Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-VLAN commands | 240.04 KB |
display interface vlan-interface
reset counters interface vlan-interface
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN interface view)
Basic VLAN commands
bandwidth
Use bandwidth to configure the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth to 10000 kbps for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] bandwidth 10000
default
Use default to restore the default settings for a VLAN interface.
Syntax
default
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] default
description
Use description to configure the description for a VLAN or VLAN interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.
For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1 Interface.
Views
VLAN view, VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a description for a VLAN or VLAN interface, a string of 1 to 255 characters. The string can include case-sensitive letters, digits, special symbols (see Table 1), spaces, and other Unicode characters and symbols.
Table 1 Special symbols
|
Name |
Symbol |
Name |
Symbol |
|
Tilde |
~ |
Left angle bracket |
< |
|
Exclamation point |
! |
Right angle bracket |
> |
|
At sign |
@ |
Hyphen |
- |
|
Pound sign |
# |
Underscore |
_ |
|
Dollar sign |
$ |
Plus sign |
+ |
|
Percent sign |
% |
Equal sign |
= |
|
Caret |
^ |
Vertical bar |
| |
|
Ampersand sign |
& |
Back slash |
\ |
|
Asterisk |
* |
Colon |
: |
|
Left brace |
{ |
Semi-colon |
; |
|
Right brace |
} |
Quotation marks |
" |
|
Left parenthesis |
( |
Apostrophe |
' |
|
Right parenthesis |
) |
Comma |
, |
|
Left bracket |
[ |
Dot |
. |
|
Right bracket |
] |
Slash |
/ |
Usage guidelines
You can configure a description to describe the function or connection of a VLAN or VLAN interface. The descriptions are helpful when a large number of VLANs and VLAN interfaces are created on the device.
Examples
# Configure the description of VLAN 2 as sales-private.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] description sales-private
# Configure the description of VLAN-interface 2 as linktoPC56.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] description linktoPC56
Related commands
· display interface vlan-interface
· display vlan
display interface vlan-interface
Use display interface vlan-interface to display VLAN interface information.
Syntax
display interface vlan-interface [ brief [ down ] ]
display interface vlan-interface [ interface-number ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-number: Specifies a VLAN interface number. If you do not specify this argument, the command displays information about all VLAN interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
down: Displays VLAN interfaces in down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
Examples
# Display information about VLAN-interface 10.
<Sysname> display interface vlan-interface 10
Vlan-interface10
Current state: UP
Line protocol state: UP
Description: Vlan-interface10 Interface
Bandwidth: 100000kbps
Maximum Transmit Unit: 1500
Internet Address is 192.168.1.54/24 Primary
IP Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 0023-89b6-d613
IPv6 Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 0023-89b6-d613
Last clearing of counters: Never
# Display brief information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2 brief
Brief information on interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Main IP Description
Vlan2 DOWN DOWN --
Table 2 Command output
|
Field |
Description |
|
Vlan-interface2 |
VLAN interface name. |
|
Current state |
Physical state of the VLAN interface: · Administratively DOWN—The administrative state of the VLAN interface is down, because it has been shut down by using the shutdown command. · DOWN—The administrative state of the VLAN interface is up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be well connected correctly or the lines might have failed. · UP—Both the administrative state and the physical state of the VLAN interface are up. |
|
Line protocol state |
Link layer protocol state of the VLAN interface: · DOWN—The link layer protocol state of the VLAN interface is down. · UP—The link layer protocol state of the VLAN interface is up. |
|
Description |
Partial or complete interface description configured by using the description command: · If you do not specify the description keyword in the display interface brief command, this field displays the first 27 characters of the interface description. · If you specify the description keyword in the display interface brief command, this field displays the complete interface description. |
|
Bandwidth |
Expected bandwidth of the VLAN interface. |
|
Maximum Transmit Unit |
MTU of the VLAN interface. |
|
Internet protocol processing : disabled |
The interface cannot process IP packets. This field is displayed when the interface is not assigned an IP address. |
|
Internet Address is 192.168.1.54/24 Primary |
The primary IP address of the interface is 192.168.1.54/24. This field is displayed only when the primary IP address is configured for the interface. |
|
IP Packet Frame Type |
Framing format of sent IPv4 packets. |
|
Hardware Address |
MAC address of the VLAN interface. |
|
IPv6 Packet Frame Type |
Framing format of sent IPv6 packets. |
|
Last clearing of counters |
The most recent time that the reset counters interface vlan-interface command was executed. If you have never executed this command, the field displays Never. |
|
Brief information on interface(s) under route mode |
Brief information about Layer 3 interfaces. |
|
Link: ADM - administratively down; Stby – standby |
Link layer state of the interface: · ADM—The interface has been administratively shut down. To bring up the interface, use the undo shutdown command. · Stby—The interface is operating as a backup interface. |
|
Protocol: (s) - spoofing |
The protocol attribute of an interface includes the spoofing flag (the letter s in parentheses) when the following conditions exist: · If the network layer protocol state of an interface is shown as UP. · Its link is an on-demand link or is not present. |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The physical link of the interface is up. · DOWN—The physical link of the interface is down. · ADM—The interface has been administratively shut down. To bring up the interface, use the undo shutdown command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol state of the interface is up. · DOWN—The data link layer protocol state of the interface is down. |
|
Main IP |
Primary IP address of the interface. |
Related commands
reset counters interface vlan-interface
display vlan
Use display vlan to display VLAN information.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except the reserved VLANs.
dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the number of dynamic VLANs and the ID for each dynamic VLAN. Dynamic VLANs are generated through MVRP or assigned by a RADIUS server.
reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved according to function implementation. The reserved VLANs provide services for protocol modules. You cannot configure reserved VLANs.
static: Specifies static VLANs. If you specify this keyword, the command displays the number of static VLANs and the ID for each static VLAN. Static VLANs are manually created.
Examples
# Display VLAN 2 information.
<Sysname> display vlan 2
VLAN ID: 2
VLAN type: Static
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/1 GigabitEthernet3/0/2 GigabitEthernet3/0/3
# Display VLAN 3 information.
<Sysname> display vlan 3
VLAN ID: 3
VLAN type: static
Route interface: Configured
IP address: 1.1.1.1
Subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports: None
Table 3 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, static or dynamic. |
|
Route interface |
Whether the VLAN interface is configured for the VLAN. · Not configured. · Configured. |
|
Description |
Description of the VLAN. |
|
Name |
VLAN name. |
|
IP address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
Subnet mask |
Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
vlan
display vlan brief
Use display vlan brief to display brief VLAN information.
Syntax
Views
Any view
Predefined user roles
mdc-admin
mdc-operator
Examples
# Display brief VLAN information.
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 GE3/0/3 GE3/0/4 GE3/0/5 GE3/0/6
GE3/0/7 GE3/0/8 GE3/0/9 GE3/0/10
...
12 VLAN 0012 GE3/0/1
23 VLAN 0023 GE3/0/2 GE3/0/17
|
Description |
|
|
VLAN name. |
|
Related commands
vlan
interface vlan-interface
Use interface vlan-interface to create a VLAN interface and enter its view or to enter the view of an existing VLAN interface.
Use undo interface vlan-interface to delete the specified VLAN interface.
Syntax
interface vlan-interface vlan-interface-id
undo interface vlan-interface vlan-interface-id
Default
No VLAN interface is created.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-interface-id: Specifies a VLAN interface number in the range of 1 to 4094.
Usage guidelines
Create the VLAN before you create the VLAN interface for it.
You cannot create a VLAN interface for a sub-VLAN. For more information about sub-VLANs, see Layer 2—LAN Switching Configuration Guide.
Examples
# Create VLAN-interface 2, and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2]
Related commands
display interface vlan-interface
mac-address offset
Use mac-address offset to configure the MAC address offset of a VLAN interface.
Use undo mac-address offset to restore the default.
mac-address offset value
undo mac-address offset
All VLAN interfaces on the same device use one MAC address.
VLAN interface view
network-admin
value: Specifies a MAC address offset value in the range of 2 to 63.
Use this command to change the MAC address of a VLAN interface when the VLAN interface has the same MAC address as other Layer 3 interfaces. After the configuration, the MAC address of the VLAN interface is its default MAC address plus the offset value.
Different VLAN interfaces can have the same MAC address offset value.
The MAC address offset configuration and BFD MAD are mutually exclusive on a VLAN interface. For more information about BFD MAD, see Virtual Technologies Configuration Guide.
To ensure correct traffic forwarding, do not configure MAC address offsets on VLAN interfaces of B-VLANs or FCoE-enabled VLANs. For more information about B-VLANs and FCoE, see SPB Configuration Guide and FCoE Configuration Guide, respectively.
When you configure the private VLAN feature, configure the MAC address offset on the VLAN interface of the primary VLAN. VLAN interfaces of secondary VLANs that are associated with the primary VLAN use the MAC address of the primary VLAN interface. If the primary VLAN interface is not created, the secondary VLAN interfaces use the default MAC address.
The MAC address offset configured on a secondary VLAN interface takes effect only after the secondary VLAN changes into a common VLAN. For more information about the private VLAN feature, see Layer 2—LAN Switching Configuration Guide.
Examples
# Set the MAC address offset to 2 for VLAN-interface 1 and then display the MAC address of this VLAN interface. (The default MAC address for VLAN-interface 1 is 3822-d659-bf00).
<Sysname> system-view
[Sysname] interface vlan 1
[Sysname-vlan1] mac-address offset 2
[Sysname-vlan1] display interface vlan-interface 1
Vlan-interface1
Current state: Administratively DOWN
Line protocol state: DOWN
Description: Vlan-interface1 Interface
Bandwidth: 1000000kbps
Maximum Transmit Unit: 1500
Internet protocol processing: disabled
IP Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 3822-d659-bf02
IPv6 Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 3822-d659-bf02
Last clearing of counters: Never
mtu
Use mtu to set the MTU for a VLAN interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of a VLAN interface is 1500 bytes.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Sets the MTU in bytes, in the range of 64 to 9198.
Usage guidelines
If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the ip mtu command, see Layer 3—IP Services Command Reference.
Examples
# Set the MTU to 1492 bytes for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] mtu 1492
Related commands
display interface vlan-interface
name
Use name to configure a name for the VLAN.
Use undo name to restore the default name of the VLAN.
Syntax
name text
undo name
Default
The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive letters, digits, special symbols (see Table 1), spaces, and other Unicode characters and symbols.
Usage guidelines
Servers can send IDs or names of the issued VLANs to the switch. You can use VLAN names to distinguish a large number of VLANs.
Examples
# Configure the name of VLAN 2 as test vlan.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] name test vlan
Related commands
display vlan
reset counters interface vlan-interface
Use reset counters interface vlan-interface to clear statistics on a VLAN interface.
Syntax
reset counters interface vlan-interface [ vlan-interface-id ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-interface-id: Specifies a VLAN interface by its number.
Usage guidelines
Use this command to clear the history statistics before you collect statistics within a time period.
If you do not specify the vlan-interface-id argument, this command clears statistics on all VLAN interfaces.
If you specify the vlan-interface-id argument, this command clears statistics on the specified VLAN interface.
Examples
# Clear statistics on VLAN-interface 2.
<Sysname> reset counters interface vlan-interface 2
Related commands
display interface vlan-interface
shutdown
Use shutdown to shut down a VLAN interface.
Use undo shutdown to bring up a VLAN interface.
Syntax
shutdown
undo shutdown
Default
A VLAN interface is manually shut down.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:
· The VLAN interface is down if all ports in the VLAN are down.
· The VLAN interface is up if one or more ports in the VLAN are up.
When you use this command to shut down a VLAN interface, the VLAN interface remains in Administratively DOWN state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.
Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configurations from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.
To troubleshoot a failed interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.
In a VLAN, the state of any Ethernet port is independent of the state of the VLAN interface.
Examples
# Shut down VLAN-interface 2, and then bring it up.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] shutdown
[Sysname-Vlan-interface2] undo shutdown
vlan
Use vlan vlan-id to create a VLAN and enter its view or to enter the view of an existing VLAN.
Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2, except reserved VLANs.
Use vlan all to create VLANs 1 through 4094.
Use undo vlan to delete the specified VLANs.
Syntax
vlan { vlan-id1 [ to vlan-id2 ] | all }
undo vlan { vlan-id1 [ to vlan-id2 ] | all }
Default
VLAN 1 (system default VLAN) exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id1, vlan-id2: Specifies a VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs. The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.
Usage guidelines
You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs.
Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN.
Examples
# Create VLAN 2 and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2]
# Create VLANs 4 through 100.
<Sysname> system-view
[Sysname] vlan 4 to 100
Related commands
display vlan
Port-based VLAN commands
display port
Use display port to display information about hybrid or trunk ports.
Syntax
display port { hybrid | trunk }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
hybrid: Specifies hybrid ports.
trunk: Specifies trunk ports.
Examples
# Display information about hybrid ports.
<Sysname> display port hybrid
Interface PVID VLAN Passing
GE3/0/4 100 Tagged: 1000, 1002, 1500, 1600-1611, 2000,
2555-2558, 3000, 4000
Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,
150-160, 200, 255, 286, 300-302
# Display information about trunk ports.
<Sysname> display port trunk
Interface PVID VLAN Passing
GE3/0/8 2 1-4, 6-100, 145, 177, 189-200, 244, 289, 400,
555, 600-611, 1000, 2006-2008
Table 5 Command output
|
Field |
Description |
|
Interface |
Interface name. |
|
PVID |
Port VLAN ID. |
|
VLAN Passing |
Existing VLANs allowed on the port. |
|
Tagged |
VLANs from which the port sends packets without removing VLAN tags. |
|
Untagged |
VLANs from which the port sends packets after removing VLAN tags. |
port
Use port to assign the specified access ports to a VLAN.
Use undo port to remove the specified access ports from a VLAN.
Syntax
port interface-list
undo port interface-list
Default
All ports are in VLAN 1.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
Usage guidelines
This command is applicable only to access ports.
By default, all ports are access ports. You can manually configure the port link type. For more information, see "port link-type."
Examples
# Assign GigabitEthernet 3/0/1 through GigabitEthernet 3/0/3 to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port GigabitEthernet 3/0/1 to GigabitEthernet 3/0/3
Related commands
display vlan
port access vlan
Use port access vlan to assign an access port to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
All access ports belong to VLAN 1.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
Before assigning an access port to a VLAN, make sure the VLAN has been created.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Assign GigabitEthernet 3/0/1 to VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] quit
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port access vlan 3
port hybrid pvid
Use port hybrid pvid to set the PVID of a hybrid port.
Use undo port hybrid pvid to set the PVID of a hybrid port to 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, configure the same PVID for a local hybrid port and its peer.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Set the PVID of the hybrid port GigabitEthernet 1/0/1 to VLAN 100, and assign GigabitEthernet 3/0/1 to VLAN 100 as an untagged member.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port link-type hybrid
[Sysname-GigabitEthernet3/0/1] port hybrid pvid vlan 100
[Sysname-GigabitEthernet3/0/1] port hybrid vlan 100 untagged
Related commands
· port hybrid vlan
· port link-type
port hybrid vlan
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows the VLANs specified by the vlan-id-list argument in each execution.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Configure GigabitEthernet 3/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLANs 50 through 100 as a tagged member.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port link-type hybrid
[Sysname-GigabitEthernet3/0/1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
port link-type
Use port link-type to set the link type of a port.
Use undo port link-type to restore the default link type of a port.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
Each port is an access port.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
access: Sets the port link type to access.
hybrid: Sets the port link type to hybrid.
trunk: Sets the port link type to trunk.
Usage guidelines
To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Configure GigabitEthernet 3/0/1 as a trunk port.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port link-type trunk
port trunk permit vlan
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
A trunk port allows packets only from VLAN 1 to pass through.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through a port, use the port trunk permit vlan all command with caution.
Usage guidelines
A trunk port can carry multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows the VLANs specified by the vlan-id-list argument in each execution.
On a trunk port, packets only from the PVID can pass through untagged.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Configure GigabitEthernet 3/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLANs 50 through 100.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port link-type trunk
[Sysname-GigabitEthernet3/0/1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
port trunk pvid
Use port trunk pvid to set the PVID for a trunk port.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
The PVID of a trunk port is VLAN 1.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, configure the same PVID for a local trunk port and its peer.
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
The configuration made in Layer 2 Ethernet interface view applies only to the port.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Examples
# Set the PVID of the trunk port GigabitEthernet 1/0/1 to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port link-type trunk
[Sysname-GigabitEthernet3/0/1] port trunk pvid vlan 100
[Sysname-GigabitEthernet3/0/1] port trunk permit vlan 100
Related commands
· port link-type
· port trunk permit vlan
Super VLAN commands
display supervlan
Use display supervlan to display information about super VLANs and their associated sub-VLANs.
Syntax
display supervlan [ supervlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN ID, this command displays information about all super VLANs and their associated sub-VLANs.
Examples
# Display information about super VLAN 2 and its associated sub-VLANs.
<Sysname> display supervlan 2
Super VLAN ID: 2
Sub-VLAN ID: 3-5
VLAN ID: 2
VLAN type: Static
It is a super VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports: None
VLAN ID: 3
VLAN type: Static
It is a sub-VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/3
VLAN ID: 4
VLAN type: Static
It is a sub-VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/4
VLAN ID: 5
VLAN type: Static
It is a sub-VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
Description: VLAN 0005
Name: VLAN 0005
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/5
Table 6 Command output
|
Field |
Description |
|
VLAN type |
VLAN type. Only Static is displayed in this field. |
|
Route interface |
Whether a VLAN interface is created for the VLAN: Configured or Not configured. |
|
IPv4 address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
IPv4 subnet mask |
Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. |
|
IPv6 global unicast addresses |
Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. · DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly. |
|
Description |
VLAN description. |
|
Name |
VLAN name. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
· subvlan
· supervlan
subvlan
Use subvlan to associate a super VLAN with the specified sub-VLANs.
Use undo subvlan to dissociate sub-VLANs from a super VLAN.
Syntax
subvlan vlan-id-list
undo subvlan [ vlan-id-list ]
Default
A super VLAN is not associated with any sub-VLANs.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 sub-VLAN items. Each item specifies a sub-VLAN ID or a range of sub-VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for sub-VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
Make sure sub-VLANs already exist before associating them with a super VLAN.
You can add ports to and remove ports from a sub-VLAN that is already associated with a super VLAN.
When you use the undo subvlan command, follow these guidelines:
· If you do not specify the vlan-id-list argument, this command dissociates all sub-VLANs from the current super VLAN.
· If you specify the vlan-id-list argument, this command dissociates the specified sub-VLANs from the current super VLAN.
Examples
# Associate super VLAN 10 with sub-VLANs 3, 4, 5, and 9.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] supervlan
[Sysname-vlan10] subvlan 3 to 5 9
Related commands
· display supervlan
· supervlan
supervlan
Use supervlan to configure a VLAN as a super VLAN.
Use undo supervlan to restore the default.
Syntax
supervlan
undo supervlan
Default
A VLAN is not a super VLAN.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
H3C recommends not configuring VRRP for the VLAN interface of a super VLAN, because the configuration affects network performance.
Examples
# Configure VLAN 2 as a super VLAN.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] supervlan
Related commands
· display supervlan
· subvlan
Private VLAN commands
display private-vlan
Use display private-vlan to display information about primary VLANs and their associated secondary VLANs.
Syntax
display private-vlan [ primary-vlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary VLAN ID, this command displays all primary VLANs and their associated secondary VLANs.
Examples
# Display information about primary VLANs and their associated secondary VLANs.
<Sysname> display private-vlan
Primary VLAN ID: 2
Secondary VLAN ID: 3-4
VLAN ID: 2
VLAN type: Static
Private VLAN type: Primary
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/2 GigabitEthernet3/0/3 GigabitEthernet3/0/4
VLAN ID: 3
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/2 GigabitEthernet3/0/3
VLAN ID: 4
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
GigabitEthernet3/0/2 GigabitEthernet3/0/4
Table 7 Command output
|
Field |
Description |
|
VLAN type |
VLAN type. Only Static is displayed in this field. |
|
Private VLAN type |
Private VLAN type: · Primary—Primary VLAN. · Secondary—Secondary VLAN. · Isolated secondary—Secondary VLAN configured with port isolation at Layer 2. |
|
Route interface |
Whether a VLAN interface is created for the VLAN: Configured or Not configured. |
|
IPv4 address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
IPv4 subnet mask |
Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. |
|
IPv6 global unicast addresses |
Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. · DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly. |
|
Description |
VLAN description. |
|
Name |
VLAN name. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
· private-vlan (VLAN view)
· private-vlan primary
port private-vlan host
Use port private-vlan host to configure a port as a host port.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan host
undo port private-vlan
Default
A port is not a host port.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
If the port has been assigned to a secondary VLAN, the command assigns the port to the primary VLAN associated with the secondary VLAN. Also, the following events occur:
· For an access port, the device performs the following tasks:
¡ Changes the port link type to hybrid.
¡ Configures the secondary VLAN as the PVID of the port.
¡ Assigns the port to the primary VLAN as an untagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of the primary VLAN, this member attribute remains in the primary VLAN.
¡ If the hybrid port does not allow the primary VLAN, the device assigns the port to the primary VLAN as an untagged member.
You can assign the port to a secondary VLAN before or after you execute this command.
The undo form of this command does not change the VLAN attributes (allowed VLANs, port link type, and PVID) of the port.
This command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.
Examples
In this example, VLAN 20 is a secondary VLAN that is associated with primary VLAN 2.
# Configure the access port GigabitEthernet 3/0/1 as a host port, and then verify the configuration.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port private-vlan host
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port private-vlan host
#
return
The output shows that GigabitEthernet 3/0/1 is operating in bridge mode and is a host port.
# Assign GigabitEthernet 3/0/1 to VLAN 20, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] port access vlan 20
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 20
port private-vlan host
#
Return
The output shows that:
· The port link type of GigabitEthernet 3/0/1 is hybrid and its PVID is VLAN 20.
· GigabitEthernet 3/0/1 is an untagged member of secondary VLAN 20 and primary VLAN 2.
Related commands
· port private-vlan promiscuous
· port private-vlan trunk promiscuous
· port private-vlan trunk secondary
· private-vlan (VLAN view)
· private-vlan primary
port private-vlan promiscuous
Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified VLAN and assign the port to the VLAN.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan vlan-id promiscuous
undo port private-vlan
Default
A port is not a promiscuous port of any VLANs.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLAN is a primary VLAN that has been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:
· For an access port, the device performs the following tasks:
¡ Changes the port link type to hybrid.
¡ Configures the primary VLAN as the PVID of the port.
¡ Assign the port to the primary VLAN and its associated secondary VLANs as an untagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of the primary VLAN and part of its associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the associated secondary VLANs as an untagged member.
¡ If the hybrid port does not allow any of the primary VLAN and its associated secondary VLANs, the command assigns the port to these VLANs as an untagged member.
If you execute this command on a promiscuous port multiple times, the most recent configuration takes effect.
The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, link type, and PVID) of the port.
When you execute the undo port private-vlan command on a promiscuous port of a VLAN, the command removes the port from the VLAN.
You can configure the VLAN as a primary VLAN before or after you execute this command.
This command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.
Examples
In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20.
# Display information about GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
#
return
# Configure GigabitEthernet 3/0/1 as a promiscuous port of VLAN 2, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] port private-vlan 2 promiscuous
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 2
port private-vlan 2 promiscuous
#
return
The output shows that:
· GigabitEthernet 3/0/1 is a promiscuous port of VLAN 2.
· The port link type of GigabitEthernet 3/0/1 is hybrid and its PVID is VLAN 2.
· GigabitEthernet 3/0/1 is an untagged member of primary VLAN 2 and secondary VLAN 20.
# Execute the undo port private-vlan command on GigabitEthernet 3/0/1, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] undo port private-vlan
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 20 untagged
port hybrid pvid vlan 2
#
Return
The output shows that:
· The link type and PVID of GigabitEthernet 3/0/1 do not change.
· GigabitEthernet 3/0/1 is an untagged member of VLAN 20.
· GigabitEthernet 3/0/1 is removed from primary VLAN 2.
Related commands
· port private-vlan host
· port private-vlan trunk promiscuous
· port private-vlan trunk secondary
· private-vlan (VLAN view)
· private-vlan primary
port private-vlan trunk promiscuous
Use port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port of the specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk promiscuous to cancel the trunk promiscuous attribute of a port in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk promiscuous
undo port private-vlan vlan-id-list trunk promiscuous
Default
A port is not a trunk promiscuous port of any VLANs.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 primary VLAN items. Each item specifies a primary VLAN ID or a range of primary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for primary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are primary VLANs that have been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:
· For an access port, the device performs the following tasks:
¡ Changes the port link type to hybrid. The PVID of the port does not change.
¡ Assigns the port to the primary VLANs and the associated secondary VLANs as a tagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of part of the primary VLANs and their associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the primary VLANs and their associated secondary VLANs as a tagged member.
¡ If the hybrid port does not allow any of the primary VLANs and their associated secondary VLANs, the device assigns the port to these VLANs as a tagged member.
The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, port link type, and PVID) of the port.
If you execute the undo form of this command on a trunk promiscuous port, the command removes the port from the VLANs specified by the vlan-id-list argument.
You can configure the VLAN as a primary VLAN before or after you execute this command.
This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous, and port private-vlan trunk secondary commands.
If an uplink port needs to permit multiple primary VLANs, use the port private-vlan trunk promiscuous command to assign the port to these VLANs. The port can then transmit packets from these primary VLANs with VLAN tags.
If an uplink port needs to permit only one primary VLAN, use the port private-vlan promiscuous command to assign the port to the VLAN. The port can then transmit packets from the primary VLAN without VLAN tags.
Examples
In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
#
return
# Configure GigabitEthernet 3/0/1 as a trunk promiscuous port of VLANs 2 and 3, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] port private-vlan 2 3 trunk promiscuous
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
port private-vlan 2 3 trunk promiscuous
#
return
The output shows that:
· GigabitEthernet 3/0/1 is a trunk promiscuous port of VLANs 2 and 3.
· The port link type of GigabitEthernet 3/0/1 is hybrid.
· GigabitEthernet 3/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
# Execute the undo port private-vlan trunk promiscuous command on GigabitEthernet 3/0/1, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] undo port private-vlan 2 3 trunk promiscuous
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 20 30 tagged
port hybrid vlan 1 untagged
#
Return
The output shows that:
· The port link type of GigabitEthernet 3/0/1 does not change.
· GigabitEthernet 3/0/1 is a tagged member of VLANs 20 and 30.
· GigabitEthernet 3/0/1 is removed from VLANs 2 and 3.
Related commands
· port private-vlan host
· port private-vlan promiscuous
· port private-vlan trunk secondary
· private-vlan (VLAN view)
· private-vlan primary
port private-vlan trunk secondary
Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk secondary
undo port private-vlan vlan-id-list trunk secondary
Default
A port is not a trunk secondary port of any VLANs.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur:
· For an access port, the device performs the following tasks:
¡ Changes the port link type to hybrid. The PVID of the port does not change.
¡ Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged member.
· For a trunk port, the device does not change the port link type.
· For a hybrid port, the device does not change the port link type.
¡ If the port has been an untagged or tagged member of part of the secondary VLANs and their associated primary VLANs, this member attribute remains in these VLANs. The device assigns the port to the rest of the secondary VLANs and their associated primary VLANs as a tagged member.
¡ If the hybrid port does not allow any of the secondary VLANs and their associated primary VLANs, the device assigns the port to these VLANs as a tagged member.
A trunk secondary port can join only one of the secondary VLANs that are associated with a primary VLAN. The port can join multiple secondary VLANs that are associated with different primary VLANs.
The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port link type, and PVID) of the port.
When you execute the undo form of this command on a trunk secondary port of the VLANs specified by the vlan-id-list argument, one of the following events occurs:
· If the port is an access port, the device does not change the VLAN configuration of the port.
· If the port is a trunk or hybrid port, the device removes the port from the specified VLANs.
You can associate the specified VLANs with their respective primary VLANs before or after you execute this command.
This command does not take effect on the specified VLAN if any of the following conditions applies:
· The specified VLAN does not exist.
· The specified VLAN is not a secondary VLAN and is used for other purposes.
· The specified VLAN shares the same primary VLAN with other secondary VLANs, and the current port has been configured as a trunk secondary port in one of the other secondary VLANs.
This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous, and port private-vlan trunk promiscuous commands.
If a downlink port needs to permit multiple secondary VLANs that are associated with different primary VLANs, use the port private-vlan trunk secondary command to assign the port to these secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN tags.
If a downlink port needs to permit only one secondary VLAN, use the port private-vlan host command to assign the port to the secondary VLAN. The port can then transmit packets from the secondary VLAN without VLAN tags.
Examples
· In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
#
return
# Configure GigabitEthernet 3/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] port private-vlan 20 30 trunk secondary
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
port private-vlan 20 30 trunk secondary
#
return
The output shows that:
¡ The port link type of GigabitEthernet 3/0/1 is hybrid.
¡ GigabitEthernet 3/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
¡ GigabitEthernet 3/0/1 is a trunk secondary port of VLANs 20 and 30.
# Execute the undo port private-vlan trunk secondary command on GigabitEthernet 3/0/1, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] undo port private-vlan 20 30 trunk secondary
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
¡ The port link type of GigabitEthernet 3/0/1 does not change.
¡ GigabitEthernet 3/0/1 is a tagged member of VLANs 2 and 3.
¡ GigabitEthernet 3/0/1 is removed from VLANs 20 and 30.
· In this example, VLAN 10 is not a secondary VLAN.
# Display information about GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
#
return
# Configure GigabitEthernet 3/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] port private-vlan 10 trunk secondary
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 1 untagged
port private-vlan 10 trunk secondary
#
return
The output shows that:
¡ The port link type of GigabitEthernet 3/0/1 is hybrid.
¡ GigabitEthernet 3/0/1 is a tagged member of VLAN 10.
¡ GigabitEthernet 3/0/1 is a trunk secondary port of VLAN 10.
# Execute the undo port private-vlan trunk secondary command on GigabitEthernet 3/0/1, and then verify the configuration.
[Sysname-GigabitEthernet3/0/1] undo port private-vlan 10 trunk secondary
[Sysname-GigabitEthernet3/0/1] display this
#
interface GigabitEthernet3/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 untagged
#
return
The output shows that:
¡ The port link type of GigabitEthernet 3/0/1 does not change.
¡ GigabitEthernet 3/0/1 is removed from VLAN 10.
Related commands
· port private-vlan host
· port private-vlan promiscuous
· port private-vlan trunk promiscuous
· private-vlan (VLAN view)
· private-vlan isolated
· private-vlan primary
private-vlan (VLAN interface view)
Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are associated with a primary VLAN.
Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs that are associated with a primary VLAN.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
Secondary VLANs are isolated at Layer 3.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
This command takes effect only when the following conditions exist:
· This command is executed in VLAN interface view of the primary VLAN interface.
· Secondary VLANs are associated with the primary VLAN.
· No VLAN interfaces are created for secondary VLANs.
· An IP address is assigned to the primary VLAN interface.
· Local proxy ARP or ND is enabled on the primary VLAN interface.
You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3 communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN interfaces for them.
When you execute this command in the same primary VLAN interface view multiple times, all the specified secondary VLANs are interoperable at Layer 3.
When you execute the undo private-vlan command, follow these guidelines:
· If you specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration only for the specified secondary VLANs.
· If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration for all secondary VLANs of the primary VLAN.
Examples
This example shows how to meet the following requirements:
· VLAN 3 and 4 are secondary VLANs, and they are associated with primary VLAN 2.
· The uplink port GigabitEthernet 1/0/2 is a promiscuous port of VLAN 2.
· The downlink ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 are host ports of VLANs 3 and 4, respectively.
· Secondary VLANs 3 and 4 can communicate at Layer 3.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
[Sysname-vlan2] quit
# Configure the uplink port GigabitEthernet 1/0/2 as a promiscuous port of VLAN 2.
[Sysname] interface gigabitethernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port private-vlan 2 promiscuous
[Sysname-GigabitEthernet1/0/2] quit
# Assign the downlink port GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/3
[Sysname-GigabitEthernet1/0/3] port access vlan 3
[Sysname-GigabitEthernet1/0/3] port private-vlan host
[Sysname-GigabitEthernet1/0/3] quit
# Assign the downlink port GigabitEthernet 1/0/4 to VLAN 4 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/4
[Sysname-GigabitEthernet1/0/4] port access vlan 4
[Sysname-GigabitEthernet1/0/4] port private-vlan host
[Sysname-GigabitEthernet1/0/4] quit
# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] private-vlan secondary 3 to 4
# Assign an IP address to VLAN-interface 2.
[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0
# Enable local proxy ARP on VLAN-interface 2.
[Sysname-Vlan-interface2] local-proxy-arp enable
Related commands
· private-vlan (VLAN view)
· private-vlan primary
private-vlan (VLAN view)
Use private-vlan to associate a primary VLAN with the specified secondary VLANs.
Use undo private-vlan to dissociate a primary VLAN from the specified secondary VLANs.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
A primary VLAN is not associated with any secondary VLANs.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
secondary vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN.
The configuration synchronization is triggered based on the interface configuration when the following conditions exist:
· This command is configured for a primary VLAN.
· Ports on the device are promiscuous, trunk promiscuous, or host ports.
When you execute the undo private-vlan command, follow these guidelines:
· If you specify the secondary vlan-id-list option, this command dissociates the primary VLAN from the specified secondary VLANs.
· If you do not specify the secondary vlan-id-list option, this command dissociates the primary VLAN from all secondary VLANs.
Examples
# Associate primary VLAN 2 with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary-vlan 3 to 4
Related commands
· port private-vlan host
· port private-vlan promiscuous
· port private-vlan trunk promiscuous
· port private-vlan trunk secondary
· primary-vlan primary
private-vlan community
Use private-vlan community to enable Layer 2 communication between ports in a secondary VLAN.
Syntax
private-vlan community
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command and the undo private-vlan isolated command have the same function. When you use the save command to save the configuration, the private-vlan community command is not saved into the configuration file.
Examples
This example shows how to meet the following requirements:
· VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
· GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
· GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 are host ports.
· GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 can communicate at Layer 2 in secondary VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 4
[Sysname-vlan2] quit
# Configure GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-GigabitEthernet1/0/1] quit
# Assign GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port access vlan 4
[Sysname-GigabitEthernet1/0/2] port private-vlan host
[Sysname-GigabitEthernet1/0/2] quit
# Assign GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/3
[Sysname-GigabitEthernet1/0/3] port access vlan 4
[Sysname-GigabitEthernet1/0/3] port private-vlan host
[Sysname-GigabitEthernet1/0/3] quit
# Enable Layer 2 communication in secondary VLAN 4.
[Sysname] vlan 4
[Sysname-vlan4] private-vlan community
Related commands
private-vlan isolated
private-vlan isolated
Use private-vlan isolated to isolate ports in a secondary VLAN at Layer 2.
Use undo private-vlan isolated to restore the default.
Syntax
private-vlan isolated
undo private-vlan isolated
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A secondary VLAN that is configured with port isolation at Layer 2 is an isolated secondary VLAN.
If you assign the downlink ports to a secondary VLAN configured with this command, the downlink ports are isolated from one another at Layer 2.
This command takes effect when the following conditions exist:
· The secondary VLAN is associated with a primary VLAN.
· The ports are configured as host or trunk secondary ports of the secondary VLAN.
This command is mutually exclusive with the primary VLAN, super VLAN, and sub-VLAN configurations.
Examples
This example shows how to meet the following requirements:
· VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
· GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
· GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 are host ports.
· GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 are isolated at Layer 2 in secondary VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 4
[Sysname-vlan2] quit
# Configure GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-GigabitEthernet1/0/1] quit
# Assign GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port access vlan 4
[Sysname-GigabitEthernet1/0/2] port private-vlan host
[Sysname-GigabitEthernet1/0/2] quit
# Assign GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface gigabitethernet 1/0/3
[Sysname-GigabitEthernet1/0/3] port access vlan 4
[Sysname-GigabitEthernet1/0/3] port private-vlan host
[Sysname-GigabitEthernet1/0/3] quit
# Configure port isolation at Layer 2 in secondary VLAN 4.
[Sysname-vlan4] private-vlan isolated
Related commands
· private-vlan (VLAN view)
· private-vlan community
· private-vlan primary
private-vlan primary
Use private-vlan primary to configure a VLAN as a primary VLAN.
Use undo private-vlan primary to restore the default.
Syntax
private-vlan primary
undo private-vlan primary
Default
A VLAN is not a primary VLAN.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The configuration synchronization is triggered based on the interface configuration when the following conditions exist:
· This command is configured for a VLAN that has been associated with secondary VLANs.
· Ports on the device are promiscuous, trunk promiscuous, host, or trunk secondary ports.
Examples
# Configure VLAN 5 as a primary VLAN.
<Sysname> system-view
[Sysname] vlan 5
[Sysname-vlan5] private-vlan primary
Related commands
· port private-vlan host
· port private-vlan promiscuous
· port private-vlan trunk promiscuous
· port private-vlan trunk secondary
· private-vlan primary
