Login
- Table of Contents
-
- 04-Layer 2—LAN Switching Command Reference
- 00-Preface
- 01-MAC address table commands
- 02-Ethernet link aggregation commands
- 03-Port isolation commands
- 04-VLAN commands
- 05-QinQ commands
- 06-Loop detection commands
- 07-Spanning tree commands
- 08-LLDP commands
- 09-Layer 2 forwarding commands
- 10-VLAN termination commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-VLAN commands | 144.84 KB |
display interface vlan-interface
reset counters interface vlan-interface
display voice-vlan mac-address
VLAN commands
Basic VLAN commands
bandwidth
Use bandwidth to set the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.
Examples
# Set the expected bandwidth to 10000 kbps for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] bandwidth 10000
default
Use default to restore the default settings for a VLAN interface.
Syntax
default
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] default
description
Use description to configure the description of a VLAN or VLAN interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.
For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1 Interface.
Views
VLAN view
VLAN interface view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
To manage VLANs and VLAN interfaces efficiently, configure descriptions for them based on their functions or connections.
Examples
# Configure the description of VLAN 2 as sales-private.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] description sales-private
# Configure the description of VLAN-interface 2 as linktoPC56.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] description linktoPC56
Related commands
display interface vlan-interface
display vlan
display interface vlan-interface
Use display interface vlan-interface to display VLAN interface information.
Syntax
display interface [ vlan-interface [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-interface interface-number: Specifies a VLAN interface number. If you do not specify this option, the command displays information about all interfaces except VA interfaces. If you specify the vlan-interface keyword without specifying an interface, the command displays information about all VLAN interfaces. For more information about VA interfaces, see PPP in Layer 2—WAN Access Configuration Guide.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
down: Displays VLAN interfaces in down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.
Examples
# Display information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2
Vlan-interface2
Current state: DOWN
Line protocol state: DOWN
Description: Vlan-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet protocol processing : Disabled
IP packet frame type: Ethernet II, hardware address: 000f-e249-8050
IPv6 packet frame type: Ethernet II, hardware address: 000f-e249-8050
Output queue - Urgent queuing: Size/Length/Discards 0/1024/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display brief information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vlan2 DOWN DOWN --
Table 1 Command output
|
Field |
Description |
|
Vlan-interface2 |
VLAN interface name. |
|
Current state |
Physical link state of the VLAN interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be connected correctly or the links might have failed. · UP—The interface is both administratively and physically up. |
|
Line protocol state |
Data link layer state of the VLAN interface: · DOWN—The link layer protocol state of the interface is down. · UP—The link layer protocol state of the interface is up. |
|
Description |
Description of the VLAN interface. |
|
Bandwidth |
Expected bandwidth of the VLAN interface. |
|
Maximum transmission unit |
MTU of the VLAN interface. |
|
Internet protocol processing : Disabled |
The VLAN interface is not assigned an IP address and cannot process IP packets. |
|
IP packet frame type |
IPv4 packet framing format. |
|
hardware address |
MAC address of the VLAN interface. |
|
IPv6 packet frame type |
IPv6 packet framing format. |
|
Output queue - Urgent queuing: Size/Length/Discards 0/1024/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 |
Information about the urgent, protocol, and FIFO output queues: · Size—Number of packets in the queue. · Length—Maximum number of packets that the queue can contain. · Discards—Number of dropped packets. |
|
Last clearing of counters |
The most recent time that the reset counters interface vlan-interface command was executed. This field displays Never if you have never executed this command. |
|
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rates of input packets and output packets in the last 300 seconds (in Bps, bps, and pps). |
|
Input: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. |
|
Output: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets. |
|
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol state of the interface is up. · DOWN—The data link layer protocol state of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. |
|
Primary IP |
Primary IP address of the interface. |
Related commands
reset counters interface vlan-interface
display vlan
Use display vlan to display VLAN information.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | static ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except the reserved VLANs.
dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the total number of dynamic VLANs and each dynamic VLAN ID. Dynamic VLANs are generated through MVRP or assigned by a RADIUS server.
static: Specifies static VLANs. If you specify this keyword, the command displays the total number of static VLANs and each static VLAN ID. Static VLANs are manually created.
Examples
# Display information about VLAN 2.
<Sysname> display vlan 2
VLAN ID: 2
VLAN type: Static
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
# Display information about VLAN 3.
<Sysname> display vlan 3
VLAN ID: 3
VLAN type: static
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports: None
Table 2 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, static or dynamic. |
|
Route interface |
Whether the VLAN interface is configured for the VLAN. · Not configured. · Configured. |
|
Description |
Description of the VLAN. |
|
Name |
VLAN name. |
|
IP address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
Subnet mask |
Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
display vlan brief
Use display vlan brief to display brief VLAN information.
Syntax
display vlan brief
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief VLAN information.
<Sysname> display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 GE1/0/1 GE1/0/2 GE1/0/3 GE1/0/4
GE1/0/5 GE1/0/6 GE1/0/7 GE1/0/8
GE1/0/9 GE1/0/10 GE1/0/11
GE1/0/12 GE1/0/13 GE1/0/14
GE1/0/15 GE1/0/16 GE1/0/17
GE1/0/18 GE1/0/19 GE1/0/20
GE1/0/21 GE1/0/22 GE1/0/23
GE1/0/24 GE1/0/25 GE1/0/26
GE1/0/27 GE1/0/28 GE1/0/29
GE1/0/30 GE1/0/31 GE1/0/32
GE1/0/33 GE1/0/34 GE1/0/35
GE1/0/36 GE1/0/37 GE1/0/38
GE1/0/39 GE1/0/40 GE1/0/41
GE1/0/42 GE1/0/43 GE1/0/44
GE1/0/45 GE1/0/46 GE1/0/47
GE1/0/48
2 VLAN 0002
3 VLAN 0003
Table 3 Command output
|
Field |
Description |
|
Default VLAN ID |
System default VLAN ID. |
|
Name |
VLAN name. |
|
Port |
Ports that allow packets from the VLAN to pass through. |
interface vlan-interface
Use interface vlan-interface to create a VLAN interface and enter its view, or enter the view of an existing VLAN interface.
Use undo interface vlan-interface to delete a VLAN interface.
Syntax
interface vlan-interface interface-number
undo interface vlan-interface interface-number
Default
No VLAN interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a VLAN interface number in the range of 1 to 4094.
Usage guidelines
Create the VLAN before you create the VLAN interface for a VLAN.
Examples
# Create VLAN-interface 2, and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2]
Related commands
display interface vlan-interface
mac-address
Use mac-address to assign a MAC address to a VLAN interface.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
The default MAC address of a VLAN interface varies by device model. The MAC address is the same for VLAN interfaces created on the device.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the format of H-H-H.
Examples
# Assign MAC address 0001-0001-0001 to VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] mac-address 1-1-1
mtu
Use mtu to set the MTU for a VLAN interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of a VLAN interface is 1500 bytes.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
size: Sets the MTU in the range of 46 to 1500 bytes.
Usage guidelines
If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the ip mtu command, see Layer 3—IP Services Command Reference.
Examples
# Set the MTU to 1492 bytes for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] mtu 1492
Related commands
display interface vlan-interface
name
Use name to assign a name to a VLAN.
Use undo name to restore the default.
Syntax
name text
undo name
Default
The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For 802.1X or MAC authentication, you can specify authorization VLANs by their names or IDs. If a large number of VLANs are configured, use VLAN names to identify them.
Examples
# Assign the name test vlan to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] name test vlan
Related commands
reset counters interface vlan-interface
Use reset counters interface vlan-interface to clear statistics on a VLAN interface.
Syntax
reset counters interface [ vlan-interface [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
vlan-interface interface-number: Specifies a VLAN interface by its number. If you do not specify this option, this command clears statistics on all interfaces except VA interfaces. If you specify the vlan-interface keyword without specifying an interface, this command clears statistics on all VLAN interfaces.
Usage guidelines
Use this command to clear the history statistics before you collect statistics within a time period.
Examples
# Clear statistics on VLAN-interface 2.
<Sysname> reset counters interface vlan-interface 2
Related commands
display interface vlan-interface
service
Use service to specify a primary traffic processing slot for a VLAN interface.
Use undo service to restore the default.
Syntax
In standalone mode:
service slot slot-number
undo service slot
In IRF mode:
service chassis chassis-number slot slot-number
undo service chassis
Default
No primary traffic processing slot is specified for a VLAN interface.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Specify a traffic processing slot for a VLAN interface if all traffic on the VLAN interface must be processed on the same slot.
For high availability, you can specify one primary and one backup traffic processing slot by using the service command and the service standby command, respectively.
To avoid processing slot switchover, specify the primary slot before specifying the backup slot. If you specify the backup slot before specifying the primary slot, traffic is switched over to the primary slot immediately after you specify the primary slot.
If you specify both primary and backup slots for an interface, traffic on that interface is processed as follows:
· The backup slot takes over when the primary slot becomes unavailable. The backup slot continues to process traffic for the interface after the primary slot becomes available again. The switchover will not occur until the backup slot becomes unavailable.
· When no specified traffic processing slots are available, the traffic is processed on the slot at which it arrives. Then, the processing slot that first becomes available again takes over.
If you do not specify a primary or a backup traffic processing slot for an interface, traffic on that interface is processed on the slot at which the traffic arrives.
Examples
# Specify a primary traffic processing slot for VLAN-interface 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] service slot 2
Related commands
service standby
service standby
Use service standby to specify a backup traffic processing slot for an interface.
Use undo service standby to restore the default.
Syntax
In standalone mode:
service standby slot slot-number
undo service standby slot
In IRF mode:
service standby chassis chassis-number slot slot-number
undo service standby chassis
Default
No backup traffic processing slot is specified for an interface.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Specify a traffic processing slot for a VLAN interface if all traffic on the VLAN interface must be processed on the same slot.
For high availability, you can specify one primary and one backup traffic processing slot by using the service command and the service standby command, respectively.
To avoid processing slot switchover, specify the primary slot before specifying the backup slot. If you specify the backup slot before specifying the primary slot, traffic is switched over to the primary slot immediately after you specify the primary slot.
If you specify both primary and backup slots for an interface, traffic on that interface is processed as follows:
· The backup slot takes over when the primary slot becomes unavailable. The backup slot continues to process traffic for the interface after the primary slot becomes available again. The switchover will not occur until the backup slot becomes unavailable.
· When no specified traffic processing slots are available, the traffic is processed on the slot at which it arrives. Then, the processing slot that first becomes available again takes over.
If you do not specify a primary or a backup traffic processing slot for an interface, traffic on that interface is processed on the slot at which the traffic arrives.
Examples
# Specify a primary and a backup traffic processing slot for VLAN-interface 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] service slot 2
[Sysname-Vlan-interface2] service standby slot 3
Related commands
service
shutdown
Use shutdown to shut down a VLAN interface.
Use undo shutdown to bring up a VLAN interface.
Syntax
shutdown
undo shutdown
Default
A VLAN interface is not manually shut down.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:
· The VLAN interface is down if all ports in the VLAN are down.
· The VLAN interface is up if one or more ports in the VLAN are up.
When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.
Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configuration from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.
To troubleshoot a failed VLAN interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.
In a VLAN, the state of each Ethernet port is independent of the state of the VLAN interface.
Examples
# Shut down VLAN-interface 2, and then bring it up.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] shutdown
[Sysname-Vlan-interface2] undo shutdown
vlan
Use vlan vlan-id to create a VLAN and enter its view, or enter the view of an existing VLAN.
Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2, except reserved VLANs.
Use vlan all to create VLANs 1 through 4094.
Use undo vlan to delete the specified VLANs.
Syntax
vlan { vlan-id1 [ to vlan-id2 ] | all }
undo vlan { vlan-id1 [ to vlan-id2 ] | all }
Default
VLAN 1 (system default VLAN) exists.
Views
System view
Predefined user roles
network-admin
Parameters
vlan-id1: Specifies a VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs. The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.
Usage guidelines
You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs.
Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN.
Examples
# Create VLAN 2 and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2]
# Create VLANs 4 through 100.
<Sysname> system-view
[Sysname] vlan 4 to 100
Related commands
display vlan
Port-based VLAN commands
display port
Use display port to display information about hybrid or trunk ports.
Syntax
display port { hybrid | trunk }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
hybrid: Specifies hybrid ports.
trunk: Specifies trunk ports.
Examples
# Display information about hybrid ports.
<Sysname> display port hybrid
Interface PVID VLAN Passing
GE1/0/1 100 Tagged: 1000, 1002, 1500, 1600-1611, 2000,
2555-2558, 3000, 4000
Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,
150-160, 200, 255, 286, 300-302
# Display information about trunk ports.
<Sysname> display port trunk
Interface PVID VLAN Passing
GE1/0/2 2 1-4, 6-100, 145, 177, 189-200, 244, 289, 400,
555, 600-611, 1000, 2006-2008
Table 4 Command output
|
Field |
Description |
|
Interface |
Interface name. |
|
PVID |
Port VLAN ID. |
|
VLAN Passing |
Existing VLANs allowed on the port. |
|
Tagged |
VLANs from which the port sends packets without removing VLAN tags. |
|
Untagged |
VLANs from which the port sends packets after removing VLAN tags. |
port
Use port to assign the specified access ports to a VLAN.
Use undo port to remove the specified access ports from a VLAN.
Syntax
port interface-list
undo port interface-list
Default
All ports are in VLAN 1.
Views
VLAN view
Predefined user roles
network-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
Usage guidelines
This command is applicable only to access ports.
By default, all ports are access ports. You can manually configure the port link type. For more information, see "port link-type."
Examples
# Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/2 to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port gigabitethernet 1/0/1 to gigabitethernet 1/0/2
Related commands
display vlan
port access vlan
Use port access vlan to assign an access port to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
All access ports belong to VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
Before assigning an access port to a VLAN, make sure the VLAN has been created.
Examples
# Assign GigabitEthernet 1/0/1 to VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] quit
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port access vlan 3
port hybrid pvid
Use port hybrid pvid to set the PVID of a hybrid port.
Use undo port hybrid pvid to set the PVID of a hybrid port to 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local hybrid port and its peer.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
Examples
# Configure GigabitEthernet 1/0/1 as a hybrid port, set its PVID to VLAN 100, and assign it to VLAN 100 as an untagged member.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 100
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
Related commands
port hybrid vlan
port link-type
port hybrid vlan
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.
Examples
# Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
port link-type
Use port link-type to set the link type of a port.
Use undo port link-type to restore the default link type of a port.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
Each port is an access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
access: Sets the port link type to access.
hybrid: Sets the port link type to hybrid.
trunk: Sets the port link type to trunk.
Usage guidelines
To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.
Examples
# Configure GigabitEthernet 1/0/1 as a trunk port.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type trunk
port trunk permit vlan
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
A trunk port allows packets only from VLAN 1 to pass through.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.
Usage guidelines
A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.
On a trunk port, packets only from the PVID can pass through untagged.
Examples
# Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type trunk
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
port trunk pvid
Use port trunk pvid to set the PVID for a trunk port.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
The PVID of a trunk port is VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local trunk port and its peer.
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
Examples
# Configure GigabitEthernet 1/0/1 as a trunk, set its PVID to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type trunk
[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100
[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 100
Related commands
port link-type
port trunk permit vlan
VLAN group commands
display vlan-group
Use display vlan-group to display VLAN group information.
Syntax
display vlan-group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character. If you do not specify this argument, the command displays information about all VLAN groups.
Examples
# Display information about VLAN group test001.
<Sysname> display vlan-group test001
VLAN group: test001
VLAN list: 2-4 100 200
# Display information about all VLAN groups.
<Sysname> display vlan-group
VLAN group: rnd
VLAN list: Null
VLAN group: test001
VLAN list: 2-4 100 200
Table 5 Command output
|
Field |
Description |
|
VLAN group |
Name of the VLAN group. |
|
VLAN list |
VLAN list in the VLAN group. |
Related commands
vlan-group
vlan-list
vlan-group
Use vlan-group to create a VLAN group and enter its view, or enter the view of an existing VLAN group.
Use undo vlan-group to delete a VLAN group.
Syntax
vlan-group group-name
undo vlan-group group-name
Default
No VLAN groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character.
Usage guidelines
A VLAN group includes a set of VLANs. You can add multiple VLAN lists to a VLAN group.
On an authentication server, a VLAN group name represents a group of authorization VLANs. When an 802.1X user passes authentication, the authentication server assigns a VLAN group name to the device. The device then uses the received VLAN group name to match the locally configured VLAN group names. If a match is found, the device selects a VLAN from the group and assigns the VLAN to the user.
Examples
# Create a VLAN group named test001 and enter VLAN group view.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001]
Related commands
vlan-list
vlan-list
Use vlan-list to add VLANs to a VLAN group.
Use undo vlan-list to remove VLANs from a VLAN group.
Syntax
vlan-list vlan-id-list
undo vlan-list vlan-id-list
Default
No VLANs exist in a VLAN group.
Views
VLAN group view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Examples
# Add VLAN 2 through VLAN 4, VLAN 100, and VLAN 200 to VLAN group test001.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001] vlan-list 2 to 4 100 200
Related commands
vlan-group
Super VLAN commands
display supervlan
Use display supervlan to display information about super VLANs and their associated sub-VLANs.
Syntax
display supervlan [ supervlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN ID, this command displays information about all super VLANs and their associated sub-VLANs.
Examples
# Display information about super VLAN 2 and its associated sub-VLANs.
<Sysname> display supervlan 2
Super VLAN ID: 2
Sub-VLAN ID: 3-5
VLAN ID: 2
VLAN type: Static
It is a super VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports: None
VLAN ID: 3
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/3
VLAN ID: 4
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/4
Table 6 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, dynamic or static. |
|
Route interface |
Whether a VLAN interface is configured for the VLAN. |
|
IPv4 address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
IPv4 subnet mask |
Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. |
|
IPv6 global unicast addresses |
Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. · DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly. |
|
Description |
VLAN description. |
|
Name |
VLAN name. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
subvlan
supervlan
subvlan
Use subvlan to associate a super VLAN with the specified sub-VLANs.
Use undo subvlan to dissociate sub-VLANs from a super VLAN.
Syntax
subvlan vlan-id-list
undo subvlan [ vlan-id-list ]
Default
A super VLAN is not associated with any sub-VLANs.
Views
VLAN view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 sub-VLAN items. Each item specifies a sub-VLAN ID or a range of sub-VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for sub-VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
Make sure sub-VLANs already exist before you associate them with a super VLAN.
You can add ports to and remove ports from a sub-VLAN that is already associated with a super VLAN.
When you use the undo subvlan command, follow these guidelines:
· If you do not specify the vlan-id-list argument, this command dissociates all sub-VLANs from the current super VLAN.
· If you specify the vlan-id-list argument, this command dissociates the specified sub-VLANs from the current super VLAN.
Examples
# Associate super VLAN 10 with sub-VLANs 3, 4, and 5.
<Sysname> system-view
[Sysname] vlan 3 to 5
[Sysname] vlan 10
[Sysname-vlan10] supervlan
[Sysname-vlan10] subvlan 3 to 5
Related commands
display supervlan
supervlan
supervlan
Use supervlan to configure a VLAN as a super VLAN.
Use undo supervlan to restore the default.
Syntax
supervlan
undo supervlan
Default
A VLAN is not a super VLAN.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
A VLAN cannot be configured as both a super VLAN and a guest VLAN, Auth-Fail VLAN, or critical VLAN. For more information about guest VLANs, Auth-Fail VLANs, and critical VLANs, see Security Configuration Guide.
As a best practice, do not configure VRRP for a super VLAN interface, because the configuration affects network performance.
Layer 2 multicast configuration for super VLANs does not take effect because they do not have physical ports.
Examples
# Configure VLAN 2 as a super VLAN.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] supervlan
Related commands
display supervlan
subvlan
Voice VLAN commands
display voice-vlan mac-address
Use display voice-vlan mac-address to display the OUI addresses supported on the device.
Syntax
display voice-vlan mac-address
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the OUI addresses supported on the device.
<Sysname> display voice-vlan mac-address
OUI Address Mask Description
0001-e300-0000 ffff-ff00-0000 Siemens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3Com phone
Table 7 Command output
|
Field |
Description |
|
OUI Address |
OUI address allowed on the device. |
|
Mask |
Mask of the OUI address. |
|
Description |
Description of the OUI address. |
Related commands
voice-vlan mac-address
display voice-vlan state
Use display voice-vlan state to display voice VLAN information.
Syntax
display voice-vlan state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display voice VLAN information.
<Sysname> display voice-vlan state
Current voice VLANs: 1
Voice VLAN security mode: Security
Voice VLAN aging time: 1440 minutes
Voice VLAN enabled ports and their modes:
Port VLAN Mode CoS DSCP
GE1/0/1 111 Auto 6 46
Table 8 Command output
|
Field |
Description |
|
Current Voice VLANs |
Number of existing voice VLANs. |
|
Voice VLAN security mode |
Voice VLAN mode: · Security. · Normal. |
|
Voice VLAN aging time |
Voice VLAN aging timer. |
|
Voice VLAN enabled ports and their modes |
Voice VLAN-enabled ports and their voice VLAN assignment modes. |
|
Port |
Name of the voice VLAN-enabled port. |
|
VLAN |
ID of the voice VLAN enabled on the port. |
|
Mode |
Voice VLAN assignment mode of the port: · Manual. · Automatic. |
Related commands
voice-vlan aging
voice-vlan enable
voice-vlan mode auto
voice-vlan security enable
voice-vlan aging
Use voice-vlan aging to set the voice VLAN aging timer.
Use undo voice-vlan aging to restore the default.
Syntax
voice-vlan aging minutes
undo voice-vlan aging
Default
The voice VLAN aging timer is 1440 minutes (24 hours).
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Sets the voice VLAN aging timer in the range of 5 to 43200 in minutes.
Usage guidelines
In automatic voice VLAN assignment mode, the device starts an aging timer for a voice VLAN when assigning a port to the voice VLAN. If no voice packets are received on the port before the timer expires, the device removes the port from the voice VLAN.
The aging timer of a voice VLAN starts only when the dynamic MAC address entry of the voice VLAN ages out. The aging period for the voice VLAN equals the sum of the voice VLAN aging timer and the aging timer for its dynamic MAC address entry. For more information about the aging timer for dynamic MAC address entries, see MAC address table configuration in Layer 2—LAN Switching Configuration Guide.
Set the voice VLAN aging timer only when the voice VLAN assignment mode is automatic.
Examples
# Set the voice VLAN aging timer to 100 minutes.
<Sysname> system-view
[Sysname] voice-vlan aging 100
display voice-vlan state
voice-vlan enable
Use voice-vlan enable to enable the voice VLAN feature on a port.
Use undo voice-vlan enable to disable the voice VLAN feature on a port.
Syntax
voice-vlan vlan-id enable
undo voice-vlan [ vlan-id ] enable
Default
The voice VLAN feature is disabled on ports.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a voice VLAN ID in the range of 2 to 4094.
Usage guidelines
Use this command only on a hybrid or trunk port operating in automatic voice VLAN assignment mode.
Before you execute this command, make sure the specified VLAN already exists.
Examples
# Enable the voice VLAN feature on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] voice-vlan 2 enable
display voice-vlan state
voice-vlan mode auto
voice-vlan mac-address
Use voice-vlan mac-address to configure the OUI address information for voice packet identification.
Use undo voice-vlan mac-address to delete an OUI address.
Syntax
voice-vlan mac-address mac-address mask oui-mask [ description text ]
undo voice-vlan mac-address oui
Default
System default OUI addresses exist.
Table 9 System default OUI addresses
|
Number |
OUI address |
Vendor |
|
|
|
1 |
0001-e300-0000 |
Siemens phone |
||
|
2 |
0003-6b00-0000 |
Cisco phone |
||
|
3 |
0004-0d00-0000 |
Avaya phone |
||
|
4 |
000f-e200-0000 |
H3C Aolynk phone |
||
|
5 |
0060-b900-0000 |
Philips/NEC phone |
||
|
6 |
00d0-1e00-0000 |
Pingtel phone |
||
|
7 |
00e0-7500-0000 |
Polycom phone |
||
|
8 |
00e0-bb00-0000 |
3Com phone |
||
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a source MAC address of voice traffic, in the format of H-H-H. For example, 1234-1234-1234.
mask oui-mask: Specifies the valid length of the OUI address by using a mask in the format of H-H-H. The mask contains consecutive 1s and 0s. For example, ffff-0000-0000. To match the voice devices of a vendor, set the mask to ffff-ff00-0000.
description text: Specifies the OUI address description, a case-sensitive string of 1 to 30 characters.
oui: Specifies an OUI address to delete, in the format of H-H-H. For example, 1234-1200-0000. An OUI address is the logical AND result of the mac-address and oui-mask arguments. It cannot be a broadcast address, a multicast address, or an all-zero address.
Usage guidelines
You can manually delete or add the system default OUI addresses.
The maximum number of configurable OUI addresses depends on the device model.
Examples
# Add OUI address 1234-1200-0000 by specifying the MAC address as 1234-1234-1234 and the mask as fff-ff00-0000. Configure the OUI address description as PhoneA.
<Sysname> system-view
[Sysname] voice-vlan mac-address 1234-1234-1234 mask ffff-ff00-0000 description PhoneA
display voice-vlan mac-address
voice-vlan mode auto
Use voice-vlan mode auto to configure a port to operate in automatic voice VLAN assignment mode.
Use undo voice-vlan mode auto to configure a port to operate in manual voice VLAN assignment mode.
Syntax
voice-vlan mode auto
undo voice-vlan mode auto
Default
A port operates in automatic voice VLAN assignment mode.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
To make a voice VLAN take effect on a port operating in manual mode, you must manually assign the port to the voice VLAN.
Examples
# Configure GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] undo voice-vlan mode auto
display voice-vlan state
voice-vlan security enable
Use voice-vlan security enable to enable the voice VLAN security mode.
Use undo voice-vlan security enable to disable the voice VLAN security mode.
Syntax
voice-vlan security enable
undo voice-vlan security enable
Default
The voice VLAN security mode is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In security mode, a voice VLAN transmits only voice packets whose source MAC addresses match the OUI addresses of the device.
In normal mode, a voice VLAN transmits voice packets and non-voice packets.
Examples
# Disable the voice VLAN security mode.
<Sysname> system-view
[Sysname] undo voice-vlan security enable
Related commands
display voice-vlan state
voice-vlan track lldp
Use voice-vlan track lldp to enable LLDP for automatic IP phone discovery.
Use undo voice-vlan track lldp to disable LLDP for automatic IP phone discovery.
Syntax
voice-vlan track lldp
undo voice-vlan track lldp
Views
System view
Default
LLDP for automatic IP phone discovery is disabled.
Predefined user roles
network-admin
Examples
# Enable LLDP for automatic IP phone discovery.
<Sysname> system-view
[Sysname] voice-vlan track lldp
