- Table of Contents
-
- H3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)
- 00-1Cover
- 00-2Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Confiugration Operation
- 06-GVRP Operation
- 07-Port Basic Configuration Operation
- 08-Link Aggregation Operation
- 09-Port Isolation Operation
- 10-DLDP Operation
- 11-MAC Address Table Operation
- 12-MSTP Operation
- 13-Multicast Operation
- 14-Routing Protocol Operation
- 15-802.1x Operation
- 16-AAA-RADIUS-HWTACACS Operation
- 17-Centralized MAC Address Authentication Operation
- 18-DHCP Operation
- 19-ARP Operation
- 20-ACL Operation
- 21-QoS Operation
- 22-Mirroring Operation
- 23-Cluster Operation
- 24-SNMP and RMON Operation
- 25-NTP Operation
- 26-SSH Terminal Service Operation
- 27-File System Management Operation
- 28-FTP and TFTP Operatio
- 29-Information Center Operation
- 30-System Maintenance and Debugging Operation
- 31-VLAN VPN Operation
- 32-HWPing Operation
- 33-DNS Operation
- 34-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
04-VLAN Operation | 125.65 KB |
2.1.1 Basic VLAN Configuration
2.1.2 Basic VLAN Interface Configuration
2.1.3 Displaying VLAN Configuration
2.2 Configuring a Port-Based VLAN
2.2.1 Configuring a Port-Based VLAN
2.2.2 Protocol-Based VLAN Configuration Example
Chapter 1 VLAN Overview
1.1 VLAN Overview
1.1.1 Introduction to VLAN
The traditional Ethernet is a flat network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches. The hub is a physical layer device without the switching function, so it forwards the received packet to all ports. The switch is a link layer device which can forward the packet according to the MAC address of the packet. However, when the switch receives a broadcast packet or an unknown unicast packet whose MAC address is not included in the MAC address table of the switch, it will forward the packet to all the ports except the inbound port of the packet. In this case, a host in the network receives a lot of packets whose destination is not the host itself. Thus, plenty of bandwidth resources are wasted, causing potential serious security problems.
The traditional way to isolate broadcast domains is to use routers. However, routers are expensive and provide few ports, so they cannot subnet the network particularly.
The virtual local area network (VLAN) technology is developed for switches to control broadcast in LANs.
By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN communicate with each other as if they are in a LAN. However, hosts in different VLANs cannot communicate with each other directly. Figure 1-1 illustrates a VLAN implementation.
Figure 1-1 A VLAN implementation
A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment.
Compared with the traditional Ethernet, VLAN enjoys the following advantages.
l Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves network performance.
l Network security is improved. VLANs cannot communicate with each other directly. That is, a host in a VLAN cannot access resources in another VLAN directly, unless routers or Layer 3 switches are used.
l Network configuration workload for the host is reduced. VLAN can be used to group specific hosts. When the physical position of a host changes within the range of the VLAN, you need not change its network configuration.
1.1.2 VLAN Principles
VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at Layer 2 (Layer 3 switches are not discussed in this chapter) and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into only the data link layer encapsulation if necessary.
In 1999, IEEE issues the IEEE 802.1Q protocol to standardize VLAN implementation, defining the structure of VLAN-tagged packets.
In traditional Ethernet data frames, the type field of the upper layer protocol is encapsulated after the destination MAC address and source MAC address, as shown in Figure 1-2
Figure 1-2 Encapsulation format of traditional Ethernet frames
In Figure 1-2 DA refers to the destination MAC address, SA refers to the source MAC address, and Type refers to the protocol type of the packet. IEEE 802.1Q protocol defines that a 4-byte VLAN tag is encapsulated after the destination MAC address and source MAC address to show the information about VLAN.
As shown in Figure 1-3, a VLAN tag contains four fields, including TPID, priority, CFI, and VLAN ID.
l TPID is a 16-bit field, indicating that this data frame is VLAN-tagged. By default, it is 0x8100 in H3C series Ethernet switches.
l Priority is a 3-bit field, referring to 802.1p priority. Refer to section “QoS & QoS profile” for details.
l CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the standard format in different transmission media. This field is not described in detail in this chapter.
l VLAN ID is a 12-bit field, indicating the ID of the VLAN to which this packet belongs. It is in the range of 0 to 4,095. Generally, 0 and 4,095 is not used, so the field is in the range of 1 to 4,094.
VLAN ID identifies the VLAN to which a packet belongs. When the switch receives a packet carrying no VLAN tag, it will encapsulate a VLAN tag with the default VLAN ID of the inbound port for the packet, and the packet will be assigned to the default VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to section “Port Basic Configuration” in H3C S3100-52P Ethernet Switch Operation Manual.
1.2 Port-Based VLAN
Port-based VLAN technology introduces the simplest way to classify VLANs. You can isolate the hosts and divide them into different virtual workgroups through assigning the ports on the device connecting to hosts to different VLANs.
This way is easy to implement and manage and it is applicable to hosts with relatively fixed positions.
Chapter 2 VLAN Configuration
2.1 VLAN Configuration
2.1.1 Basic VLAN Configuration
Table 2-1 Basic VLAN configuration
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Create multiple VLANs in batch |
vlan { vlan-id1 to vlan-id2 | all } |
Optional |
Create a VLAN and enter VLAN view |
vlan vlan-id |
Required The vlan-id argument ranges from 1 to 4,094. |
Assign a name for the current VLAN |
name text |
Optional By default, the name of a VLAN is its VLAN ID. |
Specify the description string of the current VLAN |
description text |
Optional By default, the description string of a VLAN is its VLAN ID. |
Caution:
When you use the vlan command to create VLANs, if the destination VLAN is an existing dynamic VLAN, it will be transformed into a static VLAN and the switch will output the prompt information.
2.1.2 Basic VLAN Interface Configuration
I. Configuration prerequisites
Create a VLAN before configuring a VLAN interface.
II. Configuration procedure
Table 2-2 Basic VLAN interface configuration
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Create a VLAN interface and enter VLAN interface view |
interface Vlan-interface vlan-id |
Required The vlan-id argument ranges from 1 to 4,094. |
Specify the description string for the current VLAN interface |
description text |
Optional By default, the description string of a VLAN interface is the name of this VLAN interface |
Disable the VLAN interface |
shutdown |
Optional |
Enable the VLAN Interface |
undo shutdown |
Optional |
Note that the operation of enabling/disabling a VLAN interface does not influence the enabling/disabling states of the Ethernet ports belonging to this VLAN.
By default, the VLAN interface’s management state is enabled. In this case, the physical state of the VLAN interface is affected by the ports state in the VLAN. When all the Ethernet ports of a VLAN are down, the VLAN interface of the VLAN is down, that is, the VLAN interface is disabled; when one or more Ethernet ports of a VLAN are up, the VLAN interface of the VLAN is up, that is, the VLAN interface is enabled.
If you disable the VLAN interface’s management state, the VLAN interface will always be down, regardless of the states of the ports in the VLAN.
Caution:
H3C S3100-52P Ethernet switch supports only one VLAN interface. And the VLAN where the VLAN interface resides must be the management VLAN of the switch.
For detail, refer to the section "Management VLAN Configuration – Operation" in H3C S3100-52P Ethernet Switch Operation Manual.
2.1.3 Displaying VLAN Configuration
After the configuration above, you can execute the display command in any view to display the running status after the configuration, so as to verify the configuration.
Table 2-3 Display VLAN configuration
Operation |
Command |
Description |
Display the VLAN interface information |
display interface Vlan-interface [ vlan-id ] |
You can execute the display command in any view. |
Display the VLAN information |
display vlan [ vlan-id [ to vlan-id ] | all | dynamic | static ] |
2.2 Configuring a Port-Based VLAN
2.2.1 Configuring a Port-Based VLAN
I. Configuration prerequisites
Create a VLAN before configuring a port-based VLAN.
II. Configuration procedure
Table 2-4 Configure a port-based VLAN
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Add Ethernet ports to the specific VLAN |
port interface-list |
Required By default, all the ports belong to the default VLAN |
Caution:
The commands above are effective for access ports only. If you want to add trunk ports or hybrid ports to a VLAN, you can use the port trunk permit vlan command or the port hybrid vlan command in Ethernet port view. For the configuration procedure, refer to the section "Port Basic Configuration – Operation" in H3C S3100-52P Ethernet Switch Operation Manual.
2.2.2 Protocol-Based VLAN Configuration Example
I. Network requirements
l Create VLAN 2 and VLAN 3 and specify the description string of VLAN 2 as home;
l Add Ethernet1/0/1 and Ethernet1/0/2 to VLAN 2 and add Ethernet1/0/3 and Ethernet1/0/4 to VLAN 3.
II. Network diagram
Figure 2-1 Network diagram for VLAN configuration
III. Configuration procedure
# Create VLAN 2 and enter its view.
<H3C> system-view
[H3C] vlan 2
# Specify the description string of VLAN 2 as home.
[H3C-vlan2] description home
# Add Ethernet1/0/1 and Ethernet1/0/2 ports to VLAN 2.
[H3C-vlan2] port Ethernet 1/0/1 Ethernet 1/0/2
# Create VLAN 3 and enter its view.
[H3C-vlan2] vlan 3
# Add Ethernet1/0/3 and Ethernet1/0/4 ports to VLAN 3.
[H3C-vlan3] port Ethernet 1/0/3 Ethernet 1/0/4