Contents

VLAN commands· 1

Basic VLAN commands· 1

bandwidth· 1

default 1

description· 2

display interface vlan-interface· 3

display vlan· 6

display vlan brief 8

interface vlan-interface· 9

mtu· 9

name· 10

service· 11

shutdown· 11

vlan· 12

Port-based VLAN commands· 13

display port 13

port 14

port access vlan· 15

port hybrid pvid· 16

port hybrid vlan· 17

port link-type· 18

port trunk permit vlan· 18

port trunk pvid· 19

MAC-based VLAN commands· 21

display mac-vlan· 21

display mac-vlan interface· 22

mac-vlan enable· 22

mac-vlan mac-address· 23

mac-vlan trigger enable· 24

port pvid forbidden· 25

vlan precedence· 25

IP subnet-based VLAN commands· 26

display ip-subnet-vlan interface· 26

display ip-subnet-vlan vlan· 27

ip-subnet-vlan· 28

port hybrid ip-subnet-vlan· 29

Protocol-based VLAN commands· 30

display protocol-vlan interface· 30

display protocol-vlan vlan· 31

port hybrid protocol-vlan· 32

protocol-vlan· 33

VLAN group commands· 35

display vlan-group· 35

vlan-group· 35

vlan-list 36

Private VLAN commands· 38

display private-vlan· 38

port private-vlan host 40

port private-vlan promiscuous· 41

port private-vlan trunk promiscuous· 43

port private-vlan trunk secondary· 46

private-vlan (VLAN interface view) 49

private-vlan (VLAN view) 51

private-vlan community· 52

private-vlan isolated· 53

private-vlan primary· 54

Voice VLAN commands· 56

cdp voice-vlan· 56

display voice-vlan mac-address· 56

display voice-vlan state· 57

voice-vlan aging· 58

voice-vlan enable· 59

voice-vlan mac-address· 59

voice-vlan mode auto· 61

voice-vlan qos· 61

voice-vlan qos trust 62

voice-vlan security enable· 63

voice-vlan track lldp· 63

 

VLAN commands

Basic VLAN commands

bandwidth

Use bandwidth to configure the expected bandwidth of an interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth (in kbps) is the interface baud rate divided by 1000.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth of VLAN-interface 1 to 10000 kbps.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] bandwidth 10000

default

Use default to restore the default settings for a VLAN interface.

Syntax

default

Views

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

	CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network.

 

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] default

description

Use description to configure the description for a VLAN or VLAN interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.

For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1 Interface.

Views

VLAN view, VLAN interface view

Predefined user roles

network-admin

Parameters

text: Specifies a description for a VLAN or VLAN interface, a string of 1 to 255 characters. The string can include case-sensitive letters, digits, special symbols (see Table 1), spaces, and other Unicode characters and symbols.

Table 1 Special symbols

Name	Symbol	Name	Symbol
Tilde	~	Left angle bracket	<
Exclamation point	!	Right angle bracket	>
At sign	@	Hyphen	-
Pound sign	#	Underscore	_
Dollar sign	$	Plus sign	+
Percent sign	%	Equal sign	=
Caret	^	Vertical bar	|
Ampersand sign	&	Back slash	\
Asterisk	*	Colon	:
Left brace	{	Semi-colon	;
Right brace	}	Quotation marks	"
Left parenthesis	(	Apostrophe	'
Right parenthesis	)	Comma	,
Left bracket	[	Dot	.
Right bracket	]	Slash	/

 

Usage guidelines

You can configure a description to describe the function or connection of a VLAN or VLAN interface. The descriptions are helpful when a large number of VLANs and VLAN interfaces are created on the device.

Examples

# Configure the description of VLAN 2 as sales-private.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] description sales-private

# Configure the description of VLAN-interface 2 as linktoPC56.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description linktoPC56

Related commands

·     display interface vlan-interface

·     display vlan

display interface vlan-interface

Use display interface vlan-interface to display VLAN interface information.

Syntax

display interface vlan-interface [ brief [ description | down ] ]

display interface vlan-interface interface-number [ brief [ description ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-number: Specifies a VLAN interface number. If you do not specify this argument, the command displays information about all VLAN interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

down: Displays interfaces in a down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.

Examples

# Display information for VLAN-interface 10.

<Sysname> display interface vlan-interface 10

Vlan-interface10

Current state: UP

Line protocol state: UP

Description: Vlan-interface10 Interface

Bandwidth: 100000kbps

Maximum transmisstion unit: 1500

Internet address : 192.168.1.54/24 (primary)

IP packet frame type: Ethernet II,  hardware address: 0023-89b6-d613

IPv6 packet frame type: Ethernet II,  hardware address: 0023-89b6-d613

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display brief information for VLAN-interface 2.

<Sysname> display interface vlan-interface 2 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP         Description

Vlan2                DOWN DOWN     --

Table 2 Command output

Field	Description
Vlan-interface2	VLAN interface name.
Current state	Physical state of a VLAN interface: ·     DOWN (Administratively)—The administrative state of the VLAN interface is down, because it has been shut down by using the shutdown command. ·     DOWN—The administrative state of the VLAN interface is up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be well connected correctly or the lines might have failed. ·     UP—Both the administrative state and the physical state of the VLAN interface are up.
Line protocol state	Link layer protocol state of a VLAN interface: ·     DOWN—The link layer protocol state of the VLAN interface is down. ·     UP—The link layer protocol state of the VLAN interface is up.
Description	Partial or complete interface description configured by using the description command: ·     If you do not specify the description keyword in the display interface brief command, this field displays only the first 27 characters of the interface description. ·     If you specify the description keyword in the display interface brief command, this field displays the complete interface description.
Bandwidth	Expected bandwidth of a VLAN interface.
Maximum transmisstion unit	MTU of a VLAN interface.
Internet protocol processing : Disabled	The interface cannot process IP packets. This information is displayed when the interface is not configured with an IP address.
Internet address : 192.168.1.54/24 (primary)	The primary IP address of the interface is 192.168.1.54/24. This information is displayed only when the primary IP address is configured for the interface.
IP packet frame type	Framing format of sent IPv4 packets.
hardware address	MAC address of the VLAN interface.
IPv6 packet frame type	Framing format of sent IPv6 packets.
Last clearing of counters	The most recent time that the reset counters interface vlan-interface command was executed. This field displays Never if you have not executed this command since the device startup.
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec	Average rates of input packets and output packets in the last 300 seconds (in Bps, bps, and pps). This field is displayed only when the VLAN interface supports interface statistics collection.
Input: 0 packets, 0 bytes, 0 drops	Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. This field is displayed only when the VLAN interface supports interface statistics collection.
Output: 0 packets, 0 bytes, 0 drops	Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets. This field is displayed only when the VLAN interface supports interface statistics collection.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Link: ADM - administratively down; Stby – standby	Link layer state of the interface: ·     ADM—The interface has been administratively shut down. To bring up the interface, use the undo shutdown command. ·     Stby—The interface is operating as a backup interface.
Protocol: (s) - spoofing	The protocol attribute of an interface includes the spoofing flag (the letter s in parentheses) when the following conditions exist: ·     The data link layer protocol state of an interface is shown as UP. ·     Its link is an on-demand link or is not present.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: ·     UP—The physical link of the interface is up. ·     DOWN—The physical link of the interface is down. ·     ADM—The interface has been administratively shut down. To bring up the interface, use the undo shutdown command. ·     Stby—The interface is operating as a backup interface.
Protocol	Data link layer state of the interface: ·     UP—The data link layer of the interface is up. ·     DOWN—The data link layer of the interface is down. ·     UP(s)—The data link layer of the interface is spoofing up. This state is available for on-demand link setup applications. This state enables the device to initiate an on-demand link setup when a link is not present.
Primary IP	Primary IP address of the interface.

 

display vlan

Use display vlan to display VLAN information.

Syntax

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all VLANs except the reserved VLANs.

dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are generated through MVRP.

reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved according to function implementation. The reserved VLANs provide services for protocol modules. You cannot configure reserved VLANs.

static: Specifies static VLANs. If you specify this keyword, the command displays the number of static VLANs and the ID for each static VLAN. The static VLANs are manually created.

Examples

# Display VLAN 2 information.

<Sysname> display vlan 2

 VLAN ID: 2

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged ports:   None

 Untagged ports:

    Ten-GigabitEthernet1/0/1  Ten-GigabitEthernet1/0/2  Ten-GigabitEthernet1/0/3

# Display VLAN 3 information.

<Sysname> display vlan 3

 VLAN ID: 3

 VLAN type: static

 Route interface: Configured

 IPv4 address: 1.1.1.1

 IPv4 subnet mask: 255.255.255.0

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged ports:   None

 Untagged ports: None

Table 3 Command output

Field	Description
VLAN type	VLAN type, static or dynamic.
Route interface	Whether the VLAN interface is configured for the VLAN. ·     Not configured. ·     Configured.
Description	Description of the VLAN.
Name	VLAN name.
IPv4 address	Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: ·     display interface vlan-interface. ·     display this (VLAN interface view).
IPv4 subnet mask	Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface.
Tagged ports	Tagged members of the VLAN.
Untagged ports	Untagged members of the VLAN.

 

Related commands

vlan

display vlan brief

Use display vlan brief to display brief VLAN information.

Syntax

display vlan brief

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief VLAN information.

<Sysname> display vlan brief

Brief information about all VLANs:

Supported Minimum VLAN ID: 1

Supported Maximum VLAN ID: 4094

Default VLAN ID: 1

VLAN ID   Name                             Port

1         VLAN 0001                        XGE1/0/1  XGE1/0/2  XGE1/0/3  XGE1/0/4

                                           XGE1/0/5  XGE1/0/6  XGE1/0/7  XGE1/0/8

                                           XGE1/0/9  XGE1/0/10  XGE1/0/11

                                           XGE1/0/12  XGE1/0/13  XGE1/0/14

                                           XGE1/0/15  XGE1/0/16  XGE1/0/17

                                           XGE1/0/18  XGE1/0/19  XGE1/0/20

                                           XGE1/0/21  XGE1/0/22  XGE1/0/23

                                           XGE1/0/24  XGE1/0/25  XGE1/0/26

                                           XGE1/0/27  XGE1/0/28  XGE1/0/29

                                           XGE1/0/30  XGE1/0/31  XGE1/0/32

                                           XGE1/0/33  XGE1/0/34  XGE1/0/35

                                           XGE1/0/36  XGE1/0/37  XGE1/0/38

                                           XGE1/0/39  XGE1/0/40  XGE1/0/41

                                           XGE1/0/42  XGE1/0/43  XGE1/0/44

                                           XGE1/0/45  XGE1/0/46  XGE1/0/47

                                           XGE1/0/48

2         VLAN 0002

3         VLAN 0003

Table 4 Command output

Field	Description
Default VLAN ID	System default VLAN ID.
Name	VLAN name.
Port	Port that allows packets from the VLAN to pass through.

 

interface vlan-interface

Use interface vlan-interface to create a VLAN interface and enter its view or to enter the view of an existing VLAN interface.

Use undo interface vlan-interface to delete the specified VLAN interface.

Syntax

interface vlan-interface vlan-interface-id

undo interface vlan-interface vlan-interface-id

Default

No VLAN interface is created.

Views

System view

Predefined user roles

network-admin

Parameters

vlan-interface-id: Specifies a VLAN interface number in the range of 1 to 4094.

Usage guidelines

Create a VLAN before you create the VLAN interface for it.

You cannot create VLAN interfaces for secondary VLANs that meet the following requirements:

·     Associated with the same primary VLAN.

·     Enabled with Layer 3 communication in VLAN interface view of the primary VLAN interface.

For more information about secondary VLANs, Layer 2—LAN Switching Configuration Guide.

Examples

# Create VLAN-interface 2, and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

Related commands

display interface vlan-interface

mtu

Use mtu to set the MTU for a VLAN interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of a VLAN interface is 1500 bytes.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

size: Sets the MTU in bytes, in the range of 128 to 1500.

Usage guidelines

The ip mtu or mtu command configuration on an interface takes effect on only the packets sent to the CPU for software forwarding, including the packets destined to or sourced from the interface. Configure the MTU as appropriate to avoid fragmentation.

If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the ip mtu command, see Layer 3—IP Services Command Reference.

Examples

# Set the MTU to 1492 bytes for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] mtu 1492

Related commands

display interface vlan-interface

name

Use name to configure a name for a VLAN.

Use undo name to restore the default.

Syntax

name text

undo name

Default

The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.

Views

VLAN view

Predefined user roles

network-admin

Parameters

text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive letters, digits, special symbols (see Table 1), spaces, and other Unicode characters and symbols.

Usage guidelines

You can configure VLAN names for VLAN identification. When 802.1X or MAC authentication is configured on a device, you can specify VLANs by name on the RADIUS server for authorization VLAN assignment.

Examples

# Configure the name of VLAN 2 as test vlan.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] name test vlan

Related commands

display vlan

service

Use service to specify an IRF member device for forwarding the traffic on the current VLAN interface.

Use undo service to restore the default.

Syntax

service slot slot-number

undo service slot

Default

No IRF member devices are specified for forwarding the traffic on the VLAN interface.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID.

Usage guidelines

If no IRF member devices are specified for forwarding the traffic on the current VLAN interface, the traffic is processed on the IRF member device that receives the traffic.

Some features, such as IPsec anti-replay, require that traffic for the same VLAN interface be processed on the same IRF member device. If such a feature is configured, you must use this command to specify an IRF member device for forwarding the traffic on a VLAN interface.

If the specified IRF member device is removed from the IRF fabric, traffic on the VLAN interface cannot be forwarded even if the VLAN interface is up. After the specified IRF member device rejoins the IRF fabric, traffic forwarding recovers.

Examples

# Specify IRF member device 2 for forwarding traffic on VLAN-interface 200.

<Sysname> system-view

[Sysname] interface vlan-interface 200

[Sysname-Vlan-interface200] service slot 2

shutdown

Use shutdown to shut down a VLAN interface.

Use undo shutdown to bring up a VLAN interface.

Syntax

shutdown

undo shutdown

Default

A VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and it goes down if all ports in the VLAN go down.

Views

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:

·     The VLAN interface is down if all ports in the VLAN are down.

·     The VLAN interface is up if one or more ports in the VLAN are up.

When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.

Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configuration from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.

To troubleshoot a failed interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.

In a VLAN, the state of any Ethernet port is independent of the state of the VLAN interface.

Examples

# Shut down VLAN-interface 2, and then bring it up.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

vlan

Use vlan vlan-id to create a VLAN and enter its view or to enter the view of an existing VLAN.

Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2, except reserved VLANs.

Use vlan all to create VLANs 1 through 4094.

Use undo vlan to delete the specified VLANs.

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

Default

VLAN 1 (system default VLAN) exists.

Views

System view

Predefined user roles

network-admin

Parameters

vlan-id1, vlan-id2: Specifies a VLAN ID. The value range is 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs. The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Creates or deletes all VLANs except reserved VLANs.

Usage guidelines

You cannot create or delete the system default VLAN (VLAN 1).

You cannot create or delete reserved VLANs.

Before you delete a dynamic VLAN, a VLAN with a QoS policy applied, or a VLAN locked by an application, you must first remove the configuration from the VLAN.

Examples

# Create VLAN 2 and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2]

# Create VLAN 4 through VLAN 100.

<Sysname> system-view

[Sysname] vlan 4 to 100

Related commands

display vlan

Port-based VLAN commands

display port

Use display port to display information about hybrid or trunk ports.

Syntax

display port { hybrid | trunk }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

hybrid: Specifies hybrid ports.

trunk: Specifies trunk ports.

Examples

# Display information about hybrid ports.

<Sysname> display port hybrid

Interface            PVID  VLAN Passing

XGE1/0/4             100   Tagged:  1000, 1002, 1500, 1600-1611, 2000,

                                    2555-2558, 3000, 4000

                           Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,

                                    150-160, 200, 255, 286, 300-302

# Display information about trunk ports.

<Sysname> display port trunk

Interface            PVID  VLAN Passing

XGE1/0/8             2     1-4, 6-100, 145, 177, 189-200, 244, 289, 400,

                           555, 600-611, 1000, 2006-2008

Table 5 Command output

Field	Description
Interface	Interface name.
PVID	Port VLAN ID.
VLAN Passing	Existing VLANs allowed on the port.
Tagged	VLANs from which the port sends packets without removing VLAN tags.
Untagged	VLANs from which the port sends packets after removing VLAN tags.

 

port

Use port to assign the specified access ports to a VLAN.

Use undo port to remove the specified access ports from a VLAN.

Syntax

port interface-list

undo port interface-list

Default

All ports are in VLAN 1.

Views

VLAN view

Predefined user roles

network-admin

Parameters

interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

Usage guidelines

This command is applicable only to access ports.

By default, all ports are access ports. You can manually configure the port type. For more information, see "port link-type."

Examples

# Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3

Related commands

display vlan

port access vlan

Use port access vlan to assign the access ports to the specified VLAN.

Use undo port access vlan to restore the default.

Syntax

port access vlan vlan-id

undo port access vlan

Default

All access ports belong to VLAN 1.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

Before assigning an access port to a VLAN, make sure the VLAN has been created.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface. For information about S-channel interfaces, see EVB Configuration Guide.

Examples

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 3

port hybrid pvid

Use port hybrid pvid to configure the PVID of a hybrid port.

Use undo port hybrid pvid to configure the PVID of a hybrid port as 1.

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

Default

The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can configure a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, configure the same PVID for a local hybrid port and its peer.

To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface.

Examples

# Configure VLAN 100 as the PVID of the hybrid port Ten-GigabitEthernet 1/0/1, and assign Ten-GigabitEthernet 1/0/1 to VLAN 100 as an untagged member.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 100

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged

Related commands

·     port hybrid vlan

·     port link-type

port hybrid vlan

Use port hybrid vlan to assign a hybrid port to the specified VLANs.

Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.

Syntax

port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

Default

A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.

untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.

Usage guidelines

A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows the VLANs specified by the vlan-id-list argument in each execution.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLANs 50 through 100 as a tagged member.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged

Related commands

port link-type

port link-type

Use port link-type to configure the link type of a port.

Use undo port link-type to restore the default link type of a port.

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

Default

Any port is an access port.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

access: Configures the link type of a port as access.

hybrid: Configures the link type of a port as hybrid.

trunk: Configures the link type of a port as trunk.

Usage guidelines

To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk

port trunk permit vlan

Use port trunk permit vlan to assign a trunk port to the specified VLANs.

Use undo port trunk permit vlan to remove the trunk port from the specified VLANs.

Syntax

port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }

Default

A trunk port allows packets only from VLAN 1 to pass through.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through a port, use the port trunk permit vlan all command with caution.

Usage guidelines

A trunk port can carry multiple VLANs. If you execute the port trunk permit vlan command multiple times on a trunk port, the trunk port allows the VLANs specified by the vlan-id-list argument in each execution.

On a trunk port, only packets from the PVID can pass through untagged.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLANs 50 through 100.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk

[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100

Related commands

port link-type

port trunk pvid

Use port trunk pvid to configure the PVID for a trunk port.

Use undo port trunk pvid to restore the default.

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

Default

The PVID of a trunk port is VLAN 1.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can configure a nonexistent VLAN as the PVID of a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, configure the same PVID for a local trunk port and its peer.

To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.

·     The configuration made in Layer 2 Ethernet interface view applies only to the port.

·     The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

¡     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

¡     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

·     The configuration made in S-channel interface view or S-channel aggregate interface view applies only to the interface.

Examples

# Configure VLAN 100 as the PVID of the trunk port Ten-GigabitEthernet 1/0/1, and assign Ten-GigabitEthernet 1/0/1 to VLAN 100.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk

[Sysname-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100

[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100

Related commands

·     port link-type

·     port trunk permit vlan

MAC-based VLAN commands

display mac-vlan

Use display mac-vlan to display MAC-to-VLAN entries.

Syntax

display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all MAC-to-VLAN entries.

dynamic: Specifies dynamically configured MAC-to-VLAN entries.

mac-address mac-address: Specifies the MAC address in the MAC-to-VLAN entry.

mask mac-mask: Specifies the mask for matching MAC addresses in MAC-to-VLAN entries.

static: Specifies statically configured MAC-to-VLAN entries.

vlan vlan-id: Specifies the VLAN in MAC-to-VLAN entries. The value range for the vlan-id argument is 1 to 4094.

Examples

# Display all MAC-to-VLAN entries.

<Sysname> display mac-vlan all

The following MAC VLAN entries exist:

State: S - Static, D - Dynamic

 

MAC address        Mask                VLAN ID   Dot1q      State

0008-0001-0000     FFFF-FF00-0000      5         3           S

0002-0001-0000     FFFF-FFFF-FFFF      5         3           S&D

 

Total MAC VLAN entries count: 2

Table 6 Command output

Field	Description
S - Static	Statically configured MAC-to-VLAN entries.
D - Dynamic	Dynamically configured MAC-to-VLAN entries.
MAC address	MAC address of the MAC-to-VLAN entry.
Mask	MAC address mask of the MAC-to-VLAN entry.
VLAN ID	VLAN ID of the MAC-to-VLAN entry.
Dot1q	802.1p priority of the VLAN in the MAC-to-VLAN entry.
State	State of a MAC-to-VLAN entry: ·     S—The MAC-to-VLAN entry is configured statically. ·     D—The MAC-to-VLAN entry is dynamically generated in cooperation with the authentication feature. ·     S&D—The MAC-to-VLAN entry is configured both statically and dynamically.

 

Related commands

mac-vlan mac-address

display mac-vlan interface

Use display mac-vlan interface to display all ports that are enabled with the MAC-based VLAN feature.

Syntax

display mac-vlan interface

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display all ports that are enabled with the MAC-based VLAN feature.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

Ten-GigabitEthernet1/0/1  Ten-GigabitEthernet1/0/2  Ten-GigabitEthernet1/0/3

Related commands

mac-vlan enable

mac-vlan enable

Use mac-vlan enable to enable the MAC-based VLAN feature on a port.

Use undo mac-vlan enable to restore the default.

Syntax

mac-vlan enable

undo mac-vlan enable

Default

The MAC-based VLAN feature is disabled on a port.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

Execute this command only on hybrid ports.

Examples

# Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname–Ten-GigabitEthernet1/0/1] mac-vlan enable

Related commands

display mac-vlan interface

mac-vlan mac-address

Use mac-vlan mac-address to configure a MAC-to-VLAN entry.

Use undo mac-vlan to delete the specified MAC-to-VLAN entries.

Syntax

mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1q pri ]

undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }

Default

No MAC-to-VLAN entries are configured.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a MAC address.

mask mac-mask: Specifies the MAC address mask. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is all Fs in hexadecimal notation.

vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

dot1q pri: Specifies the 802.1p priority of the VLAN specific to the MAC-to-VLAN entry. The value range for the pri argument is 0 to 7, and the default value is 0.

all: Deletes all static MAC-to-VLAN entries.

Usage guidelines

For successful dynamic MAC-based VLAN assignment, use static VLANs when you create MAC-to-VLAN entries.

Different types of MAC-to-VLAN entries are created depending on whether you specify the mask keyword.

·     When you specify this keyword, the created MAC-to-VLAN entry describes the relationship among a group of MAC addresses, a VLAN, and the 802.1p priority for the VLAN.

·     When you do not specify this keyword, the created MAC-to-VLAN entry describes the relationship among a MAC address, a VLAN, and the 802.1p priority for the VLAN.

These different types of MAC-to-VLAN entries are stored separately in two tables. The system updates the two tables according to the configuration.

Examples

# Associate the MAC address 0-1-1 with VLAN 100, and specify the 802.1p priority as 7 for VLAN 100 in this entry.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100 dot1q 7

# Associate VLAN 100 with MAC addresses whose six high-order bits are 121122, and specify the 802.1p priority as 4 for VLAN 100 in this entry.

<Sysname> system-view

[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 dot1q 4

Related commands

display mac-vlan

mac-vlan trigger enable

Use mac-vlan trigger enable to enable dynamic MAC-based VLAN assignment.

Use undo mac-vlan trigger enable to restore the default.

Syntax

mac-vlan trigger enable

undo mac-vlan trigger enable

Default

Dynamic MAC-based VLAN assignment is not enabled.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

After receiving a packet, the port reports the source MAC address of the packet to the CPU.

·     If the source MAC address matches a MAC-to-VLAN entry whose mask is all Fs, the device dynamically learns the source MAC address and assigns the receiving port to the VLAN specific to the entry.

Subsequent packets with this source MAC address can be directly forwarded through the port.

·     If the MAC address does not match any MAC-to-VLAN entries or matches only a MAC-to-VLAN entry whose mask is not all Fs, the device does not dynamically learn the MAC address or assign the receiving port to the VLAN.

Examples

# Enable dynamic MAC-based VLAN assignment on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-vlan trigger enable

Related commands

port pvid forbidden

port pvid forbidden

Use port pvid forbidden to disable a port from forwarding packets that fail the exact MAC address match in its PVID.

Use undo port pvid forbidden to restore the default.

Syntax

port pvid forbidden

undo port pvid forbidden

Default

When a port receives packets whose source MAC addresses fail the exact MAC address match, the port forwards them in its PVID.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

Use this feature only with dynamic MAC-based VLAN assignment.

Examples

# Disable Ten-GigabitEthernet 1/0/1 from forwarding packets that fail the exact MAC address match in its PVID.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port pvid forbidden

Related commands

mac-vlan trigger enable

vlan precedence

Use vlan precedence to set the VLAN matching order when both the MAC-based VLAN and IP subnet-based VLAN are configured on a port.

Use undo vlan precedence to restore the default.

Syntax

vlan precedence { mac-vlan | ip-subnet-vlan }

undo vlan precedence

Default

A port matches VLANs based on MAC addresses preferentially.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

mac-vlan: Matches VLANs based on MAC addresses preferentially.

ip-subnet-vlan: Matches VLANs based on IP subnets preferentially.

Usage guidelines

This command takes effect only on MAC-based VLANs and IP subnet-based VLANs.

As a best practice to ensure the priority of MAC-based VLAN matching, configure the vlan precedence mac-vlan command when you enable dynamic MAC-based VLAN assignment. If you execute the vlan precedence ip-subnet-vlan command, the command will not take effect.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to match VLANs based on MAC addresses preferentially.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] vlan precedence mac-vlan

IP subnet-based VLAN commands

display ip-subnet-vlan interface

Use display ip-subnet-vlan interface to display IP subnet-based VLANs that are associated with the specified ports.

Syntax

display ip-subnet-vlan interface { interface-type interface-number1 [ to interface-type interface-number2 ] | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number1: Specifies an interface by its type and number.

interface-type interface-number1 to interface-type interface-number2: Specifies an interface range.

all: Displays information about IP subnet-based VLANs that are associated with all ports.

Examples

# Display IP subnet-based VLANs on Ten-GigabitEthernet 1/0/1.

<Sysname> display ip-subnet-vlan interface ten-gigabitethernet1/0/1

 Interface: Ten-GigabitEthernet1/0/1

  VLAN ID   Subnet index    IP address       Subnet mask       Status

  3         0               192.168.1.0      255.255.255.0     Active

  4         N/A             N/A              N/A               Inactive

  4094      65535           172.16.1.1       255.255.0.0       Inactive

Table 7 Command output

Field	Description
VLAN ID	ID of the IP subnet-based VLAN.
Subnet index	Index of the IP subnet. If no IP subnet-based VLAN is configured, this field displays N/A.
IP address	IP address of the subnet. It can be an IP address or a subnet address. If no IP subnet address is configured for the VLAN, this field displays N/A.
Subnet mask	Mask of the IP subnet. If no subnet mask is configured for the VLAN, this field displays N/A.
Status	Whether the IP subnet-based VLAN has taken effect on the port: ·     Active—The IP subnet-based VLAN has taken effect. ·     Inactive—The IP subnet-based VLAN has not taken effect. For example, this field displays Inactive in one of the following conditions: ¡     The configuration of the IP subnet-based VLAN is not complete. ¡     The port does not allow the IP subnet-based VLAN.

 

Related commands

·     display ip-subnet-vlan vlan

·     ip-subnet-vlan

·     port hybrid ip-subnet-vlan

display ip-subnet-vlan vlan

Use display ip-subnet-vlan vlan to display information about IP subnet-based VLANs.

Syntax

display ip-subnet-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vlan-id1: Specifies an IP subnet-based VLAN by its VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all IP subnet-based VLANs.

Examples

# Display information about all IP subnet-based VLANs.

<Sysname> display ip-subnet-vlan vlan all

 VLAN ID: 3

  Subnet index      IP address      Subnet mask

  0                 192.168.1.0     255.255.255.0

Table 8 Command output

Field	Description
VLAN ID	ID of the IP subnet-based VLAN.
Subnet index	Index of the IP subnet.
IP address	IP address of the subnet. It can be an IP address or a subnet address.
Subnet mask	Mask of the IP subnet.

 

Related commands

·     display ip-subnet-vlan interface

·     ip-subnet-vlan

·     port hybrid ip-subnet-vlan

ip-subnet-vlan

Use ip-subnet-vlan to associate a VLAN with the specified IP subnet or IP address.

Use undo ip-subnet-vlan to remove the association.

Syntax

ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ]

undo ip-subnet-vlan { ip-subnet-index [ to ip-subnet-end ] | all }

Default

A VLAN is not associated with any IP subnets or IP addresses.

Views

VLAN view

Predefined user roles

network-admin

Parameters

ip-subnet-index: Specifies a beginning IP subnet index in the range of 0 to 65535. The value can be configured by users. It can also be automatically numbered by the system based on the order in which the IP subnets or IP addresses are associated with the VLAN.

ip ip-address [ mask ]: Specifies the source IP address or network address based on which the subnet-based VLANs are classified in dotted decimal notation. The mask argument is the subnet mask of the source IP address or network address, in dotted decimal notation with a default value of 255.255.255.0.

to ip-subnet-end: Specifies an end IP subnet index of an IP subnet index range, in the range of 0 to 65535. The value for the ip-subnet-end argument must be greater than or equal to the beginning IP subnet index.

all: Removes all associations between the VLAN and IP subnets or IP addresses.

Usage guidelines

The IP subnet or IP address cannot be a multicast network segment or a multicast address.

Examples

# Configure VLAN 3 as an IP subnet-based VLAN and associate it with the 192.168.1.0/24 network segment.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

Related commands

·     display protocol-vlan interface

·     display protocol-vlan vlan

·     port hybrid protocol-vlan

port hybrid ip-subnet-vlan

Use port hybrid ip-subnet-vlan to associate a port with an IP subnet-based VLAN.

Use undo port hybrid ip-subnet-vlan to remove the association.

Syntax

port hybrid ip-subnet-vlan vlan vlan-id

undo port hybrid ip-subnet-vlan { vlan vlan-id | all }

Default

A port is not associated with any IP subnet-based VLANs.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

all: Specifies all VLANs.

Usage guidelines

Only hybrid ports support this feature. Before you use this command, assign the port to the correct IP subnet-based VLAN.

Examples

# Associate Ten-GigabitEthernet 1/0/1 with IP subnet-based VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

[Sysname-vlan3] quit

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 3 untagged

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3

# Associate the Layer 2 aggregate interface Bridge-Aggregation 1 with the IP subnet-based VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

[Sysname-vlan3] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 3 untagged

[Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3

Related commands

·     display ip-subnet-vlan interface

·     display ip-subnet-vlan vlan

·     ip-subnet-vlan

Protocol-based VLAN commands

display protocol-vlan interface

Use display protocol-vlan interface to display information about protocol-based VLANs for the specified ports.

Syntax

display protocol-vlan interface { interface-type interface-number1 [ to interface-type interface-number2 ] | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number1: Specifies an interface by its type and number.

interface-type interface-number1 to interface-type interface-number2: Specifies an interface range.

all: Displays information about protocol-based VLANs on all ports.

Examples

# Display protocol-based VLAN information on Ten-GigabitEthernet 1/0/1.

<Sysname> display protocol-vlan interface ten-gigabitethernet 1/0/1

 Interface: Ten-GigabitEthernet1/0/1

  VLAN ID  Protocol index  Protocol type             Status

  2        0               IPv6                      Active

  2        1               N/A                       Inactive

  4094     65535           IPv4                      Inactive

Table 9 Command output

Field	Description
VLAN ID	ID of the protocol-based VLAN.
Protocol index	Protocol template index.
Protocol type	Protocol type specified by the protocol template. If you do not specify the protocol type, this field displays N/A.
Status	Whether the protocol-based VLAN has taken effect: ·     Active—The protocol-based VLAN has taken effect. ·     Inactive—The protocol-based VLAN has not taken effect.

 

Related commands

·     display protocol-vlan vlan

·     port hybrid protocol-vlan

·     protocol-vlan

display protocol-vlan vlan

Use display protocol-vlan vlan to display information about protocol-based VLANs.

Syntax

display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vlan-id1: Specifies a protocol-based VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all protocol-based VLANs.

Examples

# Displays information about all protocol-based VLANs.

<Sysname> display protocol-vlan vlan all

 VLAN ID: 2

  Protocol index  Protocol type

  0               IPv4

  65535           IPv6

 

 VLAN ID: 3

  Protocol index  Protocol type

  0               IPv4

  65535           LLC DSAP 0x11 SSAP 0x22

Table 10 Command output

Field	Description
VLAN ID	ID of the protocol-based VLAN.
Protocol index	Protocol template index.
Protocol type	Protocol type or encapsulation format specified by the protocol template.

 

Related commands

·     display protocol-vlan interface

·     port hybrid protocol-vlan

·     protocol-vlan

port hybrid protocol-vlan

Use port hybrid protocol-vlan to associate a hybrid port with the specified protocols in a VLAN.

Use undo port hybrid protocol-vlan to remove the association.

Syntax

port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }

undo hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all }

Default

A port is not associated with any protocol-based VLANs.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view,

Predefined user roles

network-admin

Parameters

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

protocol-index: Specifies a beginning protocol template index in the range of 0 to 65535.

to protocol-end: Specifies an end protocol template index of a protocol template range, in the range of 0 to 65535. The value for the protocol-end argument must be greater than or equal to the beginning protocol template index.

all: Specifies all protocol templates.

Usage guidelines

Before you use this command, perform the following tasks:

·     Create a VLAN and associate it with specified protocols.

·     Configure the port link type as hybrid.

·     Configure the port to allow the protocol-based VLAN to pass through.

When you execute the undo port hybrid protocol-vlan command on a port, follow these guidelines:

·     If you specify both the vlan-id argument and the all keyword, this command disassociates the port from all protocol templates of the specified VLAN.

·     If you specify only the all keyword, this command disassociates the port from all protocol templates of all VLANs.

Examples

# Associate the hybrid port Ten-GigabitEthernet 1/0/1 with protocol template 1 (IPv4) in VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] protocol-vlan 1 ipv4

[Sysname-vlan2] quit

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 untagged

[Sysname-Ten-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 1

# Associate the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 with protocol template 1 (IPv4) in VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] protocol-vlan 1 ipv4

[Sysname-vlan2] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged

[Sysname-Bridge-Aggregation1] port hybrid protocol-vlan vlan 2 1

protocol-vlan

Use protocol-vlan to configure a VLAN as a protocol-based VLAN and configure the protocol template for the VLAN.

Use undo protocol-vlan to remove the protocol templates configured for the VLAN.

Syntax

protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }

undo protocol-vlan { protocol-index [ to protocol-end ] | all }

Default

A VLAN is not associated with any protocol templates.

Views

VLAN view

Predefined user roles

network-admin

Parameters

at: Specifies the AppleTalk-based VLAN.

ipv4: Specifies the IPv4-based VLAN.

ipv6: Specifies the IPv6-based VLAN.

ipx: Specifies the IPX-based VLAN. The keywords ethernetii, llc, and snap specify IPX encapsulation formats.

mode: Configures a user-defined protocol template for the VLAN. The keywords ethernetii, llc, and snap specify the available encapsulation formats.

ethernetii etype etype-id: Matches the Ethernet II encapsulation format and the specified protocol type ID. The etype-id argument specifies the protocol type ID of inbound packets, in the range of 0x0600 to 0xFFFF, excluding 0x0800, 0x809B, 0x8137, and 0x86DD.

llc: Matches the LLC encapsulation format.

dsap dsap-id: Specifies the destination service access point in the range of 0x00 to 0xFF.

ssap ssap-id: Specifies the source service access point in the range of 0x00 to 0xFF.

snap etype etype-id: Matches the SNAP encapsulation format and the specified protocol type value. The etype-id argument specifies the Ethernet type of inbound packets, in the range of 0x0600 to 0xFFFF, excluding 0x8137.

protocol-index: Specifies a protocol template index in the range of 0 to 65535. The system will automatically assign an index if you do not specify this argument.

to protocol-end: Specifies an end protocol template index of a protocol template range, in the range of 0 to 65535. The value of the protocol-end argument must be greater than or equal to the value of protocol-index argument.

all: Removes all the protocols associated with the VLAN.

Usage guidelines

	CAUTION: IP uses ARP for address resolution in Ethernet. To prevent communication failures, configure the IP and ARP templates in the same VLAN and associate them with the same port.

 

When you use the mode keyword to configure a protocol template, follow these restrictions and guidelines:

·     Do not configure the following values for the etype-id argument in the ethernetii etype etype-id option:

¡     0x0800—Specifies the IPv4 protocol in Ethernet II encapsulation.

¡     0x809B—Specifies the AppleTalk protocol in Ethernet II encapsulation.

¡     0x8137—Specifies the IPX protocol in Ethernet II encapsulation.

¡     0x86DD—Specifies the IPv6 protocol in Ethernet II encapsulation.

These values conflict with the ipv4, at, ipx, and ipv6 keywords of the command, respectively.

·     Do not configure any of the following values for both the dsap-id and ssap-id arguments when you specify the llc keyword:

¡     0xE0—Specifies the 802.2 LLC encapsulation format for IPX packets.

¡     0xFF—Specifies the 802.3 raw encapsulation format for IPX packets.

¡     0xAA—Specifies the 802.2 SNAP encapsulation format.

When either of the dsap-id and ssap-id arguments is configured, the system assigns 0xAA to the other argument.

·     Do not set the etype-id argument in the snap etype etype-id option to 0x8137. You can set the etype-id argument to 0x0800, 0x809B, or 0x86DD, which are corresponding to IPv4, AppleTalk, and IPv6, respectively.

Examples

# Assign ARP packets in Ethernet II encapsulation and IPv4 packets to VLAN 3 for transmission. (The protocol type ID for ARP is 0x0806.)

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] protocol-vlan 2 mode ethernetii etype 0806

[Sysname-vlan3] protocol-vlan 1 ipv4

Related commands

·     display protocol-vlan interface

·     display protocol-vlan vlan

·     port protocol-vlan

VLAN group commands

display vlan-group

Use display vlan-group to display VLAN group information.

Syntax

display vlan-group [ group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character. If you do not specify this argument, the command displays information about all VLAN groups.

Examples

# Display information about the VLAN group test001.

<Sysname> display vlan-group test001

VLAN group: test001

     VLAN list: 2-4 100 200

# Display information about all VLAN groups.

<Sysname> display vlan-group

VLAN group: test001

     VLAN list: 2-4 100 200

VLAN group: rnd

     VLAN list: Null

Table 11 Command output

Field	Description
VLAN group	Name of the VLAN group.
VLAN list	VLAN list in the VLAN group.

 

Related commands

vlan-group

vlan-list

vlan-group

Use vlan-group to create a VLAN group and enter VLAN group view.

Use undo vlan-group to delete a VLAN group.

Syntax

vlan-group group-name

undo vlan-group group-name

Default

No VLAN group exists.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character.

Usage guidelines

After you configure a VLAN group on the device, the authentication sever can assign the VLAN group name to the 802.1X user that passes authentication. The VLAN group name identifies this group of VLANs. For more information about 802.1X authentication, see Security Configuration Guide.

Examples

# Create a VLAN group named test001 and enter VLAN group view.

<Sysname> system-view

[Sysname] vlan-group test001

[Sysname-vlan-group-test001]

Related commands

vlan-list

vlan-list

Use vlan-list to add VLANs to a VLAN group.

Use undo vlan-list to remove VLANs from a VLAN group.

Syntax

vlan-list vlan-id-list

undo vlan-list vlan-id-list

Default

No VLAN exists in a VLAN group.

Views

VLAN group view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

Examples

# Add VLAN 2 through VLAN 4, VLAN 100, and VLAN 200 to the VLAN group test001.

<Sysname> system-view

[Sysname] vlan-group test001

[Sysname-vlan-group-test001] vlan-list 2 to 4 100 200

Related commands

vlan-group

Private VLAN commands

display private-vlan

Use display private-vlan to display information about primary VLANs and their associated secondary VLANs.

Syntax

display private-vlan [ primary-vlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary VLAN ID, this command displays all primary VLANs and their associated secondary VLANs.

Examples

# Display information about primary VLANs and their associated secondary VLANs.

<Sysname> display private-vlan

 Primary VLAN ID: 2

 Secondary VLAN ID: 3-4

 

 VLAN ID: 2

 VLAN type: Static

 Private VLAN type: Primary

 Route interface: Configured

 IPv4 address: 1.1.1.1

 IPv4 subnet mask: 255.255.255.0

 IPv6 global unicast addresses:

   2001::1, subnet is 2001::/64 [TENTATIVE]

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged   ports: None

 Untagged ports:

    Ten-GigabitEthernet1/0/2            Ten-GigabitEthernet1/0/3            Ten-GigabitEthernet1/0/4

 

 VLAN ID: 3

 VLAN type: Static

 Private VLAN type: Secondary

 Route interface: Not configured

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged   ports: None

 Untagged ports:

    Ten-GigabitEthernet1/0/2            Ten-GigabitEthernet1/0/3

 

 VLAN ID: 4

 VLAN type: Static

 Private VLAN type: Secondary

 Route interface: Not configured

 Description: VLAN 0004

 Name: VLAN 0004

 Tagged   ports: None

 Untagged ports:

    Ten-GigabitEthernet1/0/2            Ten-GigabitEthernet1/0/4

Table 12 Command output

Field	Description
VLAN type	VLAN type: Dynamic or Static.
Private VLAN type	Private VLAN type: ·     Primary—Primary VLAN. ·     Secondary—Secondary VLAN. ·     Isolated secondary—Secondary VLAN configured with port isolation at Layer 2.
Route interface	Whether the VLAN interface is configured for the VLAN: ·     Configured. ·     Not configured.
IPv4 address	Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: ·     display interface vlan-interface. ·     display this (VLAN interface view).
IPv4 subnet mask	Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface.
IPv6 global unicast addresses	Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: ·     TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. ·     DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. ·     PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. ·     DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly.
Description	VLAN description.
Name	VLAN name.
Tagged   ports	Tagged members of the VLAN.
Untagged ports	Untagged members of the VLAN.

 

Related commands

·     private-vlan (VLAN view)

·     private-vlan primary

port private-vlan host

Use port private-vlan host to configure a port as a host port.

Use undo port private-vlan to restore the default.

Syntax

port private-vlan host

undo port private-vlan

Default

A port is not a host port.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

If the port has been assigned to a secondary VLAN, the command assigns the port to the primary VLAN associated with the secondary VLAN. Also, the following events occur:

·     For an access port, the device performs the following tasks:

¡     Changes the port link type to hybrid.

¡     Configures the secondary VLAN as the PVID.

¡     Assigns the port to the primary VLAN as an untagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of the primary VLAN, this member attribute remains in the primary VLAN.

¡     If the hybrid port does not allow the primary VLAN, the device assigns the port to the primary VLAN as an untagged member.

The undo port private-vlan command does not change the VLAN attributes (allowed VLANs, port link type, and PVID) of the port.

You can assign the port to a secondary VLAN before or after you execute the port private-vlan host command.

The port private-vlan host command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.

Examples

In this example, VLAN 20 is a secondary VLAN associated with primary VLAN 2.

# Configure Ten-GigabitEthernet 1/0/1 as a host port, and then verify the configuration.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port private-vlan host

#

return

The output show that Ten-GigabitEthernet 1/0/1 is a host port.

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 20, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 20

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port private-vlan host

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 2 20 untagged

 port hybrid pvid vlan 20

#

return

The output shows that:

·     The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 20.

·     Ten-GigabitEthernet 1/0/1 is an untagged member of secondary VLAN 20 and primary VLAN 2.

Related commands

·     port private-vlan promiscuous

·     port private-vlan trunk promiscuous

·     port private-vlan trunk secondary

·     private-vlan (VLAN view)

·     private-vlan primary

port private-vlan promiscuous

Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified VLAN and assign the port to the VLAN.

Use undo port private-vlan to restore the default.

Syntax

port private-vlan vlan-id promiscuous

undo port private-vlan

Default

A port is not a promiscuous port of any VLAN.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLAN is a primary VLAN that has been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:

·     For an access port, the device performs the following tasks:

¡     Changes the port link type to hybrid.

¡     Configures the primary VLAN as the PVID.

¡     Assign the port to the primary VLAN and its associated secondary VLANs as an untagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of the primary VLAN and part of its associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the associated secondary VLANs as an untagged member.

¡     If the hybrid port does not allow any of the primary VLAN and its associated secondary VLANs, the command assigns the port to these VLANs as an untagged member.

If you execute this command on a promiscuous port, the system automatically executes the undo port private-vlan command and then the port private-vlan promiscuous command.

The undo port private-vlan command does not change the VLAN attributes (allowed secondary VLANs, link type, and PVID) of the port.

When you execute the undo port private-vlan command on a promiscuous port of a VLAN, the command removes the port from the VLAN.

You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan vlan-id promiscuous command.

The port private-vlan promiscuous command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.

Examples

In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20.

# Display information about Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

#

return

# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of primary VLAN 2, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port private-vlan 2 promiscuous

 undo port hybrid vlan 1

 port hybrid vlan 2 20 untagged

 port hybrid pvid vlan 2

#

return

The output shows that:

·     Ten-GigabitEthernet 1/0/1 is a promiscuous port.

·     The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 2.

·     Ten-GigabitEthernet 1/0/1 is an untagged member of primary VLAN 2 and secondary VLAN 20.

# Execute the undo port private-vlan command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 20 untagged

 port hybrid pvid vlan 2

#

return

The output shows that:

·     The link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.

·     Ten-GigabitEthernet 1/0/1 is an untagged member of VLAN 20.

·     Ten-GigabitEthernet 1/0/1 is removed from primary VLAN 2.

Related commands

·     port private-vlan host

·     port private-vlan trunk promiscuous

·     port private-vlan trunk secondary

·     private-vlan (VLAN view)

·     private-vlan primary

port private-vlan trunk promiscuous

Use port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port of the specified VLANs and assign the port to these VLANs.

Use undo port private-vlan trunk promiscuous to cancel the trunk promiscuous attribute of a port in the specified VLANs.

Syntax

port private-vlan vlan-id-list trunk promiscuous

undo port private-vlan vlan-id-list trunk promiscuous

Default

A port is not a trunk promiscuous port of any VLAN.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 primary VLAN items. Each item specifies a primary VLAN ID or a range of primary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for primary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLANs are primary VLANs that have been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:

·     For an access port, the device performs the following tasks:

¡     Changes the port link type to hybrid. The PVID of the port does not change.

¡     Assigns the port to the primary VLANs and the associated secondary VLANs as a tagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of part of the primary VLANs and their associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the primary VLANs and their associated secondary VLANs as a tagged member.

¡     If the hybrid port does not allow any of the primary VLANs and their associated secondary VLANs, the device assigns the port to these VLANs as a tagged member.

The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, port link type, and PVID) of the port.

If you execute the undo form of this command on a trunk promiscuous port, the command removes the port from the VLANs specified by the vlan-id-list argument.

You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan vlan-id-list trunk promiscuous command.

The port private-vlan trunk promiscuous command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous, and port private-vlan trunk secondary commands.

If multiple primary VLANs need to pass through the uplink port, use the port private-vlan trunk promiscuous command to assign the port to these VLANs. The port can then transmit packets from these primary VLANs with VLAN tags.

If only one primary VLAN needs to pass through the uplink port, use the port private-vlan promiscuous command to assign the port to the VLAN. The port can then transmit packets from the primary VLAN without VLAN tags.

Examples

In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.

# Display information about Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

#

return

# Configure Ten-GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 2 and 3, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 3 trunk promiscuous

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port private-vlan 2 3 trunk promiscuous

 port hybrid vlan 2 3 20 30 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

·     Ten-GigabitEthernet 1/0/1 is a trunk promiscuous port of VLANs 2 and 3.

·     The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.

·     Ten-GigabitEthernet1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.

# Execute the undo port private-vlan trunk promiscuous command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 2 3 trunk promiscuous

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port hybrid vlan 20 30 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

·     The port link type of Ten-GigabitEthernet 1/0/1 does not change.

·     Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 20 and 30.

·     Ten-GigabitEthernet 1/0/1 is removed from VLANs 2 and 3.

Related commands

·     port private-vlan host

·     port private-vlan promiscuous

·     port private-vlan trunk secondary

·     private-vlan (VLAN view)

·     private-vlan primary

port private-vlan trunk secondary

Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the specified VLANs and assign the port to these VLANs.

Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the specified VLANs.

Syntax

port private-vlan vlan-id-list trunk secondary

undo port private-vlan vlan-id-list trunk secondary

Default

A port is not a trunk secondary port of any VLAN.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur:

·     For an access port, the device performs the following tasks:

¡     Changes the port link type to hybrid. The PVID of the port does not change.

¡     Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged member.

·     For a trunk port, the device does not change the port link type.

·     For a hybrid port, the device does not change the port link type.

¡     If the port has been an untagged or tagged member of part of the secondary VLANs and their associated primary VLANs, this member attribute remains in these VLANs. The device assigns the port to the rest of the secondary VLANs and their associated primary VLANs as a tagged member.

¡     If the hybrid port does not allow any of the secondary VLANs and their associated primary VLANs, the device assigns the port to these VLANs as a tagged member.

A trunk secondary port can join only one secondary VLAN among all secondary VLANs associated with a primary VLAN. However, it can join multiple secondary VLANs separately associated with multiple primary VLANs.

The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port link type, and PVID) of the port.

When you execute the undo form of this command on a trunk secondary port of the VLANs specified by the vlan-id-list argument, one of the following events occurs:

·     If the port is an access port, the device does not change the VLAN configuration of the port.

·     If the port is a trunk or hybrid port, the device removes the port from the VLAN.

You can configure the specified VLANs as secondary VLANs before or after you execute the port private-vlan trunk secondary command.

This command does not take effect on the specified VLAN if any of the following conditions applies:

·     The specified VLAN does not exist.

·     The specified VLAN is not a secondary VLAN and is used for other purposes.

·     The specified VLAN shares the same primary VLAN with other secondary VLANs, and the current port has been configured as a trunk secondary port in one of the other secondary VLANs.

The port private-vlan trunk secondary command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous, and port private-vlan trunk promiscuous commands.

If multiple secondary VLANs associated with different primary VLANs need to pass through the downlink port, use the port private-vlan trunk secondary command to assign the port to these secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN tags.

If only one secondary VLAN needs to pass through the downlink port, use the port private-vlan host command to assign the port to the secondary VLAN. The port can then transmit packets from the secondary VLAN without VLAN tags.

Examples

·     In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.

# Display information about Ten-GigabitEthernet 1/0/1.

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

#

return

# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 20 30 trunk secondary

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port hybrid vlan 2 3 20 30 tagged

 port hybrid vlan 1 untagged

 port private-vlan 20 30 trunk secondary

#

return

The output shows that:

¡     The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.

¡     Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.

¡     Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLANs 20 and 30.

# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 20 30 trunk secondary

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port hybrid vlan 2 3 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

¡     The port link type of Ten-GigabitEthernet 1/0/1 does not change.

¡     Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2 and 3.

¡     Ten-GigabitEthernet 1/0/1 is removed from VLANs 20 and 30.

·     In this example, VLAN 10 is not a secondary VLAN.

# Display information about Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

#

return

# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 10 trunk secondary

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port hybrid vlan 10 tagged

 port hybrid vlan 1 untagged

 port private-vlan 10 trunk secondary

#

return

The output shows that:

¡     The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.

¡     Ten-GigabitEthernet 1/0/1 is a tagged member of VLAN 10.

¡     Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLAN 10.

# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet1/0/1, and then verify the configuration.

[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 10 trunk secondary

[Sysname-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

 port link-type hybrid

 port hybrid vlan 1 untagged

#

Return

The output shows that:

¡     The port link type of Ten-GigabitEthernet 1/0/1 does not change.

¡     Ten-GigabitEthernet 1/0/1 is removed from VLAN 10.

Related commands

·     port private-vlan host

·     port private-vlan promiscuous

·     port private-vlan trunk promiscuous

·     private-vlan (VLAN view)

·     private-vlan isolated

·     private-vlan primary

private-vlan (VLAN interface view)

Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are associated with a primary VLAN.

Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs that are associated with a primary VLAN.

Syntax

private-vlan secondary vlan-id-list

undo private-vlan [ secondary vlan-id-list ]

Default

Secondary VLANs are isolated at Layer 3.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

Usage guidelines

This command takes effect only when the following conditions exist:

·     This command is executed in primary VLAN interface view.

·     Secondary VLANs are associated with the primary VLAN.

·     No VLAN interfaces are created for secondary VLANs.

·     An IP address is assigned to the primary VLAN interface.

·     Local proxy ARP or ND is enabled on the primary VLAN interface.

You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3 communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN interfaces for them.

When you execute this command in the same primary VLAN interface view multiple times, all the specified secondary VLANs are interoperable at Layer 3.

When you execute the undo private-vlan command, follow these guidelines:

·     If you specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration only for the specified secondary VLANs.

·     If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration for all secondary VLANs of the primary VLAN.

Examples

This example shows how to meet the following requirements:

·     VLANs 3 and 4 are secondary VLANs that are associated with primary VLAN 2.

·     The uplink port Ten-GigabitEthernet 1/0/2 is a promiscuous port of VLAN 2.

·     The downlink ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 are host ports of VLANs 3 and 4, respectively.

·     Secondary VLANs 3 and 4 can communicate at Layer 3.

# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2] private-vlan secondary 3 to 4

[Sysname-vlan2] quit

# Configure the uplink port Ten-GigabitEthernet 1/0/2 as a promiscuous port of VLAN 2.

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan 2 promiscuous

[Sysname-Ten-GigabitEthernet1/0/2] quit

# Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/3

[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 3

[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/3] quit

# Assign the downlink port Ten-GigabitEthernet 1/0/4 to VLAN 4 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/4

[Sysname-Ten-GigabitEthernet1/0/4] port access vlan 4

[Sysname-Ten-GigabitEthernet1/0/4] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/4] quit

# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] private-vlan secondary 3 to 4

# Assign an IP address to VLAN-interface 2.

[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0

# Enable local proxy ARP on VLAN-interface 2.

[Sysname-Vlan-interface2] local-proxy-arp enable

Related commands

·     private-vlan (VLAN view)

·     private-vlan primary

private-vlan (VLAN view)

Use private-vlan to associate a primary VLAN with the specified secondary VLANs.

Use undo private-vlan to dissociate the specified secondary VLANs from a primary VLAN.

Syntax

private-vlan secondary vlan-id-list

undo private-vlan [ secondary vlan-id-list ]

Default

A primary VLAN is not associated with any secondary VLANs.

Views

VLAN view

Predefined user roles

network-admin

Parameters

secondary vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN.

The configuration synchronization is triggered based on the interface configuration when the following conditions exist:

·     This command is configured for a primary VLAN.

·     Ports on the device are promiscuous, trunk promiscuous, or host ports.

For more information, see the port private-vlan host, port private-vlan promiscuous, or port private-vlan trunk promiscuous command.

When you execute the undo private-vlan command, follow these guidelines:

·     If you specify the secondary vlan-id-list option, this command dissociates the specified secondary VLANs from the current primary VLAN.

·     If you do not specify the secondary vlan-id-list option, this command dissociates all secondary VLANs from the current primary VLAN.

Examples

# Associate primary VLAN 2 with secondary VLANs 3 and 4.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2] private-vlan secondary 3 to 4

Related commands

·     port private-vlan host

·     port private-vlan promiscuous

·     port private-vlan trunk promiscuous

·     port private-vlan trunk secondary

·     primary-vlan primary

private-vlan community

Use private-vlan community to enable Layer 2 communication between ports in a secondary VLAN.

Syntax

private-vlan community

Default

Ports in the same secondary VLAN can communicate with each other at Layer 2.

Views

VLAN view

Predefined user roles

network-admin

Usage guidelines

The private-vlan community command and the undo private-vlan isolated command have the same function. When you use the save command to save the configuration, the private-vlan community command is not saved into the configuration file.

Examples

This example shows how to meet the following requirements:

·     VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.

·     Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.

·     Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports of VLAN 4.

·     Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 can communicate at Layer 2 in secondary VLAN 4.

# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2] private-vlan secondary 4

[Sysname-vlan2] quit

# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous

[Sysname-Ten-GigabitEthernet1/0/1] quit

# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4

[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/2] quit

# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/3

[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4

[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/3] quit

# Enable Layer 2 communication in secondary VLAN 4.

[Sysname] vlan 4

[Sysname-vlan4] private-vlan community

Related commands

private-vlan isolated

private-vlan isolated

Use private-vlan isolated to isolate ports in a secondary VLAN at Layer 2.

Use undo private-vlan isolated to restore the default.

Syntax

private-vlan isolated

undo private-vlan isolated

Default

Ports in the same secondary VLAN can communicate with each other at Layer 2.

Views

VLAN view

Predefined user roles

network-admin

Usage guidelines

The private-vlan isolated command takes effect when the following conditions exist:

·     The secondary VLAN is associated with a primary VLAN.

·     The ports are configured as host or trunk secondary ports of the secondary VLAN.

If you assign the downlink ports to a secondary VLAN configured with this command, the downlink ports are isolated from each other at Layer 2.

The private-vlan isolated command is mutually exclusive with the primary VLAN configurations.

Examples

This example shows how to meet the following requirements:

·     VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.

·     Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.

·     Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports of VLAN 4.

·     Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are isolated at Layer 2 in secondary VLAN 4.

# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2]private-vlan secondary 4

[Sysname-vlan4] quit

# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous

[Sysname-Ten-GigabitEthernet1/0/1] quit

# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4

[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host

[Sysname-Ten-GigabitEthernet1/0/2] quit

# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.

[Sysname] interface ten-gigabitethernet 1/0/3

[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4

[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host

# Configure port isolation at Layer 2 in secondary VLAN 4.

[Sysname] vlan 4

[Sysname-vlan4] private-vlan isolated

Related commands

·     private-vlan (VLAN view)

·     private-vlan community

·     private-vlan primary

private-vlan primary

Use private-vlan primary to configure a VLAN as a primary VLAN.

Use undo private-vlan primary to restore the default.

Syntax

private-vlan primary

undo private-vlan primary

Default

A VLAN is not a primary VLAN.

Views

VLAN view

Predefined user roles

network-admin

Usage guidelines

The configuration synchronization is triggered based on the interface configuration when the following conditions exist:

·     This command is configured for a VLAN that has been associated with secondary VLANs.

·     Ports on the device are promiscuous, trunk promiscuous, host, or trunk secondary ports.

For more information, see the port private-vlan host, port private-vlan promiscuous, or port private-vlan trunk promiscuous, or port private-vlan trunk secondary command.

Examples

# Configure VLAN 5 as a primary VLAN.

<Sysname> system-view

[Sysname] vlan 5

[Sysname-vlan5] private-vlan primary

Related commands

·     port private-vlan host

·     port private-vlan promiscuous

·     port private-vlan trunk promiscuous

·     port private-vlan trunk secondary

·     private-vlan primary

Voice VLAN commands

cdp voice-vlan

Use cdp voice-vlan to configure a port to advertise the specified voice VLAN in CDP packets.

Use undo cdp voice-vlan to restore the default.

Syntax

cdp voice-vlan vlan-id

undo cdp voice-vlan

Default

When CDP compatibility is enabled, the port advertises the voice VLAN configured on the port to its connected IP phone through CDP packets.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a voice VLAN ID in the range of 1 to 4094.

Usage guidelines

You must use this command with CDP compatibility.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to advertise VLAN 4094 in CDP packets.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] cdp voice-vlan 4094

display voice-vlan mac-address

Use display voice-vlan mac-address to display OUI addresses and their masks and descriptions.

Syntax

display voice-vlan mac-address

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display OUI addresses and their masks and descriptions.

<Sysname> display voice-vlan mac-address

OUI Address     Mask            Description

0001-e300-0000  ffff-ff00-0000  Siemens phone

0003-6b00-0000  ffff-ff00-0000  Cisco phone

0004-0d00-0000  ffff-ff00-0000  Avaya phone

000f-e200-0000  ffff-ff00-0000  H3C Aolynk phone

0060-b900-0000  ffff-ff00-0000  Philips/NEC phone

00d0-1e00-0000  ffff-ff00-0000  Pingtel phone

00e0-7500-0000  ffff-ff00-0000  Polycom phone

00e0-bb00-0000  ffff-ff00-0000  3Com phone

Table 13 Command output

Field	Description
OUI address	OUI address allowed on the device.
Mask	Mask of the OUI address.
Description	Description of the OUI address.

 

Related commands

voice-vlan mac-address

display voice-vlan state

Use display voice-vlan state to display voice VLAN information.

Syntax

display voice-vlan state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display voice VLAN information.

<Sysname> display voice-vlan state

 Current voice VLANs: 1

 Voice VLAN security mode: Security

 Voice VLAN aging time: 1440 minutes

 Voice VLAN enabled ports and their modes:

 Port                            VLAN        Mode        CoS        DSCP

 XGE1/0/1                        111         Auto        6          46

Table 14 Command output

Field	Description
Current Voice VLANs	Number of existing voice VLANs.
Voice VLAN security mode	Voice VLAN mode: ·     Security. ·     Normal.
Voice VLAN enabled ports and their modes	Voice VLAN-enabled port and its voice VLAN assignment mode.
Port	Name of the voice VLAN-enabled port.
VLAN	ID of the voice VLAN enabled on the port.
Mode	Voice VLAN assignment mode of the port: ·     Manual. ·     Automatic.

 

Related commands

voice-vlan aging

voice-vlan enable

voice-vlan mode auto

voice-vlan security enable

voice-vlan aging

Use voice-vlan aging to set the voice VLAN aging timer.

Use undo voice-vlan aging to restore the default.

Syntax

voice-vlan aging minutes

undo voice-vlan aging

Default

The voice VLAN aging timer is 1440 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Sets the voice VLAN aging timer in the range of 5 to 43200 minutes.

Usage guidelines

In automatic voice VLAN assignment mode, the system starts an aging timer for a voice VLAN when assigning the port to the voice VLAN. If no voice packets are received on the port before the timer expires, the system removes the port from the voice VLAN.

Set the voice VLAN aging timer only in automatic voice VLAN assignment mode.

Examples

# Set the voice VLAN aging timer to 100 minutes.

<Sysname> system-view

[Sysname] voice-vlan aging 100

Related commands

display voice-vlan state

voice-vlan enable

Use voice-vlan enable to enable the voice VLAN feature and configure a VLAN as the voice VLAN for a port.

Use undo voice-vlan enable to disable the voice VLAN feature on a port.

Syntax

voice-vlan vlan-id enable

undo voice-vlan [ vlan-id ] enable

Default

The voice VLAN feature is disabled on ports.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a voice VLAN ID in the range of 2 to 4094.

Usage guidelines

Use this command only on a hybrid or trunk port operating in automatic voice VLAN assignment mode.

Examples

# Enable the voice VLAN feature and configure VLAN 2 as the voice VLAN on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan 2 enable

Related commands

display voice-vlan state

voice-vlan mode auto

voice-vlan mac-address

Use voice-vlan mac-address to configure the OUI address information for voice packet identification.

Use undo voice-vlan mac-address to delete an OUI address.

Syntax

voice-vlan mac-address mac-address mask oui-mask [ description text ]

undo voice-vlan mac-address oui

Default

System default OUI addresses exist.

Table 15 System default OUI addresses

Number	OUI address	Vendor
1	0001-E300-0000	Siemens phone
2	0003-6B00-0000	Cisco phone
3	0004-0D00-0000	Avaya phone
4	000F-E200-0000	H3C Aolynk phone
5	0060-B900-0000	Philips/NEC phone
6	00D0-1E00-0000	Pingtel phone
7	00E0-7500-0000	Polycom phone
8	00E0-BB00-0000	3Com phone

 

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a source MAC address of voice traffic, in the format of H-H-H. For example, 1234-1234-1234.

mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H. The mask contains consecutive 1s and 0s. For example, FFFF-0000-0000. To filter the voice devices of a vendor, set the mask to FFFF-FF00-0000.

description text: Specifies the OUI address description, a case-sensitive string of 1 to 30 characters.

oui: Specifies an OUI address to delete, in the format of H-H-H. For example, 1234-1200-0000. An OUI address is the logical AND result of the mac-address and oui-mask arguments. It cannot be a broadcast address, a multicast address, or an all-zero address.

Usage guidelines

Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a globally unique identifier that IEEE assigns to a vendor. However, OUI addresses in this chapter are addresses that the system uses to determine whether a received packet is a voice packet. They are the logical AND results of the mac-address and oui-mask arguments in this command.

You can manually delete or add the system default OUI addresses.

The system supports up to 128 OUI addresses, including system default OUI addresses. To display the supported OUI address, use the display voice-vlan mac-address command.

Examples

# Add an OUI address 1234-1200-0000 by specifying the MAC address as 1234-1234-1234 and the mask as fff-ff00-0000. Configure the OUI address description as PhoneA.

<Sysname> system-view

[Sysname] voice-vlan mac-address 1234-1234-1234 mask ffff-ff00-0000 description PhoneA

Related commands

display voice-vlan mac-address

voice-vlan mode auto

Use voice-vlan mode auto to configure a port to operate in automatic voice VLAN assignment mode.

Use undo voice-vlan mode auto to configure a port to operate in manual voice VLAN assignment mode.

Syntax

voice-vlan mode auto

undo voice-vlan mode auto

Default

A port operates in automatic voice VLAN assignment mode.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

To make a voice VLAN take effect on a port operating in manual mode, you must manually assign the port to the voice VLAN.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo voice-vlan mode auto

Related commands

display voice-vlan state

voice-vlan qos

Use voice-vlan qos to configure a port to modify the CoS and DSCP values for incoming voice VLAN packets.

Use undo voice-vlan qos to restore the default.

Syntax

voice-vlan qos cos-value dscp-value

undo voice-vlan qos

Default

A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46, respectively.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

cos-value: Specifies a CoS value in the range of 0 to 7. The default value is 6.

dscp-value: Specifies a DSCP value in the range of 0 to 63. The default value is 46.

Usage guidelines

Before you execute this command on a port, make sure the voice VLAN feature is disabled on it.

If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the most recent configuration takes effect.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to modify the CoS and DSCP values for voice VLAN packets to 5 and 45, respectively.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos 5 45

Related commands

voice-vlan qos trust

voice-vlan qos trust

Use voice-vlan qos trust  to configure a port to trust the priority settings in incoming voice VLAN packets.

Use undo voice-vlan qos to restore the default.

Syntax

voice-vlan qos trust

undo voice-vlan qos

Default

A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46, respectively.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

When a port trusts the QoS priority settings in incoming voice VLAN packets, the port does not modify their CoS and DSCP values.

Before you execute this command on a port, make sure the voice VLAN feature is disabled on it.

If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the most recent configuration takes effect.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to trust the priority settings in incoming voice VLAN traffic.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos trust

Related commands

voice-vlan qos

voice-vlan security enable

Use voice-vlan security enable to enable the voice VLAN security mode.

Use undo voice-vlan security enable to disable the voice VLAN security mode.

Syntax

voice-vlan security enable

undo voice-vlan security enable

Default

The voice VLAN security mode is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In security mode, a voice VLAN transmits only voice packets whose source MAC addresses match the OUI addresses of the device.

In normal mode, a voice VLAN transmits voice packets and non-voice packets.

Examples

# Disable the voice VLAN security mode.

<Sysname> system-view

[Sysname] undo voice-vlan security enable

Related commands

display voice-vlan state

voice-vlan track lldp

Use voice-vlan track lldp to enable LLDP for automatic IP phone discovery.

Use undo voice-vlan track lldp to disable LLDP for automatic IP phone discovery.

Syntax

voice-vlan track lldp

undo voice-vlan track lldp

Views

System view

Default

This feature is disabled.

Predefined user roles

network-admin

Examples

# Enable LLDP for automatic IP phone discovery.

<Sysname> system-view

[Sysname] voice-vlan track lldp