Operation Manual – VLAN-VPNH3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration1-1Chapter 1 VLAN-VPN ConfigurationWhen configuring VLAN-VPN, go to these sections for information you are interestedin:z VLAN-VPN Overviewz VLAN-VPN Configurationz Displaying and Maintaining VLAN-VPN Configurationz VLAN-VPN Configuration Example1.1 VLAN-VPN Overview1.1.1 Introduction to VLAN-VPNVirtual private network (VPN) is a new technology that emerges with the expansion ofthe Internet. It can be used for establishing private networks over the public network.With VPN, you can specify to process packets on the client or the access end of theservice provider in specific ways, establish dedicated tunnels for user traffic on publicnetwork devices, and thus improve data security.VLAN-VPN feature is a simple yet flexible Layer 2 tunneling technology. It tags privatenetwork packets with outer VLAN tags, thus enabling the packets to be transmittedthrough the service providers’ backbone networks with both inner and outer VLAN tags.In public networks, packets of this type are transmitted by their outer VLAN tags (that is,the VLAN tags of public networks), and the inner VLAN tags are treated as part of thepayload.Figure 1-1 describes the structure of the packets with single-layer VLAN tags.Figure 1-1 Structure of packets with single-layer VLAN tagsFigure 1-2 describes the structure of the packets with double-layer VLAN tags.Figure 1-2 Structure of packets with double-layer VLAN tagsCompared with MPLS-based Layer 2 VPN, VLAN-VPN has the following features:z It provides Layer 2 VPN tunnels that are simpler.z VLAN-VPN can be implemented through manual configuration. That is, signalingprotocol-related configuration is not needed.