Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-VLAN commands | 177.11 KB |
VLAN commands
Basic VLAN commands
default
Use default to restore the default settings for a VLAN interface.
Syntax
default
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] default
description
Use description to configure the description of a VLAN.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
To manage VLANs efficiently, configure descriptions for them based on their functions or connections.
Examples
# Configure the description of VLAN 2 as sales-private.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] description sales-private
Related commands
display vlan
display interface vlan-interface
Use display interface vlan-interface to display VLAN interface information.
Syntax
display interface [ vlan-interface [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-interface interface-number: Specifies a VLAN interface number. If you do not specify the vlan-interface keyword, the command displays information about all interfaces supported by the device. If you specify the vlan-interface keyword without specifying an interface number, the command displays information about all existing VLAN interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
down: Displays VLAN interfaces in down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.
Examples
# Display information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2
Vlan-interface2
Current state: DOWN
Line protocol state: DOWN
Description: Vlan-interface2 Interface
Bandwidth: 100000 kbps
Maximum transmission unit: 1500
Internet protocol processing : Disabled
IP packet frame type: Ethernet II, hardware address: 000f-e249-8050
IPv6 packet frame type: Ethernet II, hardware address: 000f-e249-8050
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
IPv4 traffic statistics:
Last 300 seconds input rate: 0 packets/sec, 0 bytes/sec
Last 300 seconds output rate: 0 packets/sec, 0 bytes/sec
Input: 0 packets, 0 bytes
Output: 0 packets, 0 bytes
IPv6 traffic statistics:
Last 300 seconds input rate: 0 packets/sec, 0 bytes/sec
Last 300 seconds output rate: 0 packets/sec, 0 bytes/sec
Input: 0 packets, 0 bytes
Output: 0 packets, 0 bytes
# Display brief information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vlan2 DOWN DOWN --
Table 1 Command output
|
Field |
Description |
|
Vlan-interface2 |
VLAN interface name. |
|
Current state |
Physical link state of the VLAN interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be connected correctly or the links might have failed. · UP—The interface is both administratively and physically up. |
|
Line protocol state |
Data link layer state of the VLAN interface: · DOWN—The link layer protocol state of the interface is down. · UP—The link layer protocol state of the interface is up. |
|
Description |
Description of the VLAN interface. |
|
Bandwidth |
Expected bandwidth of the VLAN interface. |
|
Maximum transmission unit |
MTU of the VLAN interface. |
|
Internet protocol processing |
IP packet processing capability of the interface when the interface is not assigned an IP address: · Disabled—The interface cannot process IP packets. · Enabled—The interface can process IP packets. |
|
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · DHCP-allocated—DHCP allocated IP address. For more information, see DHCP client configuration in Layer 3—IP Services Configuration Guide. · BOOTP-allocated—BOOTP allocated IP address. For more information, see BOOTP client configuration in Layer 3—IP Services Configuration Guide. · Unnumbered—IP address borrowed from another interface. |
|
IP packet frame type |
IPv4 packet framing format. |
|
hardware address |
MAC address of the VLAN interface. |
|
IPv6 packet frame type |
IPv6 packet framing format. |
|
Last clearing of counters |
The most recent time that the reset counters interface vlan-interface command was executed. This field displays Never if you have never executed this command. |
|
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rates of input packets and output packets in the last 300 seconds (in Bps, bps, and pps). |
|
Input: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. |
|
Output: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets. |
|
IPv4 traffic statistics |
IPv4 packet statistics. |
|
IPv6 traffic statistics |
IPv6 packet statistics. |
|
Last 300 seconds input rate: 0 packets/sec, 0 bytes/sec |
Average inbound traffic rate (in pps and Bps) in the last 300 seconds. A hyphen (-) indicates that the statistical item is not supported. |
|
Last 300 seconds output rate: 0 packets/sec, 0 bytes/sec |
Average outbound traffic rate (in pps and Bps) in the last 300 seconds. A hyphen (-) indicates that the statistical item is not supported. |
|
Input: 0 packets, 0 bytes |
Inbound traffic statistics (in packets and bytes) for the interface. A hyphen (-) indicates that the statistical item is not supported. |
|
Output: 0 packets, 0 bytes |
Outbound traffic statistics (in packets and bytes) for the interface. A hyphen (-) indicates that the statistical item is not supported. |
|
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol state of the interface is up. · DOWN—The data link layer protocol state of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. |
|
Primary IP |
Primary IP address of the interface. |
Related commands
reset counters interface vlan-interface
display vlan
Use display vlan to display VLAN information.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except the reserved VLANs.
dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the total number of dynamic VLANs and each dynamic VLAN ID.
reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved according to function implementation. The reserved VLANs provide services for protocol modules. You cannot configure reserved VLANs.
static: Specifies static VLANs. If you specify this keyword, the command displays the total number of static VLANs and each static VLAN ID. Static VLANs are manually created.
Examples
# Display information about VLAN 2.
<Sysname> display vlan 2
VLAN ID: 2
VLAN type: Static
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/2 Twenty-FiveGigE1/0/3
# Display information about VLAN 3.
<Sysname> display vlan 3
VLAN ID: 3
VLAN type: static
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports: None
Table 2 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, static or dynamic. |
|
Route interface |
Whether the VLAN interface is configured for the VLAN. · Not configured. · Configured. |
|
Description |
Description of the VLAN. |
|
Name |
VLAN name. |
|
IP address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
Subnet mask |
Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
display vlan brief
Use display vlan brief to display brief VLAN information.
Syntax
display vlan brief
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief VLAN information.
<Sysname> display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 WGE1/0/1 WGE1/0/2 WGE1/0/3 WGE1/0/4
WGE1/0/5 WGE1/0/6 WGE1/0/7 WGE1/0/8
2 VLAN 0002
3 VLAN 0003
Table 3 Command output
|
Field |
Description |
|
Default VLAN ID |
System default VLAN ID. |
|
Name |
VLAN name. |
|
Port |
Ports that allow packets from the VLAN to pass through. |
interface vlan-interface
Use interface vlan-interface to create a VLAN interface and enter its view, or enter the view of an existing VLAN interface.
Use undo interface vlan-interface to delete a VLAN interface.
Syntax
interface vlan-interface interface-number
undo interface vlan-interface interface-number
Default
No VLAN interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a VLAN interface number in the range of 1 to 4094.
Usage guidelines
Create the VLAN before you create the VLAN interface for a VLAN.
Examples
# Create VLAN-interface 2, and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2]
Related commands
display interface vlan-interface
mac-address
Use mac-address to assign a MAC address to a VLAN interface.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
No MAC address is configured for a VLAN interface.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the format of H-H-H.
Usage guidelines
When you assign a MAC address to a VLAN interface, make sure the following requirements are met:
· The MAC address must have the same highest 36 bits as the base MAC address.
· The MAC address must be no lower than the base MAC address plus 90 (decimal).
For more information about the base MAC address, see MAC address table in Layer 2—LAN Switching Configuration Guide.
Examples
# Assign MAC address 0001-0001-0001 to VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] mac-address 1-1-1
mtu
Use mtu to set the MTU for a VLAN interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of a VLAN interface is 1500 bytes.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
size: Sets the MTU in the range of 46 to 9216.
Examples
# Set the MTU to 1492 bytes for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] mtu 1492
Related commands
display interface vlan-interface
name
Use name to assign a name to a VLAN.
Use undo name to restore the default.
Syntax
name text
undo name
Default
The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If a large number of VLANs are configured, use VLAN names to identify them.
Examples
# Assign the name test vlan to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] name test vlan
Related commands
shutdown
Use shutdown to shut down a VLAN interface.
Use undo shutdown to bring up a VLAN interface.
Syntax
shutdown
undo shutdown
Default
A VLAN interface is down.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: Executing the shutdown command on a VLAN interface will disconnect the link of the VLAN interface and interrupt communication. Use this command with caution. |
When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:
· The VLAN interface is down if all ports in the VLAN are down.
· The VLAN interface is up if one or more ports in the VLAN are up.
When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.
Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configuration from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.
To troubleshoot a failed VLAN interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.
In a VLAN, the state of each Ethernet port is independent of the state of the VLAN interface.
Examples
# Shut down VLAN-interface 2, and then bring it up.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] shutdown
[Sysname-Vlan-interface2] undo shutdown
vlan
Use vlan vlan-id to create a VLAN and enter its view or enter the view of an existing VLAN.
Use vlan vlan-id-list to batch create VLANs except reserved VLANs.
Use vlan all to create VLANs 1 through 4094.
Use undo vlan to delete the specified VLANs.
Syntax
vlan { vlan-id-list | all }
undo vlan { vlan-id-list | all }
Default
VLAN 1 (system default VLAN) exists.
Views
System view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.
Usage guidelines
You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs.
Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN.
Examples
# Create VLAN 2 and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2]
# Create VLANs 4 through 100 and VLAN 200.
<Sysname> system-view
[Sysname] vlan 4 to 100 200
Related commands
display vlan
Port-based VLAN commands
display port
Use display port to display information about hybrid or trunk ports.
Syntax
display port { hybrid | trunk }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
hybrid: Specifies hybrid ports.
trunk: Specifies trunk ports.
Examples
# Display information about hybrid ports.
<Sysname> display port hybrid
Interface PVID VLAN Passing
WGE1/0/1 100 Tagged: 1000, 1002, 1500, 1600-1611, 2000,
2555-2558, 3000, 4000
Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,
150-160, 200, 255, 286, 300-302
# Display information about trunk ports.
<Sysname> display port trunk
Interface PVID VLAN Passing
WGE1/0/2 2 1-4, 6-100, 145, 177, 189-200, 244, 289, 400,
555, 600-611, 1000, 2006-2008
Table 4 Command output
|
Field |
Description |
|
Interface |
Interface name. |
|
PVID |
Port VLAN ID. |
|
VLAN Passing |
Existing VLANs allowed on the port. |
|
Tagged |
VLANs from which the port sends packets without removing VLAN tags. |
|
Untagged |
VLANs from which the port sends packets after removing VLAN tags. |
port
Use port to assign the specified access ports to a VLAN.
Use undo port to remove the specified access ports from a VLAN.
Syntax
port interface-list
undo port interface-list
Default
All ports are in VLAN 1.
Views
VLAN view
Predefined user roles
network-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
Usage guidelines
This command is applicable only to access ports. This command cannot assign access ports to or remove access ports from VLAN 1.
By default, all ports are access ports. You can manually configure the port link type. For more information, see "port link-type."
Examples
# Assign Twenty-FiveGigE 1/0/1 through Twenty-FiveGigE 1/0/3 to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port twenty-fivegige 1/0/1 to twenty-fivegige 1/0/3
Related commands
display vlan
port access vlan
Use port access vlan to assign an access port to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
All access ports belong to VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
By default, all access ports belong to VLAN 1. Therefore, this command cannot be used to assign access ports to VLAN 1. To move an access port to VLAN 1, execute the undo port access vlan command on the access port.
Before assigning an access port to a VLAN, make sure the VLAN has been created.
Examples
# Assign Twenty-FiveGigE 1/0/1 to VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] quit
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port access vlan 3
port hybrid pvid
Use port hybrid pvid to set the PVID of a hybrid port.
Use undo port hybrid pvid to set the PVID of a hybrid port to 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local hybrid port and its peer.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
Examples
# Configure Twenty-FiveGigE 1/0/1 as a hybrid port, set its PVID to VLAN 100, and assign it to VLAN 100 as an untagged member.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port link-type hybrid
[Sysname-Twenty-FiveGigE1/0/1] port hybrid pvid vlan 100
[Sysname-Twenty-FiveGigE1/0/1] port hybrid vlan 100 untagged
Related commands
port hybrid vlan
port link-type
port hybrid vlan
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.
Examples
# Configure Twenty-FiveGigE 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port link-type hybrid
[Sysname-Twenty-FiveGigE1/0/1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
port link-type
Use port link-type to set the link type of a port.
Use undo port link-type to restore the default link type of a port.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
Each port is an access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
access: Sets the port link type to access.
hybrid: Sets the port link type to hybrid.
trunk: Sets the port link type to trunk.
Usage guidelines
To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.
Examples
# Configure Twenty-FiveGigE 1/0/1 as a trunk port.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port link-type trunk
port trunk permit vlan
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
A trunk port allows packets only from VLAN 1 to pass through.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.
Usage guidelines
A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.
On a trunk port, packets only from the PVID can pass through untagged.
Examples
# Configure Twenty-FiveGigE 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port link-type trunk
[Sysname-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
port trunk pvid
Use port trunk pvid to set the PVID for a trunk port.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
The PVID of a trunk port is VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local trunk port and its peer.
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
Examples
# Configure Twenty-FiveGigE 1/0/1 as a trunk, set its PVID to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port link-type trunk
[Sysname-Twenty-FiveGigE1/0/1] port trunk pvid vlan 100
[Sysname-Twenty-FiveGigE1/0/1] port trunk permit vlan 100
Related commands
port link-type
port trunk permit vlan
MAC-based VLAN commands
display mac-vlan
Use display mac-vlan to display MAC-to-VLAN entries.
Syntax
display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all MAC-to-VLAN entries.
dynamic: Specifies dynamically configured MAC-to-VLAN entries.
mac-address mac-address: Specifies the MAC address in the MAC-to-VLAN entry. The format of the mac-address argument is H-H-H.
mask mac-mask: Specifies the mask for matching MAC addresses in MAC-to-VLAN entries. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.
static: Specifies statically configured MAC-to-VLAN entries.
vlan vlan-id: Specifies the VLAN in MAC-to-VLAN entries. The value range for the vlan-id argument is 1 to 4094.
Examples
# Display all MAC-to-VLAN entries.
<Sysname> display mac-vlan all
The following MAC VLAN entries exist:
State: S - Static, D - Dynamic
MAC address Mask VLAN ID Dot1p State
0008-0001-0000 ffff-ff00-0000 5 3 S
0002-0001-0000 ffff-ffff-ffff 5 3 S&D
Total MAC VLAN entries count: 2
Table 5 Command output
|
Field |
Description |
|
S - Static |
Statically configured MAC-to-VLAN entries. |
|
D - Dynamic |
Dynamically configured MAC-to-VLAN entries. |
|
MAC address |
MAC address of the MAC-to-VLAN entry. |
|
Mask |
MAC address mask of the MAC-to-VLAN entry. |
|
VLAN ID |
VLAN ID of the MAC-to-VLAN entry. |
|
Dot1p |
802.1p priority of the VLAN in the MAC-to-VLAN entry. |
|
State |
State of a MAC-to-VLAN entry: · S—The MAC-to-VLAN entry is configured statically. · D—The MAC-to-VLAN entry is dynamically issued by the authentication server. · S&D—The MAC-to-VLAN entry is configured both statically and dynamically. |
Related commands
mac-vlan mac-address
display mac-vlan interface
Use display mac-vlan interface to display all ports that are enabled with the MAC-based VLAN feature.
Syntax
display mac-vlan interface
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all ports that are enabled with the MAC-based VLAN feature.
<Sysname> display mac-vlan interface
MAC VLAN is enabled on following ports:
Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/2 Twenty-FiveGigE1/0/3
mac-vlan enable
mac-vlan enable
Use mac-vlan enable to enable the MAC-based VLAN feature on a port.
Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port.
Syntax
mac-vlan enable
undo mac-vlan enable
Default
The MAC-based VLAN feature is disabled on a port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable the MAC-based VLAN feature on Twenty-FiveGigE 1/0/1.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname–Twenty-FiveGigE1/0/1] mac-vlan enable
display mac-vlan interface
mac-vlan mac-address
Use mac-vlan mac-address to configure a MAC-to-VLAN entry.
Use undo mac-vlan to delete the specified MAC-to-VLAN entries.
Syntax
mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1p priority ]
undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }
Default
No MAC-to-VLAN entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be a multicast MAC address or all 0s. When you configure a MAC address, leading zeros in each H section can be omitted. For example, to configure a MAC address 000f-00e2-0001, you can enter only f-e2-1.
mask mac-mask: Specifies the MAC address mask. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
dot1p priority: Specifies the 802.1p priority of the VLAN specific to the MAC-to-VLAN entry. The value range for the priority argument is 0 to 7, and the default value is 0. The higher the value, the higher the 802.1p priority.
all: Specifies all static MAC-to-VLAN entries.
Usage guidelines
For successful dynamic MAC-based VLAN assignment, use static VLANs when you create MAC-to-VLAN entries.
Different types of MAC-to-VLAN entries are created depending on whether you specify the mask keyword.
· When you specify this keyword, the created MAC-to-VLAN entry describes the relationship among a group of MAC addresses, a VLAN, and the 802.1p priority for the VLAN.
· When you do not specify this keyword, the created MAC-to-VLAN entry describes the relationship among a MAC address, a VLAN, and the 802.1p priority for the VLAN.
These different types of MAC-to-VLAN entries are stored separately in two tables. The system updates the two tables according to the configuration.
Examples
# Associate the MAC address 0000-0001-0001 with VLAN 100, and set the 802.1p priority to 7 for VLAN 100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 0-1-1 vlan 100 dot1p 7
# Associate VLAN 100 with MAC addresses whose six high-order bits are 121122, and set the 802.1p priority to 4 for VLAN 100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 dot1p 4
display mac-vlan
mac-vlan trigger enable
Use mac-vlan trigger enable to enable dynamic MAC-based VLAN assignment on a port.
Use undo mac-vlan trigger enable to disable dynamic MAC-based VLAN assignment on a port.
Syntax
mac-vlan trigger enable
undo mac-vlan trigger enable
Default
Dynamic MAC-based VLAN assignment is disabled on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
VLAN assignment for a port is triggered only when the source MAC address of its received packet exactly matches the MAC address in a MAC-to-VLAN entry.
Examples
# Enable dynamic MAC-based VLAN assignment on Twenty-FiveGigE 1/0/1.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] mac-vlan trigger enable
mac-vlan mac-address
port pvid forbidden
port pvid forbidden
Use port pvid forbidden to disable a port from forwarding packets that fail the exact MAC address match in its PVID.
Use undo port pvid forbidden to restore the default.
Syntax
port pvid forbidden
undo port pvid forbidden
Default
When a port receives packets whose source MAC addresses fail the exact MAC address match, the port forwards them in its PVID.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
Use this feature only with dynamic MAC-based VLAN assignment.
Examples
# Disable Twenty-FiveGigE 1/0/1 from forwarding packets that fail the exact MAC address match in its PVID.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port pvid forbidden
mac-vlan trigger enable
vlan precedence
Use vlan precedence to set the VLAN matching order.
Use undo vlan precedence to restore the default.
Syntax
vlan precedence mac-vlan
undo vlan precedence
Default
A port matches VLANs based on MAC addresses preferentially.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
mac-vlan: Matches VLANs based on MAC addresses preferentially.
Usage guidelines
This command takes effect only on MAC-based VLANs.
When you enable dynamic MAC-based VLAN assignment, configure the vlan precedence mac-vlan command as a best practice to ensure the priority of MAC-based VLAN matching. If you execute the vlan precedence ip-subnet-vlan command, the command does not take effect.
Examples
# Configure Twenty-FiveGigE 1/0/1 to match VLANs based on MAC addresses preferentially.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] vlan precedence mac-vlan
Related commands
mac-vlan trigger enable
VLAN group commands
display vlan-group
Use display vlan-group to display VLAN group information.
Syntax
display vlan-group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character. If you do not specify this argument, the command displays information about all VLAN groups.
Examples
# Display information about VLAN group test001.
<Sysname> display vlan-group test001
VLAN group: test001
VLAN list: 2-4 100 200
# Display information about all VLAN groups.
<Sysname> display vlan-group
VLAN group: test001
VLAN list: 2-4 100 200
VLAN group: rnd
VLAN list: Null
Table 6 Command output
|
Field |
Description |
|
VLAN group |
Name of the VLAN group. |
|
VLAN list |
VLAN list in the VLAN group. |
Related commands
vlan-group
vlan-list
vlan-group
Use vlan-group to create a VLAN group and enter its view, or enter the view of an existing VLAN group.
Use undo vlan-group to delete a VLAN group.
Syntax
vlan-group group-name
undo vlan-group group-name
Default
No VLAN groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character.
Usage guidelines
A VLAN group includes a set of VLANs. You can add multiple VLAN lists to a VLAN group.
Examples
# Create a VLAN group named test001 and enter VLAN group view.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001]
Related commands
vlan-list
vlan-list
Use vlan-list to add VLANs to a VLAN group.
Use undo vlan-list to remove VLANs from a VLAN group.
Syntax
vlan-list vlan-id-list
undo vlan-list vlan-id-list
Default
No VLANs exist in a VLAN group.
Views
VLAN group view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Examples
# Add VLAN 2 through VLAN 4, VLAN 100, and VLAN 200 to VLAN group test001.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001] vlan-list 2 to 4 100 200
Related commands
vlan-group
