VLAN & Q-in-Q

1

•Operates at Layer 2 of the IP model

•Establishes a logical group within the network.

•Regardless of initial or eventual physical location, each computer in the VLAN can access the same data

•Provides flexibility in network segmentation, simpler management, and enhanced security.

VLAN and QinQ

2

• VLAN Transparent (disabled) and VLAN enabled modes

• Layer 2 (Switch) VLAN specifications:– IEEE 802.1-Standards based– 802.1q: “unique identifier” each for VLAN– 802.1p: “priority levels” within each VLAN

• 802.1ad (Provider Bridge) aka “QinQ”:– Allows 802.1q VLANs inside of a 802.1ad VLAN. – 802.1ad standard replaces 802.1QinQ protocol

• VLAN VID and Priority Mapping based on MAC Address

• VLAN VID and Priority Remarking

VLAN - PMP 450 Features

3

TCITPID

2 bytes 2 bytes

PayloadEtherType

2 bytes Variable

SourceDestination

6 bytes 6 bytes

VIDPriority CFI

3 bits 1 bit 12 bits

Priority – 802.1pCFI - Canonical Format Indicator

VID – VLAN Identifier

TPID - Tag Protocol IdentifierEthertype 0x8100

TCI - Tag Control Information

VLAN Tagging

4

TCITPID

Q Inner Tag

PayloadEtherType

2 bytes Variable

SourceDestination

6 bytes 6 bytes

Inner Tag (Customer Tag)TPID - Tag Protocol Identifier

EtherType 0x8100 TCI - Tag Control Information

TCITPID

Q Outer Tag

4 bytes 4 bytes

Q Tag

Outer Tag (Service Tag)TPID - Tag Protocol Identifier

EtherType 0x88a8 (Provider Bridging)or 0x8100,0x9100,0x9200,0x9300 (QinQ)

TCI - Tag Control Information

VLAN QinQ Tagging

6

Transparent Mode

• Factory Default is transparent mode. • AP is configured to have “VLAN Disabled”• The SM configuration doesn’t matter

AP page

SM Page

8

Transparent Mode Traffic Behavior

untaggeduntagged

taggedtagged

untaggeduntagged

taggedtagged

SMAP Management traffic is untagged

QinQ

QinQ

QinQ

QinQ

9

VLAN Enabled Mode - AP

4

3

1

2

5

6

7

10

1. Enable / Disable VLAN functions for AP sector2. Ver <13.1.1 required APs to be set as an SM for spectrum analysis.

Enable to retain local VLAN settings when rebooted as an SM.3. Allow Frame Types Filter:

• All Frames• Tagged Frames Only• Untagged Frames Only

4. Dynamic Learning: AP will (Enable) or will not (Disable) add VLAN VIDs of upstream frames to the VID table.

5. Management VID: VID used to communicate with the module manager.6. QinQ EtherType

– 0x88a8 for 802.1ad– 0x8100, 0x9100, 0x9200, 0x9300 for 802.1QinQ (pre 802.1ad)

7. Active Configuration: Settings and Current VID Member Set

VLAN Enabled Mode - AP

11

VLAN Enabled Mode - AP

8

9

12

8. VLAN Membership Table If Dynamic Learning is disabled, manual VLAN VIDs need to be entered into the Membership Table. Any packets arriving that are not in the table are dropped.

9. VLAN 802.1p RemarkingTagged packets arriving at the AP’s Ethernet Port, can have their priority remarked based on the existing VID. Packets exiting the Ethernet port are not remarked.

VLAN Enabled Mode - AP

13

VLAN Enabled Mode - SM

1

2

3

4

5

6

14

VLAN Enabled Mode - SM

1. VLAN Port Type– Q: Tags untagged packets as 802.1q– QinQ: Tags untagged packets as 802.1q plus 802.1ad or tags 802.1q packets with 802.1ad

2. Accept QinQ: Enabled filters QinQ packet on Ethernet Port3. SM Management VID Pass-through: When disabled, all data with the

Management VID will be blocked at the Ethernet Port. (default Enabled)4. Default Port VID: 802.1q Tag ID or Inner Tag ID for QinQ5. Port VID and Priority MAC Address Mapping: Checks inbound MAC

address of packet and overrides Default Port VID and Priority – First 3 fields of MAC address are the Ethernet devices Manufacturer

ie Intel, ATI– Wildcards can be used in last 3 fields of MAC address using ff ff ff

6. Provider VID: 802.1ad Outer Tag ID. Only used if VLAN Port type is QinQ

15

VLAN Enabled Mode - SM

7

8

16

VLAN Enabled Mode - SM

7. VLAN VID RemarkingTagged packets arriving at the SP’s Ethernet Port, can have their VID remarked based on the existing VID. Packets exiting the Ethernet port are not remarked

8. VLAN 802.1p RemarkingTagged packets arriving at the SP’s Ethernet Port, can have their priority remarked based on the existing VID. Packets exiting the Ethernet port are not remarked

17

VLAN Enabled Example Mode Behavior

Untagged

Tagged

Untagged

Tagged/UnalteredTagged

SMAP

Management traffic is tagged, If want to manage the SM from LAN port, traffic need to be tagged with the same VID as the Management VLAN of the SMNote that when the SM is not connected with the AP, it will however only allow untagged management

QinQQinQ

QinQ Dropped

Tagged Untagged

Dropped or treated as VLAN 1

(VID matched with Default Port VID or MAC/VID mapping)

Tagged/Unaltered

Tagged with VID defined in the configuration

18

Q-in-Q

• Default(transparent, SM VLAN port type “Q”, AP VLAN disabled ) mode allows passing Q-in-Q back-and-forth

• You can also configure the SM to put a S-Tag to the traffic

• Important!!! Don’t configure the SM to tag S-VID with “1”, it will NOT do anything!

19

SMAP

UntaggedQinQ (ctag contains Default vid)

QinQ, unaltered QinQ

VLAN TaggedQinQ, adding S-Tag

Provider-VID (S-VID) = X, !=1 !!!!Default VID = Y !=1

QinQ (S-VID = X, C-VID != Y) VLAN Tagged (S-Tag removed)

Dropped!VLAN Tagged (VID !=X & VID !=Y)

Untagged Dropped!

C-tag remains, even VID=0

QinQ tagging Mode Example Behavior

QinQ (S-VID = X, C-VID = Y)

SM cannot be locally managed if connected to AP.But can be locally managed without VLAN tagging when disconnected from AP (connect a PC directly to the SM)

Untagged

UntaggedVLAN Tagged (VID ==X || VID == Y)

QinQ (S-VID != X, C-VID != Y) QinQ, unaltered

SM can be managed from AP,With VLAN ID set to that configured at the AP

20