Friday , March 29 2024
Home / Tag Archives: VLAN

Tag Archives: VLAN

basic QinQ configuration on Huawei switches

In traditional 802.1Q protocol, service provider should assign different VLAN IDs to users of different VLANs. The numer of VLANs is limited to 4094 IDs. In addition, different users cannot use the same VLAN ID.

A simple method to solve this is to implement QinQ. The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. The ISP network only provides one VLAN ID for different VLANs from the same user network. This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution to a small MAN or a local area networks.

QinQ tunneling on Huawei switches

Let’s assume that we have two enteprise networks. Each enterprise has two branch offices, located in different cities. As an ISP, we cannot force these enterprises to use different VLAN planning. In our case, both use VLAN 10 and our task is to transparently transmitt traffic, through ISP network, between remote offices.

What we want to achieve is to ensure communication between remote offices of each enterprise and to block communication between Enterprise_1 and Enterprise_2. We can use basic QinQ tunneling in this case. It adds the same outer VLAN tag to all the frames entering a Layer 2 port.

Read More »

Inter-VLAN communication on USG firewall

It’s time to check a firewall available in eNSP simulator. Today a simple task, just configuring inter-VLAN communication on Huawei USG5500.

Let’s look at the following topology:

Configuration roadmap:

  1. Configure L2 communication on the switch.
  2. As the switch is L2, configure subinterfaces on the firewall and enable L3 communication between different VLANs.
  3. Set IP addresses and gateways for all PCs.
  4. Create 2 security zones and configure interzone packet-filterfing to control traffic between VLANs.
  5. Security requirements for the network:
  • PC1 in VLAN100 and PC2 in VLAN200 can communicate each other.
  • PC3 in VLAN300 can access PC1 and PC2. PC1 and PC2 cannot access PC3.

Read More »

VLAN, trunk, VLANIF (SVI) on Huawei switch

Today I want to show you:

  • How to configure VLANs
  • How to add interface to a VLAN
  • How to establish 802.1q trunk between two Ethernet switches and filter VLANs
  • How to configure VLANIF (VLAN interface or simply SVI).

Look at the following topology:

Let’s assume that we want to configure two switches, which are connected via Ethernet link. Both switches have PCs connected to them. We want to allow PC101 to be able to reach PC102 and PC201 to be able to reach PC202.To do so, we need to add two different VLANs, configure Ethernet Trunk between switches and add PCs to the correct VLAN.

Read More »