08-H3C_VLAN映射典型配置舉例
本章節下載: 08-H3C_VLAN映射典型配置舉例 (460.07 KB)
資料版本:6W100-20200330
產品版本:Release 7585P05
Copyright © 2020 bobty下载软件 版權所有,保留一切權利。 非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。 除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。 本文檔中的信息可能變動,恕不另行通知。 |
目 錄
本文檔介紹使用VLAN映射功能為報文添加VLAN Tag或修改報文攜帶的VLAN Tag。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解VLAN映射特性。
如圖1所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。Customer A和Customer B的網絡中各有三種不同業務類型的數據,這三種業務類型的數據需要通過運營商網絡提供的三個VLAN分開傳輸,以便運營商網絡針對不同業務類型的數據配置不同的傳輸策略。
現要求通過配置1:2 VLAN映射功能實現:
· 用戶不同業務類型的數據使用不同的外層VLAN Tag在運營商網絡中傳輸;
· 外層VLAN Tag的添加策略如表1所示,傳輸效果如圖2所示;
· 添加外層VLAN Tag時,設備複製內層VLAN Tag的802.1p優先級作為外層VLAN Tag的802.1p優先級。
圖1 1:2 VLAN映射組網圖
表1 外層VLAN Tag添加策略
用戶的業務類型 |
用戶網絡VLAN |
運營商網絡VLAN |
|
Customer A |
Video |
31 to 40 |
1003 |
Voice |
21 to 30 |
1002 |
|
Data |
10 to 20 |
1001 |
|
Customer B |
Storage |
36 to 40 |
2003 |
Voice |
26 to 35 |
2002 |
|
Data |
15 to 25 |
2001 |
· 請在PE A和PE B連接用戶網絡的端口上配置1:2 VLAN映射功能,為用戶不同業務類型的數據報文添加不同的外層VLAN Tag。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要將PE A和PE B連接用戶網絡的端口的鏈路類型配置為Hybrid,並允許運營商封裝的外層VLAN的報文不帶VLAN Tag通過。
· 為了使設備在添加外層VLAN Tag時複製內層VLAN Tag的802.1p優先級作為外層VLAN Tag的802.1p優先級,配置端口信任報文的802.1p優先級。
· PE設備在配置1:2 VLAN映射前,需要先創建好轉換後VLAN。PE設備上無需創建原始VLAN或允許原始VLAN通過端口。
· 在攜帶兩層VLAN Tag的報文的傳輸路徑上,配置各端口的MTU值至少為1504字節。
· 在PE A和PE B的上行端口以及運營商網絡的中間設備上,需要保證1:2 VLAN映射封裝的外層VLAN Tag不被修改或移除。
# 創建SVLAN 1001~1003和SVLAN 2001~2003。
<PE_A> system-view
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
(1) Ten-GigabitEthernet1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface ten-gigabitethernet 1/0/1
[PE_A-Ten-GigabitEthernet1/0/1] port link-type hybrid
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_A-Ten-GigabitEthernet1/0/1] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_A-Ten-GigabitEthernet1/0/1] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/1] quit
(2) Ten-GigabitEthernet1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface ten-gigabitethernet 1/0/2
[PE_A-Ten-GigabitEthernet1/0/2] port link-type hybrid
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_A-Ten-GigabitEthernet1/0/2] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_A-Ten-GigabitEthernet1/0/2] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_A-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_A-Ten-GigabitEthernet1/0/2] quit
(3) Ten-GigabitEthernet1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_A] interface ten-gigabitethernet 1/0/3
[PE_A-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_A-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_A-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-Ten-GigabitEthernet1/0/3] quit
# 創建SVLAN 1001~1003、SVLAN 2001~2003。
<PE_B> system-view
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
(1) Ten-GigabitEthernet1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface ten-gigabitethernet 1/0/1
[PE_B-Ten-GigabitEthernet1/0/1] port link-type hybrid
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_B-Ten-GigabitEthernet1/0/1] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_B-Ten-GigabitEthernet1/0/1] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/1] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/1] quit
(2) Ten-GigabitEthernet1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface ten-gigabitethernet 1/0/2
[PE_B-Ten-GigabitEthernet1/0/2] port link-type hybrid
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_B-Ten-GigabitEthernet1/0/2] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_B-Ten-GigabitEthernet1/0/2] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_B-Ten-GigabitEthernet1/0/2] qos trust dot1p
[PE_B-Ten-GigabitEthernet1/0/2] quit
(3) Ten-GigabitEthernet1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_B] interface ten-gigabitethernet 1/0/3
[PE_B-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE_B-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE_B-Ten-GigabitEthernet1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-Ten-GigabitEthernet1/0/3] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1001~1003和VLAN 2001~2003的報文攜帶VLAN Tag通過,並配置各端口的MTU值至少為1504字節。
(1) 查看PE A上和PE B上VLAN映射的配置信息。
[PE_A] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
[PE_B] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
顯示信息表明1:2 VLAN映射的配置正確。
(2) Customer A中跨越運營商網絡的兩個分支機構中處於同一CVLAN的兩台PC互相進行Ping操作,可以Ping通,且這兩台PC能夠互相學習到對方的MAC地址。可見CVLAN信息能夠跨越運營商網絡進行透明傳輸。Customer B中的情況同理。
(3) Customer A和Customer B中處於同一CVLAN(例如VLAN 30)中的兩台PC互相進行Ping操作。在其中一台PC上查看ARP表項,發現它沒有學到對方的MAC地址。可見不同公司中同一CVLAN的流量被二層隔離。
· PE A
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· PE B
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface Ten-GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
如圖3所示,Site 1和Site 2是同一家公司的兩個分支機構,同屬於VLAN 10,通過運營商A提供的VPN接入服務,外層VLAN Tag為VLAN 100。當該公司被另一家公司收購之後,需要Site 1和Site 2接入新公司的網絡。新公司的VPN服務由運營商B提供,外層VLAN Tag為VLAN 200,總部中能夠為Site 1和Site 2提供服務的業務VLAN為VLAN 30。
現要求通過配置2:2 VLAN映射功能,在不改變Site 1、Site 2和運營商網絡VLAN的配置的情況下,使Site 1和Site 2能夠訪問總部(Headquarts)VLAN 30的資源。
圖3 2:2 VLAN映射典型配置組網示意圖
2:2 VLAN映射功能隻需要在兩個運營商的邊緣設備中的其中一台上配置即可,本例中我們以在Switch C上配置為例進行介紹。
# 創建VLAN100。
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100] quit
# 在下行端口Ten-GigabitEthernet1/0/1上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping nest single 10 nested-vlan 100
# 配置Ten-GigabitEthernet1/0/1為Hybrid端口且允許VLAN 100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
[SwitchA-Ten-GigabitEthernet1/0/1] undo port hybrid vlan 1
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置上行端口Ten-GigabitEthernet1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchA-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN100。
<SwitchB> system-view
[SwitchB] vlan 100
[SwitchB-vlan100] quit
# 在下行端口Ten-GigabitEthernet1/0/3上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] vlan mapping nest single 10 nested-vlan 100
# 配置Ten-GigabitEthernet1/0/3為Hybrid端口且允許VLAN100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchB-Ten-GigabitEthernet1/0/3] port link-type hybrid
[SwitchB-Ten-GigabitEthernet1/0/3] port hybrid vlan 100 untagged
[SwitchB-Ten-GigabitEthernet1/0/3] undo port hybrid vlan 1
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 配置端口Ten-GigabitEthernet1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 創建映射前外層VLAN 100和映射後外層VLAN 200。
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] quit
[SwitchC] vlan 200
[SwitchC-vlan200] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 100和VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
# 在端口Ten-GigabitEthernet1/0/1上配置2:2 VLAN映射,將外層VLAN為100、內層VLAN為10的報文的VLAN ID轉換為外層VLAN為200、內層VLAN為30。
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping tunnel 100 10 translated-vlan 200 30
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 配置端口Ten-GigabitEthernet1/0/2允許VLAN 200的報文通過。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200
[SwitchC-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN 200。
<SwitchD> system-view
[SwitchD] vlan 200
[SwitchD-vlan200] quit
# 配置端口Ten-GigabitEthernet1/0/1允許VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 200
[SwitchD-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 配置Ten-GigabitEthernet1/0/2為Hybrid端口且允許VLAN 200的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-type hybrid
[SwitchD-Ten-GigabitEthernet1/0/2] port hybrid vlan 200 untagged
[SwitchD-Ten-GigabitEthernet1/0/2] undo port hybrid vlan 1
# 在端口Ten-GigabitEthernet1/0/2上配置1:2 VLAN映射,為VLAN 30報文添加VLAN 200的外層VLAN Tag。
[SwitchD-Ten-GigabitEthernet1/0/2] vlan mapping nest single 30 nested-vlan 200
[SwitchD-Ten-GigabitEthernet1/0/2] quit
# 查看Switch C上的VLAN映射配置信息。
[SwitchC] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
100 10 200 30
顯示信息表明2:2 VLAN映射已經正確配置。
· Switch A
#
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
· Switch B
#
vlan 100
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface Ten-GigabitEthernet1/0/3
port link-type hybrid
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
vlan 100
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
vlan mapping tunnel 100 10 translated-vlan 200 30
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
· Switch D
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
interface Ten-GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 200 untagged
vlan mapping nest single 30 nested-vlan 200
#
· H3C S10500係列交換機 二層技術-以太網交換配置指導-R758X
· H3C S10500係列交換機 二層技術-以太網交換命令參考-R758X
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!