Allied Telesis Support Portal

Configuring VLAN Double Tagging (VLAN Stacking or Q-in-Q)

How do I configure VLAN Stacking on my AW+ switch?

Introduction

Double tagged VLANs are used to overlay a private Layer 2 network over a public Layer 2 network. The feature is also known as Nested VLANs, VLAN stacking, and Q-in-Q. It provides a method of transporting different clients' traffic across a shared Ethernet infrastructure. 

 Network service providers often have customers whose VLAN IDs overlap, therefore, a solution is required to control each client's traffic when the traffic from different clients is mixed together within the service providers' infrastructure, (i.e. different customers will allocate the same VIDs to their VLANs). With a nested VLAN configuration, each customer is given a customer-ID (S-Tag), which is a unique identifier within the service provider infrastructure. Traffic from individual customers is tagged with the S-Tag and segregated from other customer’s traffic. The VLAN identification of the customer’s network can be preserved while the traffic is tunneled through the network service provider’s infrastructure.  It is also possible to specify the value of the TPID using the command "platform vlan-stacking-tpid <TPID value>" to be used in the vlan tag that is added. A value of 0x8100 means it is an 802.1Q (vlan tagged) frame. This is the value used for an ordinary vlan tagged packet and for the inner tag. It is also the default value for the outer tag but this command allows you to modify the outer tag assignment.  In the diagram below, it is the 0x8100 value in the grey portion of the packets entering and leaving the service provider network that is set by this command.

NOTE: 0x9100 is commonly used for the outer‑tag.

VLAN Stacking Diagram

You may need a special feature licence to use nested VLANs. See your Allied Telesis distributor or reseller for more information.

In a nested VLAN environment VLAN tagging exists at two levels:
  • client tagging (C-tag)
  • service provider tagging (S-tag)
When nested VLAN functionality is enabled, the service provider assigns to each of its clients an individual 12 bit customer VID called an S-tag. The S-tag field has an identical structure to the VLAN tag field.

The switch that performs the double tagging has two sets of specially designated ports:
  • Customer edge ports —that face the customer networks from which single-tagged packets are arriving.
  • Provider ports (or Core ports)— that connect into the service provider infrastructure, on which double-tagged packets are arriving and leaving.

VLAN Rules for VLAN Stacking

These are the rules for when double-tagged VLANs are created:

At the switch level:
  • a nested VLAN belongs to only one customer and can have multiple customer-edge ports
  • a port must be either a customer-edge port or a provider port, but cannot be both
On Service provider ports:
  • accepts only tagged packets
  • transmits only tagged packets
  • can be in many double-tagged VLANs

On Customer edge ports:

  • accepts both tagged and untagged packets
  • transmits both tagged and untagged packets
  • can be a member of only one nested VLAN

Configuring double tagged VLANs

You will need a special feature license to use double-tagged VLANs. Once the proper licenses are in place, the steps to configure double tagged VLANs are included below:
  • Create the double-tagged VLAN
  • Configure ports as members of the double-tagged VLAN.
  • Set the Tag Protocol Identifier (TPID).This is an optional step.
    If required, you can change the Tag Protocol Identifier (TPID) from its default (for VLAN stacking) of 0x8100 (specified as Hex notation), with the platform vlan-stacking-tpid command.
Note: That this command specifies the TPID value that applies to all VLANs used for double-tagged VLANs.  You cannot set individual TPID values for different VLANs within a multi double-tagged VLAN network.


Set the Maximum Receive Unit (MRU).This is an optional step. Adding the S-tag can result in frame sizes that exceed the maximum of 1522 bytes. In order to cope with these larger than normal frames, you should increase the MRU size set for ports configured for double-tagged VLANs. Set the MRU size to:
  • 9710 bytes for ports that work at speeds of either 100 Mbps or 100 Mbps
  • 10240 bytes for ports that work at speeds of 1000 Mbps

Sample configuration enabling double tagged VLANS:

Double-tagged VLANs

Step 1. Create and enable the service provider VLAN 2 (the VLAN to be used in the outer-tag) 
awplus# configure terminal  
awplus(config)# vlan database  
awplus(config-vlan)# vlan 2 state enable   
awplus(config-vlan)# exit
Step 2. Configure port 1.0.2 as a provider-port member of VLAN 2 
awplus# configure terminal 
awplus(config)# interface port1.0.2 
awplus(config-if)# switchport mode trunk 
awplus(config-if)# switchport trunk allowed vlan add 2 
awplus(config-if)# switchport vlan-stacking provider-port
Step 3. Set the Maximum Receive Unit (MRU) 
awplus(config-if)# mru 10240  
awplus(config-if)# exit
Step 4. Configure port 1.0.3 as a customer edge port member of VLAN 10 
awplus# configure terminal Enter Global Configuration mode. 
awplus(config)# interface port1.0.3   
awplus(config-if)# switchport mode access   
awplus(config-if)# switchport access vlan 10  
awplus(config-if)# switchport vlan-stacking customer-edge-port   
awplus(config-if)# exit