Switching Introduction
©2008 Allied Telesis Inc. All rights reserved.
14.18
AlliedWare Plus
TM
Operating System Software Reference C613-50003-00 REV E
Software Version 5.2.1
VLAN Double Tagging (VLAN
Stacking)
VLAN double tagging, also known as VLAN Stacking, Nested VLANs, or Q-in-Q VLANs, are
used to operate a number of private Layer 2 networks within a single public Layer 2 network.
This feature provides simple access infrastructure for network service providers to operate
Metropolitan Area Networks (MANs) as commercial value added networks.
A nested VLAN implementation consists of the following port types:
■
Provider ports - these connect to a service provider’s Layer-2 network
■
Customer edge ports - these connect to a customer’s private Layer-2 network
How
double-tagged
VLANs work
In a nested VLAN environment VLAN tagging exists at two levels:
■
client tagging,
■
service provider tagging.
When nested VLAN functionality is enabled, the service provider assigns to each of its clients,
an individual 12 bit customer VID called an S-Tag. The S-Tag field has an identical structure to
a conventional VLAN tag field.
The S-Tag is attached to a packet as it enters the service provider network at the customer
edge port, and is removed as it leaves the destination customer edge port. From this point on,
the S-Tag is used for transmission within the service provider, or public Layer-2, network. The
VID that is used within the client’s own network (now termed the C-Tag) is ignored by the
service provider network and bridging is based on the value of the S-Tag. The ethertype of the
S-Tag is set by changing the Tag Protocol Identifier (TPID).
Once the S-Tag is removed from the packet, it is forwarded “as is” out of the customer-edge
port. The tagged status of the Customer port is ignored on egress.
Rules for
double-tagged
VLANs
When double-tagged VLANs are created on the switch:
■
a nested VLAN belongs to only one customer and can have multiple customer-edge ports
■
a port must be either a customer-edge port or a provider port, but cannot be both
A service provider port:
■
accepts only tagged packets
■
transmits only tagged packets
■
can be in many double-tagged VLANs
A customer edge port:
■
accepts both tagged and untagged packets
■
transmits both tagged and untagged packets
■
can be a member of only one nested VLAN
Restrictions when using double-tagged VLANs
Restrictions when double-tagged VLANs are implemented are:
■
Ethernet bridging is based on the S-Tag VID instead of the packet C-Tag VID. The packets
C-Tag VID does not change
■
ARP packet trapping is restricted.
■
hardware filtering does not work above MAC address level