VLAN stacking (QinQ)
VLAN stacking allows you to have multiple VLAN headers in an Ethernet frame. The value of the EtherType field specifies where the VLAN header is placed in the Ethernet frame.
Use the VLAN TPID profile to specify the value of the EtherType field. The FortiSwitch unit supports a maximum of four VLAN TPID profiles, including the default (0x8100). The default VLAN TPID profile (0x8100) cannot be deleted or changed.
NOTE: The following FortiSwitch models support VLAN stacking:
FS-124D, FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE, FS-424D, FS-424D-POE, FS-424D-FPOE, 424E, 424E-POE, 424E-FPOE, FS-424E-Fiber, 426E-MG-FPOE, FS-448D, FS-448D-POE, FS-448D-FPOE, 448E, 448E-POE, 448E-FPOE, FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE, FS-1024D, FS-1048D, FS-1048E, FS-3032D, and FS-3032E
NOTE: The following features are not supported with VLAN stacking:
- DHCP relay
- DHCP snooping
- IGMP snooping
- IP source guard
- PVLAN
- STP
NOTE: Settings under config qnq
are for customer VLANs (C-VLANs). Other settings such as set allowed-vlans
, set native-vlan
, and set vlan-tpid
are for service-provider VLANs (S-VLANs).
To configure VLAN stacking (asterisks indicate the default setting):
config switch interface
edit <interface_name>
set vlan-tpid <default | string>
config qnq
set status {enable | *disable}
set vlan-mapping-miss-drop {enable | *disable}
set add-inner <1-4095>
set edge-type customer
set priority {follow-c-tag | *follow-s-tag}
set remove-inner {enable | *disable}
set s-tag-priority <0-7>
config vlan-mapping
edit <id>
set description <string>
set match-c-vlan <1-4094>
set new-s-vlan <1-4094>
next
end
end
next
end
Variable |
Description |
Default |
<interface_name> |
Enter the name of the interface. |
No default |
vlan-tpid <default | string> |
Select which VLAN TPID profile to use. The default VLAN TPID profile has a value of 0x8100 and cannot be deleted or changed. This setting is only for service-provider VLANs (S-VLANs). NOTE: If you are not using the default VLAN TPID profile, you must have already defined the VLAN TPID profile with the |
default |
config qnq |
||
status {enable | *disable} |
Enable or disable VLAN stacking (QinQ) mode. |
disable |
vlan-mapping-miss-drop {enable | *disable} |
If the QinQ mode is enabled, enable or disable whether a packet is dropped if the VLAN ID in the packetʼs tag is not defined in the vlan-mapping configuration. |
disable |
add-inner <1-4095> |
If the QinQ mode is enabled, add the inner tag for untagged packets upon ingress. |
No default |
edge-type customer |
If the QinQ mode is enabled, the edge type is set to customer. |
customer |
priority {follow-c-tag | *follow-s-tag} |
If the QinQ mode is enabled, select whether to follow the priority of the S-tag (service tag) or C-tag (customer tag). NOTE: This command is not available on the 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448D-POE, 448D-FPOE, 224E, 224E-POE, 248E-POE and 248E-FPOE models. |
follow-s-tag |
remove-inner {enable | *disable} |
If the QinQ mode is enabled, enable or disable whether the inner tag is removed upon egress. |
disable |
s-tag-priority <0-7> |
If packets follow the priority of the S-tag (service tag),
enter the priority value.
This option is available only when the priority is set to
NOTE: This command is not available on the 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448D-POE, 448D-FPOE, 224E, 224E-POE, 248E-POE and 248E-FPOE models. |
0 |
<id> |
Enter a mapping entry identifier. |
No default |
description <string> |
Enter a description of the mapping entry. |
No default |
match-c-vlan <1-4094> |
Enter a matching customer (inner) VLAN. |
0 |
new-s-vlan <1-4094> |
Enter a new service (outer) VLAN. NOTE: The VLAN must be in the portʼs allowed VLAN list. This option is only available after you set the value for |
No default |
To configure VLAN mapping on an interface (asterisks indicate the default setting):
config switch interface
edit <interface_name>
set vlan-tpid <default | string>
set vlan-mapping-miss-drop {enable | *disable}
config vlan-mapping
edit <id>
set description <string>
set direction ingress // ingress example
set match-c-vlan <1-4094>
set action {add | replace}
set new-s-vlan <1-4094>
next
edit <id>
set description <string>
set direction egress // egress example
set match-s-vlan <1-4094>
set action {delete | replace}
set new-s-vlan <1-4094>
next
end
next
end
Variable |
Description |
Default |
<interface_name> |
Enter the name of the interface. |
No default |
vlan-tpid <default | string> |
Select which VLAN TPID profile to use. The default VLAN TPID profile has a value of 0x8100 and cannot be deleted or changed. This setting is only for service-provider VLANs (S-VLANs). NOTE: If you are not using the default VLAN TPID profile, you must have already defined the VLAN TPID profile with the |
default |
vlan-mapping-miss-drop {enable | *disable} |
Enable or disable whether a packet is dropped if the VLAN ID in the packetʼs tag is not defined in the vlan-mapping configuration. |
disable |
config vlan-mapping |
||
<id> |
Enter an identifier for the VLAN mapping entry. |
No default |
description <string> |
Enter a description of the VLAN mapping entry. |
No default |
direction {egress | ingress} |
Select the ingress or egress direction. |
No default |
match-s-vlan <1-4094> |
If the direction is set to egress, enter the service (outer) VLAN to match. |
0 |
match-c-vlan <1-4094> |
If the direction is set to ingress, enter the customer (inner) VLAN to match. |
0 |
action {add | delete | replace} |
Select what happens when the packet is matched: - - - This option is only available after you set a value for |
No default |
new-s-vlan <1-4094> |
Set the new service (outer) VLAN. This option is only available after you set the action to |
No default |
To configure the VLAN TPID profile:
config switch vlan-tpid
edit <VLAN_TPID_profile_name>
set ether-type <0x0001-0xfffe>
next
end
Variable |
Description |
Default |
<VLAN_TPID_profile_name> |
Enter a name for the VLAN TPID profile name. |
No default |
ether-type <0x0001-0xfffe> |
Enter a hexadecimal value for the EtherType field. |
0x8100 |
To check the VLAN stacking (QinQ) configuration:
diagnose switch qnq dtag-cfg