ON THIS PAGE
Creating a Series of Tagged VLANs on EX Series Switches (CLI Procedure)
Creating a Series of Tagged VLANs on Switches with ELS Support
Verifying That a Series of Tagged VLANs Has Been Created on an EX Series Switch
Configuring Double-Tagged VLANs on Layer 3 Logical Interfaces
Example: Configuring VLAN Retagging for Layer 2 Transparent Mode on a Security Device
Configuring Tagged VLANs
Creating a Series of Tagged VLANs
When you divide an Ethernet LAN into multiple VLANs, each VLAN is assigned a unique IEEE 802.1Q tag. This tag is associated with each frame in the VLAN, and the network nodes receiving the traffic can use the tag to identify which VLAN a frame is associated with.
Instead of configuring VLANs and 802.1Q tags one at a time for a trunk interface, you can configure a VLAN range to create a series of tagged VLANs.
When an Ethernet LAN is divided into VLANs, each VLAN is identified by a unique 802.1Q tag. The tag is applied to all frames so that the network nodes receiving the frames can detect which VLAN the frames belong to. Trunk ports, which multiplex traffic among a number of VLANs, use the tag to determine the origin of frames and where to forward them.
For example, you could configure the VLAN employee and specify a tag range of 10 through 12. This creates the following VLANs and tags:
VLAN employee-10, tag 10
VLAN employee-11, tag 11
VLAN employee-12, tag 12
Creating tagged VLANs in a series has the following limitations:
Layer 3 interfaces do not support this feature.
Because an access interface can only support one VLAN member, access interfaces also do not support this feature.
This task uses Junos OS for QFX3500 and QFX3600 switches that does not support the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does support ELS, see Creating a Series of Tagged VLANs on Switches with ELS Support.
To configure a series of tagged VLANs using the CLI (here, the VLAN is employee):
Configure the series (here, a VLAN series from 120 through 130):
[edit] user@switch# set vlans employee vlan-range 120-130
Associate a series of tagged VLANs when you configure an interface in one of two ways:
Include the name of the series:
[edit interfaces] user@switch# set interfaces xe-0/0/22.0 family ethernet-switching vlanmembers employee
Include the VLAN range:
[edit interfaces] user@switch# set interfaces xe-0/0/22.0 family ethernet-switching vlan members 120–130
Associating a series of tagged VLANS to an interface by name or by VLAN range has the same result: VLANs __employee_120__ through __employee_130__ are created.
When a series of VLANs is created using the vlan-range command, the VLAN names are preceded and followed by a double underscore.
Creating a Series of Tagged VLANs on EX Series Switches (CLI Procedure)
To identify which VLAN traffic belongs to, all frames on an Ethernet VLAN are identified by a tag, as defined in the IEEE 802.1Q standard. These frames are tagged and are encapsulated with 802.1Q tags. For a simple network that has only a single VLAN, all traffic has the same 802.1Q tag.
Instead of configuring VLANS and 802.1Q tags one at a time for a trunk interface, you can configure a VLAN range to create a series of tagged VLANs.
When an Ethernet LAN is divided into VLANs, each VLAN is identified by a unique 802.1Q tag. The tag is applied to all frames so that the network nodes receiving the frames know which VLAN the frames belong to. Trunk ports, which multiplex traffic among a number of VLANs, use the tag to determine the origin of frames and where to forward them.
For example, you could configure the VLAN employee and specify a tag range of 10-12. This creates the following VLANs and tags:
VLAN employee-10, tag 10
VLAN employee-11, tag 11
VLAN employee-12, tag 12
Creating tagged VLANs in a series has the following limitations:
Layer 3 interfaces do not support this feature.
Because an access interface can only support one VLAN member, access interfaces also do not support this feature.
Voice over IP (VoIP) configurations do not support a range of tagged VLANs.
To configure a series of tagged VLANs using the CLI (here, the VLAN is employee):
Configure the series (here, a VLAN series from 120 through 130):
[edit] user@switch# set vlans employee vlan-range 120-130
Associate a series of tagged VLANs when you configure an interface in one of two ways:
Include the name of the series:
[edit interfaces] user@switch# set interfaces ge-0/0/22.0 family ethernet-switching vlan members employee
Include the VLAN range:
[edit interfaces] user@switch# set interfaces ge-0/0/22.0 family ethernet-switching vlan members 120–130
Associating a series of tagged VLANS to an interface by name or by VLAN range have the same result: VLANs __employee_120__ through __employee_130__ are created.
When a series of VLANs are created using the vlan-range command, the VLAN names are prefixed and suffixed with a double
underscore.
See Also
Creating a Series of Tagged VLANs on Switches with ELS Support
When you divide an Ethernet LAN into multiple VLANs, each VLAN is assigned a unique IEEE 802.1Q tag. This tag is associated with each frame in the VLAN, and the network nodes receiving the traffic can use the tag to identify which VLAN a frame is associated with.
Instead of configuring VLANs and 802.1Q tags one at a time for a trunk interface, you can configure a VLAN range to create a series of tagged VLANs.
When an Ethernet LAN is divided into VLANs, each VLAN is identified by a unique 802.1Q tag. The tag is applied to all frames so that the network nodes receiving the frames can detect which VLAN the frames belong to. Trunk ports, which multiplex traffic among a number of VLANs, use the tag to determine the origin of frames and where to forward them.
For example, you could configure the VLAN employee and specify a tag range of 10 through 12. This creates the following VLANs and tags:
VLAN employee-10, tag 10
VLAN employee-11, tag 11
VLAN employee-12, tag 12
Creating tagged VLANs in a series has the following limitations:
Layer 3 interfaces do not support this feature.
Because an access interface can only support one VLAN member, access interfaces also do not support this feature.
This task uses Junos OS for Junos OS for QFX3500 and QFX3600 switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Creating a Series of Tagged VLANs. For ELS details, see Using the Enhanced Layer 2 Software CLI.
To configure a series of tagged VLANs using the CLI (here, the VLAN is employee):
Configure the series (here, a VLAN series from 120 through 130):
[edit] user@switch# set vlans employee vlan-id-list [ 120-130 ]
Associate a series of tagged VLANs when you configure an interface in one of two ways:
Include the name of the series:
[edit interfaces] user@switch# set interfaces xe-0/0/22.0 family ethernet-switching vlanmembers employee
Include the VLAN range:
[edit interfaces] user@switch# set interfaces xe-0/0/22.0 family ethernet-switching vlan members 120–130
Associating a series of tagged VLANS to an interface by name or by VLAN range the same result: VLANs __employee_120__ through __employee_130__ are created.
When a series of VLANs is created using the vlan-id-list command, the VLAN names are preceded and followed by a double underscore.
See Also
Verifying That a Series of Tagged VLANs Has Been Created
Purpose
Verify that a series of tagged VLANs has been created on the switch.
Action
Display the VLANs in the ascending order of their VLAN ID:
user@switch> show vlans sort-by tag Name Tag Interfaces __employee_120__ 120 xe-0/0/22.0* __employee_121__ 121 xe-0/0/22.0* __employee_122__ 122 xe-0/0/22.0* __employee_123__ 123 xe-0/0/22.0* __employee_124__ 124 xe-0/0/22.0* __employee_125__ 125 xe-0/0/22.0* __employee_126__ 126 xe-0/0/22.0* __employee_127__ 127 xe-0/0/22.0* __employee_128__ 128 xe-0/0/22.0* __employee_129__ 129 xe-0/0/22.0* __employee_130__ 130 xe-0/0/22.0*Display the VLANs by the alphabetical order of the VLAN name:
user@switch> show vlans sort-by name Name Tag Interfaces __employee_120__ 120 xe-0/0/22.0* __employee_121__ 121 xe-0/0/22.0* __employee_122__ 122 xe-0/0/22.0* __employee_123__ 123 xe-0/0/22.0* __employee_124__ 124 xe-0/0/22.0* __employee_125__ 125 xe-0/0/22.0* __employee_126__ 126 xe-0/0/22.0* __employee_127__ 127 xe-0/0/22.0* __employee_128__ 128 xe-0/0/22.0* __employee_129__ 129 xe-0/0/22.0* __employee_130__ 130 xe-0/0/22.0*Display the VLANs by specifying the VLAN range name (here, the VLAN range name is employee):
user@switch> show vlans employee Name Tag Interfaces __employee_120__ 120 xe-0/0/22.0* __employee_121__ 121 xe-0/0/22.0* __employee_122__ 122 xe-0/0/22.0* __employee_123__ 123 xe-0/0/22.0* __employee_124__ 124 xe-0/0/22.0* __employee_125__ 125 xe-0/0/22.0* __employee_126__ 126 xe-0/0/22.0* __employee_127__ 127 xe-0/0/22.0* __employee_128__ 128 xe-0/0/22.0* __employee_129__ 129 xe-0/0/22.0* __employee_130__ 130 xe-0/0/22.0*
Meaning
The sample output shows the VLANs configured on the switch. The series of tagged VLANs is displayed: __employee__120__ through __employee_130__. Each of the tagged VLANs is configured on the trunk interface xe-0/0/22.0. The asterisk (*) next to the interface name indicates that the interface is UP.
When a series of VLANs is created using the vlan-range statement, the VLAN names are preceded and followed by a double
underscore.
Verifying That a Series of Tagged VLANs Has Been Created on an EX Series Switch
Purpose
Verify that a series of tagged VLANs is created on the switch.
Action
Display the VLANs in the ascending order of their VLAN ID:
user@switch> show vlans sort-by tag
Name Tag Interfaces
__employee_120__ 120
ge-0/0/22.0*
__employee_121__ 121
ge-0/0/22.0*
__employee_122__ 122
ge-0/0/22.0*
__employee_123__ 123
ge-0/0/22.0*
__employee_124__ 124
ge-0/0/22.0*
__employee_125__ 125
ge-0/0/22.0*
__employee_126__ 126
ge-0/0/22.0*
__employee_127__ 127
ge-0/0/22.0*
__employee_128__ 128
ge-0/0/22.0*
__employee_129__ 129
ge-0/0/22.0*
__employee_130__ 130
ge-0/0/22.0*
Display the VLANs by the alphabetical order of the VLAN name:
user@switch> show vlans sort-by name
Name Tag Interfaces
__employee_120__ 120
ge-0/0/22.0*
__employee_121__ 121
ge-0/0/22.0*
__employee_122__ 122
ge-0/0/22.0*
__employee_123__ 123
ge-0/0/22.0*
__employee_124__ 124
ge-0/0/22.0*
__employee_125__ 125
ge-0/0/22.0*
__employee_126__ 126
ge-0/0/22.0*
__employee_127__ 127
ge-0/0/22.0*
__employee_128__ 128
ge-0/0/22.0*
__employee_129__ 129
ge-0/0/22.0*
__employee_130__ 130
ge-0/0/22.0*Display the VLANs by specifying the VLAN-range name (here, the VLAN-range name is employee):
user@switch> show vlans employee
Name Tag Interfaces
__employee_120__ 120
ge-0/0/22.0*
__employee_121__ 121
ge-0/0/22.0*
__employee_122__ 122
ge-0/0/22.0*
__employee_123__ 123
ge-0/0/22.0*
__employee_124__ 124
ge-0/0/22.0*
__employee_125__ 125
ge-0/0/22.0*
__employee_126__ 126
ge-0/0/22.0*
__employee_127__ 127
ge-0/0/22.0*
__employee_128__ 128
ge-0/0/22.0*
__employee_129__ 129
ge-0/0/22.0*
__employee_130__ 130
ge-0/0/22.0*Meaning
The sample output shows the VLANs configured on the switch. The series of tagged VLANs is displayed: __employee__120__ through __employee_130__. Each of the tagged VLANs is configured on the trunk interface ge-0/0/22.0. The asterisk (*) beside the interface name indicates that the interface is UP.
When a series of VLANs is created using the vlan-range statement, the VLAN names are prefixed and suffixed with a double underscore.
Configuring Double-Tagged VLANs on Layer 3 Logical Interfaces
Junos OS supports a subset of the IEEE 802.1Q standard for channelizing an Ethernet interface into multiple logical interfaces, allowing many hosts to be connected to the same switch but preventing them from being in the same routing or bridging domain. When an Ethernet LAN is divided into VLANs, each VLAN is identified by a unique 802.1Q tag. The tag is applied to all frames so that network nodes receiving the frames can detect which VLAN the frames belong to.
You can configure double VLAN tags (that is, an inner and an outer tag) on a Layer 3 logical interface (sometimes called a “Layer 3 subinterface”).
Support for double-tagging VLANs on Layer 3 logical interfaces includes:
Configuration of an IPv4, an IPv6, or an
mplsfamily on the logical interfaceConfiguration over an aggregated Ethernet interface
Configuration of multiple logical interfaces on a single physical interface
This feature does not include support for the following:
VLAN rewrite (
input-vlan-maporoutput-vlan-map)TPID configuration (on physical or logical interfaces)
native-inner-vlan-id;outer-vlan-id-list;inner-vlan-id-list; orvlan-id-range
To configure a double-tagged Layer 3 logical interface:
See Also
Stacking a VLAN Tag
To stack a VLAN tag on all tagged frames entering or
exiting the interface, include the push, vlan-id, and tag-protocol-id statements in the input VLAN map
or the output VLAN map:
input-vlan-map input-vlan-map { push; vlan-id number; tag-protocol-id tpid; } output-vlan-map { push; tag-protocol-id tpid; }
You can include these statements at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number][edit interfaces interface-name unit logical-unit-number][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number]
The VLAN IDs you define in the input VLAN maps are stacked on top of the VLAN ID bound to the logical interface.
All TPIDs you include in input and output VLAN maps must be
among those you specify at the [edit interfaces interface-name ether-options ethernet-switch-profile tag-protocol-id [ tpids ]] hierarchy level.
Rewriting a VLAN Tag and Adding a New Tag
On Ethernet IQ, IQ2 and IQ2-E interfaces, on MX
Series router Gigabit Ethernet, Tri-Rate Ethernet
copper, and 10-Gigabit Ethernet interfaces, on
aggregated Ethernet interfaces using Gigabit
Ethernet IQ2 and IQ2-E or 10-Gigabit Ethernet PICs
on MX Series routers, and on Gigabit Ethernet and
10-Gigabit Ethernet interfaces on EX Series
switches, to replace the outer VLAN tag of the
incoming frame with a user-specified VLAN tag
value, include the swap-push
statement in the input VLAN map or output VLAN
map:
swap-push
A user-specified outer VLAN tag is pushed in front. The outer tag becomes an inner tag in the final frame. The stacked and rewriting Gigabit-Ethernet VLAN Tags are also referred to as Q-in-Q tunneling.
You can include this statement at the following hierarchy levels:
-
[edit interfaces interface-name unit logical-unit-number input-vlan-map] -
[edit interfaces interface-name unit logical-unit-number output-vlan-map] -
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number input-vlan-map] -
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number output-vlan-map]
See Also
Rewriting the Inner and Outer VLAN Tags
On Ethernet IQ, IQ2 and IQ2-E interfaces, on MX Series router
Gigabit Ethernet, Tri-Rate Ethernet copper, and 10-Gigabit Ethernet
interfaces, and on aggregated Ethernet interfaces using Gigabit Ethernet
IQ2 and IQ2-E or 10-Gigabit Ethernet PICs on MX Series routers, to
replace both the inner and the outer VLAN tags of the incoming frame
with a user-specified VLAN tag value, include the swap-swap statement in the input VLAN map or output VLAN map: The stacked
and rewriting Gigabit-Ethernet VLAN Tags are also referred to as Q-in-Q
tunneling.
swap-swap;
You can include this statement at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number input-vlan-map][edit interfaces interface-name unit logical-unit-number output-vlan-map][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number input-vlan-map][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number output-vlan-map]
See Also
Rewriting the VLAN Tag on Tagged Frames
To rewrite the VLAN tag on all tagged frames entering the interface
to a specified VLAN ID and TPID, include the swap, tag-protocol-id, and vlan-id statements in the input
VLAN map:
input-vlan-map { swap; vlan-id number; tag-protocol-id tpid; }
To rewrite the VLAN tag on all tagged frames exiting the interface
to a specified VLAN ID and TPID, include the swap and tag-protocol-id statements in the output VLAN map:
output-vlan-map { swap; vlan-id number; tag-protocol-id tpid; }
You can include these statements at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number input-vlan-map][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number input-vlan-map]
You cannot include both the swap statement and the vlan-id statement in the output VLAN map configuration. If
you include the swap statement in the configuration, the
VLAN ID in outgoing frames is rewritten to the VLAN ID bound
to the logical interface. For more information about binding a VLAN
ID to the logical interface, see 802.1Q
VLANs Overview.
The swap operation works on the outer tag only, whether or not
you include the stacked-vlan-tagging statement in the configuration.
For more information, see Examples: Stacking
and Rewriting Gigabit Ethernet IQ VLAN Tags.
See Also
Configuring VLAN Translation with a VLAN ID List
In many cases, the VLAN identifiers on the frames of an interface’s packets are not correct. VLAN translation, or VLAN rewrite, allows you to configure bidirectional VLAN identifier translation with a list on frames arriving on and leaving from a logical interface. This lets you use unique VLAN identifiers internally and maintain legacy VLAN identifiers on logical interfaces.
To perform VLAN translation on the packets on a trunk interface,
insert the vlan-rewrite statement at the [edit interfaces interface-name unit unit-number] hierarchy level. You must also include the interface-mode trunk statement within the [edit interfaces interface-name unit unit-number family ethernet-switching] hierarchy because VLAN translation is only supported on trunk interfaces.
The reverse translation takes place on traffic exiting the interface.
In other words, if VLAN 200 is translated to 500 on traffic entering
the interface, VLAN 500 is translated to VLAN 200 on traffic leaving
the interface.
You can configure either flexible VLAN tagging or trunk mode on interfaces. VLAN translation does not support both.
The following example translates incoming trunk packets from VLAN identifier 200 to 500 and 201 to 501 (other valid VLAN identifiers are not affected):
[edit interfaces ge-1/0/1]
unit 0 {
... # Other logical interface statements
family ethernet-switching {
interface-mode trunk # Translation is only for trunks
vlan {
members 500-501;
}
vlan-rewrite {
translate 200 500;
translate 201 501;
}
... # Other ethernet-switching statements
}
}
This example also translates frame VLANs from 500 to 200 and 501 to 201 on egress.
Configuring VLAN Translation on Security Devices
VLAN translation allow service providers to create a Layer 2 Ethernet connection between two customer sites. Providers can segregate different customers’ VLAN traffic on a link (for example, if the customers use overlapping VLAN IDs) or bundle different customer VLANs into a single service VLAN. Data centers can use Q-in-Q tunneling to isolate customer traffic within a single site or when customer traffic flows between cloud data centers in different geographic locations.
Before you begin configuring VLAN translation, make sure you have created and configured the necessary customer VLANs on the neighboring switches. See Configuring VLANs.
VLAN translation can be done in two ways:
To configure VLAN translation in VLAN retagging, an enterprise provider style of VLAN translation can be achieved by following CLI configuration:
[edit] user@host#set interfaces intf-name unit 0 family ethernet-switching interface-mode trunk user@host#set interfaces intf-name unit 0 family ethernet-switching vlan members v1000 user@host#set interfaces intf-name unit 0 family ethernet-switching vlan-rewrite translate 500 1000
To configure VLAN translation in Q-in-Q, a service provider style of VLAN translation can be achieved by following CLI configuration:
[edit] user@host#set interfaces intf-name flexible-vlan-tagging user@host#set interfaces intf-name encapsulation extended-vlan-bridge user@host#set interfaces intf-name unit 100 vlan-id 500 user@host#set interfaces intf-name unit 100 input-vlan-map swap user@host#set interfaces intf-name unit 100 input-vlan-map tag-protocol-id 0x8100 user@host#set interfaces intf-name unit 100 output-vlan-map swap user@host#set interfaces intf-name unit 100 family ethernet-switching vlan members v1000
See Also
Example: Configuring VLAN Retagging for Layer 2 Transparent Mode on a Security Device
This example shows how to configure VLAN retagging on a Layer 2 trunk interface to selectively screen incoming packets and redirect them to a security device without affecting other VLAN traffic.
Requirements
Before you begin, determine the mapping you want to include for the VLAN retagging. See Understanding VLAN Retagging on Security Devices.
Overview
In this example, you create a Layer 2 trunk interface called ge-3/0/0 and configure it to receive packets with VLAN identifiers 1 through 10. Packets that arrive on the interface with VLAN identifier 11 are retagged with VLAN identifier 2. Before exiting the trunk interface, VLAN identifier 2 in the retagged packets is replaced with VLAN identifier 11. All VLAN identifiers in the retagged packets change back when you exit the trunk interface.
Configuration
Procedure
Step-by-Step Procedure
To configure VLAN retagging on a Layer 2 trunk interface:
Create a Layer 2 trunk interface.
[edit] user@host#set interfaces ge-3/0/0 unit 0 family ethernet-switching interface-mode trunk vlan members 1–10
Configure VLAN retagging.
[edit] user@host#set interfaces ge-3/0/0 unit 0 family ethernet-switching vlan-rewrite translate 11 2
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interfaces ge-3/0/0 command.
Configuring Inner and Outer TPIDs and VLAN IDs
For some rewrite operations, you must configure the inner or outer TPID values and inner or outer VLAN ID values. These values can be applied to either the input VLAN map or the output VLAN map.
On Ethernet IQ, IQ2, and IQ2-E interfaces; on MX Series
router Gigabit Ethernet, Tri-Rate Ethernet copper, and 10-Gigabit
Ethernet interfaces; and on aggregated Ethernet interfaces using Gigabit
Ethernet IQ2 and IQ2-E or 10-Gigabit Ethernet PICs on MX Series routers,
to configure the inner TPID, include the inner-tag-protocol-id statement:
inner-tag-protocol-id tpid;
You can include this statement at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number input-vlan-map][edit interfaces interface-name unit logical-unit-number output-vlan-map][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number input-vlan-map][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number output-vlan-map]
For the inner VLAN ID, include the inner-vlan-id statement.
For the outer TPID, include the tag-protocol-id statement.
For the outer VLAN ID, include the vlan-id statement:
input-vlan-map { (pop | pop-pop | pop-swap | push | push-push | swap | swap-push | swap-swap); inner-tag-protocol-id tpid; inner-vlan-id number; tag-protocol-id tpid; vlan-id number; } output-vlan-map { (pop | pop-pop | pop-swap | push | push-push | swap | swap-push | swap-swap); inner-tag-protocol-id tpid; inner-vlan-id number; tag-protocol-id tpid; vlan-id number; }
For aggregated Ethernet interfaces using Gigabit Ethernet IQ
interfaces, include the tag-protocol-id statement for the
outer TPID. For the outer VLAN ID, include the vlan-id statement:
input-vlan-map { (pop | push | swap); tag-protocol-id tpid; vlan-id number; } output-vlan-map { (pop | push | swap); tag-protocol-id tpid; vlan-id number; }
You can include these statements at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number][edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number]
The VLAN IDs you define in the input VLAN maps are stacked on top of the VLAN ID bound to the logical interface. For more information about binding a VLAN ID to the logical interface, see 802.1Q VLANs Overview.
All TPIDs you include in input and output VLAN maps must be
among those you specify at the [edit interfaces interface-name ether-options ethernet-switch-profile tag-protocol-id [ tpids ]] hierarchy level.
Table 1 and Table 2 specify when these statements are required. Table 1 indicates valid statement combinations
for rewrite operations for the input VLAN map. “No” means
the statement must not be included in the input VLAN map for the rewrite
operation. “Optional” means the statement may be optionally
specified for the rewrite operation in the input VLAN map. “Any”
means that you must include the vlan-id statement, tag-protocol-id statement, inner-vlan-id statement,
or inner-tag-protocol-id statement.
|
Input VLAN Map Statements |
|||
|---|---|---|---|---|
| Rewrite Operation | vlan-id | tag-protocol-id | inner-vlan-id | inner-tag-protocol-id |
| push | Optional |
Optional |
No |
No |
| pop | No |
No |
No |
No |
| swap | Any |
Any |
No |
No |
| push-push | Optional |
Optional |
Optional |
optional |
| swap-push | Optional |
Optional |
Any |
Any |
| swap-swap | Optional |
Optional |
Any |
Any |
| pop-swap | No |
No |
Any |
Any |
| pop-pop | No |
No |
No |
No |
Table 2 indicates valid statement combinations for rewrite operations for the output VLAN map. “No” means the statement must not be included in the output VLAN map for the rewrite operation. “Optional” means the statement may be optionally specified for the rewrite operation in the output VLAN map.
|
Output VLAN Map Statements |
|||
|---|---|---|---|---|
| Rewrite Operation | vlan-id | tag-protocol-id | inner-vlan-id | inner-tag-protocol-id |
| push | No |
Optional |
No |
No |
| pop | No |
No |
No |
No |
| swap | No |
Optional |
No |
No |
| push-push | No |
Optional |
No |
Optional |
| swap-push | No |
Optional |
No |
Optional |
| swap-swap | No |
Optional |
No |
Optional |
| pop-swap | No |
No |
No |
Optional |
| pop-pop | No |
No |
No |
No |
The following examples use Table 1 and Table 2 and show how the pop-swap operation can be configured in an input VLAN map and an output VLAN map:
Input VLAN Map with inner-vlan-id Statement, Output VLAN Map with Optional inner-tag-protocol-id Statement
[edit interfaces interface-name unit logical-unit-number] input-vlan-map { pop-swap; inner-vlan-id number; } output-vlan-map { pop-swap; inner-tag-protocol-id tpid; }
Input VLAN Map with inner-tag-protocol-id Statement, Output VLAN Map with Optional inner-tag-protocol-id Statement
[edit interfaces interface-name unit logical-unit-number] input-vlan-map { pop-swap; inner-tag-protocol-id tpid; } output-vlan-map { pop-swap; inner-tag-protocol-id tpid; }
Input VLAN Map with inner-tag-protocol-id and inner-vlan-id Statements
[edit interfaces interface-name unit logical-unit-number] input-vlan-map { pop-swap; inner-vlan-id number; inner-tag-protocol-id tpid; }