Allied Telesis Support Portal

How to configure Q-in-Q in AlliedWare Plus switches?

Can I add a second tag on a VLAN?


Double-tagged VLANs are used to overlay a private Layer 2 network over a public Layer 2 network. The feature is also known as Nested VLANs, VLAN stacking, and Q-in-Q. It provides a method of transporting different clients traffic across a shared Ethernet infrastructure.

How Q-in-Q works

In a nested VLAN environment VLAN tagging exists at two levels:
-Client tagging (C-tag)
-Service provider tagging (S-tag)

When nested VLAN functionality is enabled, the service provider assigns to each of its clients an individual 12 bit customer VID called an S-tag. The S-tag field has an identical structure to the VLAN tag field.

The switch that performs the double-tagging has two sets of specially designated ports:
-Customer edge ports—that face the customer networks from which single-tagged packets are arriving.
-Provider ports—that connect into the service provider infrastructure, on which double-tagged packets are arriving and leaving.

A customer edge port will always be a member of ONE service provider VLAN.
A provider port can
be a member of multiple service provider VLANs.

Packets entering the customer port of the service
provider switch are VLAN tagged packets with original VLAN identifiers (C-tag VIDs) from the customer network. When the packets enter the switch via a customer edge port, the switch adds an S-tag (outer tag) on top of the C-tag (inner tag). When the S-tag tagged packets exit the service provider network via a customer edge port of the destination switch, the S-tag (outer tag) is removed. Therefore, when the packets exit the customer port, the original VLAN tags are preserved. Once the S-tag is removed from the packet, it is forwarded ‘as is’ out of the customer-edge port.


Configuring port-based Q-in-Q

You need a special feature license to use double-tagged VLANs. Contact your authorized Allied Telesis distributor or reseller for more information.

Step 1: Create and enable the service provider VLAN 2.
This is the VLAN to be used in the outer tag, VID 2.

awplus# configure terminal
awplus(config)# vlan database
awplus(config-vlan)# vlan 2 state enable
awplus(config-vlan)# exit

Step 2: Configure the provider-port member of the service provider VLAN.
Configure port 1.0.2 as a provider-port member of VLAN 2.

awplus(config)# interface port1.0.2
awplus(config-if)# switchport mode trunk
awplus(config-if)# switchport trunk allowed vlan add 2
awplus(config-if)# switchport vlan-stacking provider-port

Step 3: Set the Maximum Receive Unit (MRU).
When adding S-Tag the frame size increses. Therefore, set the MRU size to:
9710 bytes for ports that work at speeds of either 10Mbps or 100Mbs.
10240 bytes for ports that work at speeds of 1000Mbps.
Specify the MRU size in bytes.

awplus(config-if)# mru 10240
awplus(config-if)# exit

Step 4: Configure the customer edge port as a member of the VLAN 10.
Configure port 1.0.3 as a customer edge port member of VLAN 10.

awplus(config)# interface port1.0.3
awplus(config-if)# switchport mode access
awplus(config-if)# switchport access vlan 2
awplus(config-if)# switchport vlan-stacking customer-edge-port
awplus(config-if)# exit

Be sure that the port from the customer side facing the Customer edge port is tagged (in trunk mode).

awplus(config)# interface port1.0.2
awplus(config-if)# switchport mode trunk
awplus(config-if)# switchport trunk allowed vlan add 10

VLAN-based Q-in-Q (VLAN stacking)

On the SBx8100 Series switch, AlliedWare Plus 5.5.0-1.1 adds support for VLAN-based Q-in-Q. VLAN-based Q-in-Q is also known as VLAN-based VLAN stacking or VLAN-based double-tagging. When you configure this VLAN stacking for a customer VLAN, it applies an outer-VLAN tag to all traffic from that VLAN as it traverses the service provider's network. The outer tag is removed for traffic from the provider network ingressing via the provider port, which is configured as a member of the outer VLAN.

The difference between VLAN-based and port-based Q-in-Q is that VLAN-based Q-in-Q applies to all ports that are members of the customer VLAN. This means that traffic incoming on any of those ports will egress on all ports that are tagged members of the outer VLAN (provider ports). The packets egress double-tagged and the outer tag is used to traverse the provider networks.