Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring Q-in-Q Tunneling (CLI Procedure)

Note: This task uses Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Configuring Q-in-Q Tunneling (CLI Procedure). For ELS details, see Getting Started with Enhanced Layer 2 Software.

Q-in-Q tunneling enables service providers on Ethernet access networks to segregate or bundle customer traffic into different VLANs by adding another layer of 802.1Q tags. You can configure Q-in-Q tunneling on EX Series switches.

Note: You cannot configure 802.1X user authentication on interfaces that have been enabled for Q-in-Q tunneling.

When Q-in-Q tunneling is configured on EX Series switches, trunk interfaces are assumed to be part of the service-provider network and access interfaces are assumed to be part of the customer network. Therefore, this topic also refers to trunk interfaces as service-provider VLAN (S-VLAN) interfaces (network-to-network interfaces [NNI]), and to access interfaces as customer VLAN (C-VLAN) interfaces (user-network interfaces [UNI]).

Before you begin configuring Q-in-Q tunneling, make sure you set up your VLANs. See Configuring VLANs for EX Series Switches (CLI Procedure) or Configuring VLANs for EX Series Switches (J-Web Procedure).

Configure Q-in-Q tunneling by using one of the following methods to map C-VLANs to S-VLANs:

• Configuring All-in-One Bundling
• Configuring Many-to-Many Bundling
• Configuring a Specific Interface Mapping with VLAN Rewrite Option

Configuring All-in-One Bundling

You can configure Q-in-Q tunneling by using the all-in-one bundling method, which maps packets from all C-VLAN interfaces on a switch to an S-VLAN.

1. Enable the transmission of packets with no or a single 802.1Q VLAN tag:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from all C-VLANs to a logical interface:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set vlan-id-list vlan-id-numbers
4. Enable a C-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on a C-VLAN physical interface, the value must be included in the VLAN ID list specified on the C-VLAN logical interface in step 3.

5. Specify that packets traveling from a C-VLAN interface to an S-VLAN interface are tagged with the VLAN ID of the S-VLAN:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set input-vlan-map push
6. Specify that the 802.1Q S-VLAN tag is removed as packets exit an S-VLAN interface.
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set output-vlan-map pop
7. Configure a name for the S-VLAN, and associate the logical interface configured in step 3 with the S-VLAN:
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

The following configuration on the C-VLAN interface ge-0/0/1 enables Q-in-Q tunneling and maps packets from C-VLANs 100 through 200 to logical interface 10, which is in turn associated with S-VLAN v10. In this sample configuration, a packet originated in C-VLAN 100 includes a tag with the VLAN ID 100. When this packet travels from the interface ge-0/0/1 to the S-VLAN interface, a tag with VLAN ID 10 is added to it. As the packet exits the S-VLAN interface, the tag with the VLAN ID 10 is removed. .

1. Enable the transmission of packets with no, one, or two 802.1Q VLAN tags:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from the logical interface specified in the C-VLAN interface configuration to the S-VLAN:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set vlan-id number
4. Enable the S-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on an S-VLAN physical interface, the value must match the VLAN ID specified on the S-VLAN logical interface in step 3.

5. Associate the S-VLAN interface with the S-VLAN that was configured in the C-VLAN interface procedure:
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

For example, the following configuration on the S-VLAN interface ge-1/1/1 enables Q-in-Q tunneling and maps packets with a VLAN ID tag of 10 to logical interface 10, which is in turn associated with S-VLAN v10. .

Configuring Many-to-Many Bundling

You can configure Q-in-Q tunneling by using the many-to-many bundling method, which maps packets from multiple C-VLANs to multiple S-VLANs.

1. Enable the transmission of packets with no or a single 802.1Q VLAN tag:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from specified C-VLANs to a logical interface:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set vlan-id-list vlan-id-numbers
4. Enable a C-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on a C-VLAN physical interface, the value must be included in the VLAN ID list specified on the C-VLAN logical interface in step 3.

5. Specify that packets traveling from a C-VLAN interface to an S-VLAN interface are tagged with the VLAN ID of the S-VLAN:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set input-vlan-map push
6. Specify that the 802.1Q S-VLAN tag is removed as packets exit an S-VLAN interface:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set output-vlan-map pop
7. Configure a name for an S-VLAN, and associate the logical interface configured in step 3 with the S-VLAN:
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

The following configuration on the C-VLAN interface ge-0/0/1 for customer 1 enables Q-in-Q tunneling and maps packets from C-VLANs 100 through 120 to logical interface 10, which is in turn associated with S-VLAN v10.

The configuration on the C-VLAN interface ge-0/0/2 for customer 2 enables Q-in-Q tunneling and maps packets from C- VLANs 30 through 40, 50 through 60, and 70 through 80 to logical interface 30, which is in turn associated with S- VLAN v30.

In this sample configuration, a packet originated in C-VLAN 100 includes a tag with the VLAN ID 100. When this packet travels from the interface ge-0/0/1 to the S-VLAN interface, a tag with a VLAN ID of 10 is added to it. As the packet exits the S-VLAN interface, the tag with the VLAN ID of 10 is removed.

1. Enable the transmission of packets with no, one, or two 802.1Q VLAN tags:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from each logical interface specified in the C-VLAN interface configuration to an S-VLAN:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# setvlan-id number
4. Enable an S-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on an S-VLAN physical interface, the value must match an S-VLAN ID specified on the S-VLAN logical interface in step 3.

5. Associate the S-VLAN interface with the S-VLANs that were configured in the C-VLAN interface procedure:
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

For example, the following configuration on the S-VLAN interface ge-1/1/1 enables Q-in-Q tunneling and maps incoming C-VLAN packets to logical interfaces 10 and 30, which are in turn associated with S-VLANs v10 and v30, respectively.

Configuring a Specific Interface Mapping with VLAN Rewrite Option

You can configure Q-in-Q tunneling by mapping packets from a specified C-VLAN to a specified S-VLAN. In addition, while the packets are transmitted to and from the S-VLAN, you can specify that the 802.1Q C-VLAN tag be removed and replaced with the S-VLAN tag or vice versa.

1. Enable the transmission of packets with no or one 802.1Q VLAN tag:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from a specified C-VLAN to a logical interface:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set vlan-id number
4. Enable the C-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on a C-VLAN physical interface, the value must match the VLAN ID specified on the C-VLAN logical interface in step 3.

5. Specify that the existing 802.1Q C-VLAN tag is removed from packets traveling from a C-VLAN interface to an S-VLAN interface and replaced with the 802.1Q S-VLAN tag:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set input-vlan-map swap
6. Specify that the existing 802.1Q S-VLAN tag is removed from packets traveling from an S-VLAN interface to a C-VLAN interface and replaced with the 802.1Q C-VLAN tag:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set output-vlan-map swap
7. Configure a name for the S-VLAN, and associate the logical interface configured in step 3 with the S-VLAN:
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

For example, the following configuration on the C-VLAN interface ge-0/0/1 enables Q-in-Q tunneling and maps incoming packets from C-VLAN 150 to logical interface 200, which is in turn associated with VLAN v200. Also, as packets travel from the C-VLAN interface ge-0/0/1 to an S-VLAN interface, the C-VLAN tag 150 is removed and replaced with the S-VLAN tag 200. As packets travel from an S-VLAN interface to C-VLAN interface ge-0/0/1, the S-VLAN tag 200 is removed and replaced with the C-VLAN tag of 150.

1. Enable the transmission of packets with no, one, or two 802.1Q VLAN tags:
   [edit interfaces interface-name]

   user@switch# set flexible-vlan-tagging
2. Enable extended VLAN bridge encapsulation:
   [edit interfaces interface-name]

   user@switch# set encapsulation extended-vlan-bridge
3. Map packets from the logical interface specified in the C-VLAN interface configuration to the S-VLAN:
   [edit interfaces interface-name unit logical-unit-number]

   user@switch# set vlan-id number
4. Enable the S-VLAN interface to send and receive untagged packets:
   [edit interfaces interface-name]

   user@switch# set native-vlan-id vlan-id

   When specifying a native VLAN ID on an S-VLAN physical interface, the value must match the VLAN ID specified on the S-VLAN logical interface in step 3.

5. Associate the S-VLAN interface with the S-VLAN that was configured in the C-VLAN interface procedure: :
   [edit vlans vlan-name]

   user@switch# set interface interface-name.logical-unit-number

For example, the following configuration on the S-VLAN interface ge-1/1/1 enables Q-in-Q tunneling and maps packets with VLAN ID 200 to logical interface 200, which is in turn associated with S-VLAN v200.