Fortinet black logo

FortiSwitch (FortiLink) Cookbook

Home FortiSwitch 6.4.6 FortiSwitch (FortiLink) Cookbook
6.4.6
6.4.6
6.4.2
6.0.1

Retag service VLANs

Retag service VLANs

The following figure shows the topology for the non-edge provider PSW2 receiving QinQ traffic from the provider edge switch PSW1 on port1 with customer VLAN 350 and service-tag 1000. The traffic is then sent out on port2 with service-tag 3000, preserving the customer VLAN. The reverse is done for traffic coming on port2 and leaving port1. In this example, the service VLAN retagging operation is done on the ingress port.

The following is the configuration of the provider port port1 of PSW2:

config switch interface

edit "port1"

set allowed-vlans 1-4094

config vlan-mapping

edit 1

set direction ingress

set match-c-vlan 350

set action replace

set new-s-vlan 3000

next

end

set vlan-tpid "qnq"

next

end

config switch vlan-tpid

edit "qnq"

set ether-type 0x88a8

next

end

The following is the configuration of the provider port port2 of PSW2:

config switch interface

edit "port2"

set allowed-vlans 1-4094

config vlan-mapping

edit 1

set direction ingress

set match-c-vlan 350

set action replace

set new-s-vlan 1000

next

end

set vlan-tpid "qnq"

next

end

You can also apply service VLAN retagging on egress. In this case, the match is done on the service tag. If you choose action replace, the new service VLAN must be specified. If you choose action delete, the service tag is removed, and the frame is forwarded with only the customer VLAN.

Previous
Next

Retag service VLANs

The following figure shows the topology for the non-edge provider PSW2 receiving QinQ traffic from the provider edge switch PSW1 on port1 with customer VLAN 350 and service-tag 1000. The traffic is then sent out on port2 with service-tag 3000, preserving the customer VLAN. The reverse is done for traffic coming on port2 and leaving port1. In this example, the service VLAN retagging operation is done on the ingress port.

The following is the configuration of the provider port port1 of PSW2:

config switch interface

edit "port1"

set allowed-vlans 1-4094

config vlan-mapping

edit 1

set direction ingress

set match-c-vlan 350

set action replace

set new-s-vlan 3000

next

end

set vlan-tpid "qnq"

next

end

config switch vlan-tpid

edit "qnq"

set ether-type 0x88a8

next

end

The following is the configuration of the provider port port2 of PSW2:

config switch interface

edit "port2"

set allowed-vlans 1-4094

config vlan-mapping

edit 1

set direction ingress

set match-c-vlan 350

set action replace

set new-s-vlan 1000

next

end

set vlan-tpid "qnq"

next

end

You can also apply service VLAN retagging on egress. In this case, the match is done on the service tag. If you choose action replace, the new service VLAN must be specified. If you choose action delete, the service tag is removed, and the frame is forwarded with only the customer VLAN.

Previous
Next