S9300&S9300E&S9300X Series Switches

Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11 VLAN Mapping Configuration

About This Chapter

This chapter describes how to configure VLAN mapping. VLAN mapping is configured on
the edge device of the public network so that the VLANs of private networks are isolated
from S-VLANs. This saves S-VLAN resources.

11.1 Introduction to VLAN Mapping

11.2 Principles
11.3 Applications
11.4 Configuration Notes
11.5 Configuring VLAN ID-based VLAN Mapping
11.6 Configuring 802.1p Priority-based VLAN Mapping
11.7 Configuring MQC-based VLAN Mapping
11.8 Maintaining VLAN Mapping
11.9 Configuration Examples
11.10 Common Configuration Errors

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 550

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11.1 Introduction to VLAN Mapping

Definition
VLAN mapping technology changes VLAN tags in packets to map different VLANs.

Purpose
Two Layer 2 user networks in the same VLAN can be connected through a backbone
network. To ensure Layer 2 connectivity between users, and to uniformly deploy Layer 2
protocols, the two user networks need to interwork seamlessly. However, the backbone
network cannot directly transmit VLAN packets from the user networks, because the VLAN
plans on the backbone and user networks are different.
To solve this problem, configure VLAN mapping. When VLAN packets from a user network
enter the backbone network, an edge device on the backbone network changes the customer
VLAN (C-VLAN) ID to the service VLAN (S-VLAN ID). After the packets are transmitted,
the edge device reverts the VLAN ID change. This ensures seamless interworking between
the two user networks. The other method is to configure a Layer 2 tunneling technology such
as QinQ or VPLS to encapsulate VLAN packets into packets on the backbone network so that
VLAN packets are transparently transmitted. However, this method increases extra cost
because packets are encapsulated. In addition, Layer 2 tunneling technology may not support
transparent transmission of packets of some protocol packets. The other method is to
configure VLAN mapping. When VLAN packets from a user network enter the backbone
network, an edge device on the backbone network changes the C-VLAN ID to the S-VLAN
ID. After the packets are transmitted to the other side, the edge device changes the S-VLAN
ID to the C-VLAN ID. This method implements seamless interworking between two user
networks.
Configuring VLAN mapping on the switch connecting the two user networks allows a user to
manage the two networks as a single Layer 2 network, despite the differing VLAN plans of
the user networks.

11.2 Principles

Working Mechanism
Depending on whether a packet is tagged or untagged, the switch processes a received packet
as follows:
l Tagged packed: Based on the VLAN mapping mode, the switch determines whether a
single tag, double tags, or the outer tag is to be replaced. The switch then learns the
MAC addresses in the packet. The switch updates the MAC address entries in the VLAN
mapping table based on the source MAC address and mapped VLAN ID. It then searches
for the MAC address entries based on the destination MAC address and the mapped
VLAN ID. If the destination MAC address matches an entry, the switch forwards the
packet through the corresponding outbound interface. If not, the switch broadcasts the
packet in the specified VLAN.
l Untagged packet: Based on the VLAN creation mode, the switch determines whether to
add a VLAN tag. If the packet can be added to a VLAN, the switch adds a VLAN tag to

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 551

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

it and learns the MAC addresses. The switch then performs Layer 2 forwarding based on
the destination MAC address. If the packet cannot be added to a VLAN, the switch either
delivers the packet to the CPU or discards it.
Figure 11-1 shows VLAN mapping between VLAN 2 and VLAN 3 configured on PORT 1.
Before sending packets from VLAN 2 to VLAN 3, PORT 1 replaces the VLAN tags with
VLAN 3 tags. When receiving packets from VLAN 3 to VLAN 2, PORT 1 replaces the
VLAN tags with VLAN 2 tags. This implements communication between devices in VLAN 2
and VLAN 3.

Figure 11-1 VLAN mapping

VLAN 2 VLAN 3
2 3

PORT1
3
Switch Switch
A B
2

3
2

172.16.0.1/16 172.16.0.7/16

If devices in two VLANs need to communicate based on VLAN mapping, the IP addresses of
these devices must be on the same network segment. If their IP addresses are on different
network segments, communication between these devices must be implemented using Layer 3
routes, which makes VLAN mapping invalid.

VLAN Mapping Mode

The switch supports VLAN-based, 802.1p-based, and MQC-based VLAN mapping:
l VLAN mapping
When the interface on a device configured with VLAN mapping receives a single-tagged
packet, the interface maps the VLAN tag in the packet to an S-VLAN tag. 1:1 VLAN
mapping maps a C-VLAN tag to an S-VLAN tag, whereas N:1 VLAN mapping maps
multiple C-VLAN tags to an S-VLAN tag.
l 2:1 VLAN mapping
When the interface on a device configured with VLAN mapping receives a double-
tagged packet, the interface maps the outer VLAN tag to an S-VLAN tag and
transparently transmits the inner VLAN tag.
l 2:2 VLAN mapping
When the interface on a device configured with VLAN mapping receives a double-
tagged packet, the interface maps the double VLAN tags to the double S-VLAN tags.
MQC-based VLAN mapping uses a traffic classifier to classify packets based on VLAN IDs.
It associates the traffic classifier with a traffic behavior defining VLAN mapping so that the

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 552

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

switch can re-mark the VLAN ID in packets matching the traffic classifier. MQC-based
VLAN mapping implements differentiated services.

11.3 Applications
l 1:1 VLAN mapping
When receiving a single-tagged packet, the interface maps the VLAN tag to a specified
single VLAN tag.
1:1 VLAN mapping applies to the network shown in Figure 11-2.

Figure 11-2 1:1 VLAN mapping

VLAN 2
HSI
Residential
VLAN 3 Gateway

IPTV

VLAN 2->VLAN 201

VLAN 3->VLAN 301
VoIP VLAN 4 VLAN 4->VLAN 401
VLAN 2 Corridor
Switch
HSI VLAN 2->VLAN 202
Residential VLAN 3->VLAN 302
Gateway VLAN 4->VLAN 402
VLAN 3
IPTV
VLAN 201~VLAN 300->VLAN 501
VLAN 301~VLAN 400->VLAN 502
VoIP VLAN 401~VLAN 500->VLAN 503
VLAN 4 Aggregation
Switch
VLAN 2
VLAN 211~VLAN 310->VLAN 501 Communtity
HSI VLAN 311~VLAN 410->VLAN 502 Switch
VLAN 411~VLAN 510->VLAN 503
Residential
VLAN 3 Gateway
IPTV
VLAN 2->VLAN 211
VLAN 3->VLAN 311 Internet
VoIP Corridor
Switch
VLAN 4->VLAN 411
VLAN 4
VLAN 2
HSI
VLAN 2->VLAN 212
VLAN 3->VLAN 312
VLAN 3 VLAN 4->VLAN 412
IPTV
Residential
Gateway
VoIP
VLAN 4

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 553

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

In the networking diagram shown in Figure 11-2, services (HSI, IPTV, and VoIP) of
each user are transmitted on different VLANs. Same services are transmitted on the same
C-VLAN. To differentiate users, deploy Corridor Switch to allow the same services used
by different users to be transmitted on different VLANs, which implements 1:1 VLAN
mapping. 1:1 VLAN mapping requires a large number of VLANs to isolate services of
different users; however, the VLAN quantity provided by the network access device at
the aggregation layer is limited. To resolve this problem, configure the VLAN
aggregation function to allow the same services to be transmitted on the same VLAN (N:
1 VLAN mapping).
l 2:1 VLAN mapping
When the interface receives a double-tagged packet, the interface maps the outer VLAN
tag in the packet to an S-VLAN tag and transparently transmits the inner VLAN tag.
2:1 VLAN mapping applies to the network shown in Figure 11-3.

Figure 11-3 2:1 VLAN mapping

Internet

Aggregation Switch

Community
Switch IP 501 2~3
S5
IP 501 4

Corridor IP 201 2 ~3
S3 S4
Switch IP 401 4

Residential
S1 Gateway S2

HSI VoIP IPTV HSI VoIP IPTV

VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4

In the networking diagram shown in Figure 11-3, Residential Gateway, Corridor Switch,
and Community Switch are connected to the aggregation layer on the network. To
differentiate users and services to facilitate network management and charging, configure
the QinQ function for Corridor Switch. To save VLAN resources, configure VLAN
mapping on Community Switch to transmit the same services on the same VLAN.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 554

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

l 2:2 VLAN mapping

2:2 VLAN mapping applies to the network shown in Figure 11-4.

Figure 11-4 2:2 VLAN mapping

Switch2 Switch3
Internet
outside tag:50
inner tag:60

Switch1 Switch4

outside tag:100 outside tag:200

inner tag:10 VLAN Mapping inner tag:20

In the networking diagram shown in Figure 11-4, QinQ is used to send double-tagged
packets, which prevents the conflict between C-VLAN IDs and S-VLAN IDs and
differentiates services and users. However, the interface will discard the packets because
C-VLAN IDs are different from S-VLAN IDs. To ensure communication continuity,
configure 2:2 VLAN mapping on the PE and replace double C-VLAN tags with double
S-VLAN tags.

11.4 Configuration Notes

Involved Network Elements

Other network elements are not required.

License Support
VLAN mapping is a basic feature of a switch and is not under license control.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 555

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Software Version of VLAN Mapping

Table 11-1 Products and versions supporting VLAN mapping

Product Product Software Version
Model

S9300 S9303, V100R002, V100R003, V100R006(C00&C01),

S9306, V200R001C00, V200R002C00, V200R003C00,
S9312 V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008(C00&C10), V200R009C00, V200R010C00

S9300 S9310 V200R010C00

S9300X S9310X V200R010C00

S9300E S9303E, V200R001C00, V200R002C00, V200R003C00,

S9306E, V200R005C00SPC300, V200R006C00, V200R007C00,
S9312E V200R008(C00&C10), V200R009C00, V200R010C00

NOTE
To know details about software mappings, see Version Mapping Search for Huawei Switches.

Feature Dependencies and Limitations

l The LE0MG24CA and LE0MG24SA cards do not support 2:1 and 2:2 VLAN mapping.
l VLAN mapping can be configured only on a trunk or hybrid interface, and the hybrid
interface must be added to the translated VLAN.
l When N:1 VLAN mapping is configured, the interface needs to join the original VLAN
in tagged mode.
l When VLAN mapping is configured, do not configure map-vlan to the VLAN
corresponding to the VLANIF interface.
l N:1 VLAN mapping takes effect only when the packets with original VLANs are sent
first.
l LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, X series cards and SA
boards of S series cards do not support N:1 VLAN mapping.
l N:1 VLAN mapping is not supported on an Eth-Trunk.

11.5 Configuring VLAN ID-based VLAN Mapping

Pre-configuration Tasks
Before configuring VLAN ID-based VLAN mapping, complete the following tasks:
l Create the specified VLAN.
l Add the primary interface to the mapped VLAN.

11.5.1 Configuring 1:1 VLAN Mapping

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 556

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Context
When receiving a tagged packet, an interface maps the VLAN ID in the packet to an S-VLAN
ID.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3 [ remark-8021p
8021p-value ]

Single-tagged VLAN mapping is configured on the interface.

NOTE

l When N:1 VLAN mapping is configured (VLAN IDs can be non-contiguous before mapping), the
interface needs to be added to these VLANs in tagged mode, and the VLAN specified by map-vlan
cannot be a VLAN corresponding to a VLANIF interface.
l N:1 VLAN mapping takes effect only when the packets with original VLANs are sent first.
l LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards, and SA boards
of S series cards do not support N:1 VLAN mapping.
l N:1 VLAN mapping is not supported on the Eth-Trunk interface.

----End

11.5.2 Configuring 2:1 VLAN Mapping

Context
When receiving a tagged packet, an interface maps the VLAN ID in the packet to an S-VLAN
ID.

NOTE

The LE0MG24CA and LE0MG24SA cards do not support VLAN mapping for double-tagged packets.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 557

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 3 Run:
port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 [ to vlan-id3 ] map-vlan vlan-
id4 [ remark-8021p 8021p-value ]

The outer VLAN tag is replaced.

----End

11.5.3 Configuring 2:2 VLAN Mapping

Context
QinQ is used to send double-tagged packets, which prevents the conflict between C-VLAN
IDs and S-VLAN IDs and differentiates services and users. However, the interface will
discard the packets because C-VLAN IDs are different from S-VLAN IDs. To ensure
communication continuity, configure 2:2 VLAN mapping on the PE and replace double C-
VLAN tags with double S-VLAN tags.

NOTE

The LE0MG24CA and LE0MG24SA cards do not support VLAN mapping for double-tagged packets.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The Ethernet interface view is displayed.

Step 3 Run:
port vlan-mapping vlan vlan-id1 inner-vlan vlan-id2 map-vlan vlan-id3 map-inner-
vlan vlan-id4 [ remark-8021p 8021p-value ]

The outer and inner VLAN tags are replaced.

----End

11.5.4 Checking the Configuration

After completing VLAN mapping configuration on an interface, you can run the following
commands in any view to check the VLAN mapping configuration on the interface.

Procedure
l Run the display vlan vlan-id command to check whether the interface is added to the
translated S-VLAN.
l Run the display current-configuration command to check the VLAN mapping
configuration on the interface.

----End

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 558

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11.6 Configuring 802.1p Priority-based VLAN Mapping

Context
After 802.1p priority-based VLAN mapping is configured on a switch, the switch processes
VLAN tags of packets flexibly based on the 802.1p priority. Communication of users with a
higher priority is ensured.

Procedure
l Configuring VLAN mapping on the inbound interface based on the 802.1p priority
a. Run:
system-view

The system view is displayed.

b. Run:
interface interface-type interface-number

The interface view is displayed.

c. Run either of the following commands as required:
n To configure VLAN mapping on the inbound interface based on the 802.1p
priority, run port vlan-mapping 8021p 8021p-value map-vlan vlan-id
[ remark-8021p 8021p-value2 ].
n To configure VLAN mapping on the inbound interface based on the VLAN ID
and 802.1p priority, run port vlan-mapping vlan vlan-id1 [ to vlan-id2 ]
8021p 8021p-value1 [ to 8021p-value2 ] map-vlan vlan-id3 [ remark-8021p
8021p-value3 ].
NOTE

VLAN mapping based on the 802.1p priority is not supported on the SA boards of S series.
l (Optional) Configuring VLAN mapping on the outbound interface based on the 802.1p
priority
If the DiffServ domain is created on the inbound interface and VLAN mapping is
configured based on the priority, the internal priority may be different from the 802p.1
priority. You are advised to configure VLAN mapping on the outbound interface based
on the 802.1p priority.
a. Run:
system-view

The system view is displayed.

b. Run:
diffserv domain ds-domain-name

The DiffServ domain is created, and the DiffServ domain view is displayed.
c. Run:
8021p-outbound service-class color map 8021p-value

The internal priority of VLAN packets on the outbound interface in the DiffServ
domain is mapped to the 802.1p priority.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 559

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

d. Run:
quit

The DiffServ domain view is quit.

e. Run:
interface interface-type interface-number

The interface view is displayed.

f. Run:
trust upstream ds-domain-name

The DiffServ domain is bound on the interface and the mapping in the DiffServ
domain is applied.

By default, an internal priority remains the same after being mapped to an external
priority.

----End

11.7 Configuring MQC-based VLAN Mapping

Context
A traffic policy is a QoS policy configured by binding traffic classifiers to traffic behaviors. A
traffic policy is bound to a traffic classifier and traffic behavior to implement VLAN mapping.
The traffic classifier defines rules based on VLAN IDs. VLAN mapping based on the traffic
policy implements differentiated services.

Procedure
1. Configure a traffic classifier.
a. Run:
system-view

The system view is displayed.

b. Run:
traffic classifier classifier-name [ operator { and | or } ]
[ precedence precedence-value ]

A traffic classifier is created and the traffic classifier view is displayed, or the
existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier, which means
that:
n If the traffic classifier contains ACL rules, packets match the traffic classifier
only when they match one ACL rule and all the non-ACL rules.
n If the traffic classifier does not contain any ACL rules, packets match the
traffic classifier only when they match all the rules in the classifier.
The logical operator or means that packets match the traffic classifier as long as
they match one of rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.
c. Configure matching rules according to the following table.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 560

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

NOTE

The if-match ip-precedence and if-match tcp commands are only valid for IPv4 packets.
The LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards do
not support traffic classifiers with advanced ACLs containing the ttl-expired field or user-
defined ACLs.
When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, the
LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards do not
support add-tag vlan-id vlan-id, remark 8021p [ 8021p-value | inner-8021p ], remark
cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning disable.

Matching Command Remarks

Rule

Inner and if-match cvlan-id start-vlan-id -

outer [ to end-vlan-id ] [ vlan-id vlan-
VLAN IDs id ]
in QinQ
packets

802.1p if-match 8021p 8021p-value If you enter multiple 802.1p

priority in &<1-8> priority values in one
VLAN command, a packet matches
packets the traffic classifier as long as
it matches any one of the
802.1p priorities, regardless
of whether the relationship
between rules in the traffic
classifier is AND or OR.

Inner if-match cvlan-8021p 8021p- -

802.1p value &<1-8>
priority in
QinQ
packets

Outer if-match vlan-id start-vlan-id [ to -

VLAN ID end-vlan-id ] [ cvlan-id cvlan-id ]
or inner
and outer
VLAN IDs
of QinQ
packets

Drop if-match discard A traffic classifier containing

packet this matching rule can only
be bound to traffic behaviors
containing traffic statistics
collection and flow mirroring
actions.

Double if-match double-tag -

tags in
QinQ
packets

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 561

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matching Command Remarks

Rule

EXP if-match mpls-exp exp-value If you enter multiple MPLS

priority in &<1-8> EXP priority values in one
MPLS command, a packet matches
packets the traffic classifier as long as
it matches any one of the
MPLS EXP priorities,
regardless of whether the
relationship between rules in
the traffic classifier is AND
or OR.
SA cards of the S series do
not support matching of EXP
priorities in MPLS packets.

Destinatio if-match destination-mac mac- -

n MAC address [ [ mac-address-mask ]
address mac-address-mask ]

Source if-match source-mac mac-address -

MAC [ [ mac-address-mask ] mac-
address address-mask ]

Protocol if-match l2-protocol { arp | ip | -

type field mpls | rarp | protocol-value }
in the
Ethernet
frame
header

All if-match any -

packets

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 562

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matching Command Remarks

Rule

DSCP if-match [ ipv6 ] dscp dscp-value l If you enter multiple

priority in &<1-8> DSCP values in one
IP packets command, a packet
matches the traffic
classifier as long as it
matches any one of the
DSCP values, regardless
of whether the
relationship between rules
in the traffic classifier is
AND or OR.
l If the relationship
between rules in a traffic
classifier is AND, the if-
match [ ipv6 ] dscp and
if-match ip-precedence
commands cannot be used
in the traffic classifier
simultaneously.

IP if-match ip-precedence ip- l The if-match [ ipv6 ]

precedence precedence-value &<1-8> dscp and if-match ip-
in IP precedence commands
packets cannot be configured in a
traffic classifier in which
the relationship between
rules is AND.
l If you enter multiple IP
precedence values in one
command, a packet
matches the traffic
classifier as long as it
matches any one of the IP
precedence values,
regardless of whether the
relationship between rules
in the traffic classifier is
AND or OR.

Layer 3 if-match protocol { ip | ipv6 } -

protocol
type

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 563

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matching Command Remarks

Rule

First Next if-match ipv6 next-header The LE0MG24SA,

Header header-number first-next-header LE0DX12XSA00, and
field in the LE0MG24CA cards of the
IPv6 S9300, and the
packet LE0DX12XSA00 card of the
header S9300E do not support the
routes whose prefix length
ranges from 64 to 128.

SYN Flag if-match tcp syn-flag { syn-flag- -

in the TCP value | ack | fin | psh | rst | syn |
packet urg }

Inbound if-match inbound-interface A traffic policy containing

interface interface-type interface-number this matching rule cannot be
applied to the outbound
direction or in the interface
view.

Outbound if-match outbound-interface A traffic policy containing

interface interface-type interface-number this matching rule cannot be
applied to the inbound
direction on the
LE1D2S04SEC0,
LE1D2X32SEC0, and
LE1D2H02QEC0 cards, and
X series cards.
The traffic policy containing
this matching rule cannot be
applied in the interface view.

ACL rule if-match acl { acl-number | acl- l When an ACL is used to

name } define a traffic
classification rule, it is
recommended that the
ACL be configured first.
l If an ACL in a traffic
classifier defines multiple
rules, a packet matches
the ACL as long as it
matches one of rules,
regardless of whether the
relationship between rules
in the traffic classifier is
AND or OR.

ACL6 rule if-match ipv6 acl { acl-number | Before specifying an ACL6

acl-name } in a matching rule, configure
the ACL6.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 564

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Matching Command Remarks

Rule

Flow ID if-match flow-id flow-id The traffic classifier

containing if-match flow-id
and the traffic behavior
containing remark flow-id
must be bound to different
traffic policies.
The traffic policy containing
if-match flow-id can be only
applied to an interface, a
VLAN, a card, or the system
in the inbound direction.
The LE1D2S04SEC0,
LE1D2X32SEC0, and
LE1D2H02QEC0 cards, X
series cards, and SA cards of
the S series do not support
matching of flow IDs.

d. Run:
quit

Exit from the traffic classifier view.

2. Configure a traffic behavior.
a. Run:
traffic behavior behavior-name

A traffic behavior is created and the traffic behavior view is displayed.

b. Run:
remark vlan-id vlan-id3

The traffic behavior is configured. The outer VLAN ID of the packet is re-marked.
c. (Optional) Run:
remark cvlan-id vlan-id4

The traffic behavior is configured. The inner VLAN ID of the packet is re-marked.
d. Run:
quit

Exit from the traffic behavior view.

e. Run:
quit

Exit from the system view.

3. Configure a traffic policy.
a. Run:
traffic policy policy-name [ match-order { auto | config } ]

A traffic policy is created and the traffic policy view is displayed, or the view of an
existing traffic policy is displayed. If you do not specify a matching order for traffic
classifiers in the traffic policy, the default matching order config is used.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 565

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

After a traffic policy is applied, you cannot use the traffic policy command to
change the matching order of traffic classifiers in the traffic policy. To change the
matching order, delete the traffic policy and create a traffic policy with the required
matching order.
When creating a traffic policy, you can specify the matching order of traffic
classifiers in the traffic policy. The traffic classifiers can be matched in automatic
order (auto) or configuration order (config):
n If the matching order is auto, traffic classifiers are matched in descending
order of priorities pre-defined in the system: traffic classifiers based on Layer
2 and Layer 3 information, traffic classifiers based on Layer 2 information, and
finally traffic classifiers based on Layer 3 information. If a data flow matches
multiple traffic classifiers that are associated with conflicting traffic behavior,
the traffic behavior associated with the traffic classifier of the highest priority
takes effect.
n If the matching order is config, traffic classifiers are matched in descending
order of priorities either manually or dynamically allocated to them. This is
determined by the precedence value; a traffic classifier with a smaller
precedence value has a higher priority and is matched earlier. If you do not
specify precedence-value when creating a traffic classifier, the system
allocates a precedence value to the traffic classifier. The allocated value is
[(max-precedence + 5)/5] x 5, where max-precedence is the greatest value
among existing traffic classifiers.
NOTE

If more than 128 rate limiting ACL rules are configured in the system, traffic policies must
be applied to the interface view, VLAN view, and system view in sequence. To update an
ACL rule, delete all the associated traffic policies from the interface, VLAN, and system.
Then, reconfigure the traffic policies and reapply them to the interface, VLAN, and system.
b. Run:
classifier classifier-name behavior behavior-name

A traffic behavior is bound to a traffic classifier in the traffic policy.

c. Run:
quit

Exit from the traffic policy view.

d. Run:
quit

Exit from the system view.

4. Apply the traffic policy.
– Applying a traffic policy to an interface
i. Run:
system-view

The system view is displayed.

ii. Run:
interface interface-type interface-number

The interface view is displayed.

iii. Run:
traffic-policy policy-name { inbound | outbound }

A traffic policy is applied to the interface.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 566

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

A traffic policy can be applied to only one direction on an interface, but a

traffic policy can be applied to different directions on different interfaces.
After a traffic policy is applied to an interface, the system performs traffic
policing for all the incoming or outgoing packets that match traffic
classification rules on the interface.
– Applying a traffic policy to a VLAN
i. Run:
system-view

The system view is displayed.

ii. Run:
vlan vlan-id

The VLAN view is displayed.

iii. Run:
traffic-policy policy-name { inbound | outbound }

A traffic policy is applied to the VLAN.

Only one traffic policy can be applied to a VLAN in the inbound or outbound
direction.
After a traffic policy is applied, the system performs traffic policing for the
packets that belong to a VLAN and match traffic classification rules in the
inbound or outbound direction. However, the traffic policy does not take effect
for packets in VLAN 0.
– Applying a traffic policy to the system or an LPU
i. Run:
system-view

The system view is displayed.

ii. Run:
traffic-policy policy-name global { inbound | outbound } [ slot slot-
id ]

A traffic policy is applied to the system or an LPU.

Only one traffic policy can be applied to the system or LPU in one direction. A
traffic policy cannot be applied to the same direction in the system and on the
LPU simultaneously.

11.8 Maintaining VLAN Mapping

11.8.1 Displaying VLAN Translation Resource Usage

Context
During VLAN Mapping configuration, VLAN translation resources may be insufficient. You
can run command to view the total number of inbound/outbound VLAN translation resources,
the number of used VLAN translation resources, and the number of remaining VLAN
translation resources. The command output helps you locate faults.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 567

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Procedure
Step 1 Run the display vlan-translation resource [ slot slot-number ] command in any view to view
VLAN translation resource usage.

Step 2 Run the display spare-bucket resource [ slot slot-number ] command in any view to view
the usage of backup resources when VLAN translation resources.
NOTE

Only the LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards support
this command.

----End

11.9 Configuration Examples

11.9.1 Example for Configuring VLAN ID-based 1:1 VLAN

Mapping

Networking Requirements
Users in different communities use the same services, such as the web, IPTV, and VoIP
services. To facilitate management, the network administrator of each community adds
different services to different VLANs. For communities in different VLANs to use the same
services, communication between VLANs must be implemented.

In Figure 11-5, community 1 and community 2 have the same services, but belong to
different VLANs. Communication between them needs to be implemented with low costs.

Figure 11-5 Networking diagram for configuring 1:1 VLAN mapping

PE1 PE2
G E 1 /0 /1 IS P G E 1 /0 /1
VLAN 10
C E 1 G E 1 /0 /3 G E 1 /0 /3 CE2
G E 1 /0 /1 G E 1 /0 /2 G E 1 /0 /1 G E 1 /0 /2

C o m m u n ity 1 C o m m u n ity 2
VLAN 6 VLAN 5

1 7 2 .1 6 .0 .2 /1 6 1 7 2 .1 6 .0 .6 /1 6
1 7 2 .1 6 .0 .1 /1 6 1 7 2 .1 6 .0 .3 /1 6 1 7 2 .1 6 .0 .5 /1 6 1 7 2 .1 6 .0 .7 /1 6

Configuration Roadmap
The configuration roadmap is as follows:

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 568

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

1. Add the switch port connecting to community 1 to VLAN6 and add the switch port
connecting to community 2 to VLAN5.
2. Configure VLAN mapping on GE1/0/1 of PE1 and PE2 and map C-VLAN IDs to S-
VLAN IDs so that users in different VLANs can communicate with each other.

Procedure
Step 1 Add downlink interfaces on switches to specified VLANs.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan 6
[CE1-vlan6] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 6
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 6
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 6
[CE1-GigabitEthernet1/0/3] quit

# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan 5
[CE2-vlan5] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 5
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 5
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface gigabitethernet 1/0/3
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 5
[CE2-GigabitEthernet1/0/3] quit

Step 2 Configure VLAN mapping on the GE1/0/1 of PE1 and PE2.

# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 6 map-vlan 10
[PE1-GigabitEthernet1/0/1] quit

# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] vlan 10
[PE2-vlan10] quit

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 569

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] port link-type trunk
[PE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[PE2-GigabitEthernet1/0/1] port vlan-mapping vlan 5 map-vlan 10
[PE2-GigabitEthernet1/0/1] quit

Step 3 Verify the configurations.

Verify that users in community 1 and community 2 can communicate with each other.

----End

Configuration Files
l CE1 configuration file
#
sysname CE1
#
vlan batch 6
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 6
#
return

l CE2 configuration file

#
sysname CE2
#
vlan batch 5
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 5
#
return

l PE1 configuration file

#
sysname PE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
port vlan-mapping vlan 6 map-vlan 10
#
return

l PE2 configuration file

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 570

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

#
sysname PE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
port vlan-mapping vlan 5 map-vlan 10
#
return

11.9.2 Example for Configuring VLAN ID-based N:1 VLAN

Mapping

Networking Requirements
In Figure 11-6, a large number of switches need to be deployed at the corridor so that the
same service used by different users can be sent on different VLANs. To save VLAN
resources, configure the VLAN aggregation function (N:1) on the switches so that same
services are sent on the same VLAN.

Figure 11-6 Networking diagram for configuring N:1 VLAN mapping

In te rn e t

VLAN 10
S w itc h G E 1 /0 /1

VLAN 100~109
S w itc h A

…… …… ……

S w itc h B S w itc h C S w itc h D S w itc h E

Configuration Roadmap
The configuration roadmap is as follows:

1. Create the original VLAN and the translated VLAN on the Switch and add GE1/0/1 to
the VLANs in tagged mode.
2. Configure VLAN mapping on GE1/0/1 on the Switch.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 571

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Procedure
Step 1 Configure the Switch.
# Create a VLAN.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 10 100 to 109

# Add GE1/0/1 to the VLAN.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port hybrid tagged vlan 10 100 to 109

# Configure VLAN mapping on GE1/0/1.

[Switch-GigabitEthernet1/0/1] port vlan-mapping vlan 100 to 109 map-vlan 10

Step 2 Verify the configurations.

Verify that users in VLAN 100 to VLAN 109 can connect to the Internet through the Switch.

----End

Configuration Files
l Switch configuration file
#
sysname Switch
#
vlan batch 10 100 to 109
#
interface gigabitethernet1/0/1
port hybrid tagged vlan 10 100 to 109
port vlan-mapping vlan 100 to 109 map-vlan 10
#
return

11.9.3 Example for Configuring VLAN ID-based 2 to 1 VLAN

Mapping
Networking Requirements
As shown in Figure 11-7, Residential Gateway, Corridor Switch, and Community Switch
allow users to connect to the aggregation layer. To save VLAN resources and isolate same
services used by different users, configure the QinQ function on the Corridor Switch and
configure VLAN mapping on the Community Switch.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 572

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-7 Networking diagram for configuring 2 to 1 VLAN mapping

Internet

Aggregate switch of carrier

Community GE1/0/3
Switch IP 2 ~3 501
S5
GE1/0/2 GE1/0/1 IP 4 501

S3 GE1/0/2 GE1/0/2 IP 2 ~3 201

Corridor S4
GE1/0/1 GE1/0/1 IP 4 401
Switch

S1 GE1/0/4 GE1/0/4 S2
Residential /1
GE

Gateway
/1

GE
GE1/0/2

GE1/0/2
1/0
1/0

1/0

1/0
GE
GE

/3

/3

PC VoIP IPTV PC VoIP IPTV

VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4

Configuration Roadmap
The configuration roadmap is as follows:
1. Add switch ports connecting to users to specified VLANs to distinguish different
services.
2. Configure the QinQ function on the Corridor Switch to distinguish users and services.
3. Configure VLAN mapping on the Community Switch to save VLAN resources.

Procedure
Step 1 Add downlink interfaces of S1 and S2 to specified VLANs.
# Configure S1.
<Quidway> system-view
[Quidway] sysname S1
[S1] vlan batch 2 to 4
[S1] interface gigabitethernet 1/0/1
[S1-GigabitEthernet1/0/1] port link-type access
[S1-GigabitEthernet1/0/1] port default vlan 2
[S1-GigabitEthernet1/0/1] quit

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 573

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[S1] interface gigabitethernet 1/0/2

[S1-GigabitEthernet1/0/2] port link-type access
[S1-GigabitEthernet1/0/2] port default vlan 3
[S1-GigabitEthernet1/0/2] quit
[S1] interface gigabitethernet 1/0/3
[S1-GigabitEthernet1/0/3] port link-type access
[S1-GigabitEthernet1/0/3] port default vlan 4
[S1-GigabitEthernet1/0/3] quit
[S1] interface gigabitethernet 1/0/4
[S1-GigabitEthernet1/0/4] port link-type trunk
[S1-GigabitEthernet1/0/4] port trunk allow-pass vlan 2 to 4
[S1-GigabitEthernet1/0/4] quit

# Configure S2.
<Quidway> system-view
[Quidway] sysname S2
[S2] vlan batch 2 to 4
[S2] interface gigabitethernet 1/0/1
[S2-GigabitEthernet1/0/1] port link-type access
[S2-GigabitEthernet1/0/1] port default vlan 2
[S2-GigabitEthernet1/0/1] quit
[S2] interface gigabitethernet 1/0/2
[S2-GigabitEthernet1/0/2] port link-type access
[S2-GigabitEthernet1/0/2] port default vlan 3
[S2-GigabitEthernet1/0/2] quit
[S2] interface gigabitethernet 1/0/3
[S2-GigabitEthernet1/0/3] port link-type access
[S2-GigabitEthernet1/0/3] port default vlan 4
[S2-GigabitEthernet1/0/3] quit
[S2] interface gigabitethernet 1/0/4
[S2-GigabitEthernet1/0/4] port link-type trunk
[S2-GigabitEthernet1/0/4] port trunk allow-pass vlan 2 to 4
[S2-GigabitEthernet1/0/4] quit

Step 2 Configure the QinQ function on the Corridor Switch to allow the Corridor Switch to send
double-tagged packets to the Community Switch.

# Configure S3.
<Quidway> system-view
[Quidway] sysname S3
[S3] vlan batch 201 401
[S3] interface gigabitethernet 1/0/1
[S3-GigabitEthernet1/0/1] port link-type trunk
[S3-GigabitEthernet1/0/1] port trunk allow-pass vlan 201 401
[S3-GigabitEthernet1/0/1] port vlan-stacking vlan 2 to 3 stack-vlan 201
[S3-GigabitEthernet1/0/1] port vlan-stacking vlan 4 stack-vlan 401
[S3-GigabitEthernet1/0/1] quit
[S3] interface gigabitethernet 1/0/2
[S3-GigabitEthernet1/0/2] port link-type trunk
[S3-GigabitEthernet1/0/2] port trunk allow-pass vlan 201 401
[S3-GigabitEthernet1/0/2] quit

# Configure S4.
<Quidway> system-view
[Quidway] sysname S4
[S4] vlan batch 201 401
[S4] interface gigabitethernet 1/0/1
[S4-GigabitEthernet1/0/1] port link-type trunk
[S4-GigabitEthernet1/0/1] port trunk allow-pass vlan 201 401
[S4-GigabitEthernet1/0/1] port vlan-stacking vlan 2 to 3 stack-vlan 201
[S4-GigabitEthernet1/0/1] port vlan-stacking vlan 4 stack-vlan 401
[S4-GigabitEthernet1/0/1] quit
[S4] interface gigabitethernet 1/0/2
[S4-GigabitEthernet1/0/2] port link-type trunk
[S4-GigabitEthernet1/0/2] port trunk allow-pass vlan 201 401
[S4-GigabitEthernet1/0/2] quit

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 574

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 3 Configure VLAN mapping on S5.

<Quidway> system-view
[Quidway] sysname S5
[S5] vlan batch 501
[S5] interface gigabitethernet
[S5-GigabitEthernet1/0/1] port
[S5-GigabitEthernet1/0/1] port
[S5-GigabitEthernet1/0/1] port
501
[S5-GigabitEthernet1/0/1] port
[S5-GigabitEthernet1/0/1] quit
[S5] interface gigabitethernet
[S5-GigabitEthernet1/0/2] port
[S5-GigabitEthernet1/0/2] port
[S5-GigabitEthernet1/0/2] port
501
[S5-GigabitEthernet1/0/2] port
[S5-GigabitEthernet1/0/2] quit
[S5] interface gigabitethernet
[S5-GigabitEthernet1/0/3] port
[S5-GigabitEthernet1/0/3] port
[S5-GigabitEthernet1/0/3] quit
1/0/1
link-type trunk
trunk allow-pass vlan 501
vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan
vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
1/0/2
link-type trunk
trunk allow-pass vlan 501
vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan
vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
1/0/3
link-type trunk
trunk allow-pass vlan 501

Step 4 Verify the configurations.

Verify that users can connect to the network and that same services are sent on the same
VLAN.

----End

Configuration Files
l Configuration file of S1
#
sysname S1
#
vlan batch 2 to 4
#
interace GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return

l Configuration file of S2
#
sysname S2
#
vlan batch 2 to 4
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 575

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

port link-type access

port default vlan 3
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 4
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
l Configuration file of S3
#
sysname S3
#
vlan batch 201 401
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
l Configuration file of S4
#
sysname S4
#
vlan batch 201 401
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 201 401
port vlan-stacking vlan 2 to 3 stack-vlan 201
port vlan-stacking vlan 4 stack-vlan 401
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 201 401
#
return
l Configuration file of S5
#
sysname S5
#
vlan batch 501
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan
501
port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 501
port vlan-mapping vlan 201 inner-vlan 2 to 3 map-vlan
501
port vlan-mapping vlan 401 inner-vlan 4 map-vlan 501
#
interface GigabitEthernet1/0/3

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 576

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

port link-type trunk

port trunk allow-pass vlan 501
#
return

11.9.4 Example for Configuring VLAN ID-based 2:2 VLAN

Mapping
Networking Requirements
QinQ is used to send double-tagged packets, which prevents the conflict between C-VLAN
IDs and S-VLAN IDs and differentiates services and users. However, the interface will
discard the packets because C-VLAN IDs are different from S-VLAN IDs. To ensure
communication continuity, configure 2:2 VLAN mapping on the PE and replace double C-
VLAN tags with double S-VLAN tags.
In Figure 11-8, users send double-tagged packets to the ISP network. These packets cannot be
sent successfully because the VLAN IDs are different from the S-VLAN IDs. To solve this
problem, ensure that the users of the Switch5 and Switch6 can communicate.

Figure 11-8 Networking diagram for configuring 2:2 VLAN mapping

Switch2 Switch3
ISP
outside tag:50
inner tag:60
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
Switch1 Switch4

GE1/0/1 GE1/0/1
GE1/0/2
GE1/0/2

Switch5 Switch6

GE1/0/1 GE1/0/1

VLAN 10 VLAN 30

VLAN Mapping

Configuration Roadmap
The configuration roadmap is as follows:
1. Add switch ports connecting to users to VLAN 10 and VLAN 30.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 577

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

2. Configure the QinQ function on Switch1 and Switch4 so that packets sent to the ISP
network are double-tagged.
3. Configure 2:2 VLAN mapping on switches connected to the ISP network.

Procedure
Step 1 Add downlink interfaces on switches to specified VLANs.

# Configure Switch5.
<Quidway> system-view
[Quidway] sysname Switch5
[Switch5] vlan 10
[Switch5-vlan10] quit
[Switch5] interface gigabitethernet 1/0/1
[Switch5-GigabitEthernet1/0/1] port link-type access
[Switch5-GigabitEthernet1/0/1] port default vlan 10
[Switch5-GigabitEthernet1/0/1] quit
[Switch5] interface gigabitethernet 1/0/2
[Switch5-GigabitEthernet1/0/2] port link-type trunk
[Switch5-GigabitEthernet1/0/2] port trunk allow-pass vlan 10

# Configure Switch6.
<Quidway> system-view
[Quidway] sysname Switch6
[Switch6] vlan 30
[Switch6-vlan30] quit
[Switch6] interface gigabitethernet 1/0/1
[Switch6-GigabitEthernet1/0/1] port link-type access
[Switch6-GigabitEthernet1/0/1] port default vlan 30
[Switch6-GigabitEthernet1/0/1] quit
[Switch6] interface gigabitethernet 1/0/2
[Switch6-GigabitEthernet1/0/2] port link-type trunk
[Switch6-GigabitEthernet1/0/2] port trunk allow-pass vlan 30

Step 2 Configure the QinQ function on Switch1 and Switch4 so that packets sent to the ISP network
are double-tagged.

# Configure Switch 1.
<Quidway> system-view
[Quidway] sysname Switch1
[Switch1] vlan 20
[Switch1-vlan20] quit
[Switch1] interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] port hybrid untagged vlan 20
[Switch1-GigabitEthernet1/0/1] port vlan-stacking vlan 10 stack-vlan 20
[Switch1-GigabitEthernet1/0/1] quit
[Switch1] interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] port link-type trunk
[Switch1-GigabitEthernet1/0/2] port trunk allow-pass vlan 20
[Switch1-GigabitEthernet1/0/2] quit

# Configure Switch 4.
<Quidway> system-view
[Quidway] sysname Switch4
[Switch4] vlan 40
[Switch4-vlan40] quit
[Switch4] interface gigabitethernet 1/0/1
[Switch4-GigabitEthernet1/0/1] port hybrid untagged vlan 40
[Switch4-GigabitEthernet1/0/1] port vlan-stacking vlan 30 stack-vlan 40
[Switch4-GigabitEthernet1/0/1] quit
[Switch4] interface gigabitethernet 1/0/2
[Switch4-GigabitEthernet1/0/2] port link-type trunk

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 578

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[Switch4-GigabitEthernet1/0/2] port trunk allow-pass vlan 40

[Switch4-GigabitEthernet1/0/2] quit

Step 3 Configure 2:2 VLAN mapping on the switch connecting to the ISP network.
# Configure Switch2.
<Quidway> system-view
[Quidway] sysname Switch2
[Switch2] interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] port hybrid tagged vlan 50
[Switch2-GigabitEthernet1/0/1] port vlan-mapping vlan 20 inner-vlan 10 map-vlan
50 map-inner-vlan 60

# Configure Switch3.
<Quidway> system-view
[Quidway] sysname Switch3
[Switch3] interface gigabitethernet 1/0/1
[Switch3-GigabitEthernet1/0/1] port hybrid tagged vlan 50
[Switch3-GigabitEthernet1/0/1] port vlan-mapping vlan 40 inner-vlan 30 map-vlan
50 map-inner-vlan 60

Step 4 Verify the configurations.

Verify that users connected to Switch5 and users connected to Switch6 can communicate with
each other.

----End

Configuration Files
l Switch1 configuration file
#
sysname Switch1
#
vlan batch 20
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 20
port vlan-stacking vlan 10 stack-vlan 20
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return

l Switch2 configuration file

#
sysname Switch2
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 50
port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan 60
#
return

l Switch3 configuration file

#
sysname Switch3
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 50
port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan 60
#
return

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 579

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

l Switch4 configuration file

#
sysname Switch4
#
vlan batch 40
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 40
port vlan-stacking vlan 30 stack-vlan 40
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
return

l Switch5 configuration file

#
sysname Switch5
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return

l Switch6 configuration file

#
sysname Switch6
#
vlan batch 30
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
return

11.9.5 Example for Configuring Traffic Policy-based 2:2 VLAN

Mapping
Networking Requirements
In Figure 11-9, enterprises A and B have planned their own C-VLAN IDs. These IDs are
different to the S-VLAN IDs in the packets, which means that the primary interface discards
the packets. To solve this problem, configure VLAN mapping at the user side to ensure the
communication between enterprise A and enterprise B.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 580

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Figure 11-9 Networking diagram for configuring 2:2 VLAN mapping

ISP Network
Outer VLAN 300
Inner VLAN 30

SwitchC SwitchD

GE1/0/1 GE1/0/2

SwitchA GE1/0/1 GE1/0/2 SwitchB

Enterprises A Enterprises B
Outer VLAN 100 Outer VLAN 200
Inner VLAN 10 Inner VLAN 20

Configuration Roadmap
The configuration roadmap is as follows:
1. Create outer VLANs on SwitchA, SwitchB, SwitchC, and SwitchD.
2. Create classes, traffic behaviors, and traffic policies on SwitchA and SwitchB.
3. Add interfaces on SwitchA, SwitchB, SwitchC, and SwitchD to their own VLANs.
4. Configure traffic policy-based VLAN mapping of double tags on GE1/0/1 of SwitchA.
5. Configure traffic policy-based VLAN mapping of double tags on GE1/0/2 of SwitchB.

Procedure
Step 1 Configure VLANs.
# Create VLAN 100 and VLAN 300 on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 300

# Create VLAN 200 and VLAN 300 on SwitchB.

<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 200 300

# Create VLAN 300 on SwitchC.

<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan batch 300

# Create VLAN 300 on SwitchD.

<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] vlan batch 300

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 581

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

Step 2 Add interfaces to VLANs.

# Add GE1/0/1 of SwitchA to VLAN 100 and VLAN 300.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 300
[SwitchA-GigabitEthernet1/0/1] quit

# Add GE1/0/2 of SwitchB to VLAN 200 and VLAN 300.

[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 200 300
[SwitchB-GigabitEthernet1/0/2] quit

# Add GE1/0/1 of SwitchC to VLAN 300.

[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk allow-pass vlan 300
[SwitchC-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchD to VLAN 300.

[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 300
[SwitchD-GigabitEthernet1/0/2] quit

Step 3 Configure traffic classifiers, traffic behaviors, and traffic policies.

# Configure the traffic classifier, traffic behavior, and traffic policy in the inbound direction of
SwitchA.
[SwitchA] traffic classifier name1 operator and
[SwitchA-classifier-name1] if-match vlan-id 300
[SwitchA-classifier-name1] if-match cvlan-id 30
[SwitchA-classifier-name1] quit
[SwitchA] traffic behavior name1
[SwitchA-behavior-name1] remark vlan-id 100
[SwitchA-behavior-name1] remark cvlan-id 10
[SwitchA-behavior-name1] quit
[SwitchA] traffic policy name1
[SwitchA-trafficpolicy-name1] classifier name1 behavior name1
[SwitchA-trafficpolicy-name1] quit

# Configure the traffic classifier, traffic behavior, and traffic policy in the outbound direction
of SwitchA.
[SwitchA] traffic classifier name2 operator and
[SwitchA-classifier-name2] if-match vlan-id 100
[SwitchA-classifier-name2] if-match cvlan-id 10
[SwitchA-classifier-name2] quit
[SwitchA] traffic behavior name2
[SwitchA-behavior-name2] remark vlan-id 300
[SwitchA-behavior-name2] remark cvlan-id 30
[SwitchA-behavior-name2] quit
[SwitchA] traffic policy name2
[SwitchA-trafficpolicy-name2] classifier name2 behavior name2
[SwitchA-trafficpolicy-name2] quit

# Configure the traffic classifier, traffic behavior, and traffic policy in the inbound direction of
SwitchB.
[SwitchB] traffic classifier name1 operator and
[SwitchB-classifier-name1] if-match vlan-id 300
[SwitchB-classifier-name1] if-match cvlan-id 30
[SwitchB-classifier-name1] quit

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 582

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

[SwitchB] traffic behavior name1

[SwitchB-behavior-name1] remark vlan-id 200
[SwitchB-behavior-name1] remark cvlan-id 20
[SwitchB-behavior-name1] quit
[SwitchB] traffic policy name1
[SwitchB-trafficpolicy-name1] classifier name1 behavior name1
[SwitchB-trafficpolicy-name1] quit

# Configure the traffic classifier, traffic behavior, and traffic policy in the outbound direction
of SwitchB.
[SwitchB] traffic classifier name2 operator and
[SwitchB-classifier-name2] if-match vlan-id 200
[SwitchB-classifier-name2] if-match cvlan-id 20
[SwitchB-classifier-name2] quit
[SwitchB] traffic behavior name2
[SwitchB-behavior-name2] remark vlan-id 300
[SwitchB-behavior-name2] remark cvlan-id 30
[SwitchB-behavior-name2] quit
[SwitchB] traffic policy name2
[SwitchB-trafficpolicy-name2] classifier name2 behavior name2
[SwitchB-trafficpolicy-name2] quit

Step 4 Configure traffic policy-based VLAN mapping of double tags.

# Configure traffic policy-based VLAN mapping of double tags on GE1/0/1 of SwitchA.
[SwitchA] interface GigabitEthernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] traffic-policy name1 inbound
[SwitchA-GigabitEthernet1/0/1] traffic-policy name2 outbound

# Configure traffic policy-based VLAN mapping of double tags on GE1/0/2 of SwitchB.

[SwitchB] interface GigabitEthernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] traffic-policy name1 inbound
[SwitchB-GigabitEthernet1/0/2] traffic-policy name2 outbound

Step 5 Verify the configurations.

Verify that users of enterprise A and enterprise B can communicate with each other.

----End

Configuration Files
l SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100 300
#
traffic classifier name1 operator and precedence 5
if-match vlan-id 300
if-match cvlan-id 30
traffic classifier name2 operator and precedence 10
if-match vlan-id 100
if-match cvlan-id 10
#
traffic behavior name1
permit
remark vlan-id 100
remark cvlan-id 10
traffic behavior name2
permit
remark vlan-id 300
remark cvlan-id 30
#
traffic policy name1 match-order config

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 583

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

classifier name1 behavior name1

traffic policy name2 match-order config
classifier name2 behavior name2
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100 300
traffic-policy name1 inbound
traffic-policy name2 outbound
#
return
l SwitchB configuration file
#
sysname SwitchB
#
vlan batch 200 300
#
traffic classifier name1 operator and precedence 5
if-match vlan-id 300
if-match cvlan-id 30
traffic classifier name2 operator and precedence 10
if-match vlan-id 200
if-match cvlan-id 20
#
traffic behavior name1
permit
remark vlan-id 200
remark cvlan-id 20
traffic behavior name2
permit
remark vlan-id 300
remark cvlan-id 30
#
traffic policy name1 match-order config
classifier name1 behavior name1
traffic policy name2 match-order config
classifier name2 behavior name2
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 200 300
traffic-policy name1 inbound
traffic-policy name2 outbound
#
return
l SwitchC configuration file
#
sysname SwitchC
#
vlan batch 300
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 300
#
return
l SwitchD configuration file
#
sysname SwitchD
#
vlan batch 300
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 300
#
return

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 584

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

11.10 Common Configuration Errors

11.10.1 Communication Failure After VLAN Mapping

Configuration

Symptom
In Figure 11-10, users in VLAN 6 need to communicate with users in VLAN 5 over an ISP
network. The carrier assigns VLAN 10 as the S-VLAN. Single-tag VLAN mapping is
configured on GE 1/0/1 of SwitchC and SwitchD to map C-VLANs 5 and 6 to S-VLAN 10.

Figure 11-10 VLAN mapping networking diagram

IS P n e tw o rk
VLAN 10
S w itc h C S w itc h D
G E 1 /0 /1 G E 1 /0 /1
S w itc h A S w itc h B
VLAN 6 G E 1 /0 /1 G E 1 /0 /1 VLAN 5
G E 1 /0 /2 G E 1 /0 /3 G E 1 /0 /3
G E 1 /0 /2

1 7 2 .1 6 .0 .1 /1 6 1 7 2 .1 6 .0 .2 /1 6 1 7 2 .1 6 .0 .3 /1 6 1 7 2 .1 6 .0 .5 /1 6 1 7 2 .1 6 .0 .6 /1 6 1 7 2 .1 6 .0 .7 /1 6

After VLAN mapping is configured on the interfaces, users in different VLANs cannot
communicate with each other. This fault is commonly caused by one of the following:
l The translated VLAN (map-vlan) has not been created.
l The interfaces configured with VLAN mapping are not added to the translated VLAN.
l The translated VLAN ID configured on SwitchC and SwitchD is different from the S-
VLAN ID assigned by the carrier.
l The interfaces configured with VLAN mapping are faulty.

Procedure
1. In the user view, run the display vlan command to verify that the translated VLAN
(map-vlan) is created.
– If the translated VLAN has not been created, run the vlan command to create it.
– If the translated VLAN is created, go to the next step.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 585

Copyright © Huawei Technologies Co., Ltd.
S9300&S9300E&S9300X Series Switches
Configuration Guide - Ethernet Switching 11 VLAN Mapping Configuration

2. In the interface view, run the display this command to verify that the interfaces
configured with VLAN mapping have been added to the translated VLAN in tagged
mode.
NOTE

l VLAN mapping can be configured only on a trunk or hybrid interface, and the hybrid interface
must be added to the translated VLAN in tagged mode.
l If a range of original VLANs is specified by vlan-id1 to vlan-id2 on an interface, the interface must
be added to all the original VLANs in tagged mode, and the translated VLAN cannot have a
VLANIF interface.
l Limiting MAC address learning on an interface may affect N:1 VLAN mapping on the interface.
– If the interfaces configured with VLAN mapping have not been added to the
translated VLAN in tagged mode, run the port trunk allow-pass vlan or port
hybrid tagged vlan command in the interface view to add the interfaces to the
translated VLAN in tagged mode.
– If the interfaces have been added to the translated VLAN in tagged mode, go to the
next step.
3. In the interface view, run the display this command to verify that the translated VLAN
ID configured on the interface is the same as the S-VLAN ID assigned by the carrier.
– If the translated VLAN ID on an interface is different from the S-VLAN ID
assigned by the carrier, run the undo port vlan-mapping command on the interface
to delete the VLAN mapping configuration, and run the port vlan-mapping vlan
command to set the translated VLAN ID to the S-VLAN ID.
– If the translated VLAN ID is the same as the S-VLAN ID assigned by the carrier,
go to the next step.
4. In the user view, run the display vlan vlan-id command to verify that user-side interfaces
are added to C-VLANs.
If the user-side interfaces are not in the C-VLANs, run the port trunk allow-pass vlan,
port hybrid tagged vlan, or port default vlan command to add the interfaces to the C-
VLANs.

Issue 05 (2017-11-30) Huawei Proprietary and Confidential 586

Copyright © Huawei Technologies Co., Ltd.