28-3 QINQ配置实例
基本QINQ
拓扑
通过QINQ技术防止内网VLAN和公网VLAN冲突,又保证正常内网之间的业务流量通信
配置
LSW4
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
LSW5
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
PE1
#
vlan batch 666
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 666
#
interface GigabitEthernet0/0/3
port link-type dot1q-tunnel
port default vlan 666
#
P
#
vlan batch 10 666
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
#
PE2
#
vlan batch 666
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 666
#
interface GigabitEthernet0/0/3
port link-type dot1q-tunnel
port default vlan 666
LSW6
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
LSW7
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
验证抓包
PC1 ping PC3
PC>ping 192.168.1.3
Ping 192.168.1.3: 32 data bytes, Press Ctrl_C to break
From 192.168.1.3: bytes=32 seq=1 ttl=128 time=125 ms
From 192.168.1.3: bytes=32 seq=2 ttl=128 time=141 ms
--- 192.168.1.3 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 125/133/141 ms
观察PE1的GE0/0/2口和GE0/0/1口,PC1的包被打上了双层VLAN,外层VLAN为666
在P的GE0/0/3口抓包,观察是否内网是否影响到公网
在LSW6的GE0/0/1处抓包
PC2 ping PC4同理
灵活QINQ
拓扑
根据VLAN灵活分配外层VLAN,VLAN10分配VLAN666作为外层VLAN,VLAN20分配VLAN888作为外层VLAN
配置
LSW4
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 666 888
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
LSW5
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
PE1
#
vlan batch 666 888
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
qinq vlan-translation enable
port hybrid untagged vlan 666 888
port vlan-stacking vlan 10 stack-vlan 666
port vlan-stacking vlan 20 stack-vlan 888
#
P
vlan batch 666 888
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 666 888
PE2
#
vlan batch 666 888
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 666 888
#
interface GigabitEthernet0/0/2
qinq vlan-translation enable
port hybrid untagged vlan 666 888
port vlan-stacking vlan 10 stack-vlan 666
port vlan-stacking vlan 20 stack-vlan 888
#
配置验证抓包
PC1 ping PC3
在PE1观察GE0/0/1,来自不同VLAN的数据被打上了不同标签,VLAN10被打上了VLAN666,VLAN20被打上了VLAN888
PC2 ping PC4
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· winform 绘制太阳,地球,月球 运作规律
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)