Login
- Table of Contents
-
- 03-Layer 2 - LAN Switching Configuration Examples
- 01-H3C_MAC_Address_Table_Configuration_Examples
- 02-H3C_Ethernet_Link_Aggregation_Configuration_Examples
- 03-H3C_Port_Isolation_Configuration_Examples
- 04-H3C_Spanning_Tree_Configuration_Examples
- 05-H3C_VLAN_Configuration_Examples
- 06-H3C_MVRP_Configuration_Examples
- 07-H3C_QinQ_Configuration_Examples
- 08-H3C_VLAN_Mapping_Configuration_Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-H3C_VLAN_Configuration_Examples | 113.46 KB |
|
|
|
H3C VLAN Configuration Examples |
|
|
|
|
|
Copyright © 2018 New H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. The information in this document is subject to change without notice. |
|
Contents
Example: Configuring port-based VLANs
Example: Configuring the super VLAN
Example: Configuring the private VLAN
Introduction
This document provides examples of configuring the port-based VLAN, super VLAN, and private VLAN.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of H3C VLANs.
Example: Configuring port-based VLANs
Network configuration
As shown in Figure 1:
· Host A and Host C belong to Department A. VLAN 100 is assigned to Department A.
· Host B and Host D belong to Department B. VLAN 200 is assigned to Department B.
Configure port-based VLANs so that hosts only in the same department can communicate with each other.
Software versions used
This configuration example was created and verified on S10500X-CMW710-R7557.
Procedures
# Configure the ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to operate in bridge mode.
[DeviceA] interface range ten-gigabitEthernet 1/0/1 to ten-gigabitethernet 1/0/3
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
# Create VLAN 100, and assign Ten-GigabitEthernet 1/0/1 to VLAN 100.
[DeviceA-vlan100] port ten-gigabitEthernet 1/0/1
[DeviceA-vlan100] quit
# Create VLAN 200, and assign Ten-GigabitEthernet 1/0/2 to VLAN 200.
[DeviceA-vlan200] port ten-gigabitEthernet 1/0/2
[DeviceA-vlan200] quit
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200.
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 200
2. Configure Device B in the same way Device A is configured. (Details not shown.)
3. Configure hosts:
a. Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.
b. Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.
Verifying the configuration
# Verify that Host B and Host D can ping each other, but they both fail to ping Host A or Host C. (Details not shown.)
# Display information about VLAN 100 on Device A.
[DeviceA-Ten-GigabitEthernet1/0/3] display vlan 100
VLAN ID: 100
VLAN type: Static
Route interface: Not configured
Description: VLAN 0100
Name: VLAN 0100
Tagged ports:
Ten-GigabitEthernet1/0/3
Untagged ports:
Ten-GigabitEthernet1/0/1
The output shows that Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/1 permit packets from VLAN 100 to pass through.
# Display information about VLAN 200 on Device A.
[DeviceA-Ten-GigabitEthernet1/0/3] display vlan 200
VLAN ID: 200
VLAN type: Static
Route interface: Not configured
Description: VLAN 0200
Name: VLAN 0200
Tagged ports:
Ten-GigabitEthernet1/0/3
Untagged ports:
Ten-GigabitEthernet1/0/2
The output shows that Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/2 permit packets from VLAN 200 to pass through.
Configuration files
Configuration files on both Device B and Device A are the same. The following configuration files use Device A as an example.
#
vlan 100
#
vlan 200
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 100
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 200
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 100 200
#
Example: Configuring the super VLAN
Network configuration
As shown in Figure 2:
· Users in VLAN 2 access the network through Ten-GigabitEthernet 1/0/1 of Device A.
· Users in VLAN 3 access the network through Ten-GigabitEthernet 1/0/2 of Device A.
· Ten-GigabitEthernet 1/0/3 of Device A and Ten-GigabitEthernet 1/0/1 of Device B are in VLAN 20.
· Users in VLAN 20 use the gateway address 192.168.2.1 and IP addresses on the IP network segment 192.168.2.0/24.
Configure a super VLAN to meet the following requirements:
· Users in VLAN 2 and VLAN 3 use the gateway address 192.168.1.1 and IP addresses on the IP network segment 192.168.1.0/24.
· Users in VLAN 2, VLAN 3, and VLAN 20 are isolated at Layer 2 but interoperable at Layer 3.
Software versions used
This configuration example was created and verified on S10500X-CMW710-R7557.
Restrictions and guidelines
A super VLAN does not have physical ports. A VLAN that has physical ports cannot be configured as a super VLAN.
Procedures
Configuring Device A
# Create VLAN 10 and configure it as a super VLAN.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] supervlan
[DeviceA-vlan10] quit
# Create VLAN 2, and assign Ten-GigabitEthernet 1/0/1 to VLAN 2.
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
# Create VLAN 3, and assign Ten-GigabitEthernet 1/0/2 to VLAN 3.
[DeviceA] vlan 3
[DeviceA-vlan3] port ten-gigabitethernet 1/0/2
[DeviceA-vlan3] quit
# Associate super VLAN 10 with VLANs 2 and 3.
[DeviceA] vlan 10
[DeviceA-vlan10] subvlan 2 3
[DeviceA-vlan10] quit
# Create VLAN-interface 10, and assign IP address 192.168.1.1 to it.
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 192.168.1.1 24
# Enable local proxy ARP on VLAN-interface 10.
[DeviceA-Vlan-interface10] local-proxy-arp enable
[DeviceA-Vlan-interface10] quit
# Create VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] quit
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and remove the port from VLAN 1.
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
# Assign Ten-GigabitEthernet 1/0/3 to VLAN 20.
[DeviceA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 20
# Create VLAN-interface 20, and assign IP address 192.168.2.1 to it.
[DeviceA] interface Vlan-interface 20
[DeviceA-Vlan-interface20] ip address 192.168.2.1 24
[DeviceA-Vlan-interface20] quit
Configuring Device B
# Create VLAN 20.
[DeviceB] vlan 20
[DeviceB-vlan20] quit
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and remove the port from VLAN 1.
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 20.
[DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20
# Assign Ten-GigabitEthernet 1/0/2 to VLAN 20.
[DeviceB] vlan 20
[DeviceB-vlan20] port ten-gigabitethernet 1/0/2
[DeviceB-vlan20] quit
Verifying the configuration
# Verify the super VLAN configuration.
[DeviceA] display supervlan
Super VLAN ID: 10
Sub-VLAN ID: 2-3
VLAN ID: 10
VLAN type: Static
It is a super VLAN.
Route interface: Configured
IPv4 address: 192.168.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0010
Name: VLAN 0010
Tagged ports: none
Untagged ports: none
VLAN ID: 2
VLAN type: Static
It is a sub-VLAN.
Route interface: Configured
IPv4 address: 192.168.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: none
Untagged ports:
Ten-GigabitEthernet1/0/1
VLAN ID: 3
VLAN type: Static
It is a sub-VLAN.
Route interface: Configured
IPv4 address: 192.168.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: none
Untagged ports:
Ten-GigabitEthernet1/0/2
# Verify that Host A and Host B can ping each other. In the ARP table of Host A, the IP address of Host B corresponds to the MAC address of VLAN-interface 10. In the ARP table of Host B, the IP address of Host A corresponds to the MAC address of VLAN-interface 10. (Details not shown.)
# Verify that Host A and Host C can ping each other. In the ARP table of Host A, no entry about Host C exists. In the ARP table of Host C, no entry about Host A exists. (Details not shown.)
# Verify that Host B and Host C can ping each other. In the ARP table of Host B, no entry about Host C exists. In the ARP table of Host C, no entry about Host B exists. (Details not shown.)
Configuration files
· Device A:
#
vlan 2
#
vlan 3
#
vlan 10
supervlan
subvlan 2 3
#
vlan 20
#
interface Vlan-interface10
ip address 192.168.1.1 255.255.255.0
local-proxy-arp enable
#
interface Vlan-interface20
ip address 192.168.2.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
· Device B:
#
vlan 20
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
#
Example: Configuring the private VLAN
Network configuration
As shown in Figure 3:
· The aggregation-layer device Device A assigns VLAN 10 to Device B. Hosts access the network through VLAN-interface 10.
· Users connected to Device B are on the same subnet 10.0.0.0/24.
· Host A and Host B are in the Marketing department. Host C and Host D are in the Finance department.
Configure the private VLAN feature to meet the following requirements:
· Device A is only aware of the primary VLAN 10.
· Hosts in the same secondary VLAN are interoperable at Layer 2.
· Hosts in different secondary VLANs are isolated at Layer 2.
Analysis
The private VLAN configuration is required only on Device B.
Software versions used
This configuration example was created and verified on S10500X-CMW710-R7557.
Restrictions and guidelines
The system default VLAN (VLAN 1) does not support the private VLAN configuration.
Procedures
Configuring Device B
# Create VLAN 10 and configure it as a primary VLAN.
<DeviceB> system-view
[DeviceB] vlan 10
[DeviceB-vlan10] private-vlan primary
[DeviceB-vlan10] quit
# Create VLANs 201 and 202.
[DeviceB] vlan 201 to 202
# Associate primary VLAN 10 with secondary VLANs 201 and 202.
[DeviceB] vlan 10
[DeviceB-vlan10] private-vlan secondary 201 to 202
[DeviceB-vlan10] quit
# Configure the uplink port Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 10.
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous
[DeviceB-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet1/0/1] quit
# Assign the downlink ports Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 to VLAN 201 as host ports.
[DeviceB] interface range ten-gigabitethernet 1/0/2 to ten-gigabitethernet 1/0/3
[DeviceB-if-range] port link-mode bridge
[DeviceB-if-range] port access vlan 201
[DeviceB-if-range] port private-vlan host
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
# Assign the downlink ports Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5 to VLAN 202 as host ports.
[DeviceB] interface range ten-gigabitethernet 1/0/4 to ten-gigabitethernet 1/0/5
[DeviceB-if-range] port link-mode bridge
[DeviceB-if-range] port access vlan 202
[DeviceB-if-range] port private-vlan host
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
Configuring Device A
# Create VLAN 10.
<DeviceA> system-view
[DeviceA-vlan10] vlan 10
[DeviceA] quit
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 10.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-mode bridge
[DeviceA-Ten-GigabitEthernet1/0/1] port access vlan 10
[DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
# Create VLAN-interface 10, and assign IP address 10.0.0.1 to it.
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 10.0.0.1 24
[DeviceA-Vlan-interface10] undo shutdown
[DeviceA-Vlan-interface10] quit
Verifying the configuration
# Verify that Device A can ping Host A, Host B, Host C, and Host D successfully. (Details not shown.)
# Display the ARP table of Device A.
[DeviceA] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VID Interface/Link ID Aging Type
10.0.0.2 d485-64a1-7e4a 10 XGE1/0/1 19 D
10.0.0.3 7446-a0aa-7774 10 XGE1/0/1 19 D
10.0.0.4 6805-ca05-39ae 10 XGE1/0/1 20 D
10.0.0.5 6805-ca05-414e 10 XGE1/0/1 20 D
# Display the private VLAN configuration on Device B.
[DeviceB] display private-vlan
Primary VLAN ID: 10
Secondary VLAN ID: 201-202
VLAN ID: 10
VLAN type: Static
Private VLAN type: Primary
Route interface: Not configured
Description: VLAN 0010
Name: VLAN 0010
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4
Ten-GigabitEthernet1/0/5
VLAN ID: 201
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0201
Name: VLAN 0201
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
VLAN ID: 202
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0202
Name: VLAN 0202
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/4
Ten-GigabitEthernet1/0/5
The output shows that:
· The promiscuous port Ten-GigabitEthernet 1/0/1 is an untagged member of primary VLAN 10 and secondary VLANs 201 and 202.
· The host ports Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are untagged members of secondary VLANs 201.
· The host ports Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5 are untagged members of secondary VLANs 202.
# Verify that Hosts in the same secondary VLAN can ping each other, but they fail to ping hosts in the other secondary VLAN. (Details not shown.)
Configuration files
· Device B:
#
vlan 1
#
vlan 10
private-vlan primary
private-vlan secondary 201 to 202
#
vlan 201 to 202
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 201 to 202 untagged
port hybrid pvid vlan 10
port private-vlan 10 promiscuous
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 201 untagged
port hybrid pvid vlan 201
port private-vlan host
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 201 untagged
port hybrid pvid vlan 201
port private-vlan host
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 202 untagged
port hybrid pvid vlan 202
port private-vlan host
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 202 untagged
port hybrid pvid vlan 202
port private-vlan host
#
· Device A:
#
vlan 1
#
vlan 10
#
interface Vlan-interface10
ip address 10.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 10
#
Related documentation
· H3C S10500X Switch Series Layer 2—LAN Switching Command Reference-R7557
· H3C S10500X Switch Series Layer 2—LAN Switching Configuration Guide-R7557
