Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring All-in-One Bundling

 

You can configure Q-in-Q tunneling using the all-in-one bundling method, which forwards all packets entering a C-VLAN interface to an S-VLAN. (Packets are forwarded to the S-VLAN regardless of whether they are tagged or untagged before they enter.) Using this approach saves you the effort of specifying a specific mapping for each C-VLAN.

First configure the S-VLAN and its interface:

  1. Enable the interface to transmit packets with two 802.1Q VLAN tags:
    [edit interfaces interface-name]
    user@host# flexible-vlan-tagging
  2. Enable extended VLAN bridge encapsulation on the interface:
    [edit interfaces interface-name]
    user@host# encapsulation extended-vlan-bridge
  3. Enable the S-VLAN interface to send and receive untagged packets:
    [edit interfaces interface-name]
    user@host# native-vlan-id vlan-id
  4. Bind the logical interface (unit) of the interface to the automatically-created VLAN ID for the S-VLAN:
    [edit interfaces interface-name unit logical-unit-number]
    user@host# vlan-id number
    user@host# family ethernet-switching vlan members vlain-id

For example, the following configuration enables Q-in-Q tunneling on interface ge-0/0/7, enables ge-0/0/7 to accept untagged packets, and binds the VLAN ID of S-VLAN VL-S91 to a logical interface of ge-0/0/7.

set interfaces ge-0/0/7 flexible-vlan-tagging
set interfaces ge-0/0/7 native-vlan-id 91
set interfaces ge-0/0/7 encapsulation extended-vlan-bridge
set interfaces ge-0/0/7 unit 91 vlan-id 91
set interfaces ge-0/0/7 unit 91 family ethernet-switching vlan members VL-S91

Now configure all-in-one bundling on a C-VLAN interface:

  1. Enable the interface to transmit packets with 802.1Q VLAN tags:
    [edit interfaces interface-name]
    user@host# flexible-vlan-tagging
  2. Enable extended VLAN bridge encapsulation on the interface:
    [edit interfaces interface-name]
    user@host# encapsulation extended-vlan-bridge
  3. Enable the C-VLAN interface to send and receive untagged packets:
    [edit interfaces interface-name]
    user@host# native-vlan-id vlan-id
  4. Configure a logical interface to receive and forward any tagged packet whose VLAN ID tag matches the list of VLAN IDs you specify:
    [edit interfaces interface-name unit logical-unit-number]
    user@host# vlan-id-list vlan-id-numbers
    Note

    On some SRX Series devices, you can apply no more than eight VLAN identifier lists to a physical interface.

  5. Configure the system to add an S-VLAN tag (outer tag) as packets travel from a C-VLAN interface to the S-VLAN:
    [edit interfaces interface-name unit logical-unit-number]
    user@host# input-vlan-map push
  6. Configure the system to remove the S-VLAN tag when packets are forwarded (internally) from the S-VLAN interface to the C-VLAN interface:
    [edit interfaces interface-name unit logical-unit-number]
    user@host# output-vlan-map pop
    user@host# family ethernet-switching vlan members vlan-id
  7. Configure S-VLAN and vlan id binding:
    [edit vlans vlan-name]
    user@host# vlan-id vlan-id-numbers

For example, the following configuration makes ge-0/0/4 a member of S-VLAN VL-S91, enables Q-in-Q tunneling, maps packets from C-VLANs to S-VLAN VL-S91, and enables ge-0/0/4 to accept untagged packets. If a packet originates in C-VLAN and needs to be sent across the S-VLAN, a tag with VLAN ID 91 is added to the packet. When a packet is forwarded (internally) from the S-VLAN interface to interface ge-0/0/4, the tag with VLAN ID 91 is removed.

set interfaces ge-0/0/4 flexible-vlan-tagging
set interfaces ge-0/0/4 native-vlan-id 50
set interfaces ge-0/0/4 encapsulation extended-vlan-bridge
set interfaces ge-0/0/4 unit 50 vlan-id-list 30-70
set interfaces ge-0/0/4 unit 50 input-vlan-map push
set interfaces ge-0/0/4 unit 50 output-vlan-map pop
set interfaces ge-0/0/4 unit 50 family ethernet-switching vlan members VL-S91
set vlans VL-S91 vlan-id 91