Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX/ACX] Example Configuration: Q-in-Q tunneling for receiving both untagged and tagged traffic

0

0

Article ID: KB31650 KB Last Updated: 26 Oct 2020Version: 2.0
Summary:

This article provides an example configuration of Q-in-Q tunneling for receiving both untagged and tagged traffic using a customer scenario with the following requirements:

  1. Accept any type of frames (tagged/untagged) from clients.
  2. Push a VLAN-ID (3410) and send it to the remote end which is another vendor device.
  3. Receive traffic back from remote device. The return traffic will have VLAN-ID 3410.
  4. Pop the outer-VLAN ID of 3410 and send it back to the clients.
Solution:

Topology 

The traffic flow is working as expected, meaning if we take flow from ce1 to ce2:

  1. Ce1 sends traffic to ge-0/0/0 of ACX with VLAN 121.
  2. ACX adds tag 3410 and sends it to MX.
  3. Then MX forwards it to ge-0/3/1 and to ce2.

To achieve this, the following configuration needs to be applied on the ACX:

set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 native-vlan-id 123
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/0 gigether-options ethernet-switch-profile tag-protocol-id 0x88a8
set interfaces ge-0/0/0 gigether-options ethernet-switch-profile tag-protocol-id 0x8100
set interfaces ge-0/0/0 gigether-options ethernet-switch-profile tag-protocol-id 0x9100
set interfaces ge-0/0/0 unit 0 encapsulation vlan-bridge
set interfaces ge-0/0/0 unit 0 vlan-id-list 121-122
set interfaces ge-0/0/0 unit 0 input-vlan-map push
set interfaces ge-0/0/0 unit 0 input-vlan-map tag-protocol-id 0x88a8
set interfaces ge-0/0/0 unit 0 input-vlan-map vlan-id 3410
set interfaces ge-0/0/0 unit 0 output-vlan-map pop

set interfaces ge-0/1/0 flexible-vlan-tagging
set interfaces ge-0/1/0 media-type copper
set interfaces ge-0/1/0 encapsulation flexible-ethernet-services
set interfaces ge-0/1/0 gigether-options ethernet-switch-profile tag-protocol-id 0x88a8
set interfaces ge-0/1/0 gigether-options ethernet-switch-profile tag-protocol-id 0x8100
set interfaces ge-0/1/0 gigether-options ethernet-switch-profile tag-protocol-id 0x9100
set interfaces ge-0/1/0 unit 3410 encapsulation vlan-bridge
set interfaces ge-0/1/0 unit 3410 vlan-tags outer 0x88a8.3410

set bridge-domains test interface ge-0/0/0.0
set bridge-domains test interface ge-0/1/0.3410
 

On the MX, the following needs to be added:

set interfaces ge-0/3/0 flexible-vlan-tagging
set interfaces ge-0/3/0 encapsulation flexible-ethernet-services
set interfaces ge-0/3/0 gigether-options ethernet-switch-profile tag-protocol-id 0x88a8
set interfaces ge-0/3/0 gigether-options ethernet-switch-profile tag-protocol-id 0x8100
set interfaces ge-0/3/0 gigether-options ethernet-switch-profile tag-protocol-id 0x9100
set interfaces ge-0/3/0 unit 3410 encapsulation vlan-bridge
set interfaces ge-0/3/0 unit 3410 vlan-tags outer 0x88a8.3410

set interfaces ge-0/3/1 encapsulation ethernet-bridge
set interfaces ge-0/3/1 gigether-options ethernet-switch-profile tag-protocol-id 0x88a8
set interfaces ge-0/3/1 gigether-options ethernet-switch-profile tag-protocol-id 0x8100
set interfaces ge-0/3/1 gigether-options ethernet-switch-profile tag-protocol-id 0x9100
set interfaces ge-0/3/1 unit 0 input-vlan-map push
set interfaces ge-0/3/1 unit 0 input-vlan-map tag-protocol-id 0x88a8
set interfaces ge-0/3/1 unit 0 input-vlan-map vlan-id 3410
set interfaces ge-0/3/1 unit 0 output-vlan-map pop

set bridge-domains test interface ge-0/3/0.3410
set bridge-domains test interface ge-0/3/1.0


Please note that this was based on a particular scenario where the customer requirement was to push protocol-id 0x88a8. The regular 0x8100 protocol-id can also be used.

Verification

Traffic was sent from CE1 to CE2 (ICMP echo requests were sent) and captures were taken in CE2, showing that the requests came in correctly.

For untagged VLAN:


 

For tagged VLAN:

Modification History:
2020-10-23: Article reviewed for accuracy, no changes required; article accurate and valid
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search