Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Troubleshooting Q-in-Q and VLAN Translation Configuration

Firewall Filter Match Condition Not Working with Q-in-Q Tunneling

Problem

Description

If you create a firewall filter that includes a match condition of dot1q-tag or dot1q-user-priority and apply the filter on input to a trunk port that participates in a service VLAN, the match condition does not work if the Q-in-Q EtherType is not 0x8100. (When Q-in-Q tunneling is enabled, trunk interfaces are assumed to be part of the service provider or data center network and therefore participate in service VLANs.)

Solution

This is expected behavior. To set the Q-in-Q EtherType to 0x8100, enter the set dot1q-tunneling ethertype 0x8100 statement at the [edit ethernet-switching-options] hierarchy level. You must also configure the other end of the link to use the same Ethertype.

Egress Port Mirroring with VLAN Translation

Problem

Description

If you create a port-mirroring configuration that mirrors customer VLAN (CVLAN) traffic on egress and the traffic undergoes VLAN translation before being mirrored, the VLAN translation does not apply to the mirrored packets. That is, the mirrored packets retain the service VLAN (SVLAN) tag that should be replaced by the CVLAN tag on egress. The original packets are unaffected—on these packets VLAN translation works properly, and the SVLAN tag is replaced with the CVLAN tag on egress.

Solution

This is expected behavior.