Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Setting Up Q-in-Q Tunneling

Service providers can use Q-in-Q tunneling to transparently pass Layer 2 VLAN traffic between customer sites without removing or changing the customer VLAN tags or class-of-service (CoS) settings. Data centers can use Q-in-Q tunneling to isolate customer traffic within a single site or when customer traffic flows between cloud data centers in different geographic locations.

This example describes how to set up Q-in-Q tunneling:

Requirements

This example requires one QFX Series device with Junos OS Release 12.1 or later.

Before you begin setting up Q-in-Q tunneling, make sure you have created and configured the necessary customer VLANs on the neighboring switches. See Configuring VLANs.

Overview and Topology

In this service provider network, there are multiple customer VLANs mapped to one service VLAN.

Table 1 lists the settings for the sample topology.

Table 1: Components of the Topology for Setting Up Q-in-Q Tunneling

InterfaceDescription

xe-0/0/11.0

Tagged S-VLAN trunk port

xe-0/0/12.0

Untagged customer-facing access port

xe-0/0/13.0

Untagged customer-facing access port

xe-0/0/14.0

Tagged S-VLAN trunk port

Configuration

CLI Quick Configuration

To quickly create and configure Q-in-Q tunneling, copy the following commands and paste them into the switch terminal window:

[edit]
set vlans service-vlan vlan-id 1000
set vlans service-vlan dot1q-tunneling customer-vlans 1-100
set vlans service-vlan dot1q-tunneling customer-vlans 201-300
set interfaces xe-0/0/11 unit 0 family ethernet-switching port-mode trunk
set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members 1000
set interfaces xe-0/0/12 unit 0 family ethernet-switching port-mode access
set interfaces xe-0/0/12 unit 0 family ethernet-switching vlan members 1000
set interfaces xe-0/0/13 unit 0 family ethernet-switching port-mode access
set interfaces xe-0/0/13 unit 0 family ethernet-switching vlan members 1000
set interfaces xe-0/0/14 unit 0 family ethernet-switching port-mode trunk
set interfaces xe-0/0/14 unit 0 family ethernet-switching vlan members 1000
set ethernet-switching-options dot1q-tunneling ether-type 0x9100

Step-by-Step Procedure

To configure Q-in-Q tunneling:

  1. Set the VLAN ID for the S-VLAN:
    [edit vlans]
    user@switch# set service-vlan vlan-id 1000
  2. Enable Q-in-Q tunneling and specify the customer VLAN ranges:
    [edit vlans]
    user@switch# set service-vlan dot1q-tunneling customer-vlans 1-100
    user@switch# set service-vlan dot1q-tunneling customer-vlans 201-300
  3. Set the port mode and VLAN information for the interfaces:
    [edit interfaces]
    user@switch# set xe-0/0/11 unit 0 family ethernet-switching port-mode trunk
    user@switch# set xe-0/0/11 unit 0 family ethernet-switching vlan members 1000
    user@switch# set xe-0/0/12 unit 0 family ethernet-switching port-mode access
    user@switch# set xe-0/0/12 unit 0 family ethernet-switching vlan members 1000
    user@switch# set xe-0/0/13 unit 0 family ethernet-switching port-mode access
    user@switch# set xe-0/0/13 unit 0 family ethernet-switching vlan members 1000
    user@switch# set xe-0/0/14 unit 0 family ethernet-switching port-mode trunk
    user@switch# set xe-0/0/14 unit 0 family ethernet-switching vlan members 1000
  4. Set the Q-in-Q Ethertype value (optional):
    [edit]
    user@switch# set ethernet-switching-options dot1q-tunneling ether-type 0x9100

Results

Check the results of the configuration:

user@switch> show configuration vlans service-vlan
vlan-id 1000 {dot1q-tunneling { customer-vlans [ 1-100 201-300 ];}
user@switch> show configuration interfaces
xe-0/0/11 {unit 0 {family ethernet-switching {port-mode trunk;vlan members 1000;}}}
xe-0/0/12 {unit 0 {family ethernet-switching {port-mode access;vlan members 1000;}}}
xe-0/0/13 {unit 0 {family ethernet-switching {port-mode access;vlan members 1000;}}}
xe-0/0/14 {unit 0 {family ethernet-switching {port-mode trunk;vlan members 1000;}}}
user@switch> show ethernet-switching-options
dot1q-tunneling {ether-type 0x9100;}

Verification

Confirm that the configuration is working properly.

Verifying That Q-in-Q Tunneling Was Enabled

Purpose

Verify that Q-in-Q tunneling was properly enabled.

Action

Use the show vlans command:

user@switch> show vlans service-vlan extensive
VLAN: service-vlan, Created at: Wed Mar 14 07:17:53 2012
802.1Q Tag: 1000, Internal index: 18, Admin State: Enabled, Origin: Static
Dot1q Tunneling Status: Enabled
Customer VLAN ranges:
                     1-100
                     201-300
Protocol: Port Mode
Number of interfaces: Tagged 2 (Active = 0), Untagged  2 (Active = 0)
      xe-0/0/11.0, tagged, trunk
      xe-0/0/14.0, tagged, trunk
      xe-0/0/12.0, untagged, access
      xe-0/0/13.0, untagged, access

Meaning

The output indicates that Q-in-Q tunneling is enabled and that the VLAN is tagged and shows the associated customer VLANs.

 

Related Documentation

 

Published: 2013-09-24

Previous Page Next Page