VLAN Translation is used to encapsulate one vlan (doq1q) in another vlan (dot1q)
So, it is also called q-in-q encapsulation
The original vlan is called C-VLAN (customer) and the translated vlan is called S-VLAN (standard-vlan)
To use vlan translation, 2 ways are there:
- Use vlan mapping both ways .ie.any traffic coming with vlan X will be converted to vlan Y and those with vlan Y will be converted to Vlan X
interface Ethernet14
switchport mode trunk
switchport vlan mapping 80 280
switchport port-security maximum 4
switchport port-security violation protect log
interface Ethernet16
switchport trunk native vlan 80
switchport mode trunk
switchport vlan mapping 280 80
In above case, any traffic coming with vlan 80 on et14 will be converted to vlan 280. On et16, any traffic coming with vlan 280 will be converted to vlan 80 (both ingressing and egressing)
NOTE: In et14, compulsorily vlan280 must be allowed and on et16, compulsorily vlan 80 must be allowed since vlan translation ahppens very initially in pipeline. So, any traffic with original vlan will be converted to new vlan before any sort of processing happens.
- Another way is to use only 'in' and 'out' words in the mapping configuration, so that, only incoming or outgoing packets will be translated. Not other way around.
interface Ethernet14
switchport mode trunk
y
switchport port-security maximum 4
switchport port-security violation protect log
interface Ethernet16
switchport mode trunk
switchport vlan mapping 280 80
switchport vlan mapping out 280 80
In this case, on et 14, only incoming packets with vlan 80 will be translated to vlan 280. But, if a vlan 80 packet has to go out from et14, it will be sent as vlan 80 only. Similarly, on et16, only egressing packets will be translated. So, if vlan 280 packet has to go out from et16, it will be translated to vlan80. But, if a incoming packet with vlan 280 hits et16, it will not be translated.
No comments:
Post a Comment