QinQ and non-stacked (single tagged) packets on a port; zyxel 3700

iainmaoileoin
iainmaoileoin Posts: 3
First Comment
edited August 2022 in Switch
I have CLI access access only to a 3700-24.  It is in a live environment and so I cant experiment with it.  Up until now all ports in use have been non QInQ vlan tagged.    I now have a more complex setup coming along.  One port lets say 1 will bring in a QinQ packet.  Lets say 999 on the outer and 888 on the innner.  I need to get the whole QinQ packet from port 1 to port 3.  port 3 currently carries a lot of other single-tag VLANS - and needs to keep doing so.  The 3700 has a config like this for each vlan that can "visit" port 3

VLAN 77

normal ""
fixed 3,13-14,24
forbidden 1-2,4-12,15-19,21-24
untagged 1-2,4-12,15-19,21-24 

The device connected on port 3 understand QinQ and can process them OK - if I get them to it, and then it shunts out double-tagged packets - 999 outer and 888 inner (as the input).  The output packets need to get back to port 1.

Is it possible to achieve this?

All clues welcome.  My background is cisco, so the SPVID and TPID terminology in the manual is somehow just not clicking with me.  I am sure you are as confused with my outer and inner terminology.  I only visit this switch once every few years, so I am not fluent in zyxel ;-(

Best Answers

  • iainmaoileoin
    iainmaoileoin Posts: 3
    First Comment
    Answer ✓
    In the words of runrig, "can anyone explain"...
    Is this the command I am looking for to put on the 2 ports that I want to move QinQ "double tagged" packets between.  Unlike the examples in the manuals, my packets come in with both tags provided.
    I guess - HELP PLEASE - that the cvid is what I call the outer tag and spvid is what I call the inner tag?

    vlan-stacking selective-qinq name <name> interface port- channel <port> cvid <cvid> spvid <spvid> priority <0-7>

    Creates a selective VLAN stacking rule.
    cvid: 1 - 4094. This is the VLAN tag carried in the packets from the subscribers.
    spvid: 1 - 4094: This is the service provider’s VLAN ID (the outer VLAN tag).

  • Sakura_T
    Sakura_T Posts: 101  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited January 2021 Answer ✓
    In VLAN stacking QinQ, you have to assign access or trunk role for the ports:

    Access port: SPVID (outer VLAN tag) will be added on ingress packet, and the SPVID will be peeled out for egress packets.
    Tunnel port: trunking the double-tagged packets.

    Let's have an example, port 5 as access role and port 6 as tunnel role.
    CLI:
    interface port-channel 5
      vlan-stacking role access
      vlan-stacking SPVID 999
    exit
    interface port-channel 6
      vlan-stacking role tunnel
    exit
    vlan-stacking
    vlan-stacking selective-qinq name QQ interface port-channel 5 cvid 222 spvid 333 priority 0

    (Remember to put configs for VLAN 999 and 333 on the switch as well)

    Here's the outcome, 

    As VLAN 888 packets entering port 5, they will be added SPVID VLAN 999 tag, then sent out from port 6 as double-tagged (999 outer and 888 inner).
    When port 6 receiving the double-tagged packets, they will be then sent out from port 5 with VLAN 888 tag only (the outer 999 will be peeled off).
    However, in case of VLAN 222 packets entering port 5, they will be added SPVID VLAN 333 tag due to the "selective QinQ" rule.




All Replies

  • iainmaoileoin
    iainmaoileoin Posts: 3
    First Comment
    Answer ✓
    In the words of runrig, "can anyone explain"...
    Is this the command I am looking for to put on the 2 ports that I want to move QinQ "double tagged" packets between.  Unlike the examples in the manuals, my packets come in with both tags provided.
    I guess - HELP PLEASE - that the cvid is what I call the outer tag and spvid is what I call the inner tag?

    vlan-stacking selective-qinq name <name> interface port- channel <port> cvid <cvid> spvid <spvid> priority <0-7>

    Creates a selective VLAN stacking rule.
    cvid: 1 - 4094. This is the VLAN tag carried in the packets from the subscribers.
    spvid: 1 - 4094: This is the service provider’s VLAN ID (the outer VLAN tag).

  • Sakura_T
    Sakura_T Posts: 101  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited January 2021 Answer ✓
    In VLAN stacking QinQ, you have to assign access or trunk role for the ports:

    Access port: SPVID (outer VLAN tag) will be added on ingress packet, and the SPVID will be peeled out for egress packets.
    Tunnel port: trunking the double-tagged packets.

    Let's have an example, port 5 as access role and port 6 as tunnel role.
    CLI:
    interface port-channel 5
      vlan-stacking role access
      vlan-stacking SPVID 999
    exit
    interface port-channel 6
      vlan-stacking role tunnel
    exit
    vlan-stacking
    vlan-stacking selective-qinq name QQ interface port-channel 5 cvid 222 spvid 333 priority 0

    (Remember to put configs for VLAN 999 and 333 on the switch as well)

    Here's the outcome, 

    As VLAN 888 packets entering port 5, they will be added SPVID VLAN 999 tag, then sent out from port 6 as double-tagged (999 outer and 888 inner).
    When port 6 receiving the double-tagged packets, they will be then sent out from port 5 with VLAN 888 tag only (the outer 999 will be peeled off).
    However, in case of VLAN 222 packets entering port 5, they will be added SPVID VLAN 333 tag due to the "selective QinQ" rule.




  • Thanks for that, it clarifies the manual.   I will go build a wee test rig to make sure I follow.

    BUT, my case gets more complex in that the packets are arriving on an incoming port are already QinQed, I dont need to tag/retag them.  I need to send them to another port which has a device that can understand QinQ.  So, I dont need to rewrite the packet vlan-ids.  Also I want to merge that QinQ data stream with non-QinQ.

    Also when I send out reply data it will already be QinQed.

    What I seem to have found (working on a zyxel OLT not a 3700) is that the code handles the (1) outer in the case of QinQ and (2) single in the case of a single-vlan tag without any special code.

    vlan 999
    fixed 5,6
    forbidden 1-4,7-16
    untagged 1-4.7-16
    exit
    appears to allow both QinQ packets with an outer of 999 and "straight" vlan packets with a single tag of 999 to be sent to/from eth-1 and eth-2.  The GPON zyxel starts eth0 at a port count of 4.
    In my case the device connected to eth-2 can handle both kinds of packets, it does so, and the zyxel transmits both single and double tagged data on ports eth-1 and eth-2.

    (remember that on a GPON router the first 4 ports are the ports for GPON, so eth-1 is port 5 and eth-2 is port 6).

    The manual does not suggest it is this easy to handle QinQ and single tags on the same port.

    Does this sound reasonable?  Any comments?
    All welcome.

  • Zyxel_Jonas
    Zyxel_Jonas Posts: 313  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @iainmaoileoin,

    Based on your description, it doesn't need to be complicated.
    Just be ensured that the Zyxel switch ports that will receive/send the VLAN traffic is configure with VLAN trunking OR static VLAN with specify VID (tagged out).

    If there is any inquiry, please let me know.
    Jonas,