VLAN Mapping

VLAN Mapping

In a typical deployment of VLAN mapping, you want the service provider to provide a transparent switching infrastructure that includes customers’ switches at the remote location as a part of the local site. This allows customers to use the same VLAN ID space and run Layer 2 control protocols seamlessly across the provider network. In such scenarios, we recommend that service providers do not impose their VLAN IDs on their customers.

One way to establish translated VLAN IDs (S-VLANs) is to map customer VLANs to service-provider VLANs (called VLAN ID mapping) on trunk ports connected to a customer network. Packets entering the port are mapped to a service provider VLAN (S-VLAN) based on the port number and the packet’s original customer VLAN-ID (C-VLAN).

Service providers’s internal assignments might conflict with a customer’s VLAN. To isolate customer traffic, a service provider could decide to map a specific VLAN into another one while the traffic is in its cloud.

Switch Support

VLAN Mapping is supported on all models of Cisco Catalyst IE9300 Rugged Series Switches. The feature is available with a Network Essentials or Network Advantage license.

Deployment Example

All forwarding operations on the switch are performed using S-VLAN and not C-VLAN information because the VLAN ID is mapped to the S-VLAN on ingress.


Note
When you configure features on a port configured for VLAN mapping, you always use the S-VLAN rather than the customer VLAN-ID (C-VLAN). One-to-one VLAN mapping is not supported at this time.

On an interface configured for VLAN mapping, the specified C-VLAN packets are mapped to the specified S-VLAN when they enter the port. Symmetrical mapping to the customer C-VLAN occurs when packets exit the port.

The switch supports the following types of VLAN mapping on trunk ports:

Mapping Customer VLANs to Service-Provider VLANs

Figure 1. QnQ Topology


The preceding illustration shows a topology where Customer A and Customer B use the same VLANs in multiple sites on different sides of a service-provider network. You map the customer VLAN IDs to service-provider VLAN IDs for packet travel across the service-provider backbone. The customer VLAN IDs are retrieved at the other side of the service-provider backbone for use in the other customer site. Configure the same set of VLAN mappings at a customer-connected port on each side of the service-provider network.

Selective QnQ

Selective QnQ maps the specified customer VLANs entering the UNI to the specified S-VLAN ID. The S-VLAN ID is added to the incoming unmodified C-VLAN and the packet travels the service provider network double-tagged. At the egress, the S-VLAN ID is removed and the customer VLAN-ID is retained on the packet. By default, packets that do not match the specified customer VLANs are dropped.

QnQ on a Trunk Port

QnQ on a trunk port maps all the customer VLANs entering the UNI to the specified S-VLAN ID. Similar to Selective QnQ, the packet is double-tagged and at the egress, the S-VLAN ID is removed.

Configuration Guidelines for VLAN Mapping


Note

By default, no VLAN mapping is configured.

Guidelines include the following:

  • If the VLAN mapping is enabled on an EtherChannel, the configuration does not apply to all member ports of the EtherChannel bundle and applies only to the EtherChannel interface.

  • If the VLAN mapping is enabled on an EtherChannel and a conflicting mapping is enabled on a member port, then the port is removed from the EtherChannel.

  • The member port of an EtherChannel is removed from the EtherChannel bundle if the mode of the port is changed to anything other than ‘trunk’ mode.

  • To process control traffic consistently, either enable Layer 2 protocol tunneling (recommended), as follows: 

    !
Device(config)# interface Gig 1/0/1
Device(config-if)# switchport mode access
Device(config-if)# l2protocol-tunnel stp
Device(config-if)# end

    or insert a BPDU filter for spanning tree, as follows:

    Current configuration : 153 bytes
!
Device(config)# interface Gig 1/0/1
Device(config-if)# switchport mode trunk
Device(config-if)# switchport vlan mapping 10 20
Device(config-if)# spanning-tree bpdufilter enable
Device(config-if)# end

  • Default native VLANs, user-configured native VLANs, and reserved VLANs (range 1002-1005) cannot be used for VLAN mapping.

  • PVLAN support is not available when VLAN mapping is configured.

Configuration Guidelines for Selective QnQ

  • S-VLAN should be created and present in the allowed VLAN list of the trunk port where Selective QnQ is configured.

  • When Selective QnQ is configured, the device supports Layer 2 protocol tunneling for CDP, STP, LLDP, and VTP.

  • IP routing is not supported on Selective QnQ enabled ports.

  • IPSG is not supported on Selective QnQ enabled ports.

Configuration Guidelines for QnQ on a Trunk port

  • S-VLAN should be created and present in the allowed VLAN list of the trunk port where QnQ on a trunk port is configured.

  • When QnQ on a trunk port is configured, the device supports Layer 2 protocol tunneling for CDP, STP, LLDP, and VTP.

  • Ingress and egress SPAN, and RSPAN are supported on trunk ports with QnQ enabled.

  • When QnQ is enabled, the SPAN filtering can be enabled to monitor only the traffic on the mapped VLAN, that is, S-VLANs.

  • IGMP snooping is not supported on the C-VLAN.

Configuring VLAN Mapping

The following sections provide information about configuring VLAN mapping:

Configure Selective QnQ on a Trunk Port

To configure VLAN mapping for selective QnQ on a trunk port, complete the following steps:


Note

You cannot configure one-to-one mapping and selective QnQ on the same interface.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface interface-id
  4. switchport mode trunk
  5. switchport vlan mapping vlan-id dot1q-tunnel outer vlan-id
  6. switchport vlan mapping default dot1q-tunnel vlan-id
  7. exit
  8. spanning-tree bpdufilter enable
  9. end
  10. show interfaces interface-id vlan mapping
  11. copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface interface-id

Example:

Device(config)# interface gigabitethernet1/0/1

Enters interface configuration mode for the interface connected to the service-provider network. You can enter a physical interface or an EtherChannel port channel.

Step 4

switchport mode trunk

Example:

Device(config-if)# switchport mode trunk

Configures the interface as a trunk port.

Step 5

switchport vlan mapping vlan-id dot1q-tunnel outer vlan-id

Example:

Device(config-if)# switchport vlan mapping 16 dot1q-tunnel 64

Enters the VLAN IDs to be mapped:

  • vlan-id : The customer VLAN ID (C-VLAN) entering the switch from the customer network. The range is from 1 to 4094. You can enter a string of VLAN-IDs.

  • outer-vlan-id: The outer VLAN ID (S-VLAN) of the service provider network. The range is from 1 to 4094.

Use the no form of this command to remove the VLAN mapping configuration. Entering the no switchport vlan mapping all command deletes all mapping configurations.

Step 6

switchport vlan mapping default dot1q-tunnel vlan-id

Example:

Device(config-if)# switchport vlan mapping default dot1q-tunnel 22

Specifies that all unmapped packets on the port are forwarded with the specified S-VLAN.

By default, packets that do not match the mapped VLANs, are dropped.

Untagged traffic are forwarded without dropping.

Step 7

exit

Example:

Device(config-if)# exit

Returns to global configuration mode.

Step 8

spanning-tree bpdufilter enable

Example:

Device(config)# spanning-tree bpdufilter enable

Inserts a BPDU filter for spanning tree.

Note

 

To process control traffic consistently, either enable Layer 2 protocol tunneling (recommended) or insert a BPDU filter for spanning tree.

Step 9

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Step 10

show interfaces interface-id vlan mapping

Example:

Device# show interfaces gigabitethernet1/0/1 vlan mapping

Verifies the configuration.

Step 11

copy running-config startup-config

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Example

This example shows how to configure selective QnQ mapping on the port so that traffic with a C-VLAN ID of 2 to 5 enters the switch with an S-VLAN ID of 100. By default, the traffic of any other VLAN ID is dropped. 

Device(config)# interface GigabitEthernet1/0/1
Device(config-if)# switchport vlan mapping 2-5 dot1q-tunnel 100
Device(config-if)# exit

This example shows how to configure selective QnQ mapping on the port so that traffic with a C-VLAN ID of 2 to 5 enters the switch with an S-VLAN ID of 100. The traffic of any other VLAN ID is forwarded with the S-VLAN ID of 200. 

Device(config)# interface GigabiEthernet1/0/1
Device(config-if)# switchport vlan mapping 2-5 dot1q-tunnel 100
Device(config-if)# switchport vlan mapping default dot1q-tunnel 200
Device(config-if)# exit 

Device# show vlan mapping
Total no of vlan mappings configured: 5
Interface Hu1/0/50:
VLANs on wire                    Translated VLAN     Operation
------------------------------   ---------------     --------------
2-5                                   100            selective QinQ
*                                     200            default Q

Configure QnQ on a Trunk Port

To configure VLAN mapping for QnQ on a trunk port, perform this task:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface interface-id
  4. switchport mode trunk
  5. switchport vlan mapping default dot1q-tunnel vlan-id
  6. exit
  7. spanning-tree bpdufilter enable
  8. end
  9. show interfaces interface-id vlan mapping
  10. copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface interface-id

Example:

Device(config)# interface gigabitethernet1/0/1

Enters interface configuration mode for the interface connected to the service-provider network. You can enter a physical interface or an EtherChannel port channel.

Step 4

switchport mode trunk

Example:

Device(config-if)# switchport mode trunk

Configures the interface as a trunk port.

Step 5

switchport vlan mapping default dot1q-tunnel vlan-id

Example:

Device(config-if)# switchport vlan mapping default dot1q-tunnel 16

Specifies that all unmapped C-VLAN packets on the port are forwarded with the specified S-VLAN.

Step 6

exit

Example:

Device(config-if)# exit

Returns to global configuration mode.

Step 7

spanning-tree bpdufilter enable

Example:

Device(config)# spanning-tree bpdufilter enable

Inserts a BPDU filter for spanning tree.

Note

 

To process control traffic consistently, either enable Layer 2 protocol tunneling (recommended) or insert a BPDU filter for spanning tree.

Step 8

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Step 9

show interfaces interface-id vlan mapping

Example:

Device# show interfaces gigabitethernet1/0/1 vlan mapping

Verifies the configuration.

Step 10

copy running-config startup-config

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Example

This example shows how to configure QnQ mapping on the port so that traffic of any VLAN ID is forwarded with the S-VLAN ID of 200. 

Device(config)# interface gigabiethernet1/0/1
Device(config-if)# switchport vlan mapping default dot1q-tunnel 200
Device(config-if)# exit

Feature History for VLAN Mapping

This table provides release and related information for features explained in this chapter. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS XE 17.13.1

Selective QnQ

Support for features was introduced.

QnQ on a trunk port