Contents

VLAN commands· 1

Basic VLAN commands· 1

bandwidth· 1

default 1

description· 2

display interface vlan-interface· 3

display vlan· 5

display vlan brief 7

interface vlan-interface· 8

mac-address· 9

mtu· 9

name· 10

port outbound-vlan-tag enable· 11

reset counters interface vlan-interface· 12

shutdown· 12

traffic-statistic enable· 13

vlan· 14

Port-based VLAN commands· 15

display port 15

port 16

port access vlan· 17

port hybrid pvid· 17

port hybrid vlan· 18

port link-type· 19

port trunk permit vlan· 20

port trunk pvid· 21

MAC-based VLAN commands· 22

display mac-vlan· 22

display mac-vlan interface· 23

mac-base-vlan enable· 23

mac-vlan enable· 24

mac-vlan mac-address· 25

vlan precedence· 25

Super VLAN commands· 27

display supervlan· 27

subvlan· 29

supervlan· 30

Private VLAN commands· 31

display private-vlan· 31

port private-vlan host 33

port private-vlan promiscuous· 35

port private-vlan trunk promiscuous· 37

port private-vlan trunk secondary· 39

private-vlan (VLAN interface view) 43

private-vlan (VLAN view) 44

private-vlan primary· 45

 

VLAN commands

Basic VLAN commands

bandwidth

Use bandwidth to set the expected bandwidth of an interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth (in kbps) is the interface baud rate divided by 1000.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.

Examples

# Set the expected bandwidth to 10000 kbps for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] bandwidth 10000

default

Use default to restore the default settings for a VLAN interface.

Syntax

default

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

	CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network.

‌

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] default

description

Use description to configure the description of a VLAN or VLAN interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.

For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1 Interface.

Views

VLAN view

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

To manage VLANs and VLAN interfaces efficiently, configure descriptions for them based on their functions or connections.

Examples

# Configure the description of VLAN 2 as sales-private.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] description sales-private

# Configure the description of VLAN-interface 2 as linktoPC56.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description linktoPC56

Related commands

display interface vlan-interface

display vlan

display interface vlan-interface

Use display interface vlan-interface to display VLAN interface information.

Syntax

display interface [ vlan-interface [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vlan-interface interface-number: Specifies a VLAN interface number. If you do not specify the vlan-interface keyword, the command displays information about all interfaces supported by the device. If you specify the vlan-interface keyword without specifying an interface number, the command displays information about all existing VLAN interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.

down: Displays VLAN interfaces in down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.

Examples

# Display information about VLAN-interface 2.

<Sysname> display interface vlan-interface 2

Vlan-interface2

Current state: DOWN

Line protocol state: DOWN

Description: Vlan-interface2 Interface

Bandwidth: 100000 kbps

Maximum transmission unit: 1500

Internet protocol processing : Disabled

IP packet frame type: Ethernet II, hardware address: 000f-e249-8050

IPv6 packet frame type: Ethernet II, hardware address: 000f-e249-8050

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display brief information about VLAN-interface 2.

<Sysname> display interface vlan-interface 2 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP         Description

Vlan2                DOWN DOWN     --

Table 1 Command output

Field	Description
Vlan-interface2	VLAN interface name.
Current state	Physical link state of the VLAN interface: ·     Administratively DOWN—The interface has been shut down by using the shutdown command. ·     DOWN—The interface is administratively up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be connected correctly or the links might have failed. ·     UP—The interface is both administratively and physically up.
Line protocol state	Data link layer state of the VLAN interface: ·     DOWN—The link layer protocol state of the interface is down. ·     UP—The link layer protocol state of the interface is up.
Description	Description of the VLAN interface.
Bandwidth	Expected bandwidth of the VLAN interface.
Maximum transmission unit	MTU of the VLAN interface.
Internet protocol processing : Disabled	The VLAN interface is not assigned an IP address and cannot process IP packets.
Internet Address	IP address of the VLAN interface. The primary attribute indicates that the address is the primary IP address.
IP packet frame type	IPv4 packet framing format.
hardware address	MAC address of the VLAN interface.
IPv6 packet frame type	IPv6 packet framing format.
Last clearing of counters	The most recent time that the reset counters interface vlan-interface command was executed. This field displays Never if you have never executed this command.
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec	Average rates of input packets and output packets in the last 300 seconds (in Bps, bps, and pps).
Input: 0 packets, 0 bytes, 0 drops	Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets.
Output: 0 packets, 0 bytes, 0 drops	Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: ·     UP—The interface is physically up. ·     DOWN—The interface is physically down. ·     ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. ·     Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command.
Protocol	Data link layer protocol state of the interface: ·     UP—The data link layer protocol state of the interface is up. ·     DOWN—The data link layer protocol state of the interface is down. ·     UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag.
Primary IP	Primary IP address of the interface.

‌

Related commands

reset counters interface vlan-interface

display vlan

Use display vlan to display VLAN information.

Syntax

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all VLANs except the reserved VLANs.

dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the total number of dynamic VLANs and each dynamic VLAN ID. Dynamic VLANs are generated through MVRP or assigned by a RADIUS server.

reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved according to function implementation. The reserved VLANs provide services for protocol modules. You cannot configure reserved VLANs.

static: Specifies static VLANs. If you specify this keyword, the command displays the total number of static VLANs and each static VLAN ID. Static VLANs are manually created.

Examples

# Display information about VLAN 2.

<Sysname> display vlan 2

 VLAN ID: 2

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/1  FortyGigE1/0/2  FortyGigE1/0/3

# Display information about VLAN 3.

<Sysname> display vlan 3

 VLAN ID: 3

 VLAN type: static

 Route interface: Configured

 IPv4 address: 1.1.1.1

 IPv4 subnet mask: 255.255.255.0

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged ports:   None

 Untagged ports: None

Table 2 Command output

Field	Description
VLAN type	VLAN type, static or dynamic.
Route interface	Whether the VLAN interface is configured for the VLAN. ·     Not configured. ·     Configured.
Description	Description of the VLAN.
Name	VLAN name.
IP address	Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: ·     display interface vlan-interface. ·     display this (VLAN interface view).
Subnet mask	Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface.
Tagged ports	Tagged members of the VLAN.
Untagged ports	Untagged members of the VLAN.

‌

Related commands

vlan

display vlan brief

Use display vlan brief to display brief VLAN information.

Syntax

display vlan brief

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display brief VLAN information.

<Sysname> display vlan brief

Brief information about all VLANs:

Supported Minimum VLAN ID: 1

Supported Maximum VLAN ID: 4094

Default VLAN ID: 1

VLAN ID   Name                             Port

1         VLAN 0001                        GE1/0/1  GE1/0/2  GE1/0/3  GE1/0/4

                                           GE1/0/5  GE1/0/6  GE1/0/7  GE1/0/8

                                           GE1/0/9  GE1/0/10  GE1/0/11

                                           GE1/0/12  GE1/0/13  GE1/0/14

                                           GE1/0/15  GE1/0/16  GE1/0/17

                                           GE1/0/18  GE1/0/19  GE1/0/20

                                           GE1/0/21  GE1/0/22  GE1/0/23

                                           GE1/0/24  GE1/0/25  GE1/0/26

                                           GE1/0/27  GE1/0/28  GE1/0/29

                                           GE1/0/30  GE1/0/31  GE1/0/32

                                           GE1/0/33  GE1/0/34  GE1/0/35

                                           GE1/0/36  GE1/0/37  GE1/0/38

                                           GE1/0/39  GE1/0/40  GE1/0/41

                                           GE1/0/42  GE1/0/43  GE1/0/44

                                           GE1/0/45  GE1/0/46  GE1/0/47

                                           GE1/0/48

2         VLAN 0002

3         VLAN 0003

Table 3 Command output

Field	Description
Default VLAN ID	System default VLAN ID.
Name	VLAN name.
Port	Ports that allow packets from the VLAN to pass through.

‌

interface vlan-interface

Use interface vlan-interface to create a VLAN interface and enter its view, or enter the view of an existing VLAN interface.

Use undo interface vlan-interface to delete a VLAN interface.

Syntax

interface vlan-interface interface-number

undo interface vlan-interface interface-number

Default

No VLAN interfaces exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-number: Specifies a VLAN interface number in the range of 1 to 4094.

Usage guidelines

Create the VLAN before you create the VLAN interface for a VLAN.

You cannot create VLAN interfaces for sub-VLANs.

You cannot create VLAN interfaces for secondary VLANs that meet the following requirements:

·     Associated with the same primary VLAN.

·     Enabled with Layer 3 communication in VLAN interface view of the primary VLAN interface.

Examples

# Create VLAN-interface 2, and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

Related commands

display interface vlan-interface

mac-address

Use mac-address to assign a MAC address to a VLAN interface.

Use undo mac-address to restore the default.

Syntax

mac-address mac-address

undo mac-address

Default

No MAC address is configured for a VLAN interface.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-address: Specifies a MAC address in the format of H-H-H.

Usage guidelines

When you assign a MAC address to a VLAN interface, make sure the following requirements are met:

·     The MAC address must have the same highest 36 bits as the base MAC address.

·     The MAC address must be no lower than the base MAC address plus 96 (decimal).

For more information about the base MAC address, see MAC address table in Layer 2—LAN Switching Configuration Guide.

Examples

# Assign MAC address 0001-0001-0001 to VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] mac-address 1-1-1

mtu

Use mtu to set the MTU for a VLAN interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of a VLAN interface is 1500 bytes.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Sets the MTU in the range of 46 to 9008 bytes..

Usage guidelines

If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the ip mtu command, see Layer 3—IP Services Command Reference.

Examples

# Set the MTU to 1492 bytes for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] mtu 1492

Related commands

display interface vlan-interface

name

Use name to assign a name to a VLAN.

Use undo name to restore the default.

Syntax

name text

undo name

Default

The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If a large number of VLANs are configured, use VLAN names to identify them.

Examples

# Assign the name test vlan to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] name test vlan

Related commands

display vlan

port outbound-vlan-tag enable

Use port outbound-vlan-tag enable to enable the function of setting VLAN tags for sent protocol packets on an interface.

Use the undo port outbound-vlan-tag enable command to disable the function of setting VLAN tags for sent protocol packets on an interface.

Syntax

port outbound-vlan-tag enable

undo port outbound-vlan-tag enable

Default

The function of setting VLAN tags for sent protocol packets is disabled on an interface.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

With this feature enabled on an interface, the interface records all layers of VLAN tags of received LACP or BFD protocol packets. When the interface sends the same protocol packets, the interface adds the recorded VLAN tags to the sent protocol packets, regardless of whether the link type of the interface allows these packets to carry these VLAN tags. For more information about LLDP, see LLDP configuration in Layer 2—LAN Switching Configuration Guide. For more information about BFD, see BFD configuration in High Availability Configuration Guide.

Executing the port outbound-vlan-tag enable command and then its undo form on an interface will cause BFD sessions on the interface to go down. Perform this operation with caution.

Executing this command on an aggregation group member port does not affect the other member ports in the same aggregation group or affect the Selected state of aggregation group member ports. To ensure configuration consistency within an aggregation group, manually execute this command on all aggregation group member ports.

Examples

# Enable the function of setting VLAN tags for sent protocol packets on FortyGigE 1/0/1.

<System> system-view

[System] interface fortygige 1/0/1

[System-FortyGigE1/0/1] port outbound-vlan-tag enable

reset counters interface vlan-interface

Use reset counters interface vlan-interface to clear statistics on a VLAN interface.

Syntax

reset counters [ interface vlan-interface [ interface-number ] ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-interface interface-number: Specifies a VLAN interface by its number. If you do not specify the vlan-interface keyword, the command clears statistics on all interfaces. If you specify the vlan-interface keyword without specifying an interface number, the command clears statistics on all existing VLAN interfaces.

Usage guidelines

Use this command to clear the history statistics before you collect statistics within a time period.

Examples

# Clear statistics on VLAN-interface 2.

<Sysname> reset counters interface vlan-interface 2

Related commands

display interface vlan-interface

shutdown

Use shutdown to shut down a VLAN interface.

Use undo shutdown to bring up a VLAN interface.

Syntax

shutdown

undo shutdown

Default

The default state of a VLAN interface is down.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

	CAUTION: Executing the shutdown command on a VLAN interface will disconnect the link of the VLAN interface and interrupt communication. Use this command with caution.

 

When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:

·     The VLAN interface is down if all ports in the VLAN are down.

·     The VLAN interface is up if one or more ports in the VLAN are up.

When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.

Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configuration from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.

To troubleshoot a failed VLAN interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.

In a VLAN, the state of each Ethernet port is independent of the state of the VLAN interface.

Examples

# Shut down VLAN-interface 2, and then bring it up.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

traffic-statistic enable

Use traffic-statistic enable to enable packet statistics collection for a VLAN interface.

Use undo traffic-statistic enable to disable packet statistics collection for a VLAN interface.

Syntax

traffic-statistic enable

undo traffic-statistic enable

Default

Packet statistics collection is disabled for a VLAN interface.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is resource intensive. The system becomes busy and the CPU usage increases when you enable this feature on a large number of interfaces or set a shorter interval by using the flow-interval command.

With this command executed, you can view the packet statistics of a VLAN interface by viewing the Input and Output fields in the display interface vlan-interface command output. You can view the packet rate statistics of a VLAN interface by using the display counters rate command.

Examples

# Enable packet statistics collection for VLAN-interface 1000.

<Sysname> system-view

[Sysname] vlan 1000

[Sysname-vlan1000] quit

[Sysname] interface vlan-interface 1000

[Sysname-Vlan-interface1000] traffic-statistic enable

Related commands

display counters rate (Layer 2—LAN Switching Command Reference)

display interface vlan-interface

flow-interval (Layer 2—LAN Switching Command Reference)

vlan

Use vlan vlan-id-list to create VLANs in batches, except reserved VLANs.

Use vlan all to create VLANs 1 through 4094.

Use undo vlan to delete the specified VLANs.

Syntax

vlan { vlan-id-list | all }

undo vlan { vlan-id-list | all }

Default

VLAN 1 (system default VLAN) exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.

all: Specifies all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.

Usage guidelines

You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs.

Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN.

Examples

# Create VLAN 2 and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2]

# Create VLAN 2 and VLANs 4 through 100.

<Sysname> system-view

[Sysname] vlan 2 4 to 100

Related commands

display vlan

Port-based VLAN commands

display port

Use display port to display information about hybrid or trunk ports.

Syntax

display port { hybrid | trunk }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

hybrid: Specifies hybrid ports.

trunk: Specifies trunk ports.

Examples

# Display information about hybrid ports.

<Sysname> display port hybrid

Interface            PVID  VLAN Passing

FGE1/0/1             100   Tagged:  1000, 1002, 1500, 1600-1611, 2000,

                                    2555-2558, 3000, 4000

                           Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,

                                    150-160, 200, 255, 286, 300-302

# Display information about trunk ports.

<Sysname> display port trunk

Interface            PVID  VLAN Passing

FGE1/0/2             2     1-4, 6-100, 145, 177, 189-200, 244, 289, 400,

                           555, 600-611, 1000, 2006-2008

Table 4 Command output

Field	Description
Interface	Interface name.
PVID	Port VLAN ID.
VLAN Passing	Existing VLANs allowed on the port.
Tagged	VLANs from which the port sends packets without removing VLAN tags.
Untagged	VLANs from which the port sends packets after removing VLAN tags.

‌

port

Use port to assign the specified access ports to a VLAN.

Use undo port to remove the specified access ports from a VLAN.

Syntax

port interface-list

undo port interface-list

Default

All ports are in VLAN 1.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

Usage guidelines

This command is applicable only to access ports. This command cannot assign access ports to or remove access ports from VLAN 1.

By default, all ports are access ports. You can manually configure the port link type. For more information, see "port link-type."

Examples

# Assign FortyGigE 1/0/1 through FortyGigE 1/0/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port fortygige 1/0/1 to fortygige 1/0/3

Related commands

display vlan

port access vlan

Use port access vlan to assign an access port to the specified VLAN.

Use undo port access vlan to restore the default.

Syntax

port access vlan vlan-id

undo port access vlan

Default

All access ports belong to VLAN 1.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

By default, all access ports belong to VLAN 1. Therefore, this command cannot be used to assign access ports to VLAN 1. To move an access port to VLAN 1, execute the undo port access vlan command on the access port.

Before assigning an access port to a VLAN, make sure the VLAN has been created.

Examples

# Assign FortyGigE 1/0/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port access vlan 3

port hybrid pvid

Use port hybrid pvid to set the PVID of a hybrid port.

Use undo port hybrid pvid to set the PVID of a hybrid port to 1.

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

Default

The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, set the same PVID for a local hybrid port and its peer.

To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.

Examples

# Configure FortyGigE 1/0/1 as a hybrid port, set its PVID to VLAN 100, and assign it to VLAN 100 as an untagged member.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port link-type hybrid

[Sysname-FortyGigE1/0/1] port hybrid pvid vlan 100

[Sysname-FortyGigE1/0/1] port hybrid vlan 100 untagged

Related commands

port hybrid vlan

port link-type

port hybrid vlan

Use port hybrid vlan to assign a hybrid port to the specified VLANs.

Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.

Syntax

port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

Default

A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.

tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.

untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.

Usage guidelines

A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.

Examples

# Configure FortyGigE 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port link-type hybrid

[Sysname-FortyGigE1/0/1] port hybrid vlan 2 4 50 to 100 tagged

Related commands

port link-type

port link-type

Use port link-type to set the link type of a port.

Use undo port link-type to restore the default link type of a port.

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

Default

Each port is an access port.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

access: Sets the port link type to access.

hybrid: Sets the port link type to hybrid.

trunk: Sets the port link type to trunk.

Usage guidelines

To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.

Examples

# Configure FortyGigE 1/0/1 as a trunk port.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port link-type trunk

port trunk permit vlan

Use port trunk permit vlan to assign a trunk port to the specified VLANs.

Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.

Syntax

port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }

Default

A trunk port allows packets only from VLAN 1 to pass through.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.

Usage guidelines

A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.

On a trunk port, packets only from the PVID can pass through untagged.

Examples

# Configure FortyGigE 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port link-type trunk

[Sysname-FortyGigE1/0/1] port trunk permit vlan 2 4 50 to 100

Related commands

port link-type

port trunk pvid

Use port trunk pvid to set the PVID for a trunk port.

Use undo port trunk pvid to restore the default.

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

Default

The PVID of a trunk port is VLAN 1.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, set the same PVID for a local trunk port and its peer.

To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.

Examples

# Configure FortyGigE 1/0/1 as a trunk, set its PVID to VLAN 100, and assign it to VLAN 100.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port link-type trunk

[Sysname-FortyGigE1/0/1] port trunk pvid vlan 100

[Sysname-FortyGigE1/0/1] port trunk permit vlan 100

Related commands

port link-type

port trunk permit vlan

MAC-based VLAN commands

display mac-vlan

Use display mac-vlan to display MAC-to-VLAN entries.

Syntax

display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

all: Specifies all MAC-to-VLAN entries.

dynamic: Specifies dynamically configured MAC-to-VLAN entries.

mac-address mac-address: Specifies the MAC address in the MAC-to-VLAN entry. The format of the mac-address argument is H-H-H.

mask mac-mask: Specifies the mask for matching MAC addresses in MAC-to-VLAN entries. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.

static: Specifies statically configured MAC-to-VLAN entries.

vlan vlan-id: Specifies the VLAN in MAC-to-VLAN entries. The value range for the vlan-id argument is 1 to 4094.

Examples

# Display all MAC-to-VLAN entries.

<Sysname> display mac-vlan all

The following MAC VLAN entries exist:

State: S - Static, D - Dynamic

 

MAC address        Mask                VLAN ID   Dot1p      State

0008-0001-0000     ffff-ff00-0000      5         3          S

0002-0001-0000     ffff-ffff-ffff      5         3          S&D

 

Total MAC VLAN entries count: 2

Table 5 Command output

Field	Description
S - Static	Statically configured MAC-to-VLAN entries.
D - Dynamic	Dynamically configured MAC-to-VLAN entries.
MAC address	MAC address of the MAC-to-VLAN entry.
Mask	MAC address mask of the MAC-to-VLAN entry.
VLAN ID	VLAN ID of the MAC-to-VLAN entry.
Dot1p	802.1p priority of the VLAN in the MAC-to-VLAN entry.
State	State of a MAC-to-VLAN entry: ·     S—The MAC-to-VLAN entry is configured statically. ·     D—The MAC-to-VLAN entry is dynamically issued by the authentication server. ·     S&D—The MAC-to-VLAN entry is configured both statically and dynamically.

‌

Related commands

mac-vlan mac-address

display mac-vlan interface

Use display mac-vlan interface to display all ports that are enabled with the MAC-based VLAN feature.

Syntax

display mac-vlan interface

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display all ports that are enabled with the MAC-based VLAN feature.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

FortyGigE1/0/1  FortyGigE1/0/2  FortyGigE1/0/3

Related commands

mac-vlan enable

mac-base-vlan enable

Use mac-base-vlan enable to enable the MAC-based VLAN feature globally.

Use undo mac-base-vlan enable to disable the MAC-based VLAN feature globally.

Syntax

mac-base-vlan enable

undo mac-base-vlan enable

Default

The MAC-based VLAN feature is disabled globally.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command takes effect after you save the running configuration and reboot the device.

Examples

# Enable the MAC-based VLAN feature globally.

<Sysname> system-view

[Sysname] mac-base-vlan enable

Related commands

mac-vlan enable

mac-vlan enable

Use mac-vlan enable to enable the MAC-based VLAN feature on a port.

Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port.

Syntax

mac-vlan enable

undo mac-vlan enable

Default

The MAC-based VLAN feature is disabled on a port.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command takes effect after the MAC-based VLAN feature is enabled globally.

Examples

# Enable the MAC-based VLAN feature on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname–FortyGigE1/0/1] mac-vlan enable

Related commands

display mac-vlan interface

mac-base-vlan enable

mac-vlan mac-address

Use mac-vlan mac-address to configure a MAC-to-VLAN entry.

Use undo mac-vlan to delete the specified MAC-to-VLAN entries.

Syntax

mac-vlan mac-address mac-address vlan vlan-id

undo mac-vlan { all | mac-address mac-address | vlan vlan-id }

Default

No MAC-to-VLAN entries exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be a multicast MAC address or all 0s. When you configure a MAC address, leading zeros in each H section can be omitted. For example, to configure a MAC address 000f-00e2-0001, you can enter only f-e2-1.

mask mac-mask: Specifies the MAC address mask. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.

vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

all: Specifies all static MAC-to-VLAN entries.

Examples

# Associate the MAC address 0000-0001-0001 with VLAN 100.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100

Related commands

display mac-vlan

vlan precedence

Use vlan precedence to set the VLAN matching order.

Use undo vlan precedence to restore the default.

Syntax

vlan precedence mac-vlan

undo vlan precedence

Default

A port matches VLANs based on MAC addresses preferentially.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-vlan: Matches VLANs based on MAC addresses preferentially.

Usage guidelines

This command takes effect only on MAC-based VLANs.

Examples

# Configure FortyGigE 1/0/1 to match VLANs based on MAC addresses preferentially.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] vlan precedence mac-vlan

 

Super VLAN commands

display supervlan

Use display supervlan to display information about super VLANs and their associated sub-VLANs.

Syntax

display supervlan [ supervlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN ID, this command displays information about all super VLANs and their associated sub-VLANs.

Examples

# Display information about super VLAN 2 and its associated sub-VLANs.

<Sysname> display supervlan 2

 Super VLAN ID: 2

 Sub-VLAN ID: 3-5

 

 VLAN ID: 2

 VLAN type: Static

 It is a super VLAN.

 Route interface: Configured

 IPv4 address: 10.153.17.41

 IPv4 subnet mask: 255.255.252.0

 IPv6 global unicast addresses:

   2001::1, subnet is 2001::/64 [TENTATIVE]

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged ports:   None

 Untagged ports: None

 

 VLAN ID: 3

 VLAN type: Static

 It is a sub VLAN.

 Route interface: Configured

 IPv4 address: 10.153.17.41

 IPv4 subnet mask: 255.255.252.0

 IPv6 global unicast addresses:

   2001::1, subnet is 2001::/64 [TENTATIVE]

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/3

 

 VLAN ID: 4

 VLAN type: Static

 It is a sub VLAN.

 Route interface: Configured

 IPv4 address: 10.153.17.41

 IPv4 subnet mask: 255.255.252.0

 IPv6 global unicast addresses:

   2001::1, subnet is 2001::/64 [TENTATIVE]

 Description: VLAN 0004

 Name: VLAN 0004

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/4

Table 6 Command output

Field	Description
VLAN type	VLAN type, dynamic or static.
Route interface	Whether a VLAN interface is configured for the VLAN.
IPv4 address	Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: ·     display interface vlan-interface. ·     display this (VLAN interface view).
IPv4 subnet mask	Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface.
IPv6 global unicast addresses	Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: ·     TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. ·     DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. ·     PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. ·     DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly.
Description	VLAN description.
Name	VLAN name.
Tagged ports	Tagged members of the VLAN.
Untagged ports	Untagged members of the VLAN.

‌

Related commands

subvlan

supervlan

subvlan

Use subvlan to associate a super VLAN with the specified sub-VLANs.

Use undo subvlan to dissociate sub-VLANs from a super VLAN.

Syntax

subvlan vlan-id-list

undo subvlan [ vlan-id-list ]

Default

A super VLAN is not associated with any sub-VLANs.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 sub-VLAN items. Each item specifies a sub-VLAN ID or a range of sub-VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for sub-VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

Usage guidelines

Make sure sub-VLANs already exist before you associate them with a super VLAN.

You can add ports to and remove ports from a sub-VLAN that is already associated with a super VLAN.

When you use the undo subvlan command, follow these guidelines:

·     If you do not specify the vlan-id-list argument, this command dissociates all sub-VLANs from the current super VLAN.

·     If you specify the vlan-id-list argument, this command dissociates the specified sub-VLANs from the current super VLAN.

Examples

# Associate super VLAN 10 with sub-VLANs 3, 4, and 5.

<Sysname> system-view

[Sysname] vlan 3 to 5

[Sysname] vlan 10

[Sysname-vlan10] supervlan

[Sysname-vlan10] subvlan 3 to 5

Related commands

display supervlan

supervlan

supervlan

Use supervlan to configure a VLAN as a super VLAN.

Use undo supervlan to restore the default.

Syntax

supervlan

undo supervlan

Default

A VLAN is not a super VLAN.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

As a best practice, do not configure VRRP for a super VLAN interface, because the configuration affects network performance.

Layer 2 multicast configuration for super VLANs does not take effect because they do not have physical ports.

Examples

# Configure VLAN 2 as a super VLAN.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] supervlan

Related commands

display supervlan

subvlan

Private VLAN commands

 

IMPORTANT: After you use the system-working-mode bridgee command to configure the device to operate in the bridgee mode, private VLAN configuration commands cannot be executed on the device.

‌

display private-vlan

Use display private-vlan to display information about primary VLANs and their associated secondary VLANs.

Syntax

display private-vlan [ primary-vlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary VLAN ID, this command displays information about all primary VLANs and their associated secondary VLANs.

Examples

# Display information about primary VLANs and their associated secondary VLANs.

<Sysname> display private-vlan

 Primary VLAN ID: 2

 Secondary VLAN ID: 3-4

 

 VLAN ID: 2

 VLAN type: Static

 Private VLAN type: Primary

 Route interface: Configured

 IPv4 address: 1.1.1.1

 IPv4 subnet mask: 255.255.255.0

 IPv6 global unicast addresses:

   2001::1, subnet is 2001::/64 [TENTATIVE]

 Description: VLAN 0002

 Name: VLAN 0002

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

    FortyGigE1/0/3

    FortyGigE1/0/4

 

 VLAN ID: 3

 VLAN type: Static

 Private VLAN type: Secondary

 Route interface: Not configured

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

    FortyGigE1/0/3

 

 VLAN ID: 4

 VLAN type: Static

 Private VLAN type: Secondary

 Route interface: Not configured

 Description: VLAN 0004

 Name: VLAN 0004

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

    FortyGigE1/0/4

Table 7 Command output

Field	Description
VLAN type	VLAN type, dynamic or static.
Private VLAN type	Private VLAN type: ·     Primary—Primary VLAN. ·     Secondary—Secondary VLAN. ·     Isolated secondary—Secondary VLAN configured with port isolation at Layer 2.
Route interface	Whether a VLAN interface is created for the VLAN: ·     Configured. ·     Not configured.
IPv4 address	Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: ·     display interface vlan-interface. ·     display this (VLAN interface view).
IPv4 subnet mask	Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface.
IPv6 global unicast addresses	Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: ·     TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. ·     DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. ·     PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. ·     DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly.
Description	VLAN description.
Name	VLAN name.
Tagged ports	Tagged members of the VLAN.
Untagged ports	Untagged members of the VLAN.

‌

Related commands

private-vlan (VLAN view)

private-vlan primary

port private-vlan host

Use port private-vlan host to configure a port as a host port.

Use undo port private-vlan to restore the default.

Syntax

port private-vlan host

undo port private-vlan

Default

A port is not a host port.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If the port has been assigned to a secondary VLAN, the command assigns the port to the primary VLAN associated with the secondary VLAN. Also, the following events occur:

·     For an access port, the device performs the following operations:

¡     Changes the port link type to hybrid.

¡     Configures the secondary VLAN as the PVID.

¡     Assigns the port to the primary VLAN as an untagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of the primary VLAN, this member attribute remains in the primary VLAN.

¡     If the hybrid port does not allow the primary VLAN, the device assigns the port to the primary VLAN as an untagged member.

You can assign the port to a secondary VLAN before or after you execute this command.

The undo port private-vlan command does not change the VLAN attributes (allowed VLANs, port link type, and PVID) of the port.

The port private-vlan host command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.

Examples

In this example, VLAN 20 is a secondary VLAN and is associated with primary VLAN 2.

# Configure FortyGigE 1/0/1 as a host port, and then verify the configuration.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port private-vlan host

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port private-vlan host

#

return

The output show that FortyGigE 1/0/1 is operating in bridge mode and is a host port.

# Assign FortyGigE 1/0/1 to VLAN 20, and then verify the configuration.

[Sysname-FortyGigE1/0/1] port access vlan 20

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port private-vlan host

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 2 20 untagged

 port hybrid pvid vlan 20

#

return

The output shows that:

·     FortyGigE 1/0/1 is an untagged member of secondary VLAN 20 and primary VLAN 2.

·     The port link type of FortyGigE 1/0/1 is hybrid and its PVID is VLAN 20.

Related commands

port private-vlan promiscuous

port private-vlan trunk promiscuous

port private-vlan trunk secondary

private-vlan (VLAN view)

private-vlan primary

port private-vlan promiscuous

Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified VLAN and assign the port to the VLAN.

Use undo port private-vlan to restore the default.

Syntax

port private-vlan vlan-id promiscuous

undo port private-vlan

Default

A port is not a promiscuous port of any VLANs.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLAN is a primary VLAN that has been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:

·     For an access port, the device performs the following operations:

¡     Changes the port link type to hybrid.

¡     Configures the primary VLAN as the PVID.

¡     Assigns the port to the primary VLAN and its associated secondary VLANs as an untagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of the primary VLAN and part of its associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the associated secondary VLANs as an untagged member.

¡     If the hybrid port does not allow any of the primary VLAN and its associated secondary VLANs, the command assigns the port to these VLANs as an untagged member.

If you execute this command on a promiscuous port multiple times, the most recent configuration takes effect.

The undo port private-vlan command does not change the VLAN attributes (allowed secondary VLANs, link type, and PVID) of the port. When you execute the undo port private-vlan command on a promiscuous port of a VLAN, the command removes the port from the VLAN.

You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan promiscuous command.

This command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.

Examples

In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20.

# Display information about FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

#

return

# Configure FortyGigE 1/0/1 as a promiscuous port of VLAN 2, and then verify the configuration.

[Sysname-FortyGigE1/0/1] port private-vlan 2 promiscuous

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port private-vlan 2 promiscuous

 undo port hybrid vlan 1

 port hybrid vlan 2 20 untagged

 port hybrid pvid vlan 2

#

return

The output shows that:

·     FortyGigE 1/0/1 is a promiscuous port of VLAN 2.

·     FortyGigE 1/0/1 is an untagged member of primary VLAN 2 and secondary VLAN 20.

·     The port link type of FortyGigE 1/0/1 is hybrid and its PVID is VLAN 2.

# Execute the undo port private-vlan command on FortyGigE 1/0/1, and then verify the configuration.

[Sysname-FortyGigE1/0/1] undo port private-vlan

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 20 untagged

 port hybrid pvid vlan 2

#

return

The output shows that:

·     FortyGigE 1/0/1 is removed from primary VLAN 2.

·     FortyGigE 1/0/1 is an untagged member of VLAN 20.

·     The link type and PVID of FortyGigE 1/0/1 do not change.

Related commands

port private-vlan host

port private-vlan trunk promiscuous

port private-vlan trunk secondary

private-vlan (VLAN view)

private-vlan primary

port private-vlan trunk promiscuous

Use port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port of the specified VLANs and assign the port to these VLANs.

Use undo port private-vlan trunk promiscuous to cancel the trunk promiscuous attribute of a port in the specified VLANs.

Syntax

port private-vlan vlan-id-list trunk promiscuous

undo port private-vlan vlan-id-list trunk promiscuous

Default

A port is not a trunk promiscuous port of any VLANs.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 primary VLAN items. Each item specifies a primary VLAN ID or a range of primary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for primary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLANs are primary VLANs that have been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:

·     For an access port, the device performs the following operations:

¡     Changes the port link type to hybrid. The PVID of the port does not change.

¡     Assigns the port to the primary VLANs and the associated secondary VLANs as a tagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the hybrid port has been a tagged or untagged member of part of the primary VLANs and their associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the primary VLANs and their associated secondary VLANs as a tagged member.

¡     If the hybrid port does not allow any of the primary VLANs and their associated secondary VLANs, the device assigns the port to these VLANs as a tagged member.

The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, port link type, and PVID) of the port.

If you execute the undo form of this command on a trunk promiscuous port, the command removes the port from the VLANs specified by the vlan-id-list argument.

You can configure the specified VLANs as primary VLANs before or after you execute this command.

This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous and port private-vlan trunk secondary commands.

For an uplink port to permit multiple primary VLANs, use the port private-vlan trunk promiscuous command to assign the port to these VLANs. The port can then transmit packets from these primary VLANs with VLAN tags. For an uplink port to permit only one primary VLAN, use the port private-vlan promiscuous command to assign the port to the VLAN. The port can then transmit packets from the primary VLAN without VLAN tags.

Examples

In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.

# Display information about FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

#

return

# Configure FortyGigE 1/0/1 as a trunk promiscuous port of VLANs 2 and 3, and then verify the configuration.

[Sysname-FortyGigE1/0/1] port private-vlan 2 3 trunk promiscuous

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port private-vlan 2 3 trunk promiscuous

 port hybrid vlan 2 3 20 30 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

·     FortyGigE 1/0/1 is a trunk promiscuous port of VLANs 2 and 3.

·     FortyGigE1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.

·     The port link type of FortyGigE 1/0/1 is hybrid.

# Execute the undo port private-vlan trunk promiscuous command on FortyGigE 1/0/1, and then verify the configuration.

[Sysname-FortyGigE1/0/1] undo port private-vlan 2 3 trunk promiscuous

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port hybrid vlan 20 30 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

·     FortyGigE 1/0/1 is removed from VLANs 2 and 3.

·     FortyGigE 1/0/1 is a tagged member of VLANs 20 and 30.

·     The port link type and PVID of FortyGigE 1/0/1 do not change.

Related commands

port private-vlan host

port private-vlan promiscuous

port private-vlan trunk secondary

private-vlan (VLAN view)

private-vlan primary

port private-vlan trunk secondary

Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the specified VLANs and assign the port to these VLANs.

Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the specified VLANs.

Syntax

port private-vlan vlan-id-list trunk secondary

undo port private-vlan vlan-id-list trunk secondary

Default

A port is not a trunk secondary port of any VLANs.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur:

·     For an access port, the device performs the following operations:

¡     Changes the port link type to hybrid. The PVID of the port does not change.

¡     Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged member.

·     For a trunk port, the device does not change the port link type or PVID.

·     For a hybrid port, the device does not change the port link type or PVID.

¡     If the port has been an untagged or tagged member of part of the secondary VLANs and their associated primary VLANs, this member attribute remains in these VLANs. The device assigns the port to the rest of the secondary VLANs and their associated primary VLANs as a tagged member.

¡     If the hybrid port does not allow any of the secondary VLANs and their associated primary VLANs, the device assigns the port to these VLANs as a tagged member.

A trunk secondary port can join only one secondary VLAN among all secondary VLANs associated with a primary VLAN. However, it can join multiple secondary VLANs that are associated with different primary VLANs.

The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port link type, and PVID) of the port.

When you execute the undo form of this command on a trunk secondary port of the VLANs specified by the vlan-id-list argument, one of the following events occurs:

·     If the port is an access port, the device does not change the VLAN configuration of the port.

·     If the port is a trunk or hybrid port, the device removes the port from the specified VLANs.

You can associate the specified VLANs with their respective primary VLANs before or after you execute this command.

This command does not take effect on the specified VLAN if any of the following conditions applies:

·     The specified VLAN does not exist.

·     The specified VLAN is not a secondary VLAN and is used for other purposes.

·     The specified VLAN shares the same primary VLAN with other secondary VLANs, and the current port has been configured as a trunk secondary port in one of the other secondary VLANs.

This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous and port private-vlan trunk promiscuous commands.

For a downlink port to permit multiple secondary VLANs associated with different primary VLANs, use the port private-vlan trunk secondary command to assign the port to these secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN tags. For a downlink port to permit only one secondary VLAN, use the port private-vlan host command to assign the port to the secondary VLAN. The port can then transmit packets from the secondary VLAN without VLAN tags.

Examples

·     In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.

# Display information about FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

#

return

# Configure FortyGigE 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration.

[Sysname-FortyGigE1/0/1] port private-vlan 20 30 trunk secondary

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port hybrid vlan 2 3 20 30 tagged

 port hybrid vlan 1 untagged

 port private-vlan 20 30 trunk secondary

#

return

The output shows that:

¡     FortyGigE 1/0/1 is a trunk secondary port of VLANs 20 and 30.

¡     FortyGigE 1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.

¡     The port link type of FortyGigE 1/0/1 is hybrid.

# Execute the undo port private-vlan trunk secondary command on FortyGigE 1/0/1, and then verify the configuration.

[Sysname-FortyGigE1/0/1] undo port private-vlan 20 30 trunk secondary

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port hybrid vlan 2 3 tagged

 port hybrid vlan 1 untagged

#

return

The output shows that:

¡     FortyGigE 1/0/1 is removed from VLANs 20 and 30.

¡     FortyGigE 1/0/1 is a tagged member of VLANs 2 and 3.

¡     The port link type and PVID of FortyGigE 1/0/1 do not change.

·     In this example, VLAN 10 is not a secondary VLAN.

# Display information about FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

#

return

# Configure FortyGigE 1/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration.

[Sysname-FortyGigE1/0/1] port private-vlan 10 trunk secondary

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port hybrid vlan 10 tagged

 port hybrid vlan 1 untagged

 port private-vlan 10 trunk secondary

#

return

The output shows that:

¡     FortyGigE 1/0/1 is a trunk secondary port of VLAN 10.

¡     FortyGigE 1/0/1 is a tagged member of VLAN 10.

¡     The port link type of FortyGigE 1/0/1 is hybrid.

# Execute the undo port private-vlan trunk secondary command on FortyGigE1/0/1, and then verify the configuration.

[Sysname-FortyGigE1/0/1] undo port private-vlan 10 trunk secondary

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode bridge

 port link-type hybrid

 port hybrid vlan 1 untagged

#

return

The output shows that:

¡     FortyGigE 1/0/1 is removed from VLAN 10.

¡     The port link type and PVID of FortyGigE 1/0/1 do not change.

Related commands

port private-vlan host

port private-vlan promiscuous

port private-vlan trunk promiscuous

private-vlan (VLAN view)

private-vlan isolated

private-vlan primary

private-vlan (VLAN interface view)

Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are associated with a primary VLAN.

Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs that are associated with a primary VLAN.

Syntax

private-vlan secondary vlan-id-list

undo private-vlan [ secondary vlan-id-list ]

Default

Secondary VLANs are isolated at Layer 3.

Views

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

Usage guidelines

This command takes effect only when the following conditions exist:

·     This command is executed in VLAN interface view of the primary VLAN interface.

·     Secondary VLANs are associated with the primary VLAN.

·     No VLAN interfaces are created for secondary VLANs.

·     An IP address is assigned to the primary VLAN interface.

·     Local proxy ARP or ND is enabled on the primary VLAN interface.

You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3 communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN interfaces for them.

When you execute this command in the same primary VLAN interface view multiple times, all the specified secondary VLANs are interoperable at Layer 3.

When you execute the undo private-vlan command, follow these guidelines:

·     If you specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration only for the specified secondary VLANs.

·     If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration for all secondary VLANs of the primary VLAN.

Examples

This example shows how to meet the following requirements:

·     VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.

·     The uplink port (FortyGigE 1/0/2) is a promiscuous port of VLAN 2.

·     Downlink ports FortyGigE 1/0/3 and FortyGigE 1/0/4 are host ports of VLANs 3 and 4, respectively.

·     Secondary VLANs 3 and 4 can communicate at Layer 3.

# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.

<Sysname> system-view

[Sysname] vlan 3 to 4

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2] private-vlan secondary 3 to 4

[Sysname-vlan2] quit

# Configure the uplink port (FortyGigE 1/0/2) as a promiscuous port of VLAN 2.

[Sysname] interface fortygige 1/0/2

[Sysname-FortyGigE1/0/2] port private-vlan 2 promiscuous

[Sysname-FortyGigE1/0/2] quit

# Assign downlink port FortyGigE 1/0/3 to VLAN 3 and configure the port as a host port.

[Sysname] interface fortygige 1/0/3

[Sysname-FortyGigE1/0/3] port access vlan 3

[Sysname-FortyGigE1/0/3] port private-vlan host

[Sysname-FortyGigE1/0/3] quit

# Assign downlink port FortyGigE 1/0/4 to VLAN 4 and configure the port as a host port.

[Sysname] interface fortygige 1/0/4

[Sysname-FortyGigE1/0/4] port access vlan 4

[Sysname-FortyGigE1/0/4] port private-vlan host

[Sysname-FortyGigE1/0/4] quit

# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] private-vlan secondary 3 to 4

# Assign an IP address to VLAN-interface 2.

[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0

# Enable local proxy ARP on VLAN-interface 2.

[Sysname-Vlan-interface2] local-proxy-arp enable

Related commands

private-vlan (VLAN view)

private-vlan primary

private-vlan (VLAN view)

Use private-vlan to associate a primary VLAN with the specified secondary VLANs.

Use undo private-vlan to dissociate a primary VLAN from the specified secondary VLANs.

Syntax

private-vlan secondary vlan-id-list

undo private-vlan [ secondary vlan-id-list ]

Default

A primary VLAN is not associated with any secondary VLANs.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

secondary vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.

Usage guidelines

A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN.

The configuration synchronization is triggered based on the interface configuration when the following conditions exist:

·     This command is configured for a primary VLAN.

·     Ports on the device are promiscuous, trunk promiscuous, or host ports.

When you execute the undo private-vlan command, follow these guidelines:

·     If you specify the secondary vlan-id-list option, this command dissociates the primary VLAN from the specified secondary VLANs.

·     If you do not specify the secondary vlan-id-list option, this command dissociates the primary VLAN from all secondary VLANs.

Examples

# Associate primary VLAN 2 with secondary VLANs 3 and 4.

<Sysname> system-view

[Sysname] vlan 3 to 4

[Sysname] vlan 2

[Sysname-vlan2] private-vlan primary

[Sysname-vlan2] private-vlan secondary 3 to 4

Related commands

port private-vlan host

port private-vlan promiscuous

port private-vlan trunk promiscuous

port private-vlan trunk secondary

primary-vlan primary

private-vlan primary

Use private-vlan primary to configure a VLAN as a primary VLAN.

Use undo private-vlan primary to restore the default.

Syntax

private-vlan primary

undo private-vlan primary

Default

A VLAN is not a primary VLAN.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The configuration synchronization is triggered based on the interface configuration when the following conditions exist:

·     This command is configured for a VLAN that has been associated with secondary VLANs.

·     Ports on the device are promiscuous, trunk promiscuous, host, or trunk secondary ports.

Examples

# Configure VLAN 5 as a primary VLAN.

<Sysname> system-view

[Sysname] vlan 5

[Sysname-vlan5] private-vlan primary

Related commands

port private-vlan host

port private-vlan promiscuous

port private-vlan trunk promiscuous

port private-vlan trunk secondary

private-vlan primary