Business customers of service providers often have specific requirements for VLAN IDs and the number
of VLANs to be supported. The VLAN ranges required by different customers in the same
service-provider network might overlap, and traffic of customers through the infrastructure might be
mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer configurations
and could easily exceed the VLAN limit (4096) of the IEEE 802.1Q specification.
Using the QinQ feature, service providers can use a single VLAN to support customers
who have multiple VLANs. Customer VLAN IDs are preserved, and traffic from different customers is
segregated within the service-provider network, even when they appear to be in the same VLAN. Using
QinQ expands VLAN space by using a VLAN-in-VLAN hierarchy and retagging the
tagged packets.
Virtual private networks (VPNs) provide enterprise-scale connectivity on a shared infrastructure, often
Ethernet-based, with the same security, prioritization, reliability, and manageability requirements of
private networks. QinQ tunnel is a feature designed for service providers who carry traffic of multiple
customers across their networks and are required to maintain the VLAN and Layer 2 protocol
configurations of each customer without impacting the traffic of other customers.
When you configure QinQ tunnel, you assign the QinQ user-port and uplink-port to
a VLAN ID that is dedicated to QinQ tunnel.