odl010024 qin q laboratory exercise guide issue1

ODL010024 QinQ Laboratory Exercise Guide

ISSUE 1.0

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0 Contents

Confidential Information of Huawei. No Spreading without Permission

i

Contents

About This Test .................................................................................................................................1 Test Instructions ...........................................................................................................................1 Version Introduction .....................................................................................................................1 Test Objectives ............................................................................................................................1 Test Tasks ...................................................................................................................................1 Relevant Materials .......................................................................................................................1

Chapter 1 QinQ VLAN-VPN Tunnel Configuration Guide ..............................................................2 1.1 Networking and Service Description ......................................................................................2 1.2 Command Line List ................................................................................................................2 1.3 Configuration flow ..................................................................................................................3 1.4 Configuration procedure ........................................................................................................3 1.5 Result Verification ..................................................................................................................4 1.6 Configuration Reference ........................................................................................................5

1.6.1 Switch A configuration .................................................................................................5 1.6.2 Switch B configuration .................................................................................................5 1.6.3 Switch C / S8500A Configuration ................................................................................6 1.6.4 Switch D / S8500B Configuration ................................................................................7

ODL010024 QinQ laboratory Exercise Guide ISSUE1.0

Confidential Information of Huawei. No Spreading without Permission

1

About This Test

Test Instructions

This test introduces the specific implementation and application of QinQ from the operation aspect. This course covers VLAN-VPN Tunnel application configurations and processes for QinQ

Version Introduction

This Guide is applicable to VRP versions 3.10, RELEASE 1270

Test Objectives

� To get familiar with the basic configurations and basic principles for QinQ. � To get familiar with information monitor of QinQ � To grasp troubleshooting for QinQ

Test Tasks

Configure QinQ VLAN-VPN Tunnel

Relevant Materials

� Quidway S8500 Routing Switch Operation and Maintains Manual � Quidway S8500 Routing Switch Command Manual


Huawei

2

Chapter 1 QinQ VLAN-VPN Tunnel Configuration Guide

1.1 Networking and Service Description

Figure 1-1 Networking diagram for QinQ hands-on

In this test, this is a typical network topology for VLAN-VPN application. Switch A and Switch B belong to the same VPN custom. Configuring VLAN-VPN Tunnel to realize transferring user data and user BPDU packets transparently between custom network and ISP network.

The two S8500 switches are used as ISP access equipments, realize VPN-VPN Tunnel, in the topology, the two S8500 are Switch C, Switch D; S3000 are used as custom network access equipments, are Switch A, Switch B.

1.2 Command Line List

Table 1-1

Operation Version Command Enable VLAN VPN on a port VRP 3.10 vlan-vpn enable

Enable VLAN-VPN TUNNEL in the system view

VRP 3.10 vlan-vpn tunnel

Set outer VLAN tags for the packets matching the ACL rules

VRP 3.10 traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] { nested-vlan nested-vlanid | modified-vlan modified-vlanid }

Switch A

Switch C Switch D

E 1/0/1

E 4/1/1E 4/1/48

E 4/1/1E 4/1/48

E 1/0/1

E 1/0/24 E 1/0/24S8500A S8500B

Switch A

Switch C Switch D

E 1/0/1

E 4/1/1E 4/1/48

E 4/1/1E 4/1/48

E 1/0/1

E 1/0/24 E 1/0/24S8500A S8500B


Huawei.

3

Modify outer VLAN tags for the packets matching the ACL flow rules

VRP 3.10 traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] modified-vlan modified-vlanid

1.3 Configuration flow

Figure 1-2 vlan-vpnTunnel Configuration flow

1.4 Configuration procedure

1) Custom switch configuration

In the custom switch, Switch A and Switch B, create 2 private VLANs, VLAN 100 and 200, enable STP, the uplink port which connect to S8500 need to be encapsulated to Trunk port.

2) S8500 basic configuration

In the ISP switch, Switch C and Switch D, create a public VLAN 10 to encapsulate private VLAN, add the port which connect to S3000 to this public VLAN, and encapsulate the ports which connect two S8500 to trunk port

3) S8500 VLAN-VPN Tunnel configuration

In the system view, enable VLAN-VPN Tunnel, and in the port view, enable VLAN-VPN in the downlink port which connect to Switch A or Switch B, and disenable STP in these ports.

Configure regular VLAN and STP in Custom Switch

Configure regular VLAN and STP in

S8500

Enable vlan-vpn tunnel and vlan-vpn in

S8500


Huawei

4

1.5 Result Verification

1) After the configuration VLAN-VPN Tunnel, verify whether can ping through between Switch A and Switch B, the result is that the PCs in the same VLAN can communicate with each other, different VLANs can not ping though.

C:\Documents and Settings\Administrator>ping 10.1.1.2

Pinging 10.1.1.2 with 32 bytes of data:

Reply from 10.1.1.2: bytes=32 time<1ms TTL=128




Ping statistics for 10.1.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

2) Monitor the VLAN tag in the S8500, the result is S8500 only dispose the outer

VLAN Tag.

[S8505A]display mac-address MAC ADDR VLAN ID STATE PORT INDEX AGING

TIME(s)

0014-220b-7768 10 Learned Ethernet4/1/1 AGING

00e0-fc09-bcf9 10 Learned Ethernet4/1/1 AGING

0014-2247-182d 10 Learned Ethernet4/1/48 AGING

000f-e207-f2e0 10 Learned Ethernet4/1/48 AGING

000f-e207-f2e0 1 Learned Ethernet4/1/48 AGING

--- 5 mac address(es) found ---

3) Monitor the STP information in the custom switch, Switch A and Switch B.

[SW1]display stp -------[CIST Global Info][Mode RSTP]-------

CIST Bridge :32768.00e0-fc58-274a

Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20

CIST Root/ERPC :32768.000f-e212-fb4b / 199999

CIST RegRoot/IRPC :32768.00e0-fc58-274a / 0

CIST RootPortId :128.24

BPDU-Protection :disabled

TC or TCN received :1

Time since last TC :0 days 0h:13m:41s

[SW2]display stp

-------[CIST Global Info][Mode RSTP]-------

CIST Bridge :32768.000f-e212-fb4b

Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20

CIST Root/ERPC :32768.000f-e212-fb4b / 0

CIST RegRoot/IRPC :32768.000f-e212-fb4b / 0

CIST RootPortId :0.0

BPDU-Protection :disabled

TC or TCN received :0

Time since last TC :0 days 0h:48m:28s

From the result, we can see, spanning public ISP network, Switch A and Switch B can transfer private BPDU packets transparently, then calculate STP. In this case, Switch B of MAC000f-e212-fb4b is elected as Root Bridge.


Huawei.

5

1.6 Configuration Reference

1.6.1 Switch A configuration

[SW1]display current-configuration

#

local-server nas-ip 127.0.0.1 key huawei

#

domain default enable system

#

queue-scheduler wrr 1 2 3 4 5 9 13 15

#

radius scheme system

#

domain system

#

stp mode rstp

stp enable

#

vlan 1

#

vlan 100 // Create 2 private VLAN,100 and 200

#

vlan 200

#

interface Aux1/0/0

#

interface Ethernet1/0/1

port access vlan 100

#


port access vlan 200

#


#

……

#

interface Ethernet1/0/24 //Encapsulate TRUNK，，，，permit VLAN 100 200 port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 100 200

#

interface GigabitEthernet1/1/1

#


#


#


#

sysname SW1

undo irf-fabric authentication-mode

#

interface NULL0

#

user-interface aux 0 7

user-interface vty 0 4

#

return

1.6.2 Switch B configuration

Switch B configuration Is the same as Switch A configuration


Huawei

6

1.6.3 Switch C / S8500A Configuration

<S8505A>display current-configuration

#

config-version S8500-VRP310-r1270

#

sysname S8505A

#

local-server nas-ip 127.0.0.1 key huawei

#

Xbar load-single

#

router route-limit 128K

router VRF-limit 256

#

temperature-limit 2 10 65

temperature-limit 4 10 65

#

radius scheme system

server-type huawei

primary authentication 127.0.0.1 1645

primary accounting 127.0.0.1 1646

user-name-format without-domain

#

domain system

scheme radius-scheme system

vlan-assignment-mode integer

access-limit disable

state active

idle-cut disable

self-service-url disable

domain default enable system

#

stp enable //Enable STP in the system view

#

vlan 1

#

vlan 10 //Create public VLAN 10

#

interface Aux0/0/1

#

interface M-Ethernet0/0/0

#

interface Ethernet4/1/1 //Disenable port STP，，，，enable VLAN-VPN stp disable

port access vlan 10

vlan-vpn enable

#


#

……

#

interface Ethernet4/1/48 //Encapsulate Trunk to S8500 interlink port

port link-type trunk

port trunk permit vlan all

#

……

#

interface NULL0

#

vlan-vpn tunnel // Enable VLAN-VPN Tunnel in the system view, transfer

BPDU packets transparently

#

user-interface con 0

user-interface aux 0

user-interface vty 0 4

#


Huawei.

7

return

1.6.4 Switch D / S8500B Configuration

Switch D configuration Is the same as Switch C configuration