Hello Moiuy
Typically this is done between the ISP and the customer, so that one ISP VLAN can carry multiple customer VLANs. The point here is to be able to convey multiple VLANs (trunks) from one customer site to another without the ISP needing to participate in trunking. It can recieve the tagged frames, add a second tag to it, so that all internal VLANs of the customer will be tagged with a single ISP tag to differentiate it from other customers on the ISP network.
You can configure QinQ on your own network internally, but there’s no reason to do so. Double tagging your traffic on your LAN will not increase safety. It is not a security feature. More info about it can be found in the 802.1Q tunneling lesson.
Tagging the native VLAN will add a level of security by not allowing any untagged frames to be transmitted to a trunk port. In general if your network is otherwise secure, it’s not really necessary, however, it never hurts to add it in. You can see how it can be done at the end of the following lesson:
Take a look at this post: 802.1Q Native VLAN on Cisco IOS Switch - #131 by lagapidis
I hope this has been helpful!
Laz