vlan 10
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
· Switch B
#
vlan 10
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface Ten-GigabitEthernet1/0/3
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
vlan 100
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
vlan mapping tunnel 100 10 translated-vlan 200 30
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
· Switch D
#
vlan 30
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 30 tagged
port hybrid vlan 200 untagged
vlan mapping nest single 30 nested-vlan 200
#
· H3C S6890係列交換機 二層技術-以太網交換機配置指導(R27xx)
· H3C S6890係列交換機 二層技術-以太網交換機命令參考(R27xx)
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
