By default, the descriptive string for a VLAN is the VLAN ID, for example, “VLAN 0001"; for a VLAN interface is name of the current VLAN interface, for example, “Vlan-interface1 Interface”

Examples

# Assign a descriptive string “RESEARCH” for VLAN 1.

<Sysname> system-view

[Sysname] vlan 1

[Sysname-vlan1] description RESEARCH

# Assign a descriptive string “VLAN-INTERFACE-2” for VLAN-interface 2

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description VLAN-INTERFACE-2

1.1.2 display interface vlan-interface

Syntax

display interface vlan-interface [ vlan-interface-id ]

View

Any view

Default Level

1: Monitor level

Parameters

vlan-interface-id: VLAN interface ID.

Description

Use the display interface vlan-interface command to display the relevant information of a VLAN interface.

If the vlan-interface-id argument specified, this command displays information about the specified VLAN interface; If the vlan-interface-id argument is not specified, information about all existing VLAN interfaces is displayed.

Related commands: interface vlan-interface.

Examples

# Display the information of VLAN-interface 2.

<Sysname> display interface vlan-interface 2

Vlan-interface2 current state: DOWN

Line protocol current state: DOWN

Description: Vlan-interface2 Interface

The Maximum Transmit Unit is 1500

Internet protocol processing : disabled

IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e249-8050

IPv6 Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e249-8050

Table 1-1 Description on the fields of the display interface vlan-interface command

Field	Description
Vlan-interface2 current state	The physical state of a VLAN interface
Line protocol current state	The link state of a VLAN interface
Description	The description of a VLAN interface
The Maximum Transmit Unit	The MTU of a VLAN interface
Internet protocol processing	IP processing ability
IP Packet Frame Type	IPv4 outgoing frame format
Hardware Address	MAC address corresponding to a VLAN interface
IPv6 Packet Frame Type	IPv6 outgoing frame format

1.1.3 display vlan

Syntax

View

Any view

Default Level

1: Monitor level

Parameters

vlan-id1: Displays the information of a VLAN specified by VLAN ID.

vlan-id1 to vlan-id2: Displays the information of a range of VLANs specified by vlan-id1 and vlan-id2. vlan-id2 is greater than or equal to vlan-id1.

all: Displays information about all current VLANs except the reserved VLAN.

static: Displays information about static VLANs.

dynamic: Displays information about dynamic VLANs

reserved: Displays information about the reserved VLANs. Reserved VLANs are VLANs reserved by the device for function implementation. You cannot configure reserved VLANs..

Description

Use the display vlan command to display VLAN information.

If specified with the vlan-id argument or the all keyword, this command displays information about the specified VLAN or all VLANs.

If specified with no parameter, this command displays the list of all the existing VLANs of the system.

If specified with the static or dynamic keyword, this command displays the list of the static or dynamic VLANs.

If specified with the reserved keyword, this command displays the information of the reserved VLANs of the system. Presently, S9500 series switches have no reserved VLANs.

Related commands: vlan.

Examples

# Display VLAN 2 information.

<Sysname> display vlan 2

VLAN ID: 2

VLAN Type: static

Route Interface: configured

IP Address: 1.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0002

Tagged Ports: none

Untagged Ports:

GigabitEthernet4/2/4

Table 1-2 Description on the fields of the display vlan command

Field	Description
VLAN ID	VLAN ID
VLAN Type	VLAN type (static or dynamic)
Route interface	Whether the VLAN interface is configured for the VLAN
Description	VLAN descriptive string
IP Address	IP address of the VLAN interface (not display if the VLAN interface has no IP address configured)
Subnet Mask	Subnet mask of the IP address (not display if the VLAN interface has no IP address configured)
Tagged Ports	Tagged ports
Untagged Ports	Untagged ports

1.1.4 interface vlan-interface

Syntax

interface vlan-interface vlan-interface-id

undo interface vlan-interface vlan-interface-id

View

System view

Default Level

2: System level

Parameters

vlan-interface-id: VLAN interface ID.

Description

Use the interface vlan-interface command to enter the specified VLAN interface view.

Use the undo interface vlan-interface command to delete the specified VLAN interface. The VLAN interface must be created first before entering its view

Before creating a VLAN interface, make sure the corresponding VLAN has been created; otherwise, the VLAN interface cannot be created.

Related commands: display interface vlan-interface.

Examples

# Create VLAN-interface 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

1.1.5 ip address

Syntax

ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]

View

VLAN interface view

Default Level

2: System level

Parameters

ip-address: IP address of a VLAN interface, in dotted decimal format.

mask: Subnet mask that corresponds to the IP address of a VLAN interface, in dotted decimal format.

mask-length: Length of a sub-net mask, that is, the number of “1”s in the sub-net mask.

sub: Indicates the address is a sub-IP address of the VLAN interface.

Description

Use the ip address command to specify the IP address and subnet mask for a VLAN interface.

Use the undo ip address command to remove the IP address and sub-net mask for a VLAN interface.

By default, no IP address is configured for a VLAN interface.

An interface normally has one IP address. To enable a switch to connect to multiple subnets, a maximum of 21 IP addresses can be configured on a VLAN interface, among which only one is the primary IP address and all the rest are secondary IP addresses. Their relationship is illustrated as follows:

l A newly configured primary IP address will replace the original one, if there is one.

l You can configure secondary IP addresses only for the interface that has primary IP address configured.

l Use the undo ip address command without any parameter to delete all IP addresses of the VLAN interface.

l Use the undo ip address ip-address { mask | mask-length } command to delete the primary IP address.

l Use the undo ip address ip-address { mask | mask-length } sub command to delete a secondary IP address.

Related commands: display ip interface.

Examples

# Specify the IP address as 129.12.0.1, the sub-net mask as 255.255.255.0 for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ip address 129.12.0.1 255.255.255.0

1.1.6 shutdown

Syntax

shutdown

undo shutdown

View

VLAN interface view

Default Level

2: System level

Parameters

None

Description

Use the shutdown command to shut down a VLAN interface.

Use the undo shutdown command to bring up a VLAN interface.

By default, the VLAN interface is down if all ports in the VLAN are down, as long as one port in the VLAN is up, the VLAN interface will be up

You can use the undo shutdown command to bring up a VLAN interface after configurations of the related parameter and protocol. When there is a fault in a VLAN interface, you can use the shutdown command to shut down the interface and then bring it up using the undo shutdown command. In this way, the interface will resume Shutting down/bringing up a VLAN interface does not affect any Ethernet ports in the VLAN. The state of an Ethernet port does not change with the VLAN interface state.

Examples

# Shut down the VLAN-interface 2 and then bring it up.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

1.1.7 vlan

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

View

System view

Default Level

2: System level

Parameters

vlan-id1: VLAN ID.

vlan-id2: VLAN ID, and is greater than or equal to vlan-id1.

vlan-id1 to vlan-id2: Specifies a VLAN range.

all: Indicates all VLANs.

Description

Use the vlan vlan-id command to create a VLAN and enter its view. If the specified VLAN already exists, the command brings you to its view directly.

Use the vlan vlan-id1 to vlan-id2 command to create a range of VLANs specified by vlan-id1 and vlan-id2.

Use the vlan all command to create all VLANs in a time.

Use the undo vlan vlan-id command to remove the specified VLAN.

Use the undo vlan vlan-id1 to vlan-id2 command to delete a range of VLANs specified by vlan-id1 and vlan-id2.

Use the undo vlan all command to remove all VLANs in a time.

Note that:

l As the default VLAN, VLAN 1 cannot be created, or removed.

l Reserved VLANs are reserved by the system for specific function implementation. You cannot create/remove a reserved VLAN. Presently, S9500 series switch have no reserved VLANs.

l Dynamic VLANs cannot be removed through the undo vlan command.

l Protocol VLANs cannot be removed through the undo vlan command.

l A VLAN configured with QoS policies cannot be removed unless the QoS policies are removed.

l If an isolate-user-VLAN or a secondary VLAN has been mapped to another VLAN using the isolate-user-vlan command, you can remove the isolate-user-VLAN or secondary VLAN only after removing the mapping.

l If a VLAN is configured as a remote mirroring VLAN, it cannot be removed through the undo vlan command unless its mirroring VLAN configuration is removed.

l It is not recommended to use VLAN 4091 through VLAN 4094 if the device uses a board (the LSB1SP4, LSB1P4G8, or LSB1UP1) supporting POS interface.

& Note:

When the VLAN removed by the undo vlan command is the default VLAN of a port: if the port is an Access port, its default VLAN reverts to VLAN 1; if the port is a trunk or hybrid port, its default VLAN keeps unchanged, that is, a trunk or hybrid port can use a nonexistent VLAN as its default VLAN.

Related commands: display vlan.

Examples

# Enter VLAN 1 view.

<Sysname> system-view

[Sysname] vlan 1

# Create VLAN 4 through VLAN 100.

<Sysname> system-view

[Sysname] vlan 4 to 100

Please wait............. Done.

1.2 Port-Based VLAN Configuration Commands

1.2.1 port

Syntax

port interface-list

undo port interface-list

View

VLAN interface view

Default Level

2: System level

Parameters

interface interface-list: Ethernet interface list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 port or port ranges.

Description

Use the port command to add one port or a group of ports to a VLAN.

Use the undo port command to remove one port or a group of ports from a VLAN.

& Note:

l This command is only applicable to Access ports.

l All ports are Access ports by default; however, you can change the link type of a port by using the port link-type command in Ethernet interface view.

Related commands: display vlan.

Examples

# Add the ports from Ethernet 1/1/1 to Ethernet 1/1/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port ethernet 1/1/1 to ethernet 1/1/3

1.2.2 port access vlan

Syntax

port access vlan vlan-id

undo port access vlan

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan-id: VLAN ID.

Description

Use the port access vlan command to add the current Access port to a specified VLAN.

Use the undo port access vlan command to add the current Access port to the default VLAN.

Executed in Ethernet interface view, the command applies to the current port only, whereas in port group view, the command applies to all ports in the port group.

Ensure that the VLAN specified by the vlan-id argument exists.

Examples

# Add Ethernet 1/1/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface Ethernet 1/1/1

[Sysname-Ethernet1/1/1] port access vlan 3

1.2.3 port hybrid pvid vlan

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan-id: VLAN ID.

Description

Use the port hybrid pvid vlan command to configure the default VLAN ID for the hybrid port.

Use the undo port hybrid pvid command to restore the default.

By default, the default VLAN of a hybrid port is VLAN 1.

You can use a VLAN that has not been created as the default VLAN. Therefore, even after you remove a VLAN that has been specified as the default VLAN with the undo vlan command, the VLAN is still the default VLAN.

Executed in Ethernet interface view, the command applies to the current port only; executed in port group view, the command applies to all ports in the port group.

The default VLAN ID of local hybrid port must be consistent with that of the peer; otherwise, packets cannot be forwarded properly.

Related commands: port link-type.

Examples

# Configure the default VLAN ID for the hybrid port Ethernet 1/1/1 as 100.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type hybrid

[Sysname-Ethernet1/1/1] port hybrid pvid vlan 100

1.2.4 port hybrid vlan

Syntax

port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan-id-list: The range of VLANs that the hybrid ports will be added to, vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where &<1-10> indicates that you can specify up to 10 VLANs or VLAN ranges.

tagged: Specifies the port to keep the VLAN tag when sending packets of the specified VLAN (s).

untagged: Specifies the port to strip the VLAN tag when sending packets of the specified VLAN(s).

Description

Use the port hybrid vlan command to add the current hybrid port to the specified VLAN(s).

Use the undo port hybrid vlan command to remove the current hybrid port from the specified VLAN(s).

The hybrid port can allow multiple VLANs to pass. Repetitive execution of the port hybrid vlan command will yield a set of VLANs, to which the hybrid port belongs.

Executed in Ethernet interface view, the command applies to the current port only whereas in port group view, the command applies to all ports in the port group.

Note that the configuration only applies to the existing VLANs among that specified by vlan-id-list.

Related commands: port link-type.

Examples

# Add the hybrid port Ethernet 1/1/1 to VLAN 2, VLAN 4, and the range of VLANs from VLAN 50 to VLAN 100 (all these VLANs already exist), and keep the VLAN tags of the outgoing packets of all these VLANs.

<Sysname> system-view

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type hybrid

[Sysname-Ethernet1/1/1] port hybrid vlan 2 4 50 to 100 tagged

1.2.5 port link-type

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

access: Configures the link type of a port as Access.

hybrid: Configures the link type of a port as hybrid.

trunk: Configures the link type of a port as trunk.

Description

Use the port link-type command to configure the link type of a port.

Use the undo port link-type command to restore the default link type of a port.

By default, the link type of all ports is Access.

Executed in Ethernet interface view, the command applies to the current port only whereas in port group view, the command applies to all ports in the port group.

& Note:

The trunk and hybrid ports cannot be converted to each other directly. You can convert either to the Access port, and then to the other type. For example, convert a trunk port to an Access port, and then to a hybrid port.

Examples

# Configure Ethernet 1/1/1(Access port) to be a trunk port.

<Sysname> system-view

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type trunk

1.2.6 port trunk permit vlan

Syntax

port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan-id-list: The range of VLANs that the hybrid ports will be added to, in the format of vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where &<1-10> indicates that you can specify up to 10 VLANs or VLAN ranges.

all: Adds the trunk port to all VLANs.

Description

Use the port trunk permit vlan command to add the current trunk port to a specified VLAN, a selection of VLANs, or all VLANs.

Use the undo port trunk permit vlan command to remove the current trunk port from a specified VLAN, a selection of VLANs, or all VLANs.

The trunk port allows multiple VLANs to pass. Repetitive execution of the port trunk permit vlan command will yield a set of VLANs, to which the trunk port belongs.

Executed in Ethernet interface view, the command applies to the current port only whereas in port group view, the command applies to all ports in the port group.

Related commands: port link-type.

Examples

# Add the trunk port Ethernet 1/1/1 to VLAN 2, VLAN 4, and the range of VLANs from VLAN 50 to VLAN 100.

<Sysname> system-view

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type trunk

[Sysname-Ethernet1/1/1] port trunk permit vlan 2 4 50 to 100

Please wait........... Done.

1.2.7 port trunk pvid vlan

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan-id: VLAN ID.

Description

Use the port trunk pvid vlan command to configure the default VLAN ID for the trunk port.

Use the undo port trunk pvid command to restore the default.

By default, the default VLAN of a trunk port is VLAN 1.

You can use a VLAN that has not been created as the default VLAN on a trunk port. Therefore, even after you remove a VLAN that has been specified as the default VLAN with the undo vlan command, the VLAN is still the default VLAN on the trunk port.

Executed in Ethernet interface view, the command applies to the current port only whereas in port group view, the command apples to all ports in the port group.

You must configure the same default VLAN ID for the trunk port of both the local device and the peer device. Otherwise, packets cannot be forwarded properly.

Related commands: port link-type.

Examples

# Configure the default VLAN ID for the trunk port Ethernet 1/1/1 as 100.

<Sysname> system-view

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type trunk

[Sysname-Ethernet1/1/1] port trunk pvid vlan 100

1.3 Protocol-Based VLAN Configuration Commands

1.3.1 display protocol-vlan interface

Syntax

display protocol-vlan interface { interface-listtype interface-number1 [ to interface-type interface-number2 ] | all }

View

Any view

Default Level

2: System level

Parameters

interface-type interface-number1: Interface type and interface number.

interface-type interface-number1 to interface-type interface-number2: Specifies an interface range. The interface-number after to is greater than or equal to that before to.

all: Displays protocol information and protocol indexes of all ports.

Description

Use the display protocol-vlan interface command to display protocol based VLAN information on the specified port(s).

Examples

# Display protocol-based VLAN information on Ethernet 1/1/1.

[Sysname] display protocol-vlan interface ethernet 1/1/1

Interface: Ethernet1/1/1

VLAN ID Protocol Index Protocol Type

======================================================

2 0 ipv4

2 3 at

Table 1-3 Description on the fields of the display protocol-vlan interface command

Field	Description
Interface: Ethernet1/1/1	Interface type and number
VLAN ID	VLAN ID
Protocol Index	Protocol index value
Protocol Type	Protocol type

1.3.2 display protocol-vlan vlan

Syntax

display protocol-vlan vlan { vlan-id [ to vlan-id ] | all }

View

Any view

Default Level

2: System level

Parameters

vlan-id: VLAN ID.

to: Specifies VLAN range, the value after this parameter must be greater than or equal to that before it.

all: All VLANs.

Description

Use the display protocol-vlan vlan command to display the protocol information and protocol index configured on the specified VLAN(s).

Related commands: display vlan.

Examples

# Display the protocol information and protocol index configured on VLAN 10 through VLAN 20.

<Sysname> display protocol-vlan vlan 10 to 20

VLAN ID:15

Protocol Index Protocol Type

======================================================

0 ipv4

VLAN ID:20

Protocol Index Protocol Type

======================================================

0 at

1 ipv6

Refer to Table 1-3 for description of the output.

1.3.3 port hybrid protocol-vlan

Syntax

port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }

undo port hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all }

View

Ethernet interface view, port group view

Default Level

2: System level

Parameters

vlan vlan-id: Specifies a VLAN by its ID.

protocol-index: Initial value of the protocol index, must be smaller than the last value of the protocol index, automatically numbered according to the order in which protocols are associated with VLANs if not manually specified. You can use the display protocol-vlan vlan all command to display the protocol index. The value range varies with device models.

protocol-end: The last value of the protocol index, must be greater than or equal to the initial value of the protocol index.

all: All protocols.

Description

Use the port hybrid protocol-vlan command to associate a port with a protocol-based VLAN.

Use the undo port hybrid protocol-vlan command to remove the association between the port and the protocol-based VLAN.

Executed in Ethernet interface view, the command applies the configuration to the current port only whereas in port group view, the command applies the configuration to all ports in the port group.

Note that only hybrid ports support the above feature. Before issuing this command, ensure that the hybrid port has been added to the VLAN to be associated with and that the VLAN has been assigned with a protocol.

Related commands: display protocol-vlan interface.

Examples

# Associate hybrid port Ethernet 1/1/1 with protocol 0 in the protocol-based VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-Vlan2] protocol-vlan at

[Sysname] interface ethernet 1/1/1

[Sysname-Ethernet1/1/1] port link-type hybrid

[Sysname-Ethernet1/1/1] port hybrid vlan 2 tagged

[Sysname-Ethernet1/1/1] port hybrid protocol-vlan vlan 2 0

1.3.4 protocol-vlan

Syntax

protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }

undo protocol-vlan { protocol-index [ to protocol-end ] | all }

View

VLAN view

Default Level

2: System level

Parameters

at: Specifies the AppleTalk based VLAN.

ipv4: Specifies the IPv4 based VLAN.

ipv6: Specifies the IPv6 based VLAN.

ipx: Specifies the IPX based VLAN. The keywords ethernetii, llc, raw, and snap are four encapsulation formats of IPX, and default is ethernetii.

mode: Configures self-defined protocol template for the VLAN, which has four encapsulation formats: ethernetii, llc, raw, and snap.

ethernetii etype etype-id: Specifies to match Ethernet II encapsulation and the corresponding protocol type. The etype-id argument is the Ethernet type of inbound packets, in the range 0x0600 to 0xFFFF (excluding 0x0800, 0x809b, 0x8137, and 0x86dd).

llc: Specifies the encapsulation format for Ethernet packets to be llc.

dsap dsap-id: Specifies the destination service access point.

ssap ssap-id: Specifies the source service access point.

snap etype etype-id: Specifies to match SNAP encapsulation and the corresponding protocol type. The etype-id argument is the Ethernet type of inbound packets, in the range 0x0600 to 0xFFFF (excluding ipx snap under the snap encapsulation format).

protocol-index: Start protocol index. The system will automatically assign an index if this parameter is not specified.

to protocol-end: Specifies the end protocol index. The protocol-end argument must be greater than or equal to protocol-index.

all: Specifies all protocol indexes.

Caution:

l You cannot configure both dsap-id and ssap-id as 0xE0 or 0xFF; otherwise the matching packets will take the same encapsulation format as that of the ipx llc packets and the ipx raw packets respectively. If either dsap-id or ssap-id is configured, the system sets the other to 0xAA by default.

l To prevent a user-defined protocol template configured with the mode keyword from conflicting with a standard template, you cannot set the etype-id argument for ethernetii packets to 0x0800, 0x86DD, 0x8137, or 0x809B. The four values stand for IPv4, IPv6, IPX, and AppleTalk respectively.

Description

Use the protocol-vlan command to configure the VLAN as a protocol based VLAN and the protocol template.

Use the undo protocol-vlan command to remove the configured protocol template.

Related commands: display protocol-vlan vlan.

Caution:

Due to the close relationship between IPv4 and ARP (the protocol index of ARP is 0x0806), it is recommended to bind the two protocols to the same VLAN and associate them to the same port to avoid that ARP packets and IP packets are not assigned to the same VLAN, which will cause abnormal communication.

Examples

# Specify VLAN 2 as the protocol-based VLAN to transmit IPv4 packets.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] protocol-vlan ipv4

Chapter 2 Super VLAN Configuration Commands

2.1 Super VLAN Configuration Commands

2.1.1 display supervlan

Syntax

display supervlan [ supervlan-id ]

View

Any view

Default Level

1: Monitor level

Parameters

supervlan-id: Super VLAN ID.

Description

Use the display supervlan command to display the mapping between the specified super VLAN and the sub-VLANs, and their related information.

Related commands: supervlan, subvlan.

Examples

# Display the mapping between a super VLAN and its sub-VLANs.

<Sysname> display supervlan 25

SuperVLAN ID : 25

SubVLAN ID : 26-30

VLAN ID: 25

VLAN Type: static

It is a Super VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0025

Tagged Ports: none

Untagged Ports: none

VLAN ID: 26

VLAN Type: static

It is a Sub VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0026

Tagged Ports: none

Untagged Ports: none

VLAN ID: 27

VLAN Type: static

It is a Sub VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0027

Tagged Ports: none

Untagged Ports: none

VLAN ID: 28

VLAN Type: static

It is a Sub VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0028

Tagged Ports: none

Untagged Ports: none

VLAN ID: 29

VLAN Type: static

It is a Sub VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0029

Tagged Ports: none

Untagged Ports: none

VLAN ID: 30

VLAN Type: static

It is a Sub VLAN.

Route Interface: configured

IP Address: 10.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0030

Tagged Ports: none

Untagged Ports: none

Table 2-1 Description on the fields of the display supervlan command

Field	Description
Route Interface	Whether VLAN interface is configured or not.
Tagged Ports	Ports through which packets are sent with VLAN tag kept.
Untagged Ports	Ports through which packets are sent with VLAN tag stripped.

2.1.2 subvlan

Syntax

subvlan vlan-list

undo subvlan [ vlan-list ]

View

VLAN view

Default Level

2: System level

Parameters

vlan-list: Sub-VLAN list, in the format of vlan-list = { vlan-id [ to vlan-id2 }&<1-10>, in which vlan-id represents the sub-VLAN ID. &<1-10> indicates you can specify up to 10 sub-VLANs or sub-VLAN lists.

Description

Use the subvlan command to establish the mapping between a super VLAN and the sub-VLAN (s).

The current VLAN is the super VLAN whereas the VLANs specified by the vlan-list aregument are the sub-VLANs.

Use the undo subvlan command to remove the mapping between a super VLAN and the sub-VLAN (s).

Note:

l Ensure that a sub-VLAN already exists before mapping it to a super VLAN.

l Do not configure a sub-VLAN with a VLAN interface. If configured, the sub-VLAN cannot be mapped to a super VLAN.

l It is still possible to add /delete a port to/from a sub-VLAN after establishing a mapping between it and a super VLAN.

l Execution of the undo subvlan command without the vlan-list parameter will delete the mapping between the specified super VLAN and all sub-VLANs, while execution of the command with the parameter will only delete the mapping between the current super VLAN and the parameter specified sub-VLANs.

Related commands: display supervlan.

Examples

# Establish a mapping between VLAN 10 (as a super VLAN) and VLAN 3, VLAN 4, VLAN 5, and VLAN 9 (all as sub-VLANs).

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] subvlan 3 to 5 9

2.1.3 supervlan

Syntax

supervlan

undo supervlan

View

VLAN view

Default Level

2: System level

Parameters

None

Description

Use the supervlan command to configure the current VLAN as a super VLAN.

Use the undo supervlan command to remove the super VLAN configuration for the current VLAN.

Note that after a VLAN is specified as a super VLAN, it cannot be specified as a guest VLAN for a port any more, and vice versa. For more information about guest VLAN, refer to 802.1 x Configuration in the Security Volume.

Caution:

l If a port is already added to a VLAN, the VLAN cannot be configured as a super VLAN.

l VLAN 1 cannot be configured as a super VLAN.

l An isolate-user-vlan cannot be configured as a super VLAN.

Related commands: display supervlan.

Examples

# Configure VLAN 2 as a super VLAN.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] supervlan

Chapter 3 Isolate-User-VLAN Configuration Commands

3.1 Isolate-User-VLAN Configuration Commands

3.1.1 display isolate-user-vlan

Syntax

display isolate-user-vlan [ isolate-user-vlan-id ]

View

Any view

Default Level

1: Monitor level

Parameters

isolate-user-vlan-id: VLAN ID of an isolate-user-VLAN.

Description

Use the display isolate-user-vlan command to display the mapping between an isolate-user-VLAN and the secondary VLAN(s).

Related commands: isolate-user-vlan, isolate-user-vlan enable.

Examples

# Display the mapping between an isolate-user-VLAN and secondary VLANs.

<Sysname> display isolate-user-vlan

Isolate-user-VLAN VLAN ID : 25

Secondary VLAN ID : 26-27

VLAN ID: 25

VLAN Type: static

Isolate-user-VLAN type : isolate-user-VLAN

Route Interface: configured

IP Address: 10.0.0.1

Subnet Mask: 255.255.255.0

Description: VLAN 0025

Tagged Ports: none

Untagged Ports:

GigabitEthernet4/3/1 GigabitEthernet4/3/2 GigabitEthernet4/3/3

VLAN ID: 26

VLAN Type: static

Isolate-user-VLAN type: secondary

Route Interface: not configured

Description: VLAN 0026

Tagged Ports: none

Untagged Ports:

GigabitEthernet4/3/1 GigabitEthernet4/3/2

VLAN ID: 27

VLAN Type: static

Isolate-user-VLAN type: secondary

Route Interface: not configured

Description: VLAN 0027

Tagged Ports: none

Untagged Ports:

GigabitEthernet4/3/1 GigabitEthernet4/3/3

Table 3-1 Description on the fields of the display isolate-user-vlan command

Field	Description
Route Interface	Whether VLAN interface is configured or not.
Tagged Ports	Ports through which packets are sent with VLAN tag kept.
Untagged Ports	Ports through which packets are sent with VLAN tag stripped.

3.1.2 isolate-user-vlan

Syntax

isolate-user-vlan isolate-user-vlan-id secondary secondary-vlan-id [ to secondary-vlan-id ]

undo isolate-user-vlan isolate-user-vlan-id [ secondary secondary-vlan-id [ to secondary-vlan-id ]

View

System view

Default Level

2: System level

Parameters

isolate-user-vlan-id: VLAN ID of an isolate-user-VLAN.

secondary secondary-vlan-id [ to secondary-vlan-id ]: Specifies a secondary VLAN ID or a secondary VLAN ID range.

Description

Use the isolate-user-vlan command to create the mapping between an isolate-user-vlan and the secondary VLAN(s).

Use the undo isolate-user-vlan command to delete the mapping between an isolate-user-vlan and the secondary VLANs.

By default, there is no mapping between the isolate-user-vlan and the secondary VLANs.

Note that:

l To use the isolate-user-vlan command, the isolate-user-VLAN and the secondary VLAN(s) must exist, and the VLAN specified by isolate-user-vlan-id is already configured as the isolate-user-VLAN.

l To use the isolate-user-vlan command, the secondary VLAN(s) must have at least one port (non trunk port). The default VLAN of the port must be the secondary VLAN. Otherwise, the command can not be used. After the execution of the command, this kind of ports in the secondary VLAN(s) all change to hybrid ports and the VLANs allowed on the ports increase (it equals to executing the port hybrid vlan isolate-user-vlan-id untagged command on the ports). In this case, if you execute the undo isolate-user-vlan command, the port type does not change, but the VLANs allowed on the ports change (it equals to executing the undo port hybrid vlan isolate-user-vlan-id command on the ports).

l To use the isolate-user-vlan command, the isolate-user-VLAN must have at least one port (non trunk port). The default VLAN of the port must be the isolate-user-VLAN. Otherwise, the command can not be used. After the execution of the command, this kind of ports all change to hybrid ports and the VLANs allowed on the ports increase (it equals to executing the port hybrid vlan secondary-vlan-id untagged command on the ports). In this case, if you execute the undo isolate-user-vlan command, the port type does not change, but the VLANs allowed on the ports change (it equals to executing the undo port hybrid vlan secondary-vlan-id command on the ports).

l Executed without the secondary secondary-vlan-id parameter, the undo isolate-user-vlan command deletes the mapping between the specified isolate-user-VLAN and all secondary VLANs, while with the parameter specified, the commands deletes the mapping between the specified isolate-user-VLAN and the specified secondary VLANs.

& Note:

After the mapping between the isolate-user-VLAN and the secondary VLANs is created, no port can be added to or removed from the isolate-user-VLAN or the secondary VLAN(s), and the isolate-user-VLAN or the secondary VLAN(s) cannot be removed. Only after the mapping is deleted are the above operations possible.

Related commands: display isolate-user-vlan.

Examples

# Associate the isolate-user-VLAN 2 to the secondary VLANs VLAN 2 through VLAN 5.

<Sysname> system-view

[Sysname] isolate-user-vlan 10 secondary 2 to 5

3.1.3 isolate-user-vlan enable

Syntax

isolate-user-vlan enable

undo isolate-user-vlan enable

View

VLAN view

Default Level

2: System level

Parameters

None

Description

Use the isolate-user-vlan enable command to configure the current VLAN as an isolate-user-VLAN.

Use the isolate-user-vlan enable command to remove the isolate-user-VLAN configuration for a specified VLAN.

By default, no VLAN is an isolate-user-VLAN.

An isolate-user-VLAN may include multiple ports, including those that are connected to upstream devices.

& Note:

To create an isolate-user-VLAN, you need to disable the GVRP function of the switch first; otherwise, the isolate-user-VLAN cannot be created, and vice versa.

Related commands: display isolate-user-vlan.

Examples

# Configure VLAN 5 to be an isolate-user-VLAN.

<Sysname> system-view

[Sysname] vlan 5

[Sysname-vlan5] isolate-user-vlan enable

H3C S9500 Command Manual-Release2132[V2.03]-01 IP Access Volume

Chapter 1 VLAN Configuration Commands

1.1 VLAN Configuration Commands

1.1.2 display interface vlan-interface

1.1.3 display vlan

1.1.4 interface vlan-interface

1.1.7 vlan

1.2 Port-Based VLAN Configuration Commands

1.2.5 port link-type

1.3 Protocol-Based VLAN Configuration Commands

1.3.1 display protocol-vlan interface

1.3.2 display protocol-vlan vlan

Chapter 2 Super VLAN Configuration Commands

2.1.1 display supervlan

2.1.2 subvlan

2.1.3 supervlan

3.1.1 display isolate-user-vlan

3.1.2 isolate-user-vlan

3.1.3 isolate-user-vlan enable

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us