Supported Platforms
Related Documentation
Troubleshooting Q-in-Q and VLAN Translation Configuration
Firewall Filter Match Condition Not Working with Q-in-Q Tunneling
Problem
If you create a firewall filter that includes a match condition of dot1q-tag or dot1q-user-priority and apply the filter on input to a trunk port that participates in a service VLAN, the match condition does not work if the Q-in-Q EtherType is not 0x8100. (When Q-in-Q tunneling is enabled, trunk interfaces are assumed to be part of the service provider or data center network and therefore participate in service VLANs.)
Solution
This is expected behavior. To set the Q-in-Q EtherType to 0x8100, enter the set dot1q-tunneling ethertype 0x8100 statemen at the [edit ethernet-switching-options] hierarchy level. You must also configure the other end of the link to use the same Ethertype.
Egress Port Mirroring with VLAN Translation
Problem
If you create a port-mirroring configuration that mirrors customer VLAN (CVLAN) traffic on egress and the traffic undergoes VLAN translation before being mirrored, the VLAN translation does not apply to the mirrored packets. That is, the mirrored packets retain the service VLAN (SVLAN) tag that should be replaced by the CVLAN tag on egress. The original packets are unaffected—on these packets VLAN translation works properly, and the SVLAN tag is replaced with the CVLAN tag on egress.
Solution
This is expected behavior.
