| Home Prev |  cOS Stream 4.00.03 Administration Guide
|
Next |
|---|
To provide a VLAN solution in certain scenarios, it is possible to wrap traffic from multiple VLANs inside a single parent VLAN. This technique is referred to Q-in-Q VLANs or Stacked VLANs.
The same VLAN object is used to implement a Q-in-Q VLAN, with the Type property set to 88a8. The Type property corresponds to the TPID setting in the VLAN tag and this is explained further at the end of this section.
After the service VLAN object is defined, a non-service VLAN object can be placed inside it by setting its BaseInterface property to be the service VLAN object. This is demonstrated in the example below.
A Clavister NetShield Firewall can act as a terminator for a service VLAN. A typical use case for service VLAN termination is illustrated in the diagram below.Here, corporate departments A and B each use two VLANs where the VLAN IDs 10 and 20 can be duplicated. A switch in each department connects it to another central corporate switch using the unique VLAN IDs 101 and 102. This central switch can now connect to the Clavister NetShield Firewall using a single service LAN which tunnels the 101 and 102 VLANs.
Defining a Service VLAN
A standard VLAN object is used to define a service VLAN but the Type property for the object is set to 0x88a8. This Type property corresponds to the TPID setting in the VLAN tag and this is explained further below.After the service VLAN object is defined, a non-service VLAN object can be placed inside it by setting its Base Interface property to be the service VLAN object. This is demonstrated in the example below.
Example 3.2. Defining a Service VLAN
This example defines a service VLAN called svlan_A with an ID of 100 on the physical interface if3. The IP address will default to the IP of the physical interface.
Command-Line Interface
System:/> add Interface VLAN svlan_A
Type=88a8
BaseInterface=if3
VLANID=100A VLAN object can now be added to this:
System:/> add Interface VLAN vlan1
BaseInterface=svlan_A
VLANID=1
The Complete List of Type Values
The complete list of values that can be used for the Type property in a VLAN object is shown below.| TPID (Hexadecimal) | Decimal Equivalent | Description |
|---|---|---|
| 8100 | 33024 | IEEE 802.1Q VLAN (the default) |
| 88a8 | 34984 | IEEE 802.1ad Service VLAN |
| 9100 | 37120 | 0x9100 VLAN |
| 9200 | 37376 | 0x9200 VLAN |
| 9300 | 37632 | 0x9300 VLAN |
The Type property specifies the Modified Tag Protocol Identifier (TPID) in the VLAN tag. The value is hexadecimal, so specifying 8100 for the Type corresponds to the hexadecimal number 0x8100.
Since the VLAN object defaults to a Type of 8100 (a standard VLAN), the only Type usually needed is 88a8 to specify a service VLAN. The last three entries in the list may be needed to provide interoperability with external equipment from some manufacturers.
Service VLANs within Service VLANs
The BaseInterface property of a service VLAN object can be another service VLAN object. In other words, one service VLAN can contain another service VLAN.Although unusual beyond a couple of levels, cOS Stream permits up to 16 levels of nesting, with a VLAN object at the first level wrapped by a maximum of 15 levels of nested service VLAN objects.
