- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
10-添加或修改報文的VLAN Tag典型配置舉例
本章節下載: 10-添加或修改報文的VLAN Tag典型配置舉例 (886.68 KB)
H3C S6850&S9850&S9820-64H 添加或修改報文的VLAN Tag配置舉例
Copyright © 2020 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
本文檔介紹了使用QinQ功能、VLAN映射功能、QoS功能添加或修改報文的VLAN Tag的配置方式。
由於802.1Q定義的VLAN ID域隻有12個比特,最多隻能提供4094個VLAN,不能滿足運營商網絡對VLAN個數的需求。因此,用戶網絡報文在進入運營商網絡時,運營商網絡可以為用戶網絡報文添加一層VLAN Tag,使運營商網絡可以利用一個VLAN為用戶網絡的多個VLAN的報文提供服務。
根據應用需求的不同,添加報文的VLAN Tag可以采用下麵方法:
· QinQ:如果運營商網絡不需要區分用戶網絡不同VLAN的報文,可以在運營商網絡設備連接用戶網絡的端口上配置QinQ功能。端口上配置了QinQ功能後,不論從該端口收到的報文是否帶有VLAN Tag,設備都會為該報文封裝本端口缺省VLAN的Tag。
· 1:2 VLAN映射:如果運營商網絡需要區分用戶網絡不同VLAN的報文,可以在運營商網絡設備連接用戶網絡的端口上配置1:2 VLAN映射功能,使端口可以為用戶網絡不同VLAN的報文添加不同的外層VLAN Tag。
· QoS策略:如果運營商網絡需要使用VLAN ID之外的匹配條件更靈活的匹配用戶網絡報文,或在為報文添加外層VLAN Tag時,需要同時配置其它流行為,例如重標記報文外層VLAN Tag的優先級,可以通過配置QoS策略實現。
上述添加報文VLAN Tag的方法,在滿足需求的情況下,建議依次考慮QinQ、1:2 VLAN映射、QoS策略。例如,需求是為用戶網絡不同業務類型的VLAN添加不同的外層VLAN Tag,使用1:2 VLAN映射和QoS策略均可以滿足需求,建議采用1:2 VLAN映射,如果在為用戶網絡不同業務類型的VLAN添加不同的外層VLAN Tag的同時還需要重標記報文外層VLAN Tag的優先級,則需要使用QoS策略。
用戶網絡和運營商網絡各自有不同的VLAN劃分策略,因此用戶網絡和運營商網絡互聯,以及不同運營商網絡之間互聯時可能需要進行VLAN Tag的修改,從而在不修改原有配置的情況下實現互通。
根據應用需求的不同,修改報文的VLAN Tag可以采用下麵方法:
· 1:1 VLAN映射:將來自某一特定VLAN的報文所攜帶的VLAN Tag替換為新的VLAN Tag。
· N:1 VLAN映射:將來自多個VLAN的報文所攜帶的不同VLAN Tag替換為相同的VLAN Tag。
· 2:2 VLAN映射:將攜帶有兩層VLAN Tag的報文的內、外層VLAN Tag都替換為新的VLAN Tag。
· QoS策略:通過定義流分類的匹配規則,可以更靈活的匹配用戶網絡報文;通過使用流行為的remark customer-vlan-id或remark service-vlan-id動作可以為匹配不同流分類的報文修改內層或外層VLAN Tag。
上述修改報文VLAN Tag的方法,在滿足需求的情況下,建議優先采用VLAN映射。
端口配置添加或修改報文的VLAN Tag功能後,設備會將用戶網絡的MAC地址學習到SVLAN中。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解QinQ特性、VLAN映射特性、QoS Nest特性和QoS重標記特性。
添加或修改報文的VLAN Tag與EVB功能互斥,請勿同時配置。
如圖1所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。運營商網絡中可用的VLAN資源包括VLAN 1000和VLAN 2000。現要求通過配置QinQ功能,運營商網絡能夠利用VLAN 1000傳輸Customer A的數據,利用VLAN 2000傳輸Customer B的數據。
圖1 QinQ組網示意圖
· 請在PE A和PE B連接用戶網絡的端口上配置QinQ功能。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要配置開啟QinQ功能的端口發送PVID的報文時不帶VLAN Tag。開啟QinQ功能的端口的鏈路類型可以是Access,Hybrid或Trunk。如果配置為Hybrid類型,需要配置該端口允許PVID的報文不帶VLAN Tag通過。如果配置為Trunk類型,需要配置該端口允許PVID的報文通過。
表1 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
· 開啟QinQ的端口,需要配置端口的缺省VLAN為QinQ封裝的外層VLAN(SVLAN)。
· 需要保證QinQ報文傳輸路徑上,報文的外層VLAN Tag不被修改或移除。
· QinQ為報文加上外層VLAN Tag後,內層VLAN Tag將被當作報文的數據部分進行傳輸,報文長度將增加4個字節。因此建議用戶適當增加QinQ報文傳輸路徑上各接口的MTU值(至少為1504字節)。
# 創建VLAN 1000和VLAN 2000。
<PE_A> system-view
[PE_A] vlan 1000
[PE_A-vlan1000] quit
[PE_A] vlan 2000
[PE_A-vlan2000] quit
# 配置端口HundredGigE1/0/1為Access端口,允許VLAN 1000的報文通過。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] port access vlan 1000
# 開啟端口HundredGigE1/0/1的QinQ功能。
[PE_A-HundredGigE1/0/1] qinq enable
[PE_A-HundredGigE1/0/1] quit
# 配置端口HundredGigE1/0/2為Access端口,允許VLAN 2000的報文通過。
[PE_A] interface hundredgige1/0/2
[PE_A-HundredGigE1/0/2] port access vlan 2000
# 開啟端口HundredGigE1/0/2的QinQ功能。
[PE_A-HundredGigE1/0/2] qinq enable
[PE_A-HundredGigE1/0/2] quit
# 配置端口HundredGigE1/0/3為Trunk端口,且允許VLAN 1000和VLAN 2000的報文通過,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/3
[PE_A-HundredGigE1/0/3] port link-type trunk
[PE_A-HundredGigE1/0/3] port trunk permit vlan 1000 2000
[PE_A-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_A-HundredGigE1/0/3] quit
# 創建VLAN 1000和VLAN 2000。
<PE_B> system-view
[PE_B] vlan 1000
[PE_B-vlan1000] quit
[PE_B] vlan 2000
[PE_B-vlan2000] quit
# 配置端口HundredGigE1/0/1為Access端口,允許VLAN 2000的報文通過。
[PE_B] interface hundredgige1/0/1
[PE_B-HundredGigE1/0/1] port access vlan 2000
# 開啟端口HundredGigE1/0/1的QinQ功能。
[PE_B-HundredGigE1/0/1] qinq enable
[PE_B-HundredGigE1/0/1] quit
# 配置端口HundredGigE1/0/2為Access端口,允許VLAN 1000的報文通過。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] port access vlan 1000
# 開啟HundredGigE1/0/2端口的QinQ功能。
[PE_B-HundredGigE1/0/2] qinq enable
[PE_B-HundredGigE1/0/2] quit
# 配置端口HundredGigE1/0/3為Trunk端口,且允許VLAN 1000和VLAN 2000的報文通過,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/3
[PE_B-HundredGigE1/0/3] port link-type trunk
[PE_B-HundredGigE1/0/3] port trunk permit vlan 1000 2000
[PE_B-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_B-HundredGigE1/0/3] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1000和VLAN 2000的報文攜帶VLAN Tag通過,且這些端口的MTU值至少為1504字節。
(1) 同一個公司跨越運營商網絡的兩個分支機構中處於同一CVLAN的兩台PC互相進行Ping操作,可以Ping通,且這兩台PC能夠互相學習到對方的MAC地址。可見CVLAN信息能夠跨越運營商網絡進行透明傳輸。
(2) Customer A和Customer B中處於同一CVLAN(例如VLAN 130)中的兩台PC互相進行Ping操作。在其中一台PC上查看ARP表項,發現它沒有學到對方的MAC地址。可見不同公司中同一CVLAN的流量被二層隔離。
· PE A
#
vlan 1000
#
vlan 2000
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 1000
qinq enable
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 2000
qinq enable
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
· PE B
#
vlan 1000
#
vlan 2000
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2000
qinq enable
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 1000
qinq enable
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000 2000
#
如圖2所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。Customer A和Customer B的網絡中各有三種不同業務類型的數據,這三種業務類型的數據需要通過運營商網絡提供的三個VLAN分開傳輸,以便運營商網絡針對不同業務類型的數據配置不同的傳輸策略。
現要求通過配置1:2 VLAN映射功能實現:
· 用戶不同業務類型的數據使用不同的外層VLAN Tag在運營商網絡中傳輸;
· 外層VLAN Tag的添加策略如表1所示,傳輸效果如圖3所示;
· 添加外層VLAN Tag時,設備複製內層VLAN Tag的802.1p優先級作為外層VLAN Tag的802.1p優先級。
圖2 1:2 VLAN映射組網圖
表1 外層VLAN Tag添加策略
|
用戶的業務類型 |
用戶網絡VLAN |
運營商網絡VLAN |
|
|
Customer A |
Video |
31 to 40 |
1003 |
|
Voice |
21 to 30 |
1002 |
|
|
Data |
10 to 20 |
1001 |
|
|
Customer B |
Storage |
36 to 40 |
2003 |
|
Voice |
26 to 35 |
2002 |
|
|
Data |
15 to 25 |
2001 |
|
· 請在PE A和PE B連接用戶網絡的端口上配置1:2 VLAN映射功能,為用戶不同業務類型的數據報文添加不同的外層VLAN Tag。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要將PE A和PE B連接用戶網絡的端口的鏈路類型配置為Hybrid,並允許運營商封裝的外層VLAN的報文不帶VLAN Tag通過。
· 為了使設備在添加外層VLAN Tag時複製內層VLAN Tag的802.1p優先級做為外層VLAN Tag的802.1p優先級,配置端口信任報文的802.1p優先級。
表2 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
· 在攜帶兩層VLAN Tag的報文的傳輸路徑上,配置各端口的MTU值至少為1504字節。
· 在PE A和PE B的上行端口以及運營商網絡的中間設備上,需要保證1:2 VLAN映射封裝的外層VLAN Tag不被修改或移除。
# 創建CVLAN 10~40。
<PE_A> system-view
[PE_A] vlan 10 to 40
# 創建SVLAN 1001~1003和SVLAN 2001~2003。
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
(1) HundredGigE1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] port link-type hybrid
# 配置端口允許CVLAN 10~40的報文攜帶VLAN Tag通過。
[PE_A-HundredGigE1/0/1] port hybrid vlan 10 to 40 tagged
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_A-HundredGigE1/0/1] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-HundredGigE1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_A-HundredGigE1/0/1] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_A-HundredGigE1/0/1] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_A-HundredGigE1/0/1] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_A-HundredGigE1/0/1] qos trust dot1p
[PE_A-HundredGigE1/0/1] quit
(2) HundredGigE1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_A] interface hundredgige1/0/2
[PE_A-HundredGigE1/0/2] port link-type hybrid
# 配置端口允許CVLAN 15~40的報文攜帶VLAN Tag通過。
[PE_A-HundredGigE1/0/2] port hybrid vlan 15 to 40 tagged
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_A-HundredGigE1/0/2] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_A-HundredGigE1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_A-HundredGigE1/0/2] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_A-HundredGigE1/0/2] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_A-HundredGigE1/0/2] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_A-HundredGigE1/0/2] qos trust dot1p
[PE_A-HundredGigE1/0/2] quit
(3) HundredGigE1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/3
[PE_A-HundredGigE1/0/3] port link-type trunk
[PE_A-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_A-HundredGigE1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-HundredGigE1/0/3] quit
# 創建CVLAN 10~40。
<PE_B> system-view
[PE_B] vlan 10 to 40
# 創建SVLAN 1001~1003、SVLAN 2001~2003。
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
(1) HundredGigE1/0/1端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface hundredgige1/0/1
[PE_B-HundredGigE1/0/1] port link-type hybrid
# 配置端口允許CVLAN 15~40的報文攜帶VLAN Tag通過。
[PE_B-HundredGigE1/0/1] port hybrid vlan 15 to 40 tagged
# 配置端口允許SVLAN 2001~2003的報文通過,並且在發送時去掉外層Tag。
[PE_B-HundredGigE1/0/1] port hybrid vlan 2001 to 2003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-HundredGigE1/0/1] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 15~25的報文封裝VLAN 2001的外層VLAN Tag,為用戶網絡VLAN 26~35的報文封裝VLAN 2002的外層VLAN Tag,為用戶網絡VLAN 36~40的報文封裝VLAN 2003的外層VLAN Tag。
[PE_B-HundredGigE1/0/1] vlan mapping nest range 15 to 25 nested-vlan 2001
[PE_B-HundredGigE1/0/1] vlan mapping nest range 26 to 35 nested-vlan 2002
[PE_B-HundredGigE1/0/1] vlan mapping nest range 36 to 40 nested-vlan 2003
# 配置端口信任報文的802.1p優先級。
[PE_B-HundredGigE1/0/1] qos trust dot1p
[PE_B-HundredGigE1/0/1] quit
(2) HundredGigE1/0/2端口的配置
# 配置端口為Hybrid端口。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] port link-type hybrid
# 配置端口允許CVLAN 10~40的報文攜帶VLAN Tag通過。
[PE_B-HundredGigE1/0/2] port hybrid vlan 10 to 40 tagged
# 配置端口允許SVLAN 1001~1003的報文通過,並且在發送時去掉外層Tag。
[PE_B-HundredGigE1/0/2] port hybrid vlan 1001 to 1003 untagged
# 配置端口取消允許VLAN 1通過。
[PE_B-HundredGigE1/0/2] undo port hybrid vlan 1
# 配置1:2 VLAN映射功能,為用戶網絡VLAN 10~20的報文封裝VLAN 1001的外層VLAN Tag,為用戶網絡VLAN 21~30的報文封裝VLAN 1002的外層VLAN Tag,為用戶網絡VLAN 31~40的報文封裝VLAN 1003的外層VLAN Tag。
[PE_B-HundredGigE1/0/2] vlan mapping nest range 10 to 20 nested-vlan 1001
[PE_B-HundredGigE1/0/2] vlan mapping nest range 21 to 30 nested-vlan 1002
[PE_B-HundredGigE1/0/2] vlan mapping nest range 31 to 40 nested-vlan 1003
# 配置端口信任報文的802.1p優先級。
[PE_B-HundredGigE1/0/2] qos trust dot1p
[PE_B-HundredGigE1/0/2] quit
(3) HundredGigE1/0/3端口的配置
# 配置端口為Trunk端口,且允許VLAN 1001~1003和VLAN 2001~2003的報文通過,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/3
[PE_B-HundredGigE1/0/3] port link-type trunk
[PE_B-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_B-HundredGigE1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-HundredGigE1/0/3] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1001~1003和VLAN 2001~2003的報文攜帶VLAN Tag通過,並配置各端口的MTU值至少為1504字節。
(1) 查看PE A上和PE B上VLAN映射的配置信息。
[PE_A] display vlan mapping
Interface HundredGigE1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
Interface HundredGigE1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
[PE_B] display vlan mapping
Interface HundredGigE1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
15-25 N/A 2001 15-25
26-35 N/A 2002 26-35
36-40 N/A 2003 36-40
Interface HundredGigE1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
10-20 N/A 1001 10-20
21-30 N/A 1002 21-30
31-40 N/A 1003 31-40
顯示信息表明1:2 VLAN映射的配置正確。
(2) Customer A中跨越運營商網絡的兩個分支機構中處於同一CVLAN的兩台PC互相進行Ping操作,可以Ping通,且這兩台PC能夠互相學習到對方的MAC地址。可見CVLAN信息能夠跨越運營商網絡進行透明傳輸。Customer B中的情況同理。
(3) Customer A和Customer B中處於同一CVLAN(例如VLAN 30)中的兩台PC互相進行Ping操作。在其中一台PC上查看ARP表項,發現它沒有學到對方的MAC地址。可見不同公司中同一CVLAN的流量被二層隔離。
· PE A
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface HundredGigE1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface HundredGigE1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface HundredGigE1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· PE B
#
vlan 10 to 40
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
interface HundredGigE1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 to 40 tagged
port hybrid vlan 2001 to 2003 untagged
vlan mapping nest range 15 to 25 nested-vlan 2001
vlan mapping nest range 26 to 35 nested-vlan 2002
vlan mapping nest range 36 to 40 nested-vlan 2003
qos trust dot1p
#
interface HundredGigE1/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 to 40 tagged
port hybrid vlan 1001 to 1003 untagged
vlan mapping nest range 10 to 20 nested-vlan 1001
vlan mapping nest range 21 to 30 nested-vlan 1002
vlan mapping nest range 31 to 40 nested-vlan 1003
qos trust dot1p
#
interface HundredGigE1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
如圖4所示,Customer A和Customer B各有兩個分支機構需要通過運營商網絡進行通信。Customer A和Customer B的網絡中各有三種不同業務類型的數據,且這三種業務類型的數據需要不同的傳輸優先級。
現要求通過在運營商網絡中配置QoS策略,使用戶不同業務類型的數據使用不同的外層VLAN Tag在運營商網絡中傳輸,並使優先級高的業務得到優先傳輸。外層VLAN Tag的添加策略如表2所示,傳輸效果如圖5所示。
圖4 QoS Nest&重標記優先級配置組網圖
表2 外層VLAN Tag添加策略
|
用戶的業務類型 |
用戶網絡VLAN |
運營商網絡VLAN |
傳輸優先級 |
|
|
Customer A: |
Video |
31~40 |
1003 |
高 |
|
Voice |
21~30 |
1002 |
中 |
|
|
Data |
10~20 |
1001 |
低 |
|
|
Customer B: |
Storage |
36~40 |
2003 |
高 |
|
Voice |
26~35 |
2002 |
中 |
|
|
Data |
15~25 |
2001 |
低 |
|
· 請在PE A和PE B連接用戶網絡的端口上配置QoS策略為用戶不同業務類型的數據報文添加不同的外層VLAN Tag並修改外層VLAN Tag的802.1p優先級。
· 為了保證用戶網絡接收的數據中不會包含運營商網絡的VLAN信息,需要將PE A和PE B連接用戶網絡的端口的鏈路類型配置為Hybrid,並允許運營商封裝的外層VLAN的報文不帶VLAN Tag通過。
· 本舉例中通過配置QoS策略為用戶不同業務類型的數據報文添加不同的外層VLAN Tag並修改報文外層VLAN Tag的802.1p優先級,您也可以使用1:2 VLAN映射功能為用戶不同業務類型的數據報文添加不同的外層VLAN Tag,同時配置QoS策略修改報文外層VLAN Tag的802.1p優先級。
表3 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
· 在端口上應用含有nest命令的策略時,隻能應用到端口的入方向(inbound)。
· 當端口同時配置了QinQ功能和添加報文外層VLAN Tag的QoS策略時,匹配QoS策略流分類的報文將按QoS策略定義的流行為處理,不匹配QoS策略流分類的報文將按QinQ處理。
· 缺省情況下,端口為報文封裝外層VLAN Tag時,如果端口信任報文的802.1p優先級,會將內層VLAN Tag的802.1p優先級複製到外層VLAN Tag的802.1p優先級,如果端口不信任報文的802.1p優先級或入報文沒有攜帶VLAN Tag,會將接收報文的端口優先級作為外層VLAN Tag的802.1p優先級。
· 需要保證QinQ報文傳輸路徑上,報文的外層VLAN Tag不被修改或移除。
· QinQ為報文加上外層VLAN Tag後,內層VLAN Tag將被當作報文的數據部分進行傳輸,報文長度將增加4個字節。因此建議用戶適當增加QinQ報文傳輸路徑上各接口的MTU值(至少為1504字節)。
# 創建為用戶數據分配的VLAN,即VLAN 1001~VLAN 1003、VLAN 2001~VLAN 2003。
<PE_A> system-view
[PE_A] vlan 1001 to 1003
[PE_A] vlan 2001 to 2003
(1) 配置端口HundredGigE1/0/1
# 配置端口為Hybrid端口,允許VLAN 1001~VLAN 1003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] port link-type hybrid
[PE_A-HundredGigE1/0/1] undo port hybrid vlan 1
[PE_A-HundredGigE1/0/1] port hybrid vlan 1001 to 1003 untagged
# 開啟端口的QinQ功能。
[PE_A-HundredGigE1/0/1] qinq enable
# 配置端口信任報文的802.1p優先級。
[PE_A-HundredGigE1/0/1] qos trust dot1p
[PE_A-HundredGigE1/0/1] quit
(2) 配置端口HundredGigE1/0/2
# 配置端口為Hybrid端口,允許VLAN 2001~VLAN 2003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/2
[PE_A-HundredGigE1/0/2] port link-type hybrid
[PE_A-HundredGigE1/0/2] undo port hybrid vlan 1
[PE_A-HundredGigE1/0/2] port hybrid vlan 2001 to 2003 untagged
# 開啟端口的QinQ功能。
[PE_A-HundredGigE1/0/2] qinq enable
# 配置端口信任報文的802.1p優先級。
[PE_A-HundredGigE1/0/2] qos trust dot1p
[PE_A-HundredGigE1/0/2] quit
(3) 配置端口HundredGigE1/0/3
# 配置端口為Trunk端口,且允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文通過,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/3
[PE_A-HundredGigE1/0/3] port link-type trunk
[PE_A-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_A-HundredGigE1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_A-HundredGigE1/0/3] quit
(4) 配置QoS策略
# 為Customer A創建一個流分類,匹配規則為用戶網絡中普通業務數據對應的VLAN。
[PE_A] traffic classifier customer_A_pc
[PE_A-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_A-classifier-customer_A_pc] quit
# 按同樣方法創建匹配Customer A網絡中語音數據和視頻數據的流分類。
[PE_A] traffic classifier customer_A_voice
[PE_A-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_A-classifier-customer_A_voice] quit
[PE_A] traffic classifier customer_A_video
[PE_A-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_A-classifier-customer_A_video] quit
# 為Customer A的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag和重標記報文外層VLAN Tag的802.1p優先級。
[PE_A] traffic behavior customer_A_pc
[PE_A-behavior-customer_A_pc] nest top-most vlan 1001
[PE_A-behavior-customer_A_pc] remark dot1p 3
[PE_A-behavior-customer_A_pc] quit
[PE_A] traffic behavior customer_A_voice
[PE_A-behavior-customer_A_voice] nest top-most vlan 1002
[PE_A-behavior-customer_A_voice] remark dot1p 5
[PE_A-behavior-customer_A_voice] quit
[PE_A] traffic behavior customer_A_video
[PE_A-behavior-customer_A_video] nest top-most vlan 1003
[PE_A-behavior-customer_A_video] remark dot1p 7
[PE_A-behavior-customer_A_video] quit
# 創建用於Customer A的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag和重標記報文外層VLAN Tag優先級的流行為進行一一關聯。
[PE_A] qos policy customer_A
[PE_A-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_A-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_A-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_A-qospolicy-customer_A] quit
# 將上麵創建的策略應用到HundredGige1/0/1端口的入方向。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] qos apply policy customer_A inbound
[PE_A-HundredGigE1/0/1] quit
# 使用類似方法為Customer B的三種業務數據創建流分類。
[PE_A] traffic classifier customer_B_pc
[PE_A-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_A-classifier-customer_B_pc] quit
[PE_A] traffic classifier customer_B_voice
[PE_A-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_A-classifier-customer_B_voice] quit
[PE_A] traffic classifier customer_B_storage
[PE_A-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_A-classifier-customer_B_storage] quit
# 為Customer B的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag和重標記報文外層VLAN Tag的802.1p優先級。
[PE_A] traffic behavior customer_B_pc
[PE_A-behavior-customer_B_pc] nest top-most vlan 2001
[PE_A-behavior-customer_B_pc] remark dot1p 3
[PE_A-behavior-customer_B_pc] quit
[PE_A] traffic behavior customer_B_voice
[PE_A-behavior-customer_B_voice] nest top-most vlan 2002
[PE_A-behavior-customer_B_voice] remark dot1p 5
[PE_A-behavior-customer_B_voice] quit
[PE_A] traffic behavior customer_B_storage
[PE_A-behavior-customer_B_storage] nest top-most vlan 2003
[PE_A-behavior-customer_B_storage] remark dot1p 7
[PE_A-behavior-customer_B_storage] quit
# 創建用於Customer B的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag和重標記報文外層VLAN Tag優先級的流行為進行一一關聯。
[PE_A] qos policy customer_B
[PE_A-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_A-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_A-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_A-qospolicy-customer_B] quit
# 將上麵創建的策略應用到HundredGige1/0/2端口的入方向。
[PE_A] interface hundredgige1/0/2
[PE_A-HundredGigE1/0/2] qos apply policy customer_B inbound
[PE_A-HundredGigE1/0/2] quit
# 創建為用戶數據分配的VLAN,即VLAN 1001~VLAN 1003、VLAN 2001~VLAN 2003。
<PE_B> system-view
[PE_B] vlan 1001 to 1003
[PE_B] vlan 2001 to 2003
(1) 配置端口HundredGigE1/0/1
# 配置端口為Hybrid端口,允許VLAN 2001~VLAN 2003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/1
[PE_B-HundredGigE1/0/1] port link-type hybrid
[PE_B-HundredGigE1/0/1] undo port hybrid vlan 1
[PE_B-HundredGigE1/0/1] port hybrid vlan 2001 to 2003 untagged
# 開啟端口的QinQ功能。
[PE_B-HundredGigE1/0/1] qinq enable
# 配置端口信任報文的802.1p優先級。
[PE_B-HundredGigE1/0/1] qos trust dot1p
[PE_B-HundredGigE1/0/1] quit
(2) 配置端口HundredGigE1/0/2
# 配置端口為Hybrid端口,允許VLAN 1001~VLAN 1003的報文通過,並且在發送時去掉外層Tag,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] port link-type hybrid
[PE_B-HundredGigE1/0/2] undo port hybrid vlan 1
[PE_B-HundredGigE1/0/2] port hybrid vlan 1001 to 1003 untagged
# 開啟端口的QinQ功能。
[PE_B-HundredGigE1/0/2] qinq enable
# 配置端口信任報文的802.1p優先級。
[PE_B-HundredGigE1/0/2] qos trust dot1p
[PE_B-HundredGigE1/0/2] quit
(3) 配置端口HundredGigE1/0/3
# 配置端口為Trunk端口,且允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文通過,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/3
[PE_B-HundredGigE1/0/3] port link-type trunk
[PE_B-HundredGigE1/0/3] undo port trunk permit vlan 1
[PE_B-HundredGigE1/0/3] port trunk permit vlan 1001 to 1003 2001 to 2003
[PE_B-HundredGigE1/0/3] quit
(4) 配置QoS策略
# 按PE A設備的配置方法,為Customer A的業務數據配置流分類。
[PE_B] traffic classifier customer_A_pc
[PE_B-classifier-customer_A_pc] if-match customer-vlan-id 10 to 20
[PE_B-classifier-customer_A_pc] quit
[PE_B] traffic classifier customer_A_voice
[PE_B-classifier-customer_A_voice] if-match customer-vlan-id 21 to 30
[PE_B-classifier-customer_A_voice] quit
[PE_B] traffic classifier customer_A_video
[PE_B-classifier-customer_A_video] if-match customer-vlan-id 31 to 40
[PE_B-classifier-customer_A_video] quit
# 為Customer A的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag和重標記報文外層VLAN Tag的802.1p優先級。
[PE_B] traffic behavior customer_A_pc
[PE_B-behavior-customer_A_pc] nest top-most vlan 1001
[PE_B-behavior-customer_A_pc] remark dot1p 3
[PE_B-behavior-customer_A_pc] quit
[PE_B] traffic behavior customer_A_voice
[PE_B-behavior-customer_A_voice] nest top-most vlan 1002
[PE_B-behavior-customer_A_voice] remark dot1p 5
[PE_B-behavior-customer_A_voice] quit
[PE_B] traffic behavior customer_A_video
[PE_B-behavior-customer_A_video] nest top-most vlan 1003
[PE_B-behavior-customer_A_video] remark dot1p 7
[PE_B-behavior-customer_A_video] quit
# 創建用於Customer A的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag和重標記報文外層VLAN Tag優先級的流行為進行一一關聯。
[PE_B] qos policy customer_A
[PE_B-qospolicy-customer_A] classifier customer_A_pc behavior customer_A_pc
[PE_B-qospolicy-customer_A] classifier customer_A_voice behavior customer_A_voice
[PE_B-qospolicy-customer_A] classifier customer_A_video behavior customer_A_video
[PE_B-qospolicy-customer_A] quit
# 將上麵創建的策略應用到HundredGige1/0/2端口的入方向。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] qos apply policy customer_A inbound
[PE_B-HundredGigE1/0/2] quit
# 使用類似方法為Customer B的三種業務數據創建流分類。
[PE_B] traffic classifier customer_B_pc
[PE_B-classifier-customer_B_pc] if-match customer-vlan-id 15 to 25
[PE_B-classifier-customer_B_pc] quit
[PE_B] traffic classifier customer_B_voice
[PE_B-classifier-customer_B_voice] if-match customer-vlan-id 26 to 35
[PE_B-classifier-customer_B_voice] quit
[PE_B] traffic classifier customer_B_storage
[PE_B-classifier-customer_B_storage] if-match customer-vlan-id 36 to 40
[PE_B-classifier-customer_B_storage] quit
# 為Customer B的三種業務數據創建三個流行為,動作為封裝相應的外層VLAN Tag和重標記報文外層VLAN Tag的802.1p優先級。
[PE_B] traffic behavior customer_B_pc
[PE_B-behavior-customer_B_pc] nest top-most vlan 2001
[PE_B-behavior-customer_B_pc] remark dot1p 3
[PE_B-behavior-customer_B_pc] quit
[PE_B] traffic behavior customer_B_voice
[PE_B-behavior-customer_B_voice] nest top-most vlan 2002
[PE_B-behavior-customer_B_voice] remark dot1p 5
[PE_B-behavior-customer_B_voice] quit
[PE_B] traffic behavior customer_B_storage
[PE_B-behavior-customer_B_storage] nest top-most vlan 2003
[PE_B-behavior-customer_B_storage] remark dot1p 7
[PE_B-behavior-customer_B_storage] quit
# 創建用於Customer B的QoS策略,將匹配用戶業務數據的流分類與封裝相應外層VLAN Tag和重標記報文外層VLAN Tag優先級的流行為進行一一關聯。
[PE_B] qos policy customer_B
[PE_B-qospolicy-customer_B] classifier customer_B_pc behavior customer_B_pc
[PE_B-qospolicy-customer_B] classifier customer_B_voice behavior customer_B_voice
[PE_B-qospolicy-customer_B] classifier customer_B_storage behavior customer_B_storage
[PE_B-qospolicy-customer_B] quit
# 將上麵創建的策略應用到HundredGige1/0/1端口的入方向。
[PE_B] interface hundredgige1/0/1
[PE_B-HundredGigE1/0/1] qos apply policy customer_B inbound
[PE_B-HundredGigE1/0/1] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 1001~VLAN 1003和VLAN 2001~VLAN 2003的報文攜帶VLAN Tag通過,並配置各端口的MTU值為至少1504字節。
(1) 使用display this命令查看端口的配置,例如:
# 查看PE A上端口HundredGigE1/0/1的配置。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] display this
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
Return
[PE_A-HundredGigE1/0/1] quit
(2) 查看配置的策略是否正確下發到端口,例如:
# 查看PE A上端口HundredGige1/0/1上應用的策略。
[PE_A] display qos policy interface hundredgige1/0/1
Interface: HundredGigE1/0/1
Direction: Inbound
Policy: customer_A
Classifier: customer_A_pc
Operator: AND
Rule(s) :
If-match customer-vlan-id 10 to 20
Behavior: customer_A_pc
Nesting:
Nest top-most vlan-id 1001
Marking:
Remark dot1p 3
Classifier: customer_A_voice
Operator: AND
Rule(s) :
If-match customer-vlan-id 21 to 30
Behavior: customer_A_voice
Nesting:
Nest top-most vlan-id 1002
Marking:
Remark dot1p 5
Classifier: customer_A_video
Operator: AND
Rule(s) :
If-match customer-vlan-id 31 to 40
Behavior: customer_A_video
Nesting:
Nest top-most vlan-id 1003
Marking:
Remark dot1p 7
· PE A
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
remark dot1p 3
#
traffic behavior customer_A_voice
nest top-most vlan 1002
remark dot1p 5
#
traffic behavior customer_A_video
nest top-most vlan 1003
remark dot1p 7
#
traffic behavior customer_B_pc
nest top-most vlan 2001
remark dot1p 3
#
traffic behavior customer_B_voice
nest top-most vlan 2002
remark dot1p 5
#
traffic behavior customer_B_storage
nest top-most vlan 2003
remark dot1p 7
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_B inbound
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
· ProviderB的配置
#
vlan 1001 to 1003
#
vlan 2001 to 2003
#
traffic classifier customer_A_pc operator and
if-match customer-vlan-id 10 to 20
#
traffic classifier customer_A_voice operator and
if-match customer-vlan-id 21 to 30
#
traffic classifier customer_A_video operator and
if-match customer-vlan-id 31 to 40
#
traffic classifier customer_B_pc operator and
if-match customer-vlan-id 15 to 25
#
traffic classifier customer_B_voice operator and
if-match customer-vlan-id 26 to 35
#
traffic classifier customer_B_storage operator and
if-match customer-vlan-id 36 to 40
#
traffic behavior customer_A_pc
nest top-most vlan 1001
remark dot1p 3
#
traffic behavior customer_A_voice
nest top-most vlan 1002
remark dot1p 5
#
traffic behavior customer_A_video
nest top-most vlan 1003
remark dot1p 7
#
traffic behavior customer_B_pc
nest top-most vlan 2001
remark dot1p 3
#
traffic behavior customer_B_voice
nest top-most vlan 2002
remark dot1p 5
#
traffic behavior customer_B_storage
nest top-most vlan 2003
remark dot1p 7
#
qos policy customer_A
classifier customer_A_pc behavior customer_A_pc
classifier customer_A_voice behavior customer_A_voice
classifier customer_A_video behavior customer_A_video
#
qos policy customer_B
classifier customer_B_pc behavior customer_B_pc
classifier customer_B_voice behavior customer_B_voice
classifier customer_B_storage behavior customer_B_storage
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2001 to 2003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_B inbound
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1001 to 1003 untagged
qinq enable
qos trust dot1p
qos apply policy customer_A inbound
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001 to 1003 2001 to 2003
#
如圖6所示:在某小區,服務提供商為每個家庭都提供了PC、VoD和VoIP這三種數據服務,每個家庭都通過各自的家庭網關接入樓道交換機,並通過DHCP方式自動獲取IP地址。每個家庭網關都分別將PC、VoD和VoIP業務依次劃分到VLAN 1~3。
現要求通過配置1:1和N:1 VLAN映射功能實現以下功能:
· 在樓道交換機上,為了隔離不同家庭的同類業務,將每個家庭的每種業務都劃分到不同的VLAN;
· 在園區交換機上,為了節省VLAN資源,將所有家庭的同類業務都劃分到相同的VLAN,即分別將PC、VoD和VoIP業務依次劃分到VLAN 501~503。
圖6 1:1和N:1 VLAN映射組網示意圖
表4 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
# 創建原始VLAN——VLAN 2~ 3(原始VLAN 1設備缺省已創建)。
<SwitchA> system-view
[SwitchA] vlan 2 to 3
# 創建轉換後VLAN——VLAN 101~102、VLAN 201~202和VLAN 301~302。
[SwitchA] vlan 101 to 102
[SwitchA] vlan 201 to 202
[SwitchA] vlan 301 to 302
# 配置下行端口HundredGigE1/0/1為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchA] interface hundredgige1/0/1
[SwitchA-HundredGigE1/0/1] port link-type trunk
[SwitchA-HundredGigE1/0/1] port trunk permit vlan 1 2 3 101 201 301
# 在端口HundredGigE1/0/1上配置1:1 VLAN映射功能,將VLAN 1的Tag替換為VLAN 101的Tag,將VLAN 2的Tag替換為VLAN 201的Tag,將VLAN 3的Tag替換為VLAN 301的Tag。
[SwitchA-HundredGigE1/0/1] vlan mapping 1 translated-vlan 101
[SwitchA-HundredGigE1/0/1] vlan mapping 2 translated-vlan 201
[SwitchA-HundredGigE1/0/1] vlan mapping 3 translated-vlan 301
[SwitchA-HundredGigE1/0/1] quit
# 配置下行端口HundredGigE1/0/2為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchA] interface hundredgige1/0/2
[SwitchA-HundredGigE1/0/2] port link-type trunk
[SwitchA-HundredGigE1/0/2] port trunk permit vlan 1 2 3 102 202 302
# 在端口HundredGigE1/0/2上配置1:1 VLAN映射功能,將VLAN 1的Tag替換為VLAN 102的Tag,將VLAN 2的Tag替換為VLAN 202的Tag,將VLAN 3的Tag替換為VLAN 302的Tag。
[SwitchA-HundredGigE1/0/2] vlan mapping 1 translated-vlan 102
[SwitchA-HundredGigE1/0/2] vlan mapping 2 translated-vlan 202
[SwitchA-HundredGigE1/0/2] vlan mapping 3 translated-vlan 302
[SwitchA-HundredGigE1/0/2] quit
# 配置上行端口HundredGigE1/0/3為Trunk端口,且允許轉換後VLAN通過。
[SwitchA] interface hundredgige1/0/3
[SwitchA-HundredGigE1/0/3] port link-type trunk
[SwitchA-HundredGigE1/0/3] undo port trunk permit vlan 1
[SwitchA-HundredGigE1/0/3] port trunk permit vlan 101 201 301 102 202 302
[SwitchA-HundredGigE1/0/3] quit
Switch B的配置與Switch A相似,配置過程略。
# 使能DHCP Snooping功能。
<SwitchC> system-view
[SwitchC] dhcp snooping enable
# 創建原始VLAN和轉換後VLAN,並在這些VLAN上分別使能ARP Detection功能。
[SwitchC] vlan 101
[SwitchC-vlan101] arp detection enable
[SwitchC-vlan101] vlan 201
[SwitchC-vlan201] arp detection enable
[SwitchC-vlan201] vlan 301
[SwitchC-vlan301] arp detection enable
[SwitchC-vlan301] vlan 102
[SwitchC-vlan102] arp detection enable
[SwitchC-vlan102] vlan 202
[SwitchC-vlan202] arp detection enable
[SwitchC-vlan202] vlan 302
[SwitchC-vlan302] arp detection enable
[SwitchC-vlan302] vlan 103
[SwitchC-vlan103] arp detection enable
[SwitchC-vlan103] vlan 203
[SwitchC-vlan203] arp detection enable
[SwitchC-vlan203] vlan 303
[SwitchC-vlan303] arp detection enable
[SwitchC-vlan303] vlan 104
[SwitchC-vlan104] arp detection enable
[SwitchC-vlan104] vlan 204
[SwitchC-vlan204] arp detection enable
[SwitchC-vlan204] vlan 304
[SwitchC-vlan304] arp detection enable
[SwitchC-vlan304] vlan 501
[SwitchC-vlan501] arp detection enable
[SwitchC-vlan501] vlan 502
[SwitchC-vlan502] arp detection enable
[SwitchC-vlan502] vlan 503
[SwitchC-vlan503] arp detection enable
[SwitchC-vlan503] quit
# 配置下行端口HundredGigE1/0/1為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchC] interface hundredgige1/0/1
[SwitchC-HundredGigE1/0/1] port link-type trunk
[SwitchC-HundredGigE1/0/1] undo port trunk permit vlan 1
[SwitchC-HundredGigE1/0/1] port trunk permit vlan 101 102 201 202 301 302 501 to 503
# 在端口HundredGigE1/0/1上配置N:1 VLAN映射,將VLAN 101~102的Tag替換為VLAN 501的Tag,將VLAN 201~202的Tag替換為VLAN 502的Tag,將VLAN 301~302的Tag替換為VLAN 503的Tag。
[SwitchC-HundredGigE1/0/1] vlan mapping uni range 101 to 102 translated-vlan 501
[SwitchC-HundredGigE1/0/1] vlan mapping uni range 201 to 202 translated-vlan 502
[SwitchC-HundredGigE1/0/1] vlan mapping uni range 301 to 302 translated-vlan 503
# 在端口HundredGigE1/0/1上啟用DHCP Snooping表項記錄功能,以記錄原始VLAN及轉換後VLAN的對應關係。
[SwitchC-HundredGigE1/0/1] dhcp snooping binding record
[SwitchC-HundredGigE1/0/1] quit
# 配置下行端口HundredGigE1/0/2為Trunk端口且允許原始VLAN及轉換後VLAN通過。
[SwitchC] interface hundredgige1/0/2
[SwitchC-HundredGigE1/0/2] port link-type trunk
[SwitchC-HundredGigE1/0/2] undo port trunk permit vlan 1
[SwitchC-HundredGigE1/0/2] port trunk permit vlan 103 104 203 204 303 304 501 to 503
# 在端口HundredGigE1/0/2上配置N:1 VLAN映射,將VLAN 103~104的Tag替換為VLAN 501的Tag,將VLAN 203~204的Tag替換為VLAN 502的Tag,將VLAN 303~304的Tag替換為VLAN 503的Tag。
[SwitchC-HundredGigE1/0/2] vlan mapping uni range 103 to 104 translated-vlan 501
[SwitchC-HundredGigE1/0/2] vlan mapping uni range 203 to 204 translated-vlan 502
[SwitchC-HundredGigE1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503
# 在端口HundredGigE1/0/2上啟用DHCP Snooping表項記錄功能,以記錄原始VLAN及轉換後VLAN的對應關係。
[SwitchC-HundredGigE1/0/2] dhcp snooping binding record
[SwitchC-HundredGigE1/0/2] quit
# 在上行端口HundredGigE1/0/3上配置網絡側N:1 VLAN映射。
[SwitchC] interface hundredgige1/0/3
[SwitchC-HundredGigE1/0/3] vlan mapping nni
# 配置端口HundredGigE1/0/3為Trunk端口且允許轉換後VLAN通過,並配置該端口為DHCP Snooping信任端口和ARP信任端口。
[SwitchC-HundredGigE1/0/3] port link-type trunk
[SwitchC-HundredGigE1/0/3] undo port trunk permit vlan 1
[SwitchC-HundredGigE1/0/3] port trunk permit vlan 501 to 503
[SwitchC-HundredGigE1/0/3] dhcp snooping trust
[SwitchC-HundredGigE1/0/3] arp detection trust
[SwitchC-HundredGigE1/0/3] quit
# 創建轉換後VLAN——VLAN 501~503。
<SwitchD> system-view
[SwitchD] vlan 501 to 503
# 配置端口HundredGigE1/0/1為Trunk端口且允許轉換後VLAN通過。
[SwitchD] interface hundredgige1/0/1
[SwitchD-HundredGigE1/0/1] port link-type trunk
[SwitchD-HundredGigE1/0/1] port trunk permit vlan 501 to 503
[SwitchD-HundredGigE1/0/1] quit
(1) 查看Switch A上的VLAN映射配置信息
[SwitchA] display vlan mapping
Interface HundredGigE1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 101 N/A
2 N/A 201 N/A
3 N/A 301 N/A
Interface HundredGigE1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 102 N/A
2 N/A 202 N/A
3 N/A 302 N/A
(2) 查看Switch B上的VLAN映射配置信息
Switch B上的VLAN映射配置信息與Switch A相似,顯示信息略。
(3) 查看Switch C上的VLAN映射配置信息
[SwitchC] display vlan mapping
Interface HundredGigE1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
101-102 N/A 501 N/A
201-202 N/A 502 N/A
301-302 N/A 503 N/A
Interface HundredGigE1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
103-104 N/A 501 N/A
203-204 N/A 502 N/A
303-304 N/A 503 N/A
以上信息表明,Switch A和Switch B上的1:1 VLAN映射,以及Switch C上的N:1 VLAN映射配置成功。
· Switch A
#
vlan 1
#
vlan 2 to 3
#
vlan 101 to 102
#
vlan 201 to 202
#
vlan 301 to 302
#
interface HundredGigE1/0/1
port link-type trunk
port trunk permit vlan 1 to 3 101 201 301
vlan mapping 1 translated-vlan 101
vlan mapping 2 translated-vlan 201
vlan mapping 3 translated-vlan 301
#
interface HundredGigE1/0/2
port link-type trunk
port trunk permit vlan 1 to 3 102 202 302
vlan mapping 1 translated-vlan 102
vlan mapping 2 translated-vlan 202
vlan mapping 3 translated-vlan 302
#
interface HundredGigE1/0/3
port link-type trunk
port trunk permit vlan 1 101 to 102 201 to 202 301 to 302
#
· Switch B
#
vlan 1
#
vlan 2 to 3
#
vlan 103 to 104
#
vlan 203 to 204
#
vlan 303 to 304
#
interface HundredGigE1/0/1
port link-type trunk
port trunk permit vlan 1 to 3 103 203 303
vlan mapping 1 translated-vlan 103
vlan mapping 2 translated-vlan 203
vlan mapping 3 translated-vlan 303
#
interface HundredGigE1/0/2
port link-type trunk
port trunk permit vlan 1 to 3 104 204 304
vlan mapping 1 translated-vlan 104
vlan mapping 2 translated-vlan 204
vlan mapping 3 translated-vlan 304
#
interface HundredGigE1/0/3
port link-type trunk
port trunk permit vlan 1 103 to 104 203 to 204 303 to 304
#
· Switch C
#
dhcp snooping enable
#
vlan 101
arp detection enable
#
vlan 102
arp detection enable
#
vlan 103
arp detection enable
#
vlan 104
arp detection enable
#
vlan 201
arp detection enable
#
vlan 202
arp detection enable
#
vlan 203
arp detection enable
#
vlan 204
arp detection enable
#
vlan 301
arp detection enable
#
vlan 302
arp detection enable
#
vlan 303
arp detection enable
#
vlan 304
arp detection enable
#
vlan 501
arp detection enable
#
vlan 502
arp detection enable
#
vlan 503
arp detection enable
#
interface HundredGigE1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102 201 to 202 301 to 302 501 to 503
vlan mapping uni range 101 to 102 translated-vlan 501
vlan mapping uni range 201 to 202 translated-vlan 502
vlan mapping uni range 301 to 302 translated-vlan 503
dhcp snooping binding record
#
interface HundredGigE1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 103 to 104 203 to 204 303 to 304 501 to 503
vlan mapping uni range 103 to 104 translated-vlan 501
vlan mapping uni range 203 to 204 translated-vlan 502
vlan mapping uni range 303 to 304 translated-vlan 503
dhcp snooping binding record
#
interface HundredGigE1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 501 to 503
vlan mapping nni
arp detection trust
dhcp snooping trust
#
· Switch D
#
vlan 501 to 503
#
interface HundredGigE1/0/1
port link-type trunk
port trunk permit vlan 1 501 to 503
#
如圖7所示,Site 1和Site 2是同一家公司的兩個分支機構,同屬於VLAN 10,通過運營商A提供的VPN接入服務,外層VLAN Tag為VLAN 100。當該公司被另一家公司收購之後,需要Site 1和Site 2接入新公司的網絡。新公司的VPN服務由運營商B提供,外層VLAN Tag為VLAN 200,總部中能夠為Site 1和Site 2提供服務的業務VLAN為VLAN 30。
現要求通過配置2:2 VLAN映射功能,在不改變Site 1、Site 2和運營商網絡VLAN的配置的情況下,使Site 1和Site 2能夠訪問總部(Headquarts)VLAN 30的資源。
圖7 2:2 VLAN映射典型配置組網示意圖
表5 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
2:2 VLAN映射功能隻需要在兩個運營商的邊緣設備中的其中一台上配置即可,本例中我們以在Switch C上配置為例進行介紹。
# 創建VLAN 10和VLAN 100。
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] vlan 100
[SwitchA-vlan100] quit
# 在下行端口HundredGigE1/0/1上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchA] interface hundredgige1/0/1
[SwitchA-HundredGigE1/0/1] vlan mapping nest single 10 nested-vlan 100
# 配置HundredGigE1/0/1為Hybrid端口且允許VLAN 10的報文攜帶VLAN Tag通過、VLAN 100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchA-HundredGigE1/0/1] port link-type hybrid
[SwitchA-HundredGigE1/0/1] port hybrid vlan 10 tagged
[SwitchA-HundredGigE1/0/1] port hybrid vlan 100 untagged
[SwitchA-HundredGigE1/0/1] undo port hybrid vlan 1
[SwitchA-HundredGigE1/0/1] quit
# 配置上行端口HundredGigE1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchA] interface hundredgige1/0/2
[SwitchA-HundredGigE1/0/2] port link-type trunk
[SwitchA-HundredGigE1/0/2] port trunk permit vlan 100
[SwitchA-HundredGigE1/0/2] undo port trunk permit vlan 1
[SwitchA-HundredGigE1/0/2] quit
# 創建VLAN 10和VLAN 100。
<SwitchB> system-view
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] vlan 100
[SwitchB-vlan100] quit
# 在下行端口HundredGigE1/0/3上配置1:2 VLAN映射,為VLAN 10報文添加VLAN 100的外層VLAN Tag。
[SwitchB] interface hundredgige1/0/3
[SwitchB-HundredGigE1/0/3] vlan mapping nest single 10 nested-vlan 100
# 配置HundredGigE1/0/3為Hybrid端口且允許VLAN 10的報文攜帶VLAN Tag通過、VLAN100的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchB-HundredGigE1/0/3] port link-type hybrid
[SwitchB-HundredGigE1/0/3] port hybrid vlan 10 tagged
[SwitchB-HundredGigE1/0/3] port hybrid vlan 100 untagged
[SwitchB-HundredGigE1/0/3] undo port hybrid vlan 1
[SwitchB-HundredGigE1/0/3] quit
# 配置端口HundredGigE1/0/1允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface hundredgige1/0/1
[SwitchB-HundredGigE1/0/1] port link-type trunk
[SwitchB-HundredGigE1/0/1] port trunk permit vlan 100
[SwitchB-HundredGigE1/0/1] undo port trunk permit vlan 1
[SwitchB-HundredGigE1/0/1] quit
# 配置端口HundredGigE1/0/2允許VLAN 100的報文通過,取消允許VLAN 1通過。
[SwitchB] interface hundredgige1/0/2
[SwitchB-HundredGigE1/0/2] port link-type trunk
[SwitchB-HundredGigE1/0/2] port trunk permit vlan 100
[SwitchB-HundredGigE1/0/2] undo port trunk permit vlan 1
[SwitchB-HundredGigE1/0/2] quit
# 創建映射前外層VLAN 100和映射後外層VLAN 200。
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] quit
[SwitchC] vlan 200
[SwitchC-vlan200] quit
# 配置端口HundredGigE1/0/1允許VLAN 100和VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchC] interface hundredgige1/0/1
[SwitchC-HundredGigE1/0/1] port link-type trunk
[SwitchC-HundredGigE1/0/1] port trunk permit vlan 100 200
[SwitchC-HundredGigE1/0/1] undo port trunk permit vlan 1
# 在端口HundredGigE1/0/1上配置2:2 VLAN映射,將外層VLAN為100、內層VLAN為10的報文的VLAN ID轉換為外層VLAN為200、內層VLAN為30。
[SwitchC-HundredGigE1/0/1] vlan mapping tunnel 100 10 translated-vlan 200 30
[SwitchC-HundredGigE1/0/1] quit
# 配置端口HundredGigE1/0/2允許VLAN 200的報文通過。
[SwitchC] interface hundredgige1/0/2
[SwitchC-HundredGigE1/0/2] port link-type trunk
[SwitchC-HundredGigE1/0/2] port trunk permit vlan 200
[SwitchC-HundredGigE1/0/2] undo port trunk permit vlan 1
[SwitchC-HundredGigE1/0/2] quit
# 創建VLAN 30和VLAN 200。
<SwitchD> system-view
[SwitchD] vlan 30
[SwitchD-vlan30] quit
[SwitchD] vlan 200
[SwitchD-vlan200] quit
# 配置端口HundredGigE1/0/1允許VLAN 200的報文通過,取消允許VLAN 1通過。
[SwitchD] interface hundredgige1/0/1
[SwitchD-HundredGigE1/0/1] port link-type trunk
[SwitchD-HundredGigE1/0/1] port trunk permit vlan 200
[SwitchD-HundredGigE1/0/1] undo port trunk permit vlan 1
[SwitchD-HundredGigE1/0/1] quit
# 配置HundredGigE1/0/2為Hybrid端口且允許VLAN 30的報文攜帶VLAN Tag通過、VLAN 200的報文不攜帶VLAN Tag通過,取消允許VLAN 1通過。
[SwitchD] interface hundredgige1/0/2
[SwitchD-HundredGigE1/0/2] port link-type hybrid
[SwitchD-HundredGigE1/0/2] port hybrid vlan 30 tagged
[SwitchD-HundredGigE1/0/2] port hybrid vlan 200 untagged
[SwitchD-HundredGigE1/0/2] undo port hybrid vlan 1
# 在端口HundredGigE1/0/2上配置1:2 VLAN映射,為VLAN 30報文添加VLAN 200的外層VLAN Tag。
[SwitchD-HundredGigE1/0/2] vlan mapping nest single 30 nested-vlan 200
[SwitchD-HundredGigE1/0/2] quit
# 查看Switch C上的VLAN映射配置信息。
[SwitchC] display vlan mapping
Interface HundredGigE1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
100 10 200 30
顯示信息表明2:2 VLAN映射已經正確配置。
· Switch A
#
vlan 10
vlan 100
#
interface HundredGigE1/0/1
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
interface HundredGigE1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
· Switch B
#
vlan 10
vlan 100
#
interface HundredGigE1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface HundredGigE1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
#
interface HundredGigE1/0/3
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 100 untagged
vlan mapping nest single 10 nested-vlan 100
#
vlan 100
#
vlan 200
#
interface HundredGigE1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
vlan mapping tunnel 100 10 translated-vlan 200 30
#
interface HundredGigE1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
· Switch D
#
vlan 30
vlan 200
#
interface HundredGigE1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
#
interface HundredGigE1/0/2
port link-type hybrid
port hybrid vlan 30 tagged
port hybrid vlan 200 untagged
vlan mapping nest single 30 nested-vlan 200
#
如圖8所示,公司A的語音和數據業務分別使用VLAN 10和VLAN 20加以區分,公司B的語音和數據業務則分別使用VLAN 30和VLAN 40加以區分。
現要求通過配置QoS重標記功能,使這兩家公司間的語音和數據業務分別利用運營商提供的VLAN 100和VLAN 200實現二層互通。
圖8 QoS重標記配置組網圖
為了使用戶網絡的語音和數據報文進入運營商網絡後在運營商網絡分配的VLAN中傳輸,在PE A和PE B連接用戶網絡的端口上配置QoS Nest功能,分別為用戶網絡的語音和數據報文封裝不同的外層VLAN Tag。
因為公司A和公司B為語音和數據報文劃分的VLAN不同且需要實現二層通信,所以需要在PE A和PE B的運營商網絡側端口上配置QoS重標記功能修改報文的內層VLAN ID。
表6 適用產品及版本
|
產品 |
軟件版本 |
|
S6850係列 S9850係列 |
Release 6555P01 |
|
S9820-64H |
Release 6555P01 |
# 創建原始CVLAN 10和CVLAN 20,1:2 VLAN映射封裝的外層VLAN 100和VLAN 200以及修改後內層CVLAN 30和CVLAN 40。
<PE_A> system-view
[PE_A] vlan 10
[PE_A-vlan10] quit
[PE_A] vlan 20
[PE_A-vlan20] quit
[PE_A] vlan 100
[PE_A-vlan100] quit
[PE_A] vlan 200
[PE_A-vlan200] quit
[PE_A] vlan 30
[PE_A-vlan30] quit
[PE_A] vlan 40
[PE_A-vlan40] quit
· 配置端口HundredGigE1/0/1
# 配置端口為Hybrid端口。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] port link-type hybrid
# 配置端口允許VLAN 100和VLAN 200的報文不帶VLAN Tag通過。
[PE_A-HundredGigE1/0/1] port hybrid vlan 100 200 untagged
# 取消允許VLAN 1通過。
[PE_A-HundredGigE1/0/1] undo port hybrid vlan 1
[PE_A-HundredGigE1/0/1] quit
# 創建流分類規則,將來自VLAN10的報文定義為“A10”類。
[PE_A] traffic classifier A10
[PE_A-classifier-A10] if-match customer-vlan-id 10
[PE_A-classifier-A10] quit
# 定義流行為,為報文封裝VLAN100的外層VLAN Tag,流行為命名為“P100”。
[PE_A] traffic behavior P100
[PE_A-behavior-P100] nest top-most vlan 100
[PE_A-behavior-P100] quit
# 與以上配置類似,創建流分類“A20”匹配用戶VLAN ID為20的報文,並創建流行為“P200”,為報文封裝外層VLAN200的Tag
[PE_A] traffic classifier A20
[PE_A-classifier-A20] if-match customer-vlan-id 20
[PE_A-classifier-A20] quit
[PE_A] traffic behavior P200
[PE_A-behavior-P200] nest top-most vlan 200
[PE_A-behavior-P200] quit
# 創建QoS策略,將流分類“A10”和流行為“P100”進行關聯,將流分類“A20”和流行為“P200”關聯,策略命名為“qinq”。
[PE_A] qos policy qinq
[PE_A-qospolicy-qinq] classifier A10 behavior P100
[PE_A-qospolicy-qinq] classifier A20 behavior P200
[PE_A-qospolicy-qinq] quit
# 使能端口的基本QinQ功能。
[PE_A-HundredGigE1/0/1] qinq enable
# 在HundredGigE1/0/1端口的接收方向應用“qinq”規則。
[PE_A-HundredGigE1/0/1] qos apply policy qinq inbound
[PE_A-HundredGigE1/0/1] quit
· 配置端口HundredGigE1/0/2
# 配置端口為Trunk端口,且允許VLAN 100和200的報文通過,取消允許VLAN 1通過。
[PE_A] interface hundredgige1/0/2
[PE_A-HundredGigE1/0/2] port link-type trunk
[PE_A-HundredGigE1/0/2] port trunk permit vlan 100 200
[PE_A-HundredGigE1/0/2] undo port trunk permit vlan 1
[PE_A-HundredGigE1/0/2] quit
# 創建流分類規則,將內層VLAN ID是10,外層VLAN ID是100的報文定義為“A100”類。
[PE_A] traffic classifier A100
[PE_A-classifier-A100] if-match customer-vlan-id 10
[PE_A-classifier-A100] if-match service-vlan-id 100
[PE_A-classifier-A100] quit
# 定義流行為,修改報文的內層VLAN ID為30,流行為命名為“T100”。
[PE_A] traffic behavior T100
[PE_A-behavior-T100] remark customer-vlan-id 30
[PE_A-behavior-T100] quit
# 創建流分類規則,將內層VLAN ID是20,外層VLAN ID是200的報文定義為“A200”類。
[PE_A] traffic classifier A200
[PE_A-classifier-A200] if-match customer-vlan-id 20
[PE_A-classifier-A200] if-match service-vlan-id 200
[PE_A-classifier-A200] quit
# 定義流行為,修改報文的內層VLAN ID為40,流行為命名為“T200”。
[PE_A] traffic behavior T200
[PE_A-behavior-T200] remark customer-vlan-id 40
[PE_A-behavior-T200] quit
# 創建QoS策略,將流分類“A100”和流行為“T100”進行關聯,流分類“A200”和流行為“T200”進行關聯,策略命名為“vlanmapping”。
[PE_A] qos policy vlanmapping
[PE_A-qospolicy-vlanmapping] classifier A100 behavior T100
[PE_A-qospolicy-vlanmapping] classifier A200 behavior T200
[PE_A-qospolicy-vlanmapping] quit
# 在HundredGigE1/0/2端口的發送方向應用“vlanmapping”規則。
[PE_A-HundredGigE1/0/2] qos apply policy vlanmapping outbound
[PE_A-HundredGigE1/0/2] quit
# 創建原始CVLAN 30和CVLAN 40,1:2 VLAN映射封裝的外層VLAN 100和VLAN 200以及修改後內層CVLAN 10和CVLAN 20。
<PE_B> system-view
[PE_B] vlan 30
[PE_B-vlan30] quit
[PE_B] vlan 40
[PE_B-vlan40] quit
[PE_B] vlan 100
[PE_B-vlan100] quit
[PE_B] vlan 200
[PE_B-vlan200] quit
[PE_B] vlan 10
[PE_B-vlan10] quit
[PE_B] vlan 20
[PE_B-vlan20] quit
· 配置端口HundredGigE1/0/1
# 配置端口為Hybrid端口。
[PE_B] interface hundredgige1/0/1
[PE_B-HundredGigE1/0/1] port link-type hybrid
# 配置端口允許VLAN 100和VLAN 200的報文不帶VLAN Tag通過。
[PE_B-HundredGigE1/0/1] port hybrid vlan 100 200 untagged
# 取消允許VLAN 1通過。
[PE_B-HundredGigE1/0/1] undo port hybrid vlan 1
[PE_B-HundredGigE1/0/1] quit
# 創建流分類規則,將來自VLAN30的報文定義為“A30”類。
[PE_B] traffic classifier A30
[PE_B-classifier-A30] if-match customer-vlan-id 30
[PE_B-classifier-A30] quit
# 定義流行為,為報文封裝VLAN100的外層VLAN Tag,流行為命名為“P100”。
[PE_B] traffic behavior P100
[PE_B-behavior-P100] nest top-most vlan 100
[PE_B-behavior-P100] quit
# 與以上配置類似,創建流分類“A40”匹配用戶VLAN ID為40的報文,並創建流行為“P200”,為報文封裝外層VLAN200的Tag。
[PE_B] traffic classifier A40
[PE_B-classifier-A40] if-match customer-vlan-id 40
[PE_B-classifier-A40] quit
[PE_B] traffic behavior P200
[PE_B-behavior-P200] nest top-most vlan 200
[PE_B-behavior-P200] quit
# 創建QoS策略,將流分類“A30”和流行為“P100”進行關聯,將流分類“A40”和流行為“P200”關聯,策略命名為“qinq”。
[PE_B] qos policy qinq
[PE_B-qospolicy-qinq] classifier A30 behavior P100
[PE_B-qospolicy-qinq] classifier A40 behavior P200
[PE_B-qospolicy-qinq] quit
# 使能端口的基本QinQ功能。
[PE_B-HundredGigE1/0/1] qinq enable
# 在HundredGigE1/0/1端口的接收方向應用“qinq”規則。
[PE_B-HundredGigE1/0/1] qos apply policy qinq inbound
[PE_B-HundredGigE1/0/1] quit
· 配置端口HundredGigE1/0/2
# 配置端口為Trunk端口,且允許VLAN 100和200的報文通過,取消允許VLAN 1通過。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] port link-type trunk
[PE_B-HundredGigE1/0/2] port trunk permit vlan 100 200
[PE_B-HundredGigE1/0/2] undo port trunk permit vlan 1
[PE_B-HundredGigE1/0/2] quit
# 創建流分類規則,將內層VLAN ID是30,外層VLAN ID是100的報文定義為“A100”類。
[PE_B] traffic classifier A100
[PE_B-classifier-A100] if-match customer-vlan-id 30
[PE_B-classifier-A100] if-match service-vlan-id 100
[PE_B-classifier-A100] quit
# 定義流行為,修改報文的內層VLAN ID為10,流行為命名為“T100”。
[PE_B] traffic behavior T100
[PE_B-behavior-T100] remark customer-vlan-id 10
[PE_B-behavior-T100] quit
# 創建流分類規則,將內層VLAN ID是40,外層VLAN ID是200的報文定義為“A200”類。
[PE_B] traffic classifier A200
[PE_B-classifier-A200] if-match customer-vlan-id 40
[PE_B-classifier-A200] if-match service-vlan-id 200
[PE_B-classifier-A200] quit
# 定義流行為,修改報文的內層VLAN ID為20,流行為命名為“T200”。
[PE_B] traffic behavior T200
[PE_B-behavior-T200] remark customer-vlan-id 20
[PE_B-behavior-T200] quit
# 創建QoS策略,將流分類“A100”和流行為“T100”進行關聯,流分類“A200”和流行為“T200”進行關聯,策略命名為“vlanmapping”。
[PE_B] qos policy vlanmapping
[PE_B-qospolicy-vlanmapping] classifier A100 behavior T100
[PE_B-qospolicy-vlanmapping] classifier A200 behavior T200
[PE_B-qospolicy-vlanmapping] quit
# 在HundredGigE1/0/2端口的發送方向應用“vlanmapping”規則。
[PE_B] interface hundredgige1/0/2
[PE_B-HundredGigE1/0/2] qos apply policy vlanmapping outbound
[PE_B-HundredGigE1/0/2] quit
配置運營商網絡中PE A到PE B之間的路徑上的設備端口都允許VLAN 100和VLAN 200的報文攜帶VLAN Tag通過,且這些端口的MTU值至少為1504字節。
# 顯示PE A上端口HundredGigE1/0/1的配置,PE B上的顯示信息類似。
[PE_A] interface hundredgige1/0/1
[PE_A-HundredGigE1/0/1] display this
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 100 200 untagged
qinq enable
qos apply policy qinq inbound
#
return
# 顯示PE A上HundredGigE1/0/1端口配置的QoS Nest功能,PE B上的顯示信息類似。
[PE_A] display qos policy interface hundredgige1/0/1
Interface: HundredGigE1/0/1
Direction: Inbound
Policy: qinq
Classifier: A10
Operator: AND
Rule(s) :
If-match customer-vlan-id 10
Behavior: P100
Nesting:
Nest top-most vlan-id 100
Classifier: A20
Operator: AND
Rule(s) :
If-match customer-vlan-id 20
Behavior: P200
Nesting:
Nest top-most vlan-id 200
# 顯示PE A上HundredGigE1/0/2端口配置的QoS重標記功能,PE B上的顯示信息類似。
[PE_A] display qos policy interface hundredgige1/0/2
Interface: HundredGigE1/0/2
Direction: Outbound
Policy: vlanmapping
Classifier: A100
Operator: AND
Rule(s) :
If-match customer-vlan-id 10
If-match service-vlan-id 100
Behavior: T100
Marking:
Remark Customer VLAN ID 30
Classifier: A200
Operator: AND
Rule(s) :
If-match customer-vlan-id 20
If-match service-vlan-id 200
Behavior: T200
Marking:
Remark Customer VLAN ID 40
· PE A
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 100
#
vlan 200
#
traffic classifier A10 operator and
if-match customer-vlan-id 10
#
traffic classifier A20 operator and
if-match customer-vlan-id 20
#
traffic classifier A100 operator and
if-match customer-vlan-id 10
if-match service-vlan-id 100
#
traffic classifier A200 operator and
if-match customer-vlan-id 20
if-match service-vlan-id 200
#
traffic behavior P100
nest top-most vlan 100
#
traffic behavior P200
nest top-most vlan 200
#
traffic behavior T100
remark customer-vlan-id 30
#
traffic behavior T200
remark customer-vlan-id 40
#
qos policy qinq
classifier A10 behavior P100
classifier A20 behavior P200
#
qos policy vlanmapping
classifier A100 behavior T100
classifier A200 behavior T200
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 100 200 untagged
qinq enable
qos apply policy qinq inbound
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
qos apply policy vlanmapping outbound
#
· PE B
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 100
#
vlan 200
#
traffic classifier A30 operator and
if-match customer-vlan-id 30
#
traffic classifier A40 operator and
if-match customer-vlan-id 40
#
traffic classifier A100 operator and
if-match customer-vlan-id 30
if-match service-vlan-id 100
#
traffic classifier A200 operator and
if-match customer-vlan-id 40
if-match service-vlan-id 200
#
traffic behavior P100
nest top-most vlan 100
#
traffic behavior P200
nest top-most vlan 200
#
traffic behavior T100
remark customer-vlan-id 10
#
traffic behavior T200
remark customer-vlan-id 20
#
qos policy qinq
classifier A30 behavior P100
classifier A40 behavior P200
#
qos policy vlanmapping
classifier A100 behavior T100
classifier A200 behavior T200
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 100 200 untagged
qinq enable
qos apply policy qinq inbound
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 200
qos apply policy vlanmapping outbound
#
· H3C S6850 & S9850係列以太網交換機 二層技術-以太網交換配置指導-Release 655x係列
· H3C S6850 & S9850係列以太網交換機 二層技術-以太網交換命令參考-Release 655x係列
· H3C S6850 & S9850係列以太網交換機 ACL和QoS配置指導-Release 655x係列
· H3C S6850 & S9850係列以太網交換機 ACL和QoS命令參考-Release 655x係列
· H3C S9820-64H交換機 二層技術-以太網交換配置指導-Release 655x係列
· H3C S9820-64H交換機 二層技術-以太網交換命令參考-Release 655x係列
· H3C S9820-64H交換機 ACL和QoS配置指導-Release 655x係列
· H3C S9820-64H交換機 ACL和QoS命令參考-Release 655x係列
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
