Configuring Q in Q VLAN tagging
A Q-in-Q VLAN tunnel enables a service provider to segregate the traffic of different customers in their infrastructure, while still giving the customer a full range of VLANs for their internal use by adding a second 802.1Q tag to an already tagged frame.
Here is a guide on how to configure Q in Q VLAN tagging on AMG510 & AMG570 Switches:
Web GUI
Step 1: You will require 3 switches for the configuration used in this guide. A Core switch and 2 separate switches connected to the core switch via CAT5E/6 ethernet. Access the Web GUI of the Core switch. On the left-hand side of the Web GUI, select Configuration > VLANs
Step 2: Configure a minimum of two ports with ‘Hybrid’ mode, two separate ‘Port VLAN IDs’, select Port type ‘C-Port’, ‘Ingress Filtering’, specify your ‘Ingress Acceptance’, ‘Egress Tagging’ as ‘Untag Port VLAN’ and if you would like to ‘Allow’ or ‘Forbid’ any VLANs
Step 3: On a separate switch, connect a trunk port with Egress Tagging selected as ‘Untag Port VLAN’ and allowed VLANs to one of the ‘Hybrid Port VLANs’. For any ‘allowed VLANs’, create an access port for those VLANs for testing purposes and select the ‘save’ button. Repeat this step for a second separate switch
Step 4: To test your configuration connect a PC to each of the separate switches on the access port VLAN 10 and using ‘Command Prompt’ on the PC, ping the IP address of the PC connected to the other separate switch which is also on VLAN 10 using the command “ping [IP-Address]”. If successful, your ping from the pc on access port VLAN 10 connected to the switch that is trunked to the ‘Hybrid’ port VLAN 901 on the Core switch should fail to ping the PC on access port VLAN 10 that is connected to the switch that is trunked to the ‘Hybrid’ port VLAN 902 on the Core switch
Step 5: To test connectivity between two devices connected to VLAN 10 on the separate switches but connected to a ‘Hybrid’ port with the same ‘Port VLAN’, change the Port VLAN from 902 to 901 on the Core switch
Step 6: Repeat Step 4 where both separate switches should be connected to a ‘Hybrid Port VLAN’ of 901. You should be able to successfully ping the device connected to the second separate switch that is on access port VLAN 10
Step 7: To save your configurations, on the left-hand side of the Web GUI, select Maintenance > Configuration > Save startup-config
Command Line Interface (CLI)
Step 1: You will require 3 switches for the configuration used in this guide. A Core switch and 2 separate switches connected to the core switch via CAT5E/6 ethernet. Access the command line interface of the Core switch and enter configuration mode by typing the command “configure terminal” and pressing enter
configure terminal
Step 2: On a port that is connected to a separate switch, configure this port to be hybrid and have a port VLAN ID specific. Do the same for the second switch and make that port VLAN ID separate. Enter the command “interface GigabitEthernet [PORT-NUMBER]”. Then enter “switchport hybrid native vlan [Port-VLAN-ID]”. Followed by “switchport hybrid ingress-filtering" and lastly “switchport mode hybrid”. Repeat this for hybrid port connected to the second separate switch with a port VLAN ID different the first separate switch
Step 3: Create a trunk port on the separate switches connecting to their subsequent Hybrid Port VLANs. Enter configuration mode on a separate switch by entering the command “configure terminal”. Enter the command “interface GigabitEthernet [PORT-NUMBER]”. Enter the command “switchport trunk allowed vlan [VLAN-ID]” followed by the command “switchport mode trunk”. Repeat this on the second switch on the trunk port
configure terminal
interface GigabitEthernet [PORT-NUMBER]
switchport trunk allowed vlan [VLAN-ID]
switchport mode trunk
Step 4: Configure a separate access port on a separate VLAN for testing purposes. Enter the command “interface GigabitEthernet [PORT-NUMBER]”, followed by the command “switchport access vlan [VLAN-ID]”
interface GigabitEthernet [PORT-NUMBER]
switchport access vlan [VLAN-ID]
Step 5: To test your configuration connect a PC to each of the separate switches on the access port VLAN [VLAN-ID] and using ‘Command Prompt’ on the PC, ping the IP address of the PC connected to the other separate switch which is also on the same VLAN ID using the command “ping [IP-Address]”. If successful, your ping from the pc on the same access port VLAN connected to the switch that is trunked to the ‘Hybrid’ port VLAN 901 on the Core switch should fail to ping the PC on same access port VLAN that is connected to the second switch that is trunked to the ‘Hybrid’ port VLAN on the Core switch
Step 6: To test connectivity between two devices connected to the same VLAN IDs on the separate switches but connected to a ‘Hybrid’ port with the same ‘Port VLAN’, change the Port VLAN IDs to the same VLAN IDs on the Core switch and repeat Step 4. You should be able to successfully ping the device connected to the second separate switch that is on the same access port VLAN
Step 7: To save your configurations, exit configuration mode by entering the command “exit” followed by the command “copy running-config startup-config"
exit
copy running-config startup-config
