VLAN Mapping

By Vikas Bagwe -

One-to-One/Many-to-One VLAN Mapping

Network Diagram

Figure 1-1 Scenario for one-to-one/multiple-to-one VLAN mapping

Networking and Configuration Requirements

In a multi-service intelligent campus, each household has three service applications, including PC, IPTV, and VoIP. Each service terminal gets an IP address from the DHCP server at the distribution layer.
The home gateway of each household sends traffic of the three applications to the corresponding corridor switch in VLAN 1, VLAN 2, and VLAN 3 respectively, and then the campus switches send the traffic to the distribution network. To subdivide multiple services of multiple users, use one-to-one VLAN mapping and many-to-one VLAN mapping to satisfy the following requirements:
l          Configure one-to-one VLAN mapping on each corridor switch to differentiate packets of the same VLAN but from different home gateways.
l          Configure many-to-one VLAN mapping on each campus switch to classify all user packets into three classes by service type and send these packets to the switch at the distribution layer.

Configuration Example


l          Configuration on Switch A
#
vlan 2 to 3
#
vlan 101 to 102
#
vlan 201 to 202
#
vlan 301 to 302
#
traffic classifier c2 operator and
 if-match customer-vlan-id 2
traffic classifier c3 operator and
 if-match customer-vlan-id 3
traffic classifier c1 operator and
 if-match customer-vlan-id 1
traffic classifier c11 operator and
 if-match service-vlan-id 101
traffic classifier c22 operator and
 if-match service-vlan-id 201
traffic classifier c33 operator and
 if-match service-vlan-id 301
traffic classifier c44 operator and
 if-match service-vlan-id 102
traffic classifier c55 operator and
 if-match service-vlan-id 202
traffic classifier c66 operator and
 if-match service-vlan-id 302
#
traffic behavior b11
 remark customer-vlan-id 1
traffic behavior b22
 remark customer-vlan-id 2
traffic behavior b33
 remark customer-vlan-id 3
traffic behavior b6
 remark service-vlan-id 302
traffic behavior b4
 remark service-vlan-id 102
traffic behavior b2
 remark service-vlan-id 201
traffic behavior test
traffic behavior b5
 remark service-vlan-id 202
traffic behavior b3
 remark service-vlan-id 301
traffic behavior b1
 remark service-vlan-id 101
#
qos policy p11
 classifier c11 behavior b11
 classifier c22 behavior b22
 classifier c33 behavior b33
qos policy p22
 classifier c44 behavior b11
 classifier c55 behavior b22
 classifier c66 behavior b33
qos policy p2
 classifier c1 behavior b4
 classifier c2 behavior b5
 classifier c3 behavior b6
qos policy p1
 classifier c1 behavior b1
 classifier c2 behavior b2
 classifier c3 behavior b3
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 to 3 101 201 301
 qinq enable
 qos apply policy p1 inbound
 qos apply policy p11 outbound
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 to 3 102 202 302
 qinq enable
 qos apply policy p2 inbound
 qos apply policy p22 outbound
#
interface GigabitEthernet2/0/3
 port link-type trunk
 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302
l          Configuration on Switch B
#
vlan 2 to 3
#
vlan 111 to 112
#
vlan 211 to 212
#
vlan 311 to 312
#
traffic classifier c1 operator and
 if-match customer-vlan-id 1
traffic classifier c2 operator and
 if-match customer-vlan-id 2
traffic classifier c3 operator and
 if-match customer-vlan-id 3
traffic classifier c11 operator and
 if-match service-vlan-id 111
traffic classifier c22 operator and
 if-match service-vlan-id 211
traffic classifier c33 operator and
 if-match service-vlan-id 311
traffic classifier c44 operator and
 if-match service-vlan-id 112
traffic classifier c55 operator and
 if-match service-vlan-id 212
traffic classifier c66 operator and
 if-match service-vlan-id 312
#
traffic behavior b11
 remark customer-vlan-id 1
traffic behavior b22
 remark customer-vlan-id 2
traffic behavior b33
 remark customer-vlan-id 3
traffic behavior b6
 remark service-vlan-id 312
traffic behavior b4
 remark service-vlan-id 112
traffic behavior b2
 remark service-vlan-id 211
traffic behavior test
traffic behavior b5
 remark service-vlan-id 212
traffic behavior b3
 remark service-vlan-id 311
traffic behavior b1
 remark service-vlan-id 111
#
qos policy p11
 classifier c11 behavior b11
 classifier c22 behavior b22
 classifier c33 behavior b33
qos policy p22
 classifier c44 behavior b11
 classifier c55 behavior b22
 classifier c66 behavior b33
qos policy p2
 classifier c1 behavior b4
 classifier c2 behavior b5
 classifier c3 behavior b6
qos policy p1
 classifier c1 behavior b1
 classifier c2 behavior b2
 classifier c3 behavior b3
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 to 3 111 211 311
 qinq enable
 qos apply policy p1 inbound
 qos apply policy p11 outbound
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 to 3 112 212 312
 qinq enable
 qos apply policy p2 inbound
 qos apply policy p22 outbound
#
interface GigabitEthernet2/0/3
 port link-type trunk
 port trunk permit vlan 1 111 to 112 211 to 212 311 to 312
l          Configuration on Switch C
#
 dhcp-snooping    
#
vlan 101
 arp detection enable
#
vlan 102
 arp detection enable
#
vlan 111
 arp detection enable
#
vlan 112
 arp detection enable
#
vlan 201
 arp detection enable
#
vlan 202
 arp detection enable
#
vlan 211
 arp detection enable
#
vlan 212
 arp detection enable
#
vlan 301
 arp detection enable
#
vlan 302
 arp detection enable
#
vlan 311
 arp detection enable
#
vlan 312
 arp detection enable
#
vlan 501
 arp detection enable
#
vlan 502
 arp detection enable
#
vlan 503
 arp detection enable
#
#
traffic classifier c6 operator and
 if-match customer-vlan-id 311 to 410
traffic classifier c4 operator and
 if-match customer-vlan-id 111 to 210
traffic classifier c2 operator and
 if-match customer-vlan-id 201 to 300
traffic classifier c5 operator and
 if-match customer-vlan-id 211 to 310
traffic classifier c3 operator and
 if-match customer-vlan-id 301 to 400
traffic classifier c1 operator and
 if-match customer-vlan-id 101 to 200  
#
traffic behavior b2
 remark service-vlan-id 502
traffic behavior b3
 remark service-vlan-id 503
traffic behavior b1
 remark service-vlan-id 501
#
qos policy p1
 classifier c1 behavior b1 mode dot1q-tag-manipulation
 classifier c2 behavior b2 mode dot1q-tag-manipulation
 classifier c3 behavior b3 mode dot1q-tag-manipulation
 classifier c4 behavior b1 mode dot1q-tag-manipulation
 classifier c5 behavior b2 mode dot1q-tag-manipulation
 classifier c6 behavior b3 mode dot1q-tag-manipulation  
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 101 to 102 201 to 202 301 to 302 501 to 503
 qinq enable downlink
 qos apply policy p1 inbound
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 111 to 112 211 to 212 311 to 312 501 to 503
 qinq enable downlink
 qos apply policy p1 inbound
#
interface GigabitEthernet2/0/3
 port link-type trunk
 port trunk permit vlan 1 501 to 503
 qinq enable uplink
 dhcp-snooping trust
 arp detection trust
l          Configuration on Switch D
#
 dhcp-snooping    
#
vlan 501 to 503
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 501 to 503
 dhcp-snooping trust no-user-binding

Precautions

l          The CVLAN-to-SVLAN mappings have been planned.
l          Before applying a QoS policy to the downlink port, enable customer-side QinQ on the port; before disabling customer-side QinQ on the downlink port, remove the QoS policy.
l          To change a many-to-one VLAN mapping configuration, you must first use the reset dhcp-snooping command to clear the corresponding DHCP snooping entry, and then modify the VLAN mapping relationship in the QoS policies.
l          When configuring many-to-one VLAN mapping, you cannot create VLAN interfaces for the involved SVLANs and CVLANs on the switch.

One-to-Two/Two-to-Two VLAN Mapping Configuration Example

Network Diagram

Figure 1-2 Network diagram for one-to-two/two-to-two VLAN mapping configuration

Network Requirements

As shown in the network diagram, a VPN1 connection is created for two branches of a company in two cities to communicate across the networks of two service providers (SP 1 and SP 2). The packets from the branches are sent tagged with VLAN 10 and VLAN 30 respectively to the service providers.
Configure one-to-two and two-to-two VLAN mapping on devices of the two service providers to satisfy the following requirements:
l              SP 1 tags the user packets with VLAN 100 and SP2 tags the user packets with VLAN 200 to have the traffic of the two branches travel the service provider networks double tagged. In addition, configure the edge devices between the two service provider networks to modify the outer label of each user packet to adapt to the VLAN plan of the network that the packet is sent to.
l          In the VPN1 network, different VLANs in different cities can communicate.

Configuration Example


l              Configuration on Device A
#
vlan 100
#
traffic classifier nest operator and
 if-match customer-vlan-id 10      
#
traffic behavior nest
 nest top-most vlan-id 100   
#
qos policy nest
 classifier nest behavior nest  
#
interface GigabitEthernet2/0/1
 port link-type hybrid
 port hybrid vlan 1 100 untagged
 qinq enable
 qos apply policy nest inbound    
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 100      
l              Configuration on Device B
#
vlan 100
#
interface GigabitEthernet2/0/1
port link-type trunk
 port trunk permit vlan 1 100 
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 100 
l              Configuration on Device C
#
vlan 200
#
traffic classifier uplink_out operator and
 if-match customer-vlan-id 10
 if-match service-vlan-id 200
traffic classifier downlink_in operator and
 if-match customer-vlan-id 10
 if-match service-vlan-id 100
traffic classifier downlink_out operator and
 if-match customer-vlan-id 30
 if-match service-vlan-id 200   
#
traffic behavior uplink_out
 remark customer-vlan-id 30
traffic behavior downlink_in
 remark service-vlan-id 200
traffic behavior downlink_out
 remark customer-vlan-id 10
 remark service-vlan-id 100 
#
qos policy uplink_out
 classifier uplink_out behavior uplink_out
qos policy downlink_in
 classifier downlink_in behavior downlink_in
qos policy downlink_out
 classifier downlink_out behavior downlink_out
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 200
 qos apply policy downlink_in inbound 
 qos apply policy downlink_out outbound
#
interface GigabitEthernet2/0/2
 port link-type trunk
 port trunk permit vlan 1 200     
 qos apply policy uplink_out outbound
l              Configuration on Device D
#
vlan 100
#
traffic classifier nest operator and
 if-match customer-vlan-id 30      
#
traffic behavior nest
 nest top-most vlan-id 200   
#
qos policy nest
 classifier nest behavior nest  
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk permit vlan 1 200 
#
interface GigabitEthernet2/0/2
 port link-type hybrid
 port hybrid vlan 1 200 untagged
 qinq enable
 qos apply policy nest inbound

Comments

Post a Comment

Popular posts from this blog

Linux File and Directory Permissions

By -
Image
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Read more

How to Disable SSL for Webmin

By -
Webmin is a Web application that enables administrators to manage Linux servers. Webmin runs on a Web server at port 10000. Miniserv is the name of the Web server application that handles the Webmin Web application. By default, Miniserv uses SSL. However, you can disable SSL for Webmin Miniserv by editing the configuration file for the Web application. With SSL disabled, you can access the Webmin application over a standard HTTP connection. Step 1 Open a terminal window on the Linux server. You can also SSH into the server if you do not have physical access to the machine. Step 2 Type the following command at the command prompt and press the “Enter” key: nano /etc/webmin/miniserv.conf This command opens the Miniserv configuration file in the Nano text editor.
Read more

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By -
Image
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
Read more