Login
- Table of Contents
-
- H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)
- 00-1Cover
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-GVRP Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-IP Addressing and Performance Configuration Guide
- 06-QinQ Configuration Guide
- 07-BPDU Tunnel Configuration Guide
- 08-VLAN Mapping Configuration Guide
- 09-MAC Address Table Management Configuration Guide
- 10-Link Aggregation Configuration Guide
- 11-IP Source Guard Configuration Guide
- 12-DLDP Configuration Guide
- 13-MSTP Configuration Guide
- 14-IPv4 Routing Configuration Guide
- 15-IPv6 Configuration Guide
- 16-IPv6 Routing Configuration Guide
- 17-IPv4 Multicast Configuration Guide
- 18-IPv6 Multicast Configuration Examples
- 19-802.1x Configuration Guide
- 20-AAA Configuration Guide
- 21-MAC Authentication Configuration Guide
- 22-Portal Configuration Guide
- 23-ARP Configuration Guide
- 24-DHCP Configuration Guide
- 25-ACL Configuration Guide
- 26-QoS Configuration Guide
- 27-Port Mirroring Configuration Guide
- 28-Cluster Management Configuration Guide
- 29-SNMP-RMON Configuration Guide
- 30-NTP Configuration Guide
- 31-FTP-TFTP Configuration Guide
- 32-UDP Helper Configuration Guide
- 33-Information Center Configuration Guide
- 34-DNS Configuration Guide
- 35-File System Management Configuration Guide
- 36-Remote Upgrade Configuration Guide
- 37-NQA Configuration Guide
- 38-VRRP Configuration Guide
- 39-SSH Configuration Guide
- 40-Port Security Configuration Guide
- 41-Port Isolation Configuration Guide
- 42-LLDP Configuration Guide
- 43-MCE Configuration Guide
- 44-PoE Configuration Guide
- 45-OAM Configuration Guide
- 46-Connectivity Fault Detection Configuration Guide
- 47-RRPP Configuration Guide
- 48-sFlow Configuration Guide
- 49-SSL-HTTPS Configuration Guide
- 50-PKI Configuration Guide
- 51-Track Configuration Guide
- 52-EPON-OLT Configuration Guide
- 53-Smart Link Configuration Guide
- 54-MPLS Configuration Guide
- Related Documents
-
02-VLAN Configuration Guide
Table of Contents
Networking and Configuration Requirements
Networking and Configuration Requirements
Configuring Protocol-Based VLAN
Networking and Configuration Requirements
Configuring IP Subnet-Based VLAN
Networking and Configuration Requirements
Networking and Configuration Requirements
Networking and Configuration Requirements
1 VLAN Configuration Guide
Configuring Port-Based VLAN
Network Diagram
Figure 1-1 Network diagram for port-based VLAN configuration
Networking and Configuration Requirements
l As shown in Figure 1-1, Switch A and Switch B connect to Host 1 and Server 1 of a department and Host 2 and Server 2 of another department.
l To isolate the communication between the two departments at Layer 2, assign Host 1 and Server 1 to VLAN 100 with the descriptive string being Dept1, and Host 2 and Server 2 to VLAN 200 with the descriptive string being Dept2.
l Configure VLAN interfaces for the two VLANs on Switch A for forwarding data from Host 1 to Server 2 at Layer 3.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
|
Release 1301 |
S5500-20TP-SI |
|
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Configuration on Switch A
# Create VLAN 100, specify its descriptive string as Dept1, and assign GigabitEthernet 1/0/1 to VLAN 100.
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100] description Dept1
[SwitchA-vlan100] port GigabitEthernet 1/0/1
[SwitchA-vlan100] quit
# Create VLAN 200, and specify its descriptive string as Dept2.
[SwitchA] vlan 200
[SwitchA-vlan200] description Dept2
[SwitchA-vlan200] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 192.168.1.1 24
[SwitchA-Vlan-interface100] quit
[SwitchA] interface Vlan-interface 200
[SwitchA-Vlan-interface200] ip address 192.168.2.1 24
l Configuration on Switch B
# Create VLAN 100, specify its descriptive string as Dept1, and assign GigabitEthernet 1/0/13 to VLAN 100.
<SwitchB> system-view
[SwitchB] vlan 100
[SwitchB-vlan100] description Dept1
[SwitchB-vlan100] port GigabitEthernet 1/0/13
[SwitchB-vlan100] quit
# Create VLAN 200, specify its descriptive string as Dept2, and assign GigabitEthernet 1/0/11 and GigabitEthernet 1/0/12 to VLAN 200.
[SwitchB] vlan 200
[SwitchB-vlan200] description Dept2
[SwitchB-vlan200] port GigabitEthernet1/0/11 GigabitEthernet 1/0/12
[SwitchB-vlan200] quit
l Configure the link between Switch A and Switch B.
Because the link between Switch A and Switch B needs to transmit data of both VLAN 100 and VLAN 200, you can configure the ports at both ends of the link as trunk ports and assign the two ports to the two VLANs.
# Configure GigabitEthernet 1/0/2 of Switch A as a trunk port and assign it to VLAN 100 and VLAN 200.
[SwitchA] interface GigabitEthernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Configure GigabitEthernet 1/0/10 of Switch B as a trunk port and assign it to VLAN 100 and VLAN 200.
[SwitchB] interface GigabitEthernet 1/0/10
[SwitchB-GigabitEthernet1/0/10] port link-type trunk
[SwitchB-GigabitEthernet1/0/10] port trunk permit vlan 100 200
Complete Configuration
l Configuration on Switch A
#
vlan 100
description dept1
#
vlan 200
description dept2
#
interface Vlan-interface 100
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface 200
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 100
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 100 200
l Configuration on Switch B
#
vlan 100
description dept1
#
vlan 200
description dept2
#
interface GigabitEthernet1/0/10
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/11
port access vlan 200
#
interface GigabitEthernet1/0/12
port access vlan 200
#
interface GigabitEthernet1/0/13
port access vlan 100
Configuration Guidelines
None
Configuring MAC-Based VLAN
Network Diagram
Figure 1-2 Network diagram for MAC-based VLAN configuration
Networking and Configuration Requirements
l As shown in 0, GigabitEthernet 1/0/1 of Switch A and GigabitEthernet 1/0/1 of Switch B are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meeting and each of them may be used in any of the two meeting rooms.
l Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 and VLAN 200 respectively. It is required that each Laptop could access only its corresponding server regardless of the meeting room it is used in.
l The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69.
Applicable Product Matrix
|
Product series |
Software version |
|
|
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
|
Release 1301 |
S5500-20TP-SI |
|
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Configuration on Switch A
# Create VLAN 100 and VLAN 200, configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100 and VLAN 200.
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] quit
[SwitchA] interface GigabitEthernet1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
[SwitchA-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/1 as a hybrid port and assign it to VLAN 100 and VLAN 200 in untagged mode.
[SwitchA] interface GigabitEthernet1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
[SwitchA-GigabitEthernet1/0/1] quit
# Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. Enable MAC-based VLAN on GigabitEthernet 1/0/1.
[SwitchA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
[SwitchA] mac-vlan mac-address 0014-222c-aa69 vlan 200
[SwitchA] interface GigabitEthernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] mac-vlan enable
l Configuration on SwitchB
The configuration on Switch B is the same as that on Switch A.
l Configuration on Core Switch
# Create VLAN 100, and assign GigabitEthernet 1/0/13 to VLAN 100. Create VLAN 200 and assign GigabitEthernet 1/0/14 to VLAN 200.
<CoreSwitch> system-view
[CoreSwitch] vlan 100
[CoreSwitch-vlan100] port gigabitethernet 1/0/13
[CoreSwitch-vlan100] quit
[CoreSwitch] vlan 200
[CoreSwitch-vlan200] port gigabitethernet 1/0/14
[CoreSwitch-vlan200] quit
# Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 as trunk ports, and assign them to VLAN 100 and VLAN 200.
[CoreSwitch] interface GigabitEthernet1/0/3
[CoreSwitch-GigabitEthernet1/0/3] port link-type trunk
[CoreSwitch-GigabitEthernet1/0/3] port trunk permit vlan 100 200
[CoreSwitch-GigabitEthernet1/0/3] quit
[CoreSwitch] interface GigabitEthernet1/0/4
[CoreSwitch-GigabitEthernet1/0/4] port link-type trunk
[CoreSwitch-GigabitEthernet1/0/4] port trunk permit vlan 100 200
[CoreSwitch-GigabitEthernet1/0/4] quit
Complete Configuration
l Configuration on Switch A
#
mac-vlan mac-address 000d-88f8-4e71 vlan 100 priority 0
mac-vlan mac-address 0014-222c-aa69 vlan 200 priority 0
#
vlan 100
#
vlan 200
#
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
mac-vlan enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 100 200
The configuration on Switch B is the same as that on Switch A.
l Configuration on Core Switch
#
vlan 100
#
vlan 200
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/13
port access vlan 100
#
interface GigabitEthernet1/0/14
port access vlan 200
Configuration Guidelines
MAC-based VLANs are supported only on hybrid ports.
Configuring Protocol-Based VLAN
Network Diagram
Figure 1-3 Network diagram for protocol-based VLAN configuration
Networking and Configuration Requirements
As shown in 0, configure protocol-based VLANs on the switch to satisfy the following requirements:
l IPv4 hosts in the office area and lab area can communicate with the IPv4 server; IPv6 hosts in the office area and lab area can communicate with the IPv6 server.
l The IPv4 server and IPv6 server are in different VLANs.
l IPv4 packets are isolated from IPv6 packets through VLANs.
l The IPv4 network uses VLAN 100, and IPv6 network uses VLAN 200.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Configure the uplink port
# Create VLAN 100, and assign GigabitEthernet 1/0/11 to VLAN 100.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] port GigabitEthernet 1/0/11
# Create VLAN 200, and assign GigabitEthernet 1/0/12 to VLAN 200.
[Sysname-vlan100] quit
[Sysname] vlan 200
[Sysname-vlan200] port GigabitEthernet 1/0/12
# Configure protocol templates and associate them with the corresponding downlink ports.
# Create a protocol template for VLAN 100 to carry IPv4 and a protocol template for VLAN 200 to carry IPv6.
[Sysname-vlan200] protocol-vlan ipv6
[Sysname-vlan200] quit
[Sysname] vlan100
[Sysname-vlan100] protocol-vlan ipv4
[Sysname-vlan100] quit
# Configure GigabitEthernet 1/0/1 as a hybrid port and assign it to VLAN 100 and VLAN 200 in untagged mode.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
# Associate GigabitEthernet 1/0/1 with protocol template 0 of VLAN 100 and protocol template 0 of VLAN 200.
[Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 0
[Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 0
# Configure GigabitEthernet 1/0/2 as a hybrid port and assign it to VLAN 100 and VLAN 200 in untagged mode. Associate it with protocol template 0 of VLAN 100 and protocol template 0 of VLAN 200.
[Sysname] interface GigabitEthernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port link-type hybrid
[Sysname-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
[Sysname-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 0
[Sysname-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 0
Complete Configuration
#
vlan 100
protocol-vlan 0 ipv4
#
vlan 200
protocol-vlan 0 ipv6
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid protocol-vlan vlan 100 0
port hybrid protocol-vlan vlan 200 0
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid protocol-vlan vlan 100 0
port hybrid protocol-vlan vlan 200 0
#
interface Ethernet1/0/11
port access vlan 100
#
interface Ethernet1/0/12
port access vlan 200
Configuration Guidelines
None
Configuring IP Subnet-Based VLAN
Network Diagram
Figure 1-4 Network diagram for IP subnet-based VLAN configuration
Networking and Configuration Requirements
As shown in 0, hosts in the office area are configured on two network segments 192.168.5.0/24 and 10.200.50.0/24. Configure IP subnet-based VLANs on the switch to enable GigabitEthernet 1/0/1 of the switch to transmit packets received from different network segments in different VLANs to the corresponding gateways (Router A and Router B).
Packets from network segment 192.168.5.0/24 are transmitted in VLAN 100, and packets from network segment 10.200.50.0/24 are transmitted in VLAN 200.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Configure the uplink port
# Create VLAN 100, and assign GigabitEthernet 1/0/12 to VLAN 100.
[Sysname] vlan 100
[Sysname-vlan100] port GigabitEthernet 1/0/12
# Create VLAN 200, and assign GigabitEthernet 1/0/11 to VLAN 200.
[Sysname-vlan100] quit
[Sysname] vlan 200
[Sysname-vlan200] port GigabitEthernet 1/0/11
l Configure IP subnet-based VLANs and associate them with the downlink port.
# Associate network segment 10.200.50.0/24 with VLAN 200 and network segment 192.168.5.0/24 with VLAN 100.
[Sysname-vlan200] ip-subnet-vlan ip 10.200.50.0 255.255.255.0
[Sysname-vlan200] quit
[Sysname] vlan100
[Sysname-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0
# Configure GigabitEthernet 1/0/1 as a hybrid port and assign it to VLAN 100 and VLAN 200 in untagged mode.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
# Associate GigabitEthernet 1/0/1 with the IP subnet-basedVLAN 100 and the IP subnet-based VLAN 200.
[Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100
[Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200
Complete Configuration
#
vlan 100
ip-subnet-vlan 0 ip 192.168.5.0 255.255.255.0
#
vlan 200
ip-subnet-vlan 0 ip 10.200.50.0 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid ip-subnet-vlan vlan 100
port hybrid ip-subnet-vlan vlan 200
#
interface Ethernet1/0/11
port access vlan 200
#
interface Ethernet1/0/12
port access vlan 100
Configuration Guidelines
None
Configuring Isolate-User-VLAN
Network Diagram
Figure 1-5 Network diagram for isolate-user-VLAN configuration
Networking and Configuration Requirements
Device B and Device C are located in two independent networks, each device configured with VLANs as required. Due to network design changes, you are required to use Device A to interconnect Device B and Device C. When doing that, consider the following:
l For security sake, devices attached to Device B should not communicate directly with devices attached to Device C. However, because the VLANs on Device B and Device C overlap, Host A and Host C will be in the same VLAN after the network design changes, which can result in safety problems, as shown in 0. To address the problem, you can use the isolate-user-VLAN function to make VLAN 2 and VLAN 3 on Device B and VLAN 3 and VLAN 4 on Device C become locally significant. On Device A, use VLAN 5 and VLAN 6 to isolate the two networks, without having to consider their respective internal VLAN configurations.
l Configure VLAN interfaces on Device A for forwarding packets between the two networks at Layer 3.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Configuration on Device B
# Configure VLAN 5 as an isolate-user-VLAN.
<DeviceB> system-view
[DeviceB] vlan 5
[DeviceB-vlan5] isolate-user-vlan enable
[DeviceB-vlan5] port GigabitEthernet 2/0/5
[DeviceB-vlan5] quit
# Configure VLAN 2 and VLAN 3.
[DeviceB] vlan 3
[DeviceB-vlan3] port GigabitEthernet 2/0/1
[DeviceB-vlan3] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port GigabitEthernet 2/0/2
[DeviceB-vlan2] quit
# Configure VLAN 2 and VLAN 3 as secondary VLANs under VLAN 5.
[DeviceB] isolate-user-vlan 5 secondary 2 to 3
l Configuration on Device C
# Configure VLAN 6 as an isolate-user-VLAN.
<DeviceC> system-view
[DeviceC] vlan 6
[DeviceC-vlan6] isolate-user-vlan enable
[DeviceC-vlan6] port GigabitEthernet 2/0/5
[DeviceC-vlan6] quit
# Configure VLAN 3 and VLAN 4.
[DeviceC] vlan 3
[DeviceC-vlan3] port GigabitEthernet 2/0/3
[DeviceC-vlan3] quit
[DeviceC] vlan 4
[DeviceC-vlan4] port GigabitEthernet 2/0/4
# Configure VLAN 3 and VLAN 4 as secondary VLANs under VLAN 6.
[DeviceC-vlan4] quit
[DeviceC] isolate-user-vlan 6 secondary 3 to 4
l Configuration on Device A
# Create VLAN 5 and VLAN 6. Assign GigabitEthernet 2/0/1 to VLAN 5, and assign GigabitEthernet 2/0/2 to VLAN 6. In this example, the two ports are access ports.
[DeviceA] vlan 5
[DeviceA-vlan5] port GigabitEthernet 2/0/1
[DeviceA-vlan5] quit
[DeviceA] vlan 6
[DeviceA-vlan6] port GigabitEthernet 2/0/2
[DeviceA-vlan6] quit
# Create VLAN-interface 5 and VLAN-interface 6, and assign IP addresses 192.168.0.1 and 192.168.1.1 to them respectively.
[DeviceA] interface Vlan-interface 5
[DeviceA-Vlan-interface5] ip address 192.168.0.1 24
[DeviceA-Vlan-interface5] quit
[DeviceA] interface Vlan-interface 6
[DeviceA-Vlan-interface6] ip address 192.168.1.1 24
Alternatively, you can configure GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 as trunk ports or hybrid ports, just making sure that the ports send packets of VLAN 5 and VLAN 6 untagged.
Complete Configuration
l Configuration on Device B
#
vlan 2 to 3
#
vlan 5
isolate-user-vlan enable
#
interface GigabitEthernet2/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 5 untagged
port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 5 untagged
port hybrid pvid vlan 2
#
interface GigabitEthernet2/0/5
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 3 5 untagged
port hybrid pvid vlan 5
#
isolate-user-vlan 5 secondary 2 3
l Configuration on Device C
#
vlan 3 to 4
#
vlan 6
isolate-user-vlan enable
#
interface GigabitEthernet2/0/3
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 6 untagged
port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/4
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 4 6 untagged
port hybrid pvid vlan 4
#
interface GigabitEthernet2/0/5
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 4 6 untagged
port hybrid pvid vlan 6
#
isolate-user-vlan 50 secondary 2 3
l Configuration on Device A
#
vlan 5 to 6
#
interface Vlan-interface 5
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface 6
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port access vlan 5
#
interface GigabitEthernet2/0/2
port access vlan 6
Configuration Guidelines
None
Configuring a Super VLAN
Network Diagram
Figure 1-6 Network diagram for super VLAN configuration
Networking and Configuration Requirements
As shown in Figure 1-6, Switch A works at the distribution layer to distribute traffic for the numerous hosts attached to the access switches connected to Switch A. All the hosts are assigned IP addresses from network segment 10.0.0.0/24. Switch A connects to the external network through VLAN-interface 20.
For management sake, assign these hosts to three VLANs to prevent Layer 2 communication between the hosts in different VLANs.
To save IP address resources, use VLAN-interface 10 on Switch A as the gateway to the external network for all the hosts in the three VLANs rather than assigning subnets for the VLANs separately. In addition, to enable the hosts in different VLANs to communicate at Layer 3, ARP proxy is used.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S7500E Series Ethernet Switches |
Release 6300 |
All versions |
Configuration Procedure
# Create VLAN 20, assign GigabitEthernet 2/0/20 to VLAN 20, and assign IP address 10.0.1.1/24 to VLAN-interface 20.
<Sysname> system-view
[Sysname] vlan 20
[Sysname-vlan20] port gigabitethernet 2/0/20
[Sysname-vlan20] quit
[Sysname] interface vlan-interface 20
[Sysname-Vlan-interface20] ip address 10.0.1.1 255.255.255.0
# Create VLAN 10, and assign IP address 10.0.0.1/24 to VLAN-interface 10.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] quit
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0
# Enable local ARP proxy on VLAN-interface 10 to permit ARP requests and replies to be exchanged between VLANs 2, 3 and 5.
[Sysname-Vlan-interface10] local-proxy-arp enable
[Sysname-Vlan-interface10] quit
# Create VLAN 2 and assign GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 to it.
[Sysname] vlan 2
[Sysname-vlan2] port GigabitEthernet 2/0/1 GigabitEthernet 2/0/2
# Create VLAN 3 and assign GigabitEthernet 2/0/3 and GigabitEthernet 2/0/4 to it.
[Sysname-vlan2] quit
[Sysname] vlan 3
[Sysname-vlan3] port GigabitEthernet 2/0/3 GigabitEthernet 2/0/4
# Create VLAN 5 and assign GigabitEthernet 2/0/5 and GigabitEthernet 2/0/6 to it.
[Sysname-vlan3] quit
[Sysname] vlan 5
[Sysname-vlan5] port GigabitEthernet 2/0/5 GigabitEthernet 2/0/6
# Configure VLAN 10 as the super VLAN, and VLAN 2, VLAN 3 and VLAN 5 as sub VLANs.
[Sysname-vlan5] quit
[Sysname] vlan 10
[Sysname-vlan10] supervlan
[Sysname-vlan10] subvlan 2 3 5
# Display information about VLAN 10 to verify the configurations.
<Sysname> display supervlan
SuperVLAN ID : 10
SubVLAN ID : 2-3 5
VLAN ID: 10
VLAN Type: static
It is a Super VLAN.
Route Interface: configured
IP Address: 10.0.0.1
Subnet Mask: 255.255.255.0
Description: VLAN 0010
Tagged Ports: none
Untagged Ports: none
VLAN ID: 2
VLAN Type: static
It is a Sub VLAN.
Route Interface: configured
IP Address: 10.0.0.1
Subnet Mask: 255.255.255.0
Description: VLAN 0002
Tagged Ports: none
Untagged Ports:
GigabitEthernet2/0/1 GigabitEthernet2/0/2
VLAN ID: 3
VLAN Type: static
It is a Sub VLAN.
Route Interface: configured
IP Address: 10.0.0.1
Subnet Mask: 255.255.255.0
Description: VLAN 0003
Tagged Ports: none
Untagged Ports:
GigabitEthernet2/0/3 GigabitEthernet2/0/4
VLAN ID: 5
VLAN Type: static
It is a Sub VLAN.
Route Interface: configured
IP Address: 10.0.0.1
Subnet Mask: 255.255.255.0
Description: VLAN 0005
Tagged Ports: none
Untagged Ports:
GigabitEthernet2/0/5 GigabitEthernet2/0/6
Complete Configuration
#
vlan 2 to 3
#
vlan 5
#
vlan 10
supervlan
subvlan 2 to 3 5
#
vlan 20
#
interface Vlan-interface10
ip address 10.0.0.1 255.255.255.0
local-proxy-arp enable
#
interface Vlan-interface20
ip address 10.0.1.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port access vlan 2
#
interface GigabitEthernet2/0/2
port access vlan 2
#
interface GigabitEthernet2/0/3
port access vlan 3
#
interface GigabitEthernet2/0/4
port access vlan 3
#
interface GigabitEthernet2/0/5
port access vlan 5
#
interface GigabitEthernet2/0/6
port access vlan 5
#
interface GigabitEthernet2/0/20
port access vlan 20
Configuration Guidelines
l For more information about the local-proxy-arp enable command and local ARP proxy, refer to ARP Configuration Guide.
l A super VLAN cannot be configured as a guest VLAN, and the opposite is also true. For more information about guest VLANs, refer to 802.1x Configuration Guide.
l You can configure the Layer 2 multicast function in a super VLAN. However, because a super VLAN does not contain any ports, the configuration will not take effect.
l You can configure DHCP, Layer 3 multicast, and dynamic route on the VLAN interface of a super VLAN, but only DHCP takes effect.
l You are recommended not to configure VRRP on the VLAN interface of a super VLAN, because the configuration can impact on network performance.
