Fortinet black logo

Administration Guide

QinQ 802.1Q in 802.1ad

QinQ 802.1Q in 802.1ad

QinQ (802.1ad) allows multiple VLAN tags to be inserted into a single frame, and can be configured on supported FortiGate devices.

In this example, the customer connects to a provider that uses 802.1ad double-tagging to separate their customer VLANs. The FortiGate connecting to the provider double-tags its frames with an outer provider-tag (S-Tag) and an inner customer-tag (C-Tag).

The customer identifies itself with the provider-tag (S-Tag) 232 and uses the customer-tag (C-Tag) 444 for traffic to its VLAN.

To configure the interfaces:
  1. Configure the interface to the provider that uses the outer tag (S-Tag):

    config system interface
        edit "vlan-8021ad"
            set vdom "root"
            set vlan-protocol 8021ad
            set device-identification enable
            set role lan
            set snmp-index 47
            set interface "PORT"  
            set vlanid 232
        next
    end
  2. Configure a dynamic VLAN interface that uses the inner tag (C-Tag):

    config system interface
        edit "DVLAN"
            set vdom "vdom1"
            set device-identification enable
            set role lan
            set snmp-index 48
            set interface "vlan-8021ad"
            set vlanid 444
        next
    end

The following FortiGate devices are not supported: 1100E, 1101E, 2200E, 2201E, 3300E, 3301E, 3400E, 3401E, 3600E, 3601E.

QinQ 802.1Q in 802.1ad

QinQ (802.1ad) allows multiple VLAN tags to be inserted into a single frame, and can be configured on supported FortiGate devices.

In this example, the customer connects to a provider that uses 802.1ad double-tagging to separate their customer VLANs. The FortiGate connecting to the provider double-tags its frames with an outer provider-tag (S-Tag) and an inner customer-tag (C-Tag).

The customer identifies itself with the provider-tag (S-Tag) 232 and uses the customer-tag (C-Tag) 444 for traffic to its VLAN.

To configure the interfaces:
  1. Configure the interface to the provider that uses the outer tag (S-Tag):

    config system interface
        edit "vlan-8021ad"
            set vdom "root"
            set vlan-protocol 8021ad
            set device-identification enable
            set role lan
            set snmp-index 47
            set interface "PORT"  
            set vlanid 232
        next
    end
  2. Configure a dynamic VLAN interface that uses the inner tag (C-Tag):

    config system interface
        edit "DVLAN"
            set vdom "vdom1"
            set device-identification enable
            set role lan
            set snmp-index 48
            set interface "vlan-8021ad"
            set vlanid 444
        next
    end

The following FortiGate devices are not supported: 1100E, 1101E, 2200E, 2201E, 3300E, 3301E, 3400E, 3401E, 3600E, 3601E.