Versions Compared

Old Version 13

changes.mady.by.user Edgars P.

Saved on

compared with

New Version 14

changes.mady.by.user Unknown User (0testing)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In some cases you might want to forward already tagged traffic through certain switches. This is a quite common setup for backbone infrastructures since it provides a possibility encapsulate traffic from, for example, your edge routers and seamlessly forward it over your backbone to another edge router. Below you can find an example of a VLAN tunneling topology:

Provider bridge topology

SVID stands for Service VID, indicating the tag type along with the VID.

Note
To fully understand how to configure VLAN tunneling properly, you should first read the Trunk/Access port setup section before proceeding any further.

...

The ether-type property allows you to select the following EtherTypes for the VLAN tag:

  • 0x88a8 - SVID, IEEE 802.1ad, Service VLANTag
  • 0x8100 - CVID, IEEE 802.1Q, Customer VLAN (regular VLAN tag)
  • 0x9100 - Double tagged (not very commonUnofficial tag type (rarely used)

In order to properly configure bridge VLAN filtering, you must understand how does the bridge distinguish between tagged and untagged packets. Like mentioned before, the bridge will check if EtherType matches with the outer VLAN tag in the packet. For example, consider the following packet:

...

In this example, we are assuming that all routers are passing traffic that is using a CVID VLAN tag (the inner regular/customer VLAN tag). Such traffic on switches will be considered as untagged traffic based on the principle described above. Switches will encapsulate this traffic using an SVID Service VLAN tag tag (the outer VLAN 802.1ad tag) and traffic between SW1 and SW2 is going to be considered as tagged. Before traffic reaches its destination, the switches will decapsulate will decapsulate the outer tag and forward the original CVID VLAN 802.1Q tagged frame to routers. See a packet example below:

A packet example before and after SVID 802.1ad VLAN encapsulation 

Note

All principles that apply to the regular trunk/access port setup using IEEE 802.1Q also apply to VLAN tunneling setups, make sure you are limiting VLANs and packet type properly using the bridge VLAN table and ingress filtering.

...

As you may notice, the only difference is that the VLAN interface is using use-service-tag=yes, this sets the VLAN interface to listen to SVID ( IEEE 802.1ad ) VLAN tags. This will require you to use the IEEE 802.1ad VLAN tag to access the device using the management VLAN . This means that - you will not be able to connect to the device using a CVID regular VLAN tag while using bridge VLAN filtering , theis enabled. The ether-type is set globally and will have an effect on all bridge VLAN filtering functions.

...