VLAN-VPN Configuration Example

Transmitting User Packets through a Tunnel in the Public Network by Using

VLAN-VPN

Network requirements

z

z

z z

As shown in Figure 1-4, both Switch A and Switch B are the WX3000 series devices. They connect the users to the servers through the public network.

PC users and PC servers are in VLAN 100 created in the private network, while terminal users and terminal servers are in VLAN 200, which is also created in the private network. The VLAN VPN connection is established in VLAN 1040 of the public network.

Switches of other vendors are used in the public network. They use the TPID value 0x9200. Employ VLAN-VPN on Switch A and Switch B to enable the PC users and PC servers to communicate with each through a VPN, and employ VLAN-VPN on Switch A and Switch B to enable the Terminal users and Terminal servers to communicate with each other through a VPN.

Figure 1-4Network diagram for VLAN-VPN configuration

PC User VLAN 100

VLAN 200

SwitchB

GEth1/0/21

GEth1/0/22

TPID=0x9200

VLAN 1040

GEth1/0/12

GEth1/0/11

SwitchA

PC Server VLAN 100

VLAN 200

Terminal Server

Terminal User

Configuration procedure

zConfigure Switch A.

#Enable the VLAN-VPN feature on GigabitEthernet 1/0/11 of Switch A and tag the packets received on this port with the tag of VLAN 1040 as the outer VLAN tag.

<SwitchA> system-view [SwitchA] vlan 1040

[SwitchA-vlan1040] port GigabitEthernet 1/0/11

[SwitchA-vlan1040] quit

[SwitchA] interface GigabitEthernet 1/0/11 [SwitchA-GigabitEthernet1/0/11] vlan-vpn enable

[SwitchA-GigabitEthernet1/0/11] quit

1-5

Page 602
Image 602
3Com WX3000 operation manual VLAN-VPN Configuration Example, 4Network diagram for VLAN-VPN configuration