Operation Manual – VLAN-VPNH3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration1-1Chapter 1 VLAN-VPN Configuration1.1 VLAN-VPN Overview1.1.1 Introduction to VLAN-VPNVirtual private network (VPN) is a new technology that emerges with the expansion ofthe Internet. It can be used for establishing private networks over the public network.With VPN, you can specify to process packets on the client or the access end of theservice provider in specific ways, establish dedicated tunnels for user traffic on publicnetwork devices, and thus improve data security.VLAN-VPN feature is a simple yet flexible Layer 2 tunneling technology. It tags privatenetwork packets with outer VLAN tags, thus enabling the packets to be transmittedthrough the service providers’ backbone networks with both inner and outer VLAN tags.In public networks, packets of this type are transmitted by their outer VLAN tags (that is,the VLAN tags of public networks), and the inner VLAN tags are treated as part of thepayload.Figure 1-1 describes the structure of the packets with single-layer VLAN tags.Destination MAC address0 31DataSource MAC address15VLAN TagFigure 1-1 Structure of packets with single-layer VLAN tagsFigure 1-2 describes the structure of the packets with double-layer VLAN tags.Destination MAC address0 31DataSource MAC address15Inner VLAN TagOuter VLAN TagFigure 1-2 Structure of packets with double-layer VLAN tagsCompared with MPLS-based Layer 2 VPN, VLAN-VPN has the following features: