基本QINQ

拓扑

通过QINQ技术防止内网VLAN和公网VLAN冲突，又保证正常内网之间的业务流量通信

配置

LSW4

#
vlan batch 10
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10

LSW5

#
vlan batch 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20

PE1

#
vlan batch 666
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
 port link-type dot1q-tunnel
 port default vlan 666
#
interface GigabitEthernet0/0/3
 port link-type dot1q-tunnel
 port default vlan 666
#

P

#
vlan batch 10 666
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#

PE2

#
vlan batch 666
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
 port link-type dot1q-tunnel
 port default vlan 666
#
interface GigabitEthernet0/0/3
 port link-type dot1q-tunnel
 port default vlan 666

LSW6

#
vlan batch 10
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10

LSW7

#
vlan batch 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20
#

验证抓包

PC1 ping PC3

PC>ping 192.168.1.3

Ping 192.168.1.3: 32 data bytes, Press Ctrl_C to break
From 192.168.1.3: bytes=32 seq=1 ttl=128 time=125 ms
From 192.168.1.3: bytes=32 seq=2 ttl=128 time=141 ms

--- 192.168.1.3 ping statistics ---
  2 packet(s) transmitted
  2 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 125/133/141 ms

观察PE1的GE0/0/2口和GE0/0/1口，PC1的包被打上了双层VLAN，外层VLAN为666

在P的GE0/0/3口抓包，观察是否内网是否影响到公网

在LSW6的GE0/0/1处抓包

PC2 ping PC4同理

灵活QINQ

拓扑

根据VLAN灵活分配外层VLAN，VLAN10分配VLAN666作为外层VLAN，VLAN20分配VLAN888作为外层VLAN

配置

LSW4

#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 666 888
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#

LSW5

#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#

PE1

#
vlan batch 666 888
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
 qinq vlan-translation enable
 port hybrid untagged vlan 666 888
 port vlan-stacking vlan 10 stack-vlan 666
 port vlan-stacking vlan 20 stack-vlan 888
#

P

vlan batch 666 888
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 666 888

PE2

#
vlan batch 666 888
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
 qinq vlan-translation enable
 port hybrid untagged vlan 666 888
 port vlan-stacking vlan 10 stack-vlan 666
 port vlan-stacking vlan 20 stack-vlan 888
#

配置验证抓包

PC1 ping PC3

在PE1观察GE0/0/1，来自不同VLAN的数据被打上了不同标签，VLAN10被打上了VLAN666，VLAN20被打上了VLAN888

PC2 ping PC4

本栏目推荐文章
• Linux基础命令 [补档-2023-06-28]
• jacoco和jenkins搭建实例
• 28-面向 K8 编程：如何通过 Operator 扩展 Kubernete API？
• [cpp]: class/struct -- 初始化‘实例对象’
• k8s-1.28.2集群小版本升级到1.28.5
• k8s-1.28版本多master部署
• MATLAB的Simulink使用及实例
• php rsa加密(非对称)实例 以及使用哈希256进行加密
• 28、Flutter Key详解
• cpp: 获取“实例对象”-- template 编程

实例 QINQ 28实例qinq 28 qinq 简介qinq 28 2023 28 9.28 28 4.28 28 7.28 4.28 11.28 11 28