This section provides an overview of QinQ operations and restrictions on the switch.
By default, QinQ is disabled. When QinQ is enabled via the CLI, an operating mode is globally configured on the switch. Two QinQ modes are supported:
C-VLANs and S-VLANs are both supported, with regular switching/routing based on C-VLAN tags in the C-VLAN domain, while S-VLANs are used for QinQ tunneling through the provider network. |
|
C-VLANs are not supported on the device. All configured VLANs on the switch must be S-VLANs. |
The following table shows how the various QinQ modes and operations impact VLAN configuration options on the switch.
Relationship of QinQ operating modes to VLAN environments
QinQ Operation | CLI Command | VLAN Options |
---|---|---|
QinQ disabled | ||
No QinQ support (Default) |
no qinq |
Only regular VLAN commands are available. If QinQ is disabled, S-VLAN commands are not available. |
QinQ enabled | ||
QinQ mixed VLANmode | qinq mixedvlan |
Both S-VLAN and regular VLAN commands (known as C-VLANs in a mixed vlan environment) are available. |
QinQ S-VLAN mode | qinq svlan |
No regular VLAN commands are available. All VLANs configured on the switch are S-VLANs only. |
The QinQ mixed VLAN mode configuration supports both C-VLAN and S-VLAN operations on the same device. This allows the use of S-VLAN member ports for QinQ tunneling, while regular ports can still do switching or routing within the C-VLAN space. To tunnel customer frames through the provider network, you can externally connect a regular port to a customer-network port, eliminating the need for a separate S-VLAN bridge device to perform such operations. When configuring VLANs on a mixed VLAN mode device, a separate svlan
command is used to distinguish the S-VLAN type from regular VLANs.vid
The main advantage for QinQ mixed VLAN mode is that users do not have to dedicate the entire switch as a QinQ access switch. For a high density chassis switch such as the 5400zl or 8200zl series, customers can use regular ports for normal LAN switching, while S-VLAN member ports can be configured to access the QinQ provider network (see QinQ configuration example). There are some additional restrictions in mixed-VLAN mode.
-
A VLAN created on a QinQ mixed VLAN mode device can be either a regular VLAN (C-VLAN) or a tunnel VLAN (S-VLAN). C-VLANs have no mapping/relation to the S-VLANs on the device.
-
VLANs created on a QinQ S-VLAN mode device can be S-VLANs only. S-VLANs provide QinQ tunneling of customer frames and behave like a port-based/s-tagged interface.
Duplicate VID's for c-tagged and s-tagged VLANs (for example, C-VID=100; S-VID=100) are allowed in certain cases. Customer-network ports are essentially S-VLAN ports: they simply read the C-tags in the customer frame to insert them into the appropriate untagged S-VLAN for that port. Once this double-tagging occurs, frames are forwarded based on the S-VLAN tag only, while the C-VLAN tag remains shielded during data transmission.
The IEEE 802.1ad standard requires that every S-VLAN member port be configured as either a provider-network or as a customer-network port. In a typical deployment scenario, customer-network ports will be configured as untagged members of S-VLANs while provider-network ports will be configured as tagged members of S-VLANs. Note the following configuration rules and guidelines:
-
All ports of a device that is QinQ enabled (in S-VLAN mode or mixed VLAN mode) are provider-network ports by default—if there are any ports that connect to a customer device, they must be manually configured as customer-network ports.
-
Configuring a port-type is applicable only if the device is QinQ enabled and the port is a member of an S-VLAN. In QinQ mixed mode, ports that are members of C-VLANs cannot be configured to any port-type.
|
|
NOTE: If a device running in QinQ S-VLAN mode has one or more customer-network ports, it is considered to be a provider edge and not a provider core bridge. This may affect certain operations, such as meshing, UDLD, and stacking. This is because at the edge of the provider network such proprietary protocol are filtered out at customer network ports. This prevents the intermix of stacking meshing/UDLD protocols in the customer and provider domains (since they use the same |
|
|
When changing the operating mode (to/from: QinQ S-VLAN mode, QinQ mixed VLAN mode, or QinQ disabled), you will prompted to restart the system before the changes can take effect. Upon reboot, all configuration information for the prior QinQ mode will be lost. Any configurations created will be erased, and the device will boot up with a default configuration for the new QinQ mode. |
|
QinQ does not provide Layer 3 capabilities of complete network isolation between customers. In a mixed VLAN configuration, there is no switching/routing between C-VLANs and S-VLANs. S-VLANs are essentially Layer 2 VLANs that switch packets based on S-VIDs. |
|
Regular VLANs support IP and can be routing enabled. S-VLANs of mixed VLAN mode devices cannot be ip enabled. S-VLANs of S-VLAN mode devices can be ip-enabled, though routing related features (such as ip routing) are not supported. |
|
Since there is both a provider VLAN tag and customer VLAN tag in each QinQ frame, the size of each double-tagged frame increases by 4 bytes. To accommodate the frame size increase, HP recommends that you configure all port-based S-VLANs to accept jumbo frames. |
|
S-VLAN commands are not available when QinQ is disabled on the switch. |
|
|
|
|
|
When enabling QinQ, you can configure a unique tpid value, such as 0x8100, to allow the device to interoperate with devices that require this value for the inner and outer VLAN-tag. If the provider tag-type is configured as 0x8100, then:
|
|
The networks for both the customer and provider can be complex. For information on how QinQ may impact other network protocols (such as spanning tree, LLDP, and GVRP), see HP Switch in mixed-VLAN mode |
Changing QinQ modes (or disabling QinQ operations) will result in the current configuration being erased. See the following Caution for details.
|
|
CAUTION: Configuring the switch to operate in a different bridge mode requires a reboot to take effect. Upon reboot, all configuration information for the prior QinQ mode is lost. Any configurations created under the existing QinQ mode is erased, and the device boots up with a default configuration for the new QinQ mode. |
|
|
For information on the effect of the different QinQ modes on switch protocols and operations, see Impacts of QinQ configurations on other switch features.
Per the IEEE standards, protocols such as STP and GVRP are assigned separate addresses for customer networks and provider networks, ensuring that QinQ has no impact on their operations. Bridge Protocol Data Units (BPDUs) that need to be tunneled through the provider network are treated as normal multicast frames at the provider bridge and forwarded out.
However, other protocols use common addresses for both customer and provider networks, and so are not supported when QinQ is enabled on the switch. Similarly, proprietary features such as meshing, discovery, UDLD, and loop-protect do not provide tunneling support. In such cases, where provider networks could run an instance of the same protocol as a customer could run local to their site, these frames are dropped at the customer-network ports of the provider bridge.
|
|
NOTE: The IEEE standards group is devising new addressing schemes that may support additional QinQ tunneling operations. Check the latest product release notes for implementation updates as they apply to HP switches. |
|
|
When QinQ is not enabled (the default setting), there are no impacts to the switch's normal operations. The following table shows the impacts of QinQ on the operation of switch protocols and features based on the QinQ mode that is configured as QinQ mixed VLAN mode (C-VLANs and S-VLANs are allowed) or QinQ S-VLAN mode (S-VLANs only).
Impacts of QinQ configurations on other switch features
Switch feature | Impacts of QinQ configurations and allowed operations |
---|---|
ACLs |
In QinQ mixed VLAN or S-VLAN modes:
|
aaa |
In QinQ mixed VLAN mode:
|
arp-protect |
In QinQ mixed VLAN mode:
|
CDP |
In QinQ VLAN or S-VLAN modes:
|
DHCP |
In QinQ mixed VLAN or S-VLAN modes:
|
directed-broadcast |
In QinQ S-VLAN mode:
|
GVRP |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
igmp-proxy |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
IPv6 |
In QinQ mixed VLAN mode:
|
ip-recv-mac |
In QinQ mixed VLAN mode:
In QinQ S-VLANmode:
|
Jumbo |
In QinQ mixed VLAN or S-VLAN modes:
|
LACP/ Port Trunks |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
Layer 3 Protocols (IP, IP+, DHCP, ARP, IGMP Layer 3, Layer 3 ACLs) |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
LLDP |
In QinQ mixed VLAN or S-VLAN modes:
|
load-sharing |
In QinQ S-VLAN mode:
|
management VLAN |
In QinQ mixed VLAN mode:
|
Meshing |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
Mirroring/Monitoring |
In QinQ mixed VLAN mode:
|
multicast-routing |
In QinQ S-VLAN mode:
|
QoS |
In QinQ mixed VLAN or S-VLAN modes:
|
Routing |
In QinQ S-VLAN mode:
|
source-binding |
In QinQ mixed VLAN or S-VLAN modes:
|
source-route |
In QinQ S-VLAN mode:
|
Spanning Tree |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
Stacking (3800 switches) |
In QinQ mixed VLAN mode:
In QinQ S-VLAN mode:
|
UDLD |
In QinQ mixed vlan or S-VLAN modes:
|
udp-bcast-forward |
In QinQ S-VLAN mode:
|
unknown-vlans |
In QinQ mixed VLAN mode:
|
Voice VLANs |
In QinQ mixed VLAN mode:
|
VRRP |
In QinQ mixed VLAN or S-VLAN modes:
|