H3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)

HomeSupportResource CenterSwitchesH3C S3100 Switch SeriesH3C S3100 Switch SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)
04-VLAN Operation
Title Size Download
04-VLAN Operation 125.65 KB

Chapter 1  VLAN Overview

1.1  VLAN Overview

1.1.1  Introduction to VLAN

The traditional Ethernet is a flat network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches. The hub is a physical layer device without the switching function, so it forwards the received packet to all ports. The switch is a link layer device which can forward the packet according to the MAC address of the packet. However, when the switch receives a broadcast packet or an unknown unicast packet whose MAC address is not included in the MAC address table of the switch, it will forward the packet to all the ports except the inbound port of the packet. In this case, a host in the network receives a lot of packets whose destination is not the host itself. Thus, plenty of bandwidth resources are wasted, causing potential serious security problems.

The traditional way to isolate broadcast domains is to use routers. However, routers are expensive and provide few ports, so they cannot subnet the network particularly.

The virtual local area network (VLAN) technology is developed for switches to control broadcast in LANs.

By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN communicate with each other as if they are in a LAN. However, hosts in different VLANs cannot communicate with each other directly. Figure 1-1 illustrates a VLAN implementation.

Figure 1-1 A VLAN implementation

A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment.

Compared with the traditional Ethernet, VLAN enjoys the following advantages.

l           Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves network performance.

l           Network security is improved. VLANs cannot communicate with each other directly. That is, a host in a VLAN cannot access resources in another VLAN directly, unless routers or Layer 3 switches are used.

l           Network configuration workload for the host is reduced. VLAN can be used to group specific hosts. When the physical position of a host changes within the range of the VLAN, you need not change its network configuration.

1.1.2  VLAN Principles

VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at Layer 2 (Layer 3 switches are not discussed in this chapter) and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into only the data link layer encapsulation if necessary.

In 1999, IEEE issues the IEEE 802.1Q protocol to standardize VLAN implementation, defining the structure of VLAN-tagged packets.

In traditional Ethernet data frames, the type field of the upper layer protocol is encapsulated after the destination MAC address and source MAC address, as shown in Figure 1-2

Figure 1-2 Encapsulation format of traditional Ethernet frames

In Figure 1-2 DA refers to the destination MAC address, SA refers to the source MAC address, and Type refers to the protocol type of the packet. IEEE 802.1Q protocol defines that a 4-byte VLAN tag is encapsulated after the destination MAC address and source MAC address to show the information about VLAN.

Figure 1-3 Format of VLAN tag

As shown in Figure 1-3, a VLAN tag contains four fields, including TPID, priority, CFI, and VLAN ID.

l           TPID is a 16-bit field, indicating that this data frame is VLAN-tagged. By default, it is 0x8100 in H3C series Ethernet switches.

l           Priority is a 3-bit field, referring to 802.1p priority. Refer to section “QoS & QoS profile” for details.

l           CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the standard format in different transmission media. This field is not described in detail in this chapter.

l           VLAN ID is a 12-bit field, indicating the ID of the VLAN to which this packet belongs. It is in the range of 0 to 4,095. Generally, 0 and 4,095 is not used, so the field is in the range of 1 to 4,094.

VLAN ID identifies the VLAN to which a packet belongs. When the switch receives a packet carrying no VLAN tag, it will encapsulate a VLAN tag with the default VLAN ID of the inbound port for the packet, and the packet will be assigned to the default VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to section “Port Basic Configuration” in H3C S3100-52P Ethernet Switch Operation Manual.

1.2  Port-Based VLAN

Port-based VLAN technology introduces the simplest way to classify VLANs. You can isolate the hosts and divide them into different virtual workgroups through assigning the ports on the device connecting to hosts to different VLANs.

This way is easy to implement and manage and it is applicable to hosts with relatively fixed positions.

 


Chapter 2  VLAN Configuration

2.1  VLAN Configuration

2.1.1  Basic VLAN Configuration

Table 2-1 Basic VLAN configuration

Operation

Command

Description

Enter system view

system-view

Create multiple VLANs in batch

vlan { vlan-id1 to vlan-id2 | all }

Optional

Create a VLAN and enter VLAN view

vlan vlan-id

Required

The vlan-id argument ranges from 1 to 4,094.

Assign a name for the current VLAN

name text

Optional

By default, the name of a VLAN is its VLAN ID.

Specify the description string of the current VLAN

description text

Optional

By default, the description string of a VLAN is its VLAN ID.

 

  Caution:

When you use the vlan command to create VLANs, if the destination VLAN is an existing dynamic VLAN, it will be transformed into a static VLAN and the switch will output the prompt information.

 

2.1.2  Basic VLAN Interface Configuration

I. Configuration prerequisites

Create a VLAN before configuring a VLAN interface.

II. Configuration procedure

Table 2-2 Basic VLAN interface configuration

Operation

Command

Description

Enter system view

system-view

Create a VLAN interface and enter VLAN interface view

interface Vlan-interface vlan-id

Required

The vlan-id argument ranges from 1 to 4,094.

Specify the description string for the current VLAN interface

description text

Optional

By default, the description string of a VLAN interface is the name of this VLAN interface

Disable the VLAN interface

shutdown

Optional

Enable the VLAN Interface

undo shutdown

Optional

 

Note that the operation of enabling/disabling a VLAN interface does not influence the enabling/disabling states of the Ethernet ports belonging to this VLAN.

By default, the VLAN interface’s management state is enabled. In this case, the physical state of the VLAN interface is affected by the ports state in the VLAN. When all the Ethernet ports of a VLAN are down, the VLAN interface of the VLAN is down, that is, the VLAN interface is disabled; when one or more Ethernet ports of a VLAN are up, the VLAN interface of the VLAN is up, that is, the VLAN interface is enabled.

If you disable the VLAN interface’s management state, the VLAN interface will always be down, regardless of the states of the ports in the VLAN.

 

  Caution:

H3C S3100-52P Ethernet switch supports only one VLAN interface. And the VLAN where the VLAN interface resides must be the management VLAN of the switch.

For detail, refer to the section "Management VLAN Configuration – Operation" in H3C S3100-52P Ethernet Switch Operation Manual.

 

2.1.3  Displaying VLAN Configuration

After the configuration above, you can execute the display command in any view to display the running status after the configuration, so as to verify the configuration.

Table 2-3 Display VLAN configuration

Operation

Command

Description

Display the VLAN interface information

display interface Vlan-interface [ vlan-id ]

You can execute the display command in any view.

Display the VLAN information

display vlan [ vlan-id [ to vlan-id ] | all | dynamic | static ]

 

2.2  Configuring a Port-Based VLAN

2.2.1  Configuring a Port-Based VLAN

I. Configuration prerequisites

Create a VLAN before configuring a port-based VLAN.

II. Configuration procedure

Table 2-4 Configure a port-based VLAN

Operation

Command

Description

Enter system view

system-view

Enter VLAN view

vlan vlan-id

Add Ethernet ports to the specific VLAN

port interface-list

Required

By default, all the ports belong to the default VLAN

 

  Caution:

The commands above are effective for access ports only. If you want to add trunk ports or hybrid ports to a VLAN, you can use the port trunk permit vlan command or the port hybrid vlan command in Ethernet port view. For the configuration procedure, refer to the section "Port Basic Configuration – Operation" in H3C S3100-52P Ethernet Switch Operation Manual.

 

2.2.2  Protocol-Based VLAN Configuration Example

I. Network requirements

l           Create VLAN 2 and VLAN 3 and specify the description string of VLAN 2 as home;

l           Add Ethernet1/0/1 and Ethernet1/0/2 to VLAN 2 and add Ethernet1/0/3 and Ethernet1/0/4 to VLAN 3.

II. Network diagram

Figure 2-1 Network diagram for VLAN configuration

III. Configuration procedure

# Create VLAN 2 and enter its view.

<H3C> system-view

[H3C] vlan 2

# Specify the description string of VLAN 2 as home.

[H3C-vlan2] description home

# Add Ethernet1/0/1 and Ethernet1/0/2 ports to VLAN 2.

[H3C-vlan2] port Ethernet 1/0/1 Ethernet 1/0/2

# Create VLAN 3 and enter its view.

[H3C-vlan2] vlan 3

# Add Ethernet1/0/3 and Ethernet1/0/4 ports to VLAN 3.

[H3C-vlan3] port Ethernet 1/0/3 Ethernet 1/0/4