03-Layer 2 - LAN Switching Command Reference

HomeSupportResource CenterRoutersH3C SR8800 Router SeriesH3C SR8800 Router SeriesTechnical DocumentsReference GuidesCommand ReferencesH3C SR8800 Command Reference-Release3347-6W10303-Layer 2 - LAN Switching Command Reference
01-VLAN Commands
Title Size Download
01-VLAN Commands 183.03 KB

VLAN configuration commands

VLAN configuration commands

default

Syntax

default

View

VLAN interface view

Default level

2: System level

Parameters

None

Description

Use the default command to restore the default settings for a VLAN interface.

This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. You can use the display this command in interface view to check for these commands, and perform their undo forms or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message to resolve the problem.

 

CAUTION

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you perform it on a live network.

 

Examples

# Restore the default settings for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] default

This command will restore the default settings. Continue? [Y/N]:y

description

Syntax

description text

undo description

View

VLAN view, VLAN interface view

Default level

2: System level

Parameters

text: Creates a description for a VLAN or VLAN interface. Valid characters and symbols include English letters (A to Z, a to z), digits (1 to 9), special English characters, spaces, and other Unicode characters and symbols.

·           For a VLAN, the description string contains 1 to 32 characters.

·           For a VLAN interface, the description string contains 1 to 80 characters.

 

 

NOTE:

·       Each Unicode character takes the space of two regular characters.

·       To use a type of Unicode characters or symbols in an interface description, install the specific input method editor and log in to the router through remote login software that supports this character type.

·       When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two. As a result, garbled characters may be displayed at the end of a line.

 

Description

Use the description command to configure the description of the current VLAN or VLAN interface.

Use the undo description command to restore the default.

For a VLAN, the default description is the VLAN ID, for example, VLAN 0001; for a VLAN interface, the default description is the name of the interface, for example, Vlan-interface 1 Interface.

You can configure a description to describe the function or connection of a VLAN or VLAN interface for management sake.

Examples

# Configure the description of VLAN 2 as RESEARCH.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] description RESEARCH

# Configure the description of VLAN interface 2 as VLAN-INTERFACE-2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description VLAN-INTERFACE-2

display interface vlan-interface

Syntax

display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]

display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

vlan-interface-id: VLAN interface number.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display interface vlan-interface command to display information about a specified or all VLAN interfaces.

If you do not provide the vlan-interface keyword, this command displays information about all interfaces.

If you provide the vlan-interface keyword but does not specify the VLAN interface number, this command displays information about all VLAN interfaces.

Related commands: reset counters interface vlan-interface.

Examples

# Display the information of VLAN-interface 2.

<Sysname> display interface vlan-interface 2

Vlan-interface2 current state: DOWN

Line protocol current state: DOWN

Description: Vlan-interface2 Interface

The Maximum Transmit Unit is 1500

Internet Address is 192.168.1.54/24 Primary

Internet Address is 6.4.4.4/24 Sub

IP Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 000f-e249-8050

IPv6 Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 000f-e249-8050

Last clearing of counters:  Never

     Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

     Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 drops

     0 packets output, 0 bytes, 0 drops

# Display brief information for VLAN-interface 2.

<Sysname> display interface vlan-interface 2 brief

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Main IP         Description

Vlan2                DOWN DOWN     192.168.1.54

# Display brief information for VLAN interfaces in DOWN state.

<Sysname> display interface vlan-interface brief down

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Interface            Link Cause

Vlan2                DOWN Not connected

Table 1 Output description

Field

Description

Vlan-interface2 current state

The physical state of the VLAN interface, which can be one of the following:

·       Administratively DOWN—The administrative state of the VLAN interface is down because it has been manually shut down with the shutdown command.

·       DOWN—The administrative state of this VLAN interface is up, but its physical state is down. It indicates that the VLAN corresponding to this interface does not contain any port in the UP state (possibly because the ports are not well connected or the lines have failed).

·       UP—Both the administrative state and the physical state of this VLAN interface are up.

Line protocol current state

The link layer protocol state of a VLAN interface, which can be one of the following:

·       DOWN—The protocol state of this VLAN interface is down.

·       UP—The protocol state of this VLAN interface is up.

Description

The description of a VLAN interface

The Maximum Transmit Unit

The MTU of a VLAN interface

Internet protocol processing disabled

The interface is not capable of processing IP packets. This field is displayed when no IP address is configured for the interface.

Internet Address is 192.168.1.54/24 Primary

The primary IP address of the interface is 192.168.1.54/24. This information is displayed only if the primary IP address is configured for the interface.

Internet Address is 6.4.4.4/24 Sub

The secondary IP address of the interface is 6.4.4.4/24. This information is displayed only if a secondary IP address is configured for the interface.

IP Packet Frame Type

IPv4 outgoing frame format.

Hardware address

MAC address corresponding to a VLAN interface.

IPv6 Packet Frame Type

IPv6 outgoing frame format.

Last clearing of counters

Time when the reset counts interface vlan-interface command was last used to clear the interface statistics. Never indicates the reset counters interface command has never been used on the current interface since the router’s startup.

Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Average rate of input packets and output packets in the last 300 seconds (in Bps, bps, and pps).

0 packets input, 0 bytes, 0 drops

Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets.

0 packets output, 0 bytes, 0 drops

Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets.

The brief information of interface(s) under route mode

Brief information about Layer 3 interfaces.

Link: ADM - administratively down; Stby - standby

ADM—The interface has been administratively shut down. To recover its physical state, perform the undo shutdown command.

Stby—The interface is operating as a standby interface

Protocol: (s) - spoofing

If the network layer protocol state of an interface is shown as UP, but its link is an on-demand link or not present at all, its protocol attribute includes the spoofing flag (an s in parentheses).

Interface

The abbreviated interface name.

Link

The physical link state of the interface:

·       UP—The link is up.

·       ADM—The link has been administratively shut down. To recover its physical state, perform the undo shutdown command.

Protocol

Protocol connection state of the interface, which can be UP, DOWN, or UP(s).

Main IP

The main IP address of the interface.

Cause

The cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To restore the physical state of the interface, use the undo shutdown command.

 

 

NOTE:

The router does not support traffic statistics collection on VLAN interfaces, and displays VLAN interface statistics as 0.

 

display vlan

Syntax

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

vlan-id1: Displays the information of a VLAN specified by VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Displays the information of a range of VLANs specified by a VLAN ID range.

all: Displays all current VLAN information except for the reserved VLANs.

dynamic: Displays the information of dynamic VLANs. Dynamic VLANs refer to VLANs that are generated through GVRP or those distributed by a RADIUS server.

reserved: Displays information of the reserved VLANs. Protocol modules determine reserved VLANs according to function implementation, and reserved VLANs serve protocol modules. You cannot do any operation on reserved VLANs.

static: Displays static VLAN information. Static VLANs refer to VLANs manually created.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display vlan command to display VLAN information.

Related commands: vlan.

Examples

# Display information about VLAN 2.

<Sysname> display vlan 2

 VLAN ID: 2

 VLAN Type: static

 Route Interface: not configured

 IP Address: 1.1.1.1

 Subnet Mask: 255.255.255.0

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged   Ports:

    GigabitEthernet2/1/2

 Untagged Ports: none

Table 2 Output description

Field

Description

VLAN Type

VLAN type (static or dynamic).

Route interface

Whether the VLAN interface is configured for the VLAN (not configured or configured).

Description

Description of the VLAN.

Name

Name configured for the VLAN.

IP Address

Primary IP address of the VLAN interface (available only when an IP address is configured for the VLAN interface). You can use the display interface vlan-interface command in any view or the display this command in VLAN interface view to display its secondary IP addresses, if any.

Subnet Mask

Subnet mask of the primary IP address (available only when an IP address is configured for the VLAN interface).

Tagged Ports

Ports through which packets of the VLAN are sent tagged.

Untagged Ports

Ports through which packets of the VLAN are sent untagged.

 

interface vlan-interface

Syntax

interface vlan-interface vlan-interface-id

undo interface vlan-interface vlan-interface-id

View

System view

Default level

2: System level

Parameters

vlan-interface-id: Specifies a VLAN ID, ranging from 1 to 4094.

Description

Use the interface vlan-interface command to create a VLAN interface and enter its view or enter the view of an existing VLAN interface.

Before you can create the VLAN interface of a VLAN, create the VLAN first.

Use the undo interface vlan-interface command to remove the specified VLAN interface.

Related commands: display interface vlan-interface.

Examples

# Create VLAN-interface 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

ip address

Syntax

ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]

View

VLAN interface view

Default level

2: System level

Parameters

ip-address: IP address to be assigned to the current VLAN interface, in dotted decimal format.

mask: Subnet mask in dotted decimal notation.

mask-length: Subnet mask length, the number of consecutive ones in the mask. The value range is 0 to 32.

sub: Indicates the address is a secondary IP address.

Description

Use the ip address command to assign an IP address and subnet mask to a VLAN interface.

Use the undo ip address command to remove the IP address and sub-net mask for a VLAN interface.

By default, no IP address is assigned to any VLAN interface.

When a VLAN connects to one subnet, you need to assign only one IP address for its VLAN interface. When the VLAN connects to multiple subnets, you need to assign multiple IP addresses for the VLAN interface. Among these IP addresses, one is primary and the others are secondary.

When you configure IP addresses for a VLAN interface, consider the following:

·           You can assign only one primary IP address to an interface.

·           Before removing the primary IP address, remove all secondary IP addresses.

·           To remove the primary IP address, use the undo ip address ip-address { mask | mask-length } command.

·           To remove a secondary IP address, use the undo ip address ip-address { mask | mask-length } sub command.

·           To remove all IP addresses, use the undo ip address command without any keyword or argument.

Related commands: display ip interface (Layer 3—IP Services Command Reference).

Examples

# Specify the IP address as 1.1.0.1, the sub-net mask as 255.255.255.0 for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ip address 1.1.0.1 255.255.255.0

mtu

Syntax

mtu size

undo mtu

View

VLAN interface view

Default level

2: System level

Parameters

size: Sets the maximum transmission unit (MTU), ranging from 46 to 9198 bytes.

Description

Use the mtu command to set the MTU for a VLAN interface.

Use the undo mtu command to restore the default.

By default, the MTU of a VLAN interface is 1500 bytes.

Related commands: display interface vlan-interface.

Examples

# Set the MTU to 1492 bytes for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] mtu 1492

name

Syntax

name text

undo name

View

VLAN view

Default level

2: System level

Parameters

text: VLAN name, a string of 1 to 32 characters. Spaces and special characters can be included in the name.

Description

Use the name command to configure a name for the current VLAN for the ease of locating a VLAN in a large number of VLANs.

Use the undo name command to restore the default name of the VLAN.

By default, the name of a VLAN is its VLAN ID. For example, VLAN 0001.

Examples

# Configure the name of VLAN 2 as test vlan.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] name test vlan

reset counters interface vlan-interface

Syntax

reset counters interface vlan-interface [ vlan-interface-id ]

View

User view

Default level

2: System level

Parameters

vlan-interface-id: VLAN interface number.

Description

Use the reset counters interface vlan-interface command to clear the statistics on a VLAN interface.

Before collecting the traffic statistics within a specific period of time on an interface, you need to clear the existing statistics first.

·           If the vlan-interface-id argument is not specified, this command clears the statistics of all VLAN interfaces.

·           If the vlan-interface-id argument is specified, this command clears the statistics of the specified VLAN interface.

Related commands: display interface vlan-interface.

Examples

# Clear the statistics on VLAN interface 2.

<Sysname> reset counters interface vlan-interface 2

shutdown

Syntax

shutdown

undo shutdown

View

VLAN interface view

Default level

2: System level

Parameters

 None

Description

Use the shutdown command to shut down a VLAN interface.

Use the undo shutdown command to bring up a VLAN interface.

By default, the VLAN interface is down if all ports in the VLAN are down, as long as one port in the VLAN is up, the VLAN interface is up.

You can use the undo shutdown command to bring up a VLAN interface after related parameters and protocols are configured for the VLAN interface. When there is a fault in a VLAN interface, you can use the shutdown command to shut down the interface and then bring it up using the undo shutdown command. In this way, the interface may resume.

Shutting down/bringing up a VLAN interface does not affect any Ethernet ports in the VLAN. The state of an Ethernet port does not change with the VLAN interface state.

Examples

# Shut down the VLAN interface and then bring it up.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

vlan

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

View

System view

Default level

2: System level

Parameters

vlan-id1/vlan-id2: Specifies a VLAN ID, ranging from 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN range. The VLAN ID ranges from 1 to 4094.

all: Creates or deletes all VLANs except reserved VLANs. The keyword is not supported when the number of maximum VLANs that can be created on a network device is less than 4094.

Description

Use the vlan vlan-id command to create the specified VLAN. If the specified VLAN exits, the command brings you to its view.

Use the vlan vlan-id1 to vlan-id2 command to create a range of VLANs specified by vlan-id1 and vlan-id2.

Use the undo vlan command to delete specified VLAN(s).

As the default VLAN, VLAN 1 cannot be created or removed.

You cannot create or remove VLANs reserved for special purposes.

You cannot remove VLANs dynamically learned by using the undo vlan command.

You cannot remove a VLAN configured with QoS policies by using the undo vlan command.

You cannot remove a VLAN configured as a remote probe VLAN for remote port mirroring by using the undo vlan command. To do that, remove the remote probe VLAN configuration first.

 

 

NOTE:

·       After you remove the PVID of a port by using the undo vlan command, for an access port, its PVID will change back to VLAN 1; for a trunk or hybrid port, its PVID remains unchanged. In other words, a trunk or hybrid port can use a non-existent VLAN as its PVID.

·       The router does not support VLAN 4094 when it works in hybrid mode. For more information about system working modes, see Fundamentals Configuration Guide.

 

Related commands: display vlan.

Examples

# Enter VLAN 2 view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2]

# Create VLAN 4 through VLAN 100.

<Sysname> system-view

[Sysname] vlan 4 to 100

Please wait............. Done.

Port-based VLAN configuration commands

display port

Syntax

display port { hybrid | trunk } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

hybrid: Displays the current Hybrid port(s).

trunk: Displays the current Trunk port(s).

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display port command to display information on the current ports of a specified type, including port name, PVID, and the VLAN ID of VLANs that the ports can pass through.

Examples

# Display the current Hybrid ports.

<Sysname> display port hybrid

Interface            PVID  VLAN passing

GE2/1/1              1     Tagged:  100-1000

                           Untagged:1, 2000-3000

# Display the current Trunk ports.

<Sysname> display port trunk

Interface            PVID  VLAN passing

GE2/1/1               2     1-4, 6-100, 145, 177, 189-200, 244, 289, 400,

                           555, 600-611, 1000, 2006-2008

Table 3 Output description

Field

Description

Interface

Port name.

PVID

PVID of the port.

VLAN passing

VLANs from which packets are allowed to pass through the port.

Tagged

VLANs from which tagged packets are required to pass through the port.

Untagged

VLANs from which untagged packets are required to pass through the port.

 

port

Syntax

port interface-list

undo port interface-list

View

VLAN interface view

Default level

2: System level

Parameters

interface interface-list: Specifies an Ethernet interface list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 ports or port ranges.

Description

Use the port command to add one access port or a group of access ports to a VLAN.

Use the undo port command to remove one access port or a group of access ports from a VLAN.

By default, all ports are in VLAN 1.

This command is only applicable to access ports.

All ports have their default link type configured as access, however, users can manually configure the port type. For more information, see “port link-type.”

You cannot assign a Layer 2 aggregate interface to the current VLAN.

Related commands: display vlan.

Examples

# Add the ports from GigabitEthernet 4/1/1 through GigabitEthernet 4/1/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port GigabitEthernet 4/1/1 to GigabitEthernet 4/1/3

port access vlan

Syntax

port access vlan vlan-id

undo port access vlan

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

vlan-id : Specifies a VLAN ID, ranging from 1 to 4094. Be sure that the VLAN specified by the VLAN ID already exists.

Description

Use the port access vlan command to assign the current access port(s) to the specified VLAN.

Use the undo port access vlan command to restore the default.

By default, all access ports belong to VLAN 1.

In Ethernet interface view, the configuration applies to the current port only.

In port group view, the configuration applies to all ports in the port group.

In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

In Layer 2 VE interface view, the configuration applies only to the current port.

Examples

# Add GigabitEthernet 4/1/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface GigabitEthernet 4/1/1

[Sysname-GigabitEthernet4/1/1] port access vlan 3

# Add Layer 2 aggregate interface Bridge-Aggregation 1 and the member ports in the corresponding aggregation group to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port access vlan 3

port hybrid pvid

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

Description

Use the port hybrid pvid command to configure the PVID of the hybrid port.

Use the undo port hybrid pvid command to restore the default, that is, VLAN 1.

For a hybrid port, after you execute the undo vlan command to remove the PVID of the hybrid port, the PVID of the hybrid port does not change. That is to say, the hybrid port can use the non-existent VLAN as the PVID.

In Ethernet interface view, the configuration applies to the current port only.

In port group view, the configuration applies to all ports in the port group.

In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

In Layer 2 VE interface view, the configuration applies only to the current port.

H3C recommends that you set the PVID of a local hybrid port the same as that of the peer hybrid port.

After configuring the PVID for a hybrid port, you must use the port hybrid vlan command to configure the hybrid port to allow packets from the PVID to pass through, so that the port can forward packets from the PVID.

Related commands: port link-type and port hybrid vlan.

Examples

# Configure the PVID for the hybrid port GigabitEthernet 4/1/1 to be 100.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface GigabitEthernet 4/1/1

[Sysname-GigabitEthernet4/1/1] port link-type hybrid

[Sysname-GigabitEthernet4/1/1] port hybrid pvid vlan 100

# Configure the PVID for Layer 2 aggregate interface Bridge-Aggregation 1 (hybrid) to be 100.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid pvid vlan 100

port hybrid vlan

Syntax

port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

vlan-id-list: The range of VLANs that the hybrid ports will be added to, vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that the you can specify up to 10 VLAN IDs or VLAN ID ranges. Be sure that the specified VLANs already exist.

tagged: Configures the port(s) to send the packets of the specified VLAN(s) with the tags kept.

untagged: Configures the port to send the packets of the specified VLAN(s) with the tags removed.

Description

Use the port hybrid vlan command to add the current hybrid port to the specified VLAN(s).

Use the undo port hybrid vlan command to remove the current hybrid port from the specified VLAN(s).

By default, a hybrid port only allows packets from VLAN 1 to pass through untagged.

A hybrid port can carry multiple VLANs. If you execute the port hybrid vlan command multiple times, the VLANs the hybrid port carries are the set of VLANs specified by vlan-id-list in each execution.

In Ethernet interface view, the configuration applies to the current port only.

In port group view, the configuration applies to all ports in the port group.

In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

In Layer 2 VE interface view, the configuration applies only to the current port.

Related commands: port link-type.

Examples

# Assign the hybrid port GigabitEthernet 3/1/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100, and configure to send packets of these VLANs with tags kept.

<Sysname> system-view

[Sysname] interface GigabitEthernet 3/1/1

[Sysname-GigabitEthernet3/1/1] port link-type hybrid

[Sysname-GigabitEthernet3/1/1] port hybrid vlan 2 4 50 to 100 tagged

# Assign hybrid ports in port group 2 to VLAN 2, and configure these ports to send packets of VLAN 2 with VLAN tags removed.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] port-group manual 2

[Sysname-port-group-manual-2] group-member GigabitEthernet 4/1/1 to GigabitEthernet 4/1/6

[Sysname-port-group-manual-2] port link-type hybrid

[Sysname-port-group-manual-2] port hybrid vlan 2 untagged

 Configuring GigabitEthernet4/1/1... Done.

 Configuring GigabitEthernet4/1/2... Done.

 Configuring GigabitEthernet4/1/3... Done.

 Configuring GigabitEthernet4/1/4... Done.

 Configuring GigabitEthernet4/1/5... Done.

 Configuring GigabitEthernet4/1/6... Done.

# Assign Layer 2 aggregate interface Bridge-Aggregation 1 (hybrid) and the member ports in the corresponding aggregation group to VLAN 2, and configure these ports to send packets of VLAN 2 without VLAN tags.

<Sysname> system-view

[Sysname] interface GigabitEthernet 2/1/2

[Sysname-GigabitEthernet2/1/2] port link-aggregation group 1

[Sysname-GigabitEthernet2/1/2] quit

[Sysname] interface GigabitEthernet 2/1/3

[Sysname-GigabitEthernet2/1/3] port link-aggregation group 1

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged

 Please wait... Done.

 Configuring GigabitEthernet2/1/2... Done.

 Configuring GigabitEthernet2/1/3... Done.

GigabitEthernet 2/1/2 and GigabitEthernet 2/1/3 are both member ports in the aggregation group corresponding to Layer 2 aggregate interface Bridge-Aggregation 1.

port link-type

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

access: Configures the link type of a port as access.

hybrid: Configures the link type of a port as hybrid.

trunk: Configures the link type of a port as trunk.

Description

Use the port link-type command to configure the link type of a port in Ethernet interface view or the link type of a group of ports in port group view.

Use the undo port link-type command to restore the default link type of the port or ports.

The default link type of a port is access.

·           In Ethernet interface view, the configuration applies to the current port only.

·           In port group view, the configuration applies to all ports in the port group.

·           In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

·           In Layer 2 VE interface view, the configuration applies only to the current port.

 

 

NOTE:

To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first.

 

Examples

# Configure GigabitEthernet 4/1/1 to be a trunk port.

<Sysname> system-view

[Sysname] interface GigabitEthernet 4/1/1

[Sysname-GigabitEthernet4/1/1] port link-type trunk

# Configure all the ports in manual port group group1 as hybrid ports.

<Sysname> system-view

[Sysname] port-group manual group1

[Sysname-port-group manual group1] group-member GigabitEthernet 3/1/1

[Sysname-port-group manual group1] group-member GigabitEthernet 3/1/2

[Sysname-port-group manual group1] port link-type hybrid

# Configure the link type of Layer 2 aggregate interface Bridge-Aggregation 1 and the member ports in the corresponding aggregation group as hybrid.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

port trunk permit vlan

Syntax

port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

vlan-id-list: The range of VLANs that the hybrid ports will be added to, in the format of vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.

all: Adds the trunk port to all VLANs.

Description

Use the port trunk permit vlan command to add a trunk port to a specified VLAN, a selection of VLANs, or all VLANs.

Use the undo port trunk permit vlan command to remove the trunk port from a specified VLAN, a selection of VLANs, or all VLANs.

By default, a trunk port allows only packets from VLAN 1 to pass through.

The trunk port can allow multiple VLANs to pass. If you execute the port trunk permit vlan command for multiple times, the VLANs allowed on the trunk port are the set of VLANs specified by vlan-id-list in each execution.

On a trunk port, only traffic of the PVID can pass through untagged.

In Ethernet interface view, the configuration applies to the current port only.

In port group view, the configuration applies to all ports in the port group.

In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

In Layer 2 VE interface view, the configuration applies only to the current port.

Related commands: port link-type.

Examples

# Add the trunk port GigabitEthernet 4/1/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.

<Sysname> system-view

[Sysname] interface GigabitEthernet 4/1/1

[Sysname-GigabitEthernet4/1/1] port link-type trunk

[Sysname-GigabitEthernet4/1/1] port trunk permit vlan 2 4 50 to 100

Please wait........... Done.

# Add the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 2, assuming that Bridge-Aggregation 1 does not have member ports.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port trunk permit vlan 2

Please wait... Done.

# Add the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 13 and VLAN 15. Among the member ports of the aggregation group corresponding to Bridge-Aggregation 1, GigabitEthernet 2/1/2 is an access port, and GigabitEthernet 2/1/3 is a trunk port.

<<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port trunk permit vlan 13 15

 Please wait... Done.

 Error: Failed to configure on interface GigabitEthernet2/1/2!

 Configuring GigabitEthernet2/1/3... Done.

In the output information above, the message “Please wait... Done” indicates that the configuration on Bridge-Aggregation 1 succeeded; “Error: Failed to configure on interface GigabitEthernet 2/1/2!” indicates that the configuration failed on GigabitEthernet 2/1/2 because GigabitEthernet 2/1/2 was not a trunk port; “Configuring GigabitEthernet 2/1/3... Done” indicates that the configuration on GigabitEthernet 2/1/3 succeeded.

port trunk pvid

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

View

Ethernet interface view, port group view, Layer 2 aggregate interface view, Layer 2 VE interface view

Default level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

Description

Use the port trunk pvid command to configure the PVID for the trunk port.

Use the undo port trunk pvid command to restore the default.

By default, the PVID on a trunk port is VLAN 1.

For a trunk port, after you execute the undo vlan command to remove the PVID of the trunk port, the PVID of the trunk port does not change. That is to say, the trunk port can use the non-existent VLAN as the PVID.

In Ethernet interface view, the configuration applies to the current port only.

In port group view, the configuration applies to all ports in the port group.

In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports. After you perform the configuration, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

In Layer 2 VE interface view, the configuration applies only to the current port.

You must configure the same PVID for trunk ports at the two ends of a link. Otherwise, the packets cannot be transmitted properly.

After configuring the PVID for a trunk port, you must use the port trunk permit vlan command to configure the trunk port to allow packets from the PVID to pass through, so that the port can forward packets from the PVID.

Related commands: port link-type and port trunk permit vlan.

Examples

# Configure the PVID for the trunk port GigabitEthernet 4/1/1 as 100.

<Sysname> system-view

[Sysname] interface GigabitEthernet 4/1/1

[Sysname-GigabitEthernet4/1/1] port link-type trunk

[Sysname-GigabitEthernet4/1/1] port trunk pvid vlan 100

# Configure the PVID for Layer 2 aggregate interface Bridge-Aggregation 1 (trunk) to be 100. (The aggregation group corresponding to Bridge-Aggregation 1 does not contain member ports.)

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port trunk pvid vlan 100

# Configure the PVID for Layer 2 aggregate interface Bridge-Aggregation 1 (trunk) to be 100 (The aggregation group corresponding to Bridge-Aggregation 1 contains member ports GigabitEthernet 2/1/2 and GigabitEthernet 2/1/3. GigabitEthernet 2/1/2 is an access port and GigabitEthernet 2/1/3 is a trunk port).

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port trunk pvid vlan 100

 Error: Failed to configure on interface GigabitEthernet2/1/2!

The above information shows that the configurations on Bridge-Aggregation 1 and GigabitEthernet 2/1/3 are successful, while the configuration on GigabitEthernet 2/1/2 fails, because GigabitEthernet 2/1/2 is not a trunk port.

MAC address-based VLAN configuration commands

 

 

NOTE:

The router supports MAC address-based VLAN configuration commands only when its system working mode is SPC.

 

display mac-vlan

Syntax

display mac-vlan { all | dynamic | mac-address mac-address | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

all: Displays all the MAC address-to-VLAN entries.

dynamic: Displays dynamically configured MAC address-to-VLAN entries.

mac-address mac-address: Displays the MAC address-to-VLAN entry containing the specified MAC address.

static: Displays the statically configured MAC address-to-VLAN entries.

vlan vlan-id: Displays the MAC address-to-VLAN entries associated with the specified VLAN.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display mac-vlan command to display the specified MAC address-to-VLAN entries.

Examples

# Display all MAC address-to-VLAN entries.

<Sysname> display mac-vlan all

  The following MAC VLAN addresses exist:

  S:Static  D:Dynamic

  MAC ADDR         MASK             VLAN ID   PRIO   STATE

  --------------------------------------------------------

  00e0-4c90-4880   ffff-ffff-ffff   9         0      S

 

  Total MAC VLAN address count:1

Table 4 Output description

Field

Description

S: Static

The character S stands for the MAC address-to-VLAN entries that are configured statically.

D: Dynamic

The character D stands for the MAC address-to-VLAN entries that are configured dynamically.

MAC ADDR

MAC address of a MAC address-to-VLAN entry.

MASK

Mask of the MAC address of a MAC address-to-VLAN entry.

VLAN ID

VLAN ID of a MAC address-to-VLAN entry.

PRIO

802.1p priority corresponding to the MAC address of a MAC address-to-VLAN entry.

STATE

The state of a MAC address-to-VLAN entry:

·       S—The MAC address-to-VLAN entry is configured statically.

·       D—The MAC address-to-VLAN entry is configured automatically through the authentication server.

·       S&D—The MAC address-to-VLAN entry is configured both statically and dynamically.

 

display mac-vlan interface

Syntax

display mac-vlan interface [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display mac-vlan interface command to display all the ports with MAC address-based VLAN enabled.

Related commands: mac-vlan enable.

Examples

# Display all the interfaces with MAC address-based VLAN enabled.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

---------------------------------------

GigabitEthernet3/1/1  GigabitEthernet3/1/2

mac-vlan enable

Syntax

mac-vlan enable

undo mac-vlan enable

View

Layer 2 Ethernet interface view

Default level

2: System level

Parameters

None

Description

Use the mac-vlan enable command to enable MAC address-based VLAN on a port.

Use the undo mac-vlan enable command to disable MAC address-based VLAN on a port.

By default, MAC address-based VLAN is disabled on a port.

This command is available only on Layer 2 hybrid Ethernet ports.

Examples

# Enable MAC address-based VLAN on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface GigabitEthernet3/1/1

[Sysname–GigabitEthernet3/1/1] mac-vlan enable

mac-vlan mac-address

Syntax

mac-vlan mac-address mac-address vlan vlan-id [ priority pri ]

undo mac-vlan { all | mac-address mac-address | vlan vlan-id }

View

System view

Default level

2: System level

Parameters

mac-address mac-address: Specifies a MAC address.

vlan vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. This argument is in the range of 0 to 7.

 

 

NOTE:

You can use this command to configure the 802.1p priorities, but they will not take effect. Packets are forwarded based on the default priorities of MAC addresses.

 

all: Removes all the static MAC address-to-VLAN entries.

Description

Use the mac-vlan mac-address command to associate the specified VLAN and priority value with the specified MAC addresses.

Use the undo mac-vlan command to remove the association.

Examples

# Associate a single MAC address 0-1-1 with VLAN 100 and 802.1p priority 7.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100 priority 7

# Associate the MAC addresses with the high-order six hexadecimal digits being 111122 with VLAN 100 and 802.1p priority 4.

<Sysname> system-view

[Sysname] mac-vlan mac-address 1111-2222-3333 vlan 100 priority 4

MAC address-based VLAN configuration commands

 

 

NOTE:

The router supports MAC address-based VLAN configuration commands only when its system working mode is SPC.

 

display mac-vlan

Syntax

display mac-vlan { all | dynamic | mac-address mac-address | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

all: Displays all the MAC address-to-VLAN entries.

dynamic: Displays dynamically configured MAC address-to-VLAN entries.

mac-address mac-address: Displays the MAC address-to-VLAN entry containing the specified MAC address.

static: Displays the statically configured MAC address-to-VLAN entries.

vlan vlan-id: Displays the MAC address-to-VLAN entries associated with the specified VLAN.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display mac-vlan command to display the specified MAC address-to-VLAN entries.

Examples

# Display all MAC address-to-VLAN entries.

<Sysname> display mac-vlan all

  The following MAC VLAN addresses exist:

  S:Static  D:Dynamic

  MAC ADDR         MASK             VLAN ID   PRIO   STATE

  --------------------------------------------------------

  00e0-4c90-4880   ffff-ffff-ffff   9         0      S

 

  Total MAC VLAN address count:1

Table 5 Output description

Field

Description

S: Static

The character S stands for the MAC address-to-VLAN entries that are configured statically.

D: Dynamic

The character D stands for the MAC address-to-VLAN entries that are configured dynamically.

MAC ADDR

MAC address of a MAC address-to-VLAN entry.

MASK

Mask of the MAC address of a MAC address-to-VLAN entry.

VLAN ID

VLAN ID of a MAC address-to-VLAN entry.

PRIO

802.1p priority corresponding to the MAC address of a MAC address-to-VLAN entry.

STATE

The state of a MAC address-to-VLAN entry:

·       S—The MAC address-to-VLAN entry is configured statically.

·       D—The MAC address-to-VLAN entry is configured automatically through the authentication server.

·       S&D—The MAC address-to-VLAN entry is configured both statically and dynamically.

 

display mac-vlan interface

Syntax

display mac-vlan interface [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display mac-vlan interface command to display all the ports with MAC address-based VLAN enabled.

Related commands: mac-vlan enable.

Examples

# Display all the interfaces with MAC address-based VLAN enabled.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

---------------------------------------

GigabitEthernet3/1/1  GigabitEthernet3/1/2

mac-vlan enable

Syntax

mac-vlan enable

undo mac-vlan enable

View

Layer 2 Ethernet interface view

Default level

2: System level

Parameters

None

Description

Use the mac-vlan enable command to enable MAC address-based VLAN on a port.

Use the undo mac-vlan enable command to disable MAC address-based VLAN on a port.

By default, MAC address-based VLAN is disabled on a port.

This command is available only on Layer 2 hybrid Ethernet ports.

Examples

# Enable MAC address-based VLAN on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface GigabitEthernet3/1/1

[Sysname–GigabitEthernet3/1/1] mac-vlan enable

mac-vlan mac-address

Syntax

mac-vlan mac-address mac-address vlan vlan-id [ priority pri ]

undo mac-vlan { all | mac-address mac-address | vlan vlan-id }

View

System view

Default level

2: System level

Parameters

mac-address mac-address: Specifies a MAC address.

vlan vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. This argument is in the range of 0 to 7.

 

 

NOTE:

You can use this command to configure the 802.1p priorities, but they will not take effect. Packets are forwarded based on the default priorities of MAC addresses.

 

all: Removes all the static MAC address-to-VLAN entries.

Description

Use the mac-vlan mac-address command to associate the specified VLAN and priority value with the specified MAC addresses.

Use the undo mac-vlan command to remove the association.

Examples

# Associate a single MAC address 0-1-1 with VLAN 100 and 802.1p priority 7.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100 priority 7

# Associate the MAC addresses with the high-order six hexadecimal digits being 111122 with VLAN 100 and 802.1p priority 4.

<Sysname> system-view

[Sysname] mac-vlan mac-address 1111-2222-3333 vlan 100 priority 4