H3C - Technical Support &amp Documents - 04-Layer 2 - LAN Switching Configuration Guide

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...
http://www.h3c.com/portal/Technical_Support___Documents/Technical_...
Home T echnical Support & Documents Release1335-5W130
T echnical Documents
Switches
H3C S12500 Series Switches
Configuration
Configuration Guide
H3C S12500 Configuration Guide-
Table of Content 04-Layer 2 - LAN Switching Configuration Guide 00-Preface 01-VLAN Configuration 02-MAC Address Table Configuration
04-Layer 2 - LAN Switching Configuration Guide
Chapters Download(496.79 KB)
01-VLAN Configuration
Contents
VLAN configuration
03-Spanning Tree Configuration 04-Ethernet Link Aggregation Configuration 05-Port Isolation Configuration 06-QinQ Configuration 07-VLAN Mapping Configuration 08-BPDU Tunneling Configuration 09-GVRP Configuration 10-Loopback Detection Configuration 11-MAC-in-MAC Configuration 12-LLDP Configuration
Introduction to VLAN VLAN overview VLAN fundamentals Types of VLAN Protocols and standards Configuring basic VLAN settings Configuring basic settings of a VLAN interface VLAN interface overview Configuration procedure VLAN interface configuration example Port-based VLAN configuration Introduction to port-based VLANs Assigning an access port to a VLAN Assigning a trunk port to a VLAN Assigning a hybrid port to a VLAN Port-based VLAN configuration example MAC-based VLAN configuration Introduction to MAC-based VLAN Configuring a MAC-based VLAN MAC-based VLAN configuration example Protocol-based VLAN configuration Introduction to protocol-based VLAN Configuring a protocol-based VLAN Protocol-based VLAN configuration example IP subnet-based VLAN configuration Introduction to IP subnet-based VLAN Configuring an IP subnet-based VLAN IP subnet-based VLAN configuration example Displaying and maintaining VLAN
Super VLAN configuration

Overview Configuring a super VLAN Displaying and maintaining super VLAN Super VLAN configuration example
Voice VLAN configuration

Overview OUI addresses Voice VLAN assignment modes Security mode and normal mode of voice VLANs Configuring a voice VLAN Configuration prerequisites Configuring QoS priority settings for voice traffic on an interface Configuring a port to operate in automatic voice VLAN assignment mode Configuring a port to operate in manual voice VLAN assignment mode Displaying and maintaining voice VLAN Voice VLAN configuration examples Automatic voice VLAN mode configuration example Manual voice VLAN assignment mode configuration example
VLAN configuration
This chapter includes these sections: Introduction to VLAN Configuring basic VLAN settings Configuring basic settings of a VLAN interface Port-based VLAN configuration MAC-based VLAN configuration Protocol-based VLAN configuration IP subnet-based VLAN configuration Displaying and maintaining VLAN
1 of 26
22/Jan/2012 15:29
Introduction to VLAN
VLAN overview
Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. As the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2. A VLAN is a bridging domain, and all broadcast traffic is contained within it, as shown in Figure 1. Figure 1 A VLAN diagram
A VLAN is logically divided on an organizational basis rather than on a physical basis. For example, all workstations and servers used by a particular workgroup can be connected to the same LAN, regardless of their physical locations. VLAN technology delivers the following benefits: Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation. As users from the same workgroup can be assigned to the same VLAN regardless of their physical locations, network construction and maintenance is much easier and more flexible.
VLAN fundamentals
To enable a switch to identify frames of different VLANs, a VLAN tag field is inserted into the data link layer encapsulation. The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field indicating the upper layer protocol type, as shown in Figure 2. Figure 2 Traditional Ethernet frame format
IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure 3. Figure 3 Position and format of VLAN tag
A VLAN tag comprises the following fields: tag protocol identifier (TPID), priority, canonical format indicator (CFI), and VLAN ID. The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged. The 3-bit priority field indicates the 802.1p priority of the frame. For more information about frame priority, see the ACL and QoS Configuration Guide. The 1-bit CFI field specifies whether the MAC addresses are encapsulated in the standard format when packets are transmitted across different media. Value 0 indicates that MAC addresses are encapsulated in the standard format; value 1 indicates that MAC addresses are encapsulated in a non-standard format. The value of the filed is 0 by default. The 12-bit VLAN ID field identifies the VLAN the frame belongs to. The VLAN ID range is 0 to 4095. As 0 and 4095 are reserved by the protocol, a VLAN ID actually ranges from 1 to 4094.
A switch handles an incoming frame depending on whether the frame is VLAN tagged and the value of the VLAN tag, if any. For more information, see Introduction to port-based VLANs. NOTE: The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, Ethernet also supports other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw. The VLAN tag fields are added to frames encapsulated in these formats for VLAN identification. When a frame carrying multiple VLAN tags passes through, the switch processes the frame according to its outer VLAN tag and transmits its inner tags as payload.
2 of 26
22/Jan/2012 15:29
Types of VLAN
You can implement VLAN based on the following criteria: Port MAC address Protocol IP subnet
Protocols and standards

IEEE 802.1Q, IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks
Configuring basic VLAN settings

Follow these steps to configure basic VLAN settings: To do
Enter system view Create VLANs
Use the command

system-view vlan { vlan-id1 [ to vlan-id2 ] | all }
Remarks
Optional You can use this command to create multiple VLANs in bulk. Required If the specified VLAN does not exist, this command creates the VLAN first. By default, only the default VLAN (that is, VLAN 1) exists in the system. Optional
Enter VLAN view
vlan vlan-id
Configure a name for the VLAN
name text
By default, the name of a VLAN is its VLAN ID, for example, VLAN 0001. Optional
Configure the description of the current VLAN
description text
VLAN ID is used by default, for example, VLAN 0001.
NOTE: As the default VLAN, VLAN 1 cannot be created or removed.
Configuring basic settings of a VLAN interface

VLAN interface overview
For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform layer 3 forwarding. To achieve this, VLAN interfaces are used. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on switches. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from that of the VLAN.
Configuration procedure
Follow these steps to configure basic settings of a VLAN interface: To do
Enter system view Create a VLAN interface and enter VLAN interface view
Use the command

system-view interface vlan-interface vlan-interface-id
Remarks
Required If the VLAN interface already exists, you enter its view directly. Optional No IP address is assigned to any VLAN interface by default. Optional
Assign an IP address to the VLAN interface
ip address ip-address { mask | mask-length } [ sub ]
Configure the description of the VLAN interface Set the MTU for the VLAN interface Restore the default settings for the VLAN interface
description text
VLAN interface name is used by default, for example, Vlan-interface1 Interface. Optional 1500 bytes by default. Optional Optional
mtu size default
Bring up the VLAN interface
undo shutdown
By default, a VLAN interface is in the up state. The VLAN interface is up if one or more ports in the VLAN is up, and goes down if all ports in the VLAN
3 of 26
22/Jan/2012 15:29
To do
Use the command
Remarks
go down. A VLAN interface shut down with the shutdown command, however, will be in the DOWN (Administratively) state until you bring it up, regardless of how the state of the ports in the VLAN changes.
NOTE: Before creating a VLAN interface for a VLAN, create the VLAN first.
VLAN interface configuration example

Network requirements
As shown in Figure 4, PC A is assigned to VLAN 5. PC B is assigned to VLAN 10. The PCs belong to different IP subnets and cannot communicate with each other. Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 4 Network diagram for VLAN interface configuration
1.
Configure Switch A
# Create VLAN 5 and assign GigabitEthernet 3/0/1 to it.

<SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vlan5] port gigabitethernet 3/0/1
# Create VLAN 10 and assign GigabitEthernet 3/0/2 to it.

[SwitchA-vlan5] vlan 10 [SwitchA-vlan10] port gigabitethernet 3/0/2 [SwitchA-vlan10] quit
# Create VLAN-interface 5 and configure its IP address as 192.168.0.10/24.

[SwitchA] interface vlan-interface 5 [SwitchA-Vlan-interface5] ip address 192.168.0.10 24 [SwitchA-Vlan-interface5] quit
# Create VLAN-interface 10 and configure its IP address as 192.168.1.20/24.

[SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] ip address 192.168.1.20 24 [SwitchA-Vlan-interface10] return
2.
Configure PC A Configure PC B
# Configure the default gateway of the PC as 192.168.0.10.

3.
# Configure the default gateway of the PC as 192.168.1.20.
Verification
1. 2.
The PCs can ping each other. Display brief information about Layer 3 interfaces on Switch A to verify the configuration.
<SwitchA> display ip interface brief *down: administratively down (s): spoofing Interface Vlan5 Vlan10 Physical Protocol IP Address up up up up 192.168.0.10 192.168.1.20 Description Vlan-inte... Vlan-inte...
Port-based VLAN configuration

Introduction to port-based VLANs
Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN.
Port link type

You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods:
4 of 26
22/Jan/2012 15:29
An access port belongs to only one VLAN and sends traffic untagged. It is usually used to connect a terminal device unable to recognize VLAN tagged-packets or when there is no need to separate different VLAN members. As shown in Figure 5, Device A is connected to common PCs that cannot recognize VLAN tagged-packets, and you must configure Device As ports that connect the PCs as access ports. A trunk port can carry multiple VLANs to receive and send traffic for them. Except traffic of the default VLAN, traffic sent through a trunk port will be VLAN tagged. Usually, ports connecting network devices are configured as trunk ports. As shown in Figure 5, because Device A and Device B need to transmit packets of VLAN 2 and VLAN 3, you must configure the ports connecting Device A and Device B as trunk ports, and assign them to VLAN 2 and VLAN 3. Like a trunk port, a hybrid port can carry multiple VLANs to receive and send traffic for them. Unlike a trunk port, a hybrid port allows traffic of all VLANs to pass through untagged. Usually, hybrid ports are configured to connect network devices whose support for VLAN tagged-packets you are uncertain about. As shown in Figure 5, Device C connects a small-sized LAN in which some PCs belong to VLAN 2 while some other PCs belong to VLAN 3. In this case, you must configure Device Bs port connecting to Device C as a hybrid port that allows packets of VLAN 2 and VLAN 3 to pass through untagged.
Figure 5 Network diagram for port link type configuration
Default VLAN
By default, VLAN 1 is the default VLAN for all ports. You can configure the default VLAN for a port as required. Use the following guidelines when configuring the default VLAN on a port: An access port can join only one VLAN. The VLAN to which the access port belongs is the default VLAN of the port. The default VLAN of the access port changes along with the VLAN to which the port belongs. A trunk or hybrid port can join multiple VLANs, and you can configure a default VLAN for the port. You can use a nonexistent VLAN as the default VLAN for a hybrid or trunk port but not for an access port. After you remove the VLAN that an access port resides in with the undo vlan command, the default VLAN of the port changes to VLAN 1. The removal of the VLAN specified as the default VLAN of a trunk or hybrid port, however, does not affect the default VLAN setting on the port.
NOTE: H3C recommends that you set the same default VLAN ID on local and remote ports. Ensure that a port is assigned to its default VLAN. Otherwise, when receiving frames tagged with the default VLAN ID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.
The following table shows how ports of different link types handle frames: Port type Actions (in the inbound direction) Untagged frame Tagged frame
Access Tag the frame with the default VLAN tag. Receive the frame if its VLAN ID is the same as the default VLAN ID. Drop the frame if its VLAN ID is different from the default VLAN ID.
Actions (in the outbound direction)
Remove the default VLAN tag and send the frame.
Trunk
Check whether the default VLAN is permitted on the port:
Remove the tag and send the frame if the frame carries the default VLAN tag and the port is assigned to the default VLAN. Send the frame without removing the tag if its VLAN is carried on the port but is different from the default one.
If yes, tag the frame with the default VLAN tag. If not, drop the frame.
Receive the frame if its VLAN is carried on the port. Drop the frame if its VLAN is not carried on the port.
Hybrid
Send the frame if its VLAN is carried on the port. The frame is sent with the VLAN tag removed or intact depending on your configuration with the port hybrid vlan command. This is true of the
5 of 26
22/Jan/2012 15:29
Port type
Actions (in the inbound direction) Untagged frame Tagged frame
Actions (in the outbound direction)

default VLAN.
Assigning an access port to a VLAN

You can assign an access port to a VLAN in VLAN view, Ethernet interface view, Layer 2 aggregate interface view, or port group view. Follow these steps to assign one or multiple access ports to a VLAN in VLAN view: To do
Enter system view Enter VLAN view
Use the command

system-view vlan vlan-id
Remarks
Required If the specified VLAN does not exist, this command creates the VLAN first. Required By default, all ports belong to VLAN 1.
Assign one or a group of access ports to the current VLAN
port interface-list
Follow these steps to assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do
Enter system view Enter Ethernet interface view Enter interface view or port group view Enter Layer 2 aggregate interface view Enter port group view Configure the link type of the port or ports as access
Use the command

system-view interface interface-type interfacenumber interface bridge-aggregation interface-number port-group manual port-group-name
Remarks
Required
Optional port link-type access The link type of a port is access by default. Optional port access vlan vlan-id By default, all access ports belong to VLAN 1.
Assign the current access port(s) to a VLAN
NOTE: Before assigning an access port to a VLAN, create the VLAN first. In VLAN view, you can assign only Layer 2 Ethernet ports to the current VLAN.
Assigning a trunk port to a VLAN

A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view or port group view. Follow these steps to assign a trunk port to one or multiple VLANs: To do
Enter system view Enter Ethernet interface view Enter interface view or port group view Enter Layer 2 aggregate interface view Enter port group view Configure the link type of the port or ports as trunk Assign the trunk port(s) to the specified VLAN(s)
Use the command

system-view interface interface-type interfacenumber interface bridge-aggregation interface-number port-group manual port-group-name port link-type trunk port trunk permit vlan { vlan-id-list | all }
Remarks
Use any command.
Required Required By default, a trunk port carries only VLAN 1. Optional
Configure the default VLAN of the trunk port(s)
port trunk pvid vlan vlan-id
VLAN 1 is the default VLAN by default.
NOTE: To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. After configuring the default VLAN for a trunk port, you must use the port trunk permit vlan command to configure the trunk port to allow packets from the default VLAN to pass through, so that the egress port can forward packets from the default VLAN.
Assigning a hybrid port to a VLAN

A hybrid port can carry multiple VLANs. You can assign it to a VLAN in interface view or port group view. Follow these steps to assign a hybrid port to one or multiple VLANs:
6 of 26
22/Jan/2012 15:29
To do
Enter system view Enter Ethernet interface view Enter interface view or port group view Enter Layer 2 aggregate interface view Enter port group view Configure the link type of the port(s) as hybrid Assign the hybrid port(s) to the specified VLAN(s)
Use the command

system-view interface interface-type interfacenumber interface bridge-aggregation interface-number port-group manual port-group-name port link-type hybrid
Remarks
Use any command.
Required Required
port hybrid vlan vlan-id-list { tagged | untagged }
By default, a hybrid port allows only packets of VLAN 1 to pass through untagged. Optional
Configure the default VLAN of the hybrid port
port hybrid pvid vlan vlan-id
VLAN 1 is the default by default.
NOTE: To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. After configuring the default VLAN for a hybrid port, you must use the port hybrid vlan command to configure the hybrid port to allow packets from the default VLAN to pass through, so that the egress port can forward packets from the default VLAN.
Port-based VLAN configuration example

As shown in Figure 6: Host A and Host C belong to Department A, and access the enterprise network through different switches. Host B and Host D belong to Department B. They also access the enterprise network through different switches. To ensure communication security and prevent broadcast storms, VLANs are configured in the enterprise network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to Department A, and VLAN 200 is assigned to Department B. Ensure that hosts within the same VLAN can communicate with each other, in other words, Host A can communicate with Host C, and Host B can communicate with Host D.
Figure 6 Network diagram for port-based VLAN configuration
1.
Configure Device A
# Create VLAN 100, and assign port GigabitEthernet 3/0/1 to VLAN 100.
<DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port GigabitEthernet 3/0/1 [DeviceA-vlan100] quit
[DeviceA] vlan 200 [DeviceA-vlan200] port GigabitEthernet 3/0/2 [DeviceA-vlan200] quit
# Configure port GigabitEthernet 3/0/3 as a trunk port, and assign it to VLANs 100 and 200, thus enabling GigabitEthernet 3/0/3 to forward traffic of VLANs 100 and 200 to Device B.
[DeviceA] interface gigabitethernet 3/0/3 [DeviceA-GigabitEthernet3/0/3] port link-type trunk [DeviceA-GigabitEthernet3/0/3] port trunk permit vlan 100 200 Please wait... Done.
2. 3.
Configure Device B as you configure Device A. Configure Host A and Host C to be on the same network segment, 192.168.100.0/24 for example. Configure Host B and Host D to be on the same network segment, 192.168.200.0/24 for example
Verification
1.
Host A and Host C can ping each other successfully, but they both fail to ping Host B. Host B and Host D can ping each other successfully, but they both fail to ping Host A.
7 of 26
22/Jan/2012 15:29
2.
Check whether the configuration is successful by displaying relevant VLAN information.
# Display information about VLANs 100 and 200 on Device A:

[DeviceA-GigabitEthernet3/0/3] display vlan 100 VLAN ID: 100 VLAN Type: static Route Interface: not configured Description: VLAN 0100 Name: VLAN 0100 Broadcast MAX-ratio: 100% Tagged Ports:
GigabitEthernet3/0/3 Untagged Ports: GigabitEthernet3/0/1 [DeviceA-GigabitEthernet3/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Broadcast MAX-ratio: 100% Tagged Ports:
GigabitEthernet3/0/3 Untagged Ports: GigabitEthernet3/0/2
MAC-based VLAN configuration

Introduction to MAC-based VLAN
The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is mostly used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
Static MAC-based VLAN assignment

Static MAC-based VLAN assignment applies to networks containing a small number of VLAN users. In such a network, you can create a MAC address-to-VLAN map containing multiple MAC address-to-VLAN entries on a port, enable MAC-based VLAN on the port, and assign the port to MAC-based VLANs. With static MAC-based VLAN assignment configured on a port, the device processes received frames by using the following guidelines: When the port receives an untagged frame, the device looks up the MAC address-to-VLAN map based on the source MAC address of the frame for a match. The device first performs a fuzzy match. In the fuzzy match, the device searches the MAC address-to-VLAN entries whose masks are not all-Fs and performs a logical AND operation on the source MAC address and each mask. If the result of an AND operation matches the corresponding MAC address, the device tags the frame with the corresponding VLAN ID. If the fuzzy match fails, the device performs an exact match. In the exact match, the device searches the MAC address-to-VLAN entries whose masks are all-Fs. If the MAC address of a MAC address-to-VLAN entry matches the source MAC address of the untagged frame, the device tags the frame with the corresponding VLAN ID. If no match is found, the device assigns a VLAN to the frame by using other criteria, such as IP address or protocol. If no match is found, the device tags the frame with the default VLAN ID of the receiving port, and forwards the tagged frame. When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is permitted by the port, or otherwise drops the frame.
Dynamic MAC-based VLAN

You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic MAC-based VLAN on the device, you must configure the MAC address-to-VLAN entries on the access authentication server. When a user passes authentication of the access authentication server, the device obtains VLAN information from the server, generates a MAC address-to-VLAN entry by using the source MAC address of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the user goes offline, the device automatically deletes the MAC address-to-VLAN entry, and removes the port from the MAC-based VLAN. NOTE: For more information about 802.1X, MAC, and portal authentication, see the Security Configuration Guide.
Configuring a MAC-based VLAN

NOTE: MAC-based VLANs are available only on hybrid ports. Because MAC-based dynamic port assignment is mainly configured on the downlink ports of the user access devices, do not enable this function together with link aggregation.
Follow these steps to configure static MAC-based VLAN assignment: To do...

Enter system view
Use the command...

system-view
Remarks
8 of 26
22/Jan/2012 15:29
To do...
Associate MAC addresses with a VLAN Enter Ethernet interface view or port group view Enter Ethernet interface view Enter port group view
Use the command...

mac-vlan mac-address mac-address vlan vlan-id [ priority priority ] interface interface-type interfacenumber
Remarks
Required
Use either command. port-group manual port-group-name port link-type hybrid Required Required port hybrid vlan vlan-id-list { tagged | untagged } By default, a hybrid port only permits the packets of VLAN 1 to pass through. Required Disabled by default
Configure the link type of the port(s) as hybrid Configure the current hybrid port(s) to permit packets from specific MAC-based VLANs to pass through
Enable MAC-based VLAN
mac-vlan enable
Follow these steps to configure dynamic MAC-based VLAN: To do...

Enter system view Enter interface view or port group view Enter Ethernet interface view Enter port group view
Use the command...

system-view interface interface-type interfacenumber
Remarks
Use either command. port-group manual port-group-name port link-type hybrid Required Required port hybrid vlan vlan-id-list { tagged | untagged } By default, a hybrid port only permits the packets of VLAN 1 to pass through. Required Disabled by default. Required
Configure the link type of the port(s) as hybrid Configure the hybrid port(s) to permit packets from specific MAC-based VLANs to pass through
Enable MAC-based VLAN Configure 802.1X/MAC/portal authentication
mac-vlan enable For more information, see the Security Command Reference.
MAC-based VLAN configuration example

As shown in Figure 7, GigabitEthernet 3/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meeting and may be used in any of the two meeting rooms. Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 and VLAN 200 respectively. It is required that each laptop can access only its own department server no matter which meeting room it is used in. The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69.
Figure 7 Network diagram for MAC-based VLAN configuration
Configuration consideration
Create VLANs 100 and 200. Configure the uplink ports of Device A and Device C as trunk ports, and assign them to VLANs 100 and 200. Configure the downlink ports of Device B as trunk ports, and assign them to VLANs 100 and 200. Assign the uplink ports of Device B to VLANs 100 and 200. Associate the MAC address of Laptop 1 with VLAN 100, and the MAC address of Laptop 2 with VLAN 200.
9 of 26
22/Jan/2012 15:29
1.
Configure Device A
# Create VLANs 100 and 200.

<DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit
# Associate the MAC address of Laptop 1 with VLAN 100, and the MAC address of Laptop 2 with VLAN 200.
[DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200
# Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 3/0/1: Configure GigabitEthernet 3/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable MAC-based VLAN on it.
[DeviceA] interface gigabitethernet 3/0/1 [DeviceA-GigabitEthernet3/0/1] port link-type hybrid [DeviceA-GigabitEthernet3/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-GigabitEthernet3/0/1] mac-vlan enable [DeviceA-GigabitEthernet3/0/1] quit
# Configure the uplink port GigabitEthernet 3/0/2 as a trunk port, and assign it to VLANs 100 and 200. so that the laptops can access Server 1 and Server 2.
[DeviceA] interface gigabitethernet 3/0/2 [DeviceA-GigabitEthernet3/0/2] port link-type trunk [DeviceA-GigabitEthernet3/0/2] port trunk permit vlan 100 200 [DeviceA-GigabitEthernet3/0/2] quit
2.
Configure Device B
# Create VLANs 100 and 200. Assign GigabitEthernet 3/0/13 to VLAN 100, and GigabitEthernet 3/0/14 to VLAN 200.
<DeviceB> system-view [DeviceB] vlan 100 [DeviceB-vlan100] port GigabitEthernet 3/0/13 [DeviceB-vlan100] quit [DeviceB] vlan 200 [DeviceB-vlan200] port GigabitEthernet 3/0/14 [DeviceB-vlan200] quit
# Configure GigabitEthernet 3/0/3 and GigabitEthernet 3/0/4 as trunk ports, and assign them to VLANs 100 and 200.
[DeviceB] interface gigabitethernet 3/0/3 [DeviceB-GigabitEthernet3/0/3] port link-type trunk [DeviceB-GigabitEthernet3/0/3] port trunk permit vlan 100 200 [DeviceB-GigabitEthernet3/0/3] quit [DeviceB] interface gigabitethernet 3/0/4 [DeviceB-GigabitEthernet3/0/4] port link-type trunk [DeviceB-GigabitEthernet3/0/4] port trunk permit vlan 100 200 [DeviceB-GigabitEthernet3/0/4] quit
3.
Configure Device C
Configure Device C as you configure Device A.
Verification
1. 2.
Laptop 1 can access Server 1 only, and Laptop 2 can access Server 2 only. On Device A and Device C, you can see that VLAN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2.
The following MAC VLAN addresses exist: S:Static MAC ADDR D:Dynamic MASK VLAN ID PRIO STATE
[DeviceA] display mac-vlan all
-------------------------------------------------------000d-88f8-4e71 0014-222c-aa69 ffff-ffff-ffff ffff-ffff-ffff 100 200 0 0 S S
Total MAC VLAN address count:2
Configuration guidelines
1. 2.
MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer switches, and hence cannot be configured together with the link aggregation function.
Protocol-based VLAN configuration

Introduction to protocol-based VLAN
NOTE:
10 of 26
22/Jan/2012 15:29
Protocol-based VLAN configuration applies to hybrid ports only. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT). The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. A protocol type and an encapsulation format comprise a protocol template. You can create multiple protocol templates for a protocol-based VLAN, and different protocol templates are assigned different protocol-index values. Therefore, a protocol template can be uniquely identified by a protocol-based VLAN ID and a protocol index combined. When you use commands to associate protocol templates with ports, use protocol-based vlan-id + protocol index to specify the protocol templates. An untagged packet reaching a port associated with protocol templates will be processed as follows. If the protocol type and encapsulation format carried in the packet matches a protocol template, the packet will be tagged with the VLAN tag corresponding to the protocol template. If the packet matches no protocol templates, the packet will be tagged with the default VLAN ID of the port.
The port processes a tagged packet as it processes tagged packets of a port-based VLAN. If the port is assigned to the VLAN corresponding to the VLAN tag carried in the packet, it forwards the packet. If not, it drops the packet.
This feature is mainly used to assign packets of the specific service type to a specific VLAN.
Configuring a protocol-based VLAN

Follow these steps to configure a protocol-based VLAN: To do
Enter system view
Use the command

system-view
Remarks
Required
Enter VLAN view
vlan vlan-id
If the specified VLAN does not exist, this command creates the VLAN first.
Create a protocol template for the VLAN
protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } } quit
Required
Exit VLAN view Enter Ethernet interface view
interface interface-type interfacenumber
Use any command.
Enter Layer 2 aggregate interface view
In Ethernet interface view, the subsequent configurations apply to the current port. In port group view, the subsequent configurations apply to all ports in the port group. In Layer 2 aggregate interface view, the subsequent configurations apply to the Layer 2 aggregate interface and all its member ports.
Enter interface view or port group view
interface bridge-aggregation interface-number
Enter port group view port-group manual port-group-name
Configure the port link type as hybrid Configure current hybrid port(s) to permit the packets of the specified protocol-based VLANs to pass through Associate the hybrid port(s) with the specified protocol-based VLAN
port link-type hybrid port hybrid vlan vlan-id-list { tagged | untagged } port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
Required Required By default, all hybrid ports permit packets of VLAN 1 to pass through only. Required
Protocol-based VLAN configuration example

In a lab environment as shown in Figure 8, most hosts run the IPv4 protocol, while the rest of the hosts run the IPv6 protocol for teaching purpose. To avoid interference, isolate IPv4 traffic and IPv6 traffic at Layer 2. Figure 8 Network diagram for protocol-based VLAN configuration
11 of 26
22/Jan/2012 15:29
Configuration consideration
Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2.
1.
Configure Device
<Device> system-view [Device] vlan 100 [Device-vlan100] description protocol VLAN for IPv4 [Device-vlan100] port GigabitEthernet 3/0/11
[Device-vlan100] quit [Device] vlan 200 [Device-vlan200] description protocol VLAN for IPv6 [Device-vlan200] port GigabitEthernet 3/0/12
# Create an IPv6 protocol template in the view of VLAN 200, and an IPv4 protocol template in the view of VLAN 100.
[Device-vlan200] protocol-vlan 1 ipv6 [Device-vlan200] quit [Device] vlan 100 [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit
# Configure port GigabitEthernet 3/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged.
[Device] interface gigabitethernet 3/0/1 [Device-GigabitEthernet3/0/1] port link-type hybrid [Device-GigabitEthernet3/0/1] port hybrid vlan 100 200 untagged Please wait... Done.
# Associate port GigabitEthernet 3/0/1 with the IPv4 protocol template of VLAN 100, and the IPv6 protocol template of VLAN 200.
[Device-GigabitEthernet3/0/1] port hybrid protocol-vlan vlan 100 1 [Device-GigabitEthernet3/0/1] port hybrid protocol-vlan vlan 200 1 [Device-GigabitEthernet3/0/1] quit
# Configure GigabitEthernet 3/0/2 as a hybrid port that forwards packets of VLANs 100 and 200 untagged, and associate GigabitEthernet 3/0/2 with the IPv4 protocol template of VLAN 100, and the IPv6 protocol template of VLAN 200.
[Device] interface gigabitethernet 3/0/2 [Device-GigabitEthernet3/0/2] port link-type hybrid [Device-GigabitEthernet3/0/2] port hybrid vlan 100 200 untagged Please wait... Done. [Device-GigabitEthernet3/0/2] port hybrid protocol-vlan vlan 100 1 [Device-GigabitEthernet3/0/2] port hybrid protocol-vlan vlan 200 1
2. 3.
Keep the default settings of L2 Switch A and L2 Switch B. Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same network segment, 192.168.100.0/24 for example, and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be on the same network segment, 192.168.200.0/24 for example.
Verification
1. 2.
The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts/server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to check whether the configurations have become valid.
# Display protocol-based VLAN configuration on Device.

[Device-GigabitEthernet3/0/2] display protocol-vlan vlan all VLAN ID:100 Protocol Index Protocol Type
======================================================
12 of 26
22/Jan/2012 15:29
1 VLAN ID:200 Protocol Index
ipv4
Protocol Type
====================================================== 1 ipv6
# Display protocol-based VLAN information on the ports of Device.

[Device-GigabitEthernet3/0/2] display protocol-vlan interface all Interface: GigabitEthernet 3/0/1 VLAN ID Protocol Index Protocol Type
====================================================== 100 200 1 1 ipv4 ipv6
Interface: GigabitEthernet 3/0/2 VLAN ID Protocol Index Protocol Type
====================================================== 100 200 1 1 ipv4 ipv6
Configuration guidelines
Protocol-based VLAN configuration applies to hybrid ports only.
IP subnet-based VLAN configuration

Introduction to IP subnet-based VLAN
In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns an incoming untagged packet to a VLAN based on the source IP address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN, and is implemented through ACLs and QoS policies. For more information about ACLs and QoS policies, see the ACL and QoS Configuration Guide.
Configuring an IP subnet-based VLAN

Follow these steps to configure an IP subnet-based VLAN: To do
Enter system view
Use the command

system-view
Remarks
Required
Enter VLAN view
vlan vlan-id
If the specified VLAN does not exist, this command creates the VLAN first. Required Use either command.
Return to system view Enter interface view or port group view Enter Ethernet interface view Enter port group view
quit interface interface-type interface-number port-group manual port-group-name port link-type hybrid
Configure the link type as hybrid Configure the hybrid port or ports to permit the specified IP subnet-based VLANs to pass through
Required Required
port hybrid vlan vlan-id-list { tagged | untagged }
By default, a hybrid port allows only packets from VLAN 1 to pass through untagged. Optional
Configure the default VLAN ID of the hybrid port or ports Return to system view
port hybrid pvid vlan vlan-id
By default, the default VLAN ID of a hybrid port is VLAN 1. Required
quit
Create an IPv4 basic or advanced ACL and enter its view
acl number acl-number [ name acl-name ] [ match-order { auto | config } ]
Only IPv4 basic ACLs (numbering 2000 to 2999) and IPv4 advanced ACLs (numbering 3000 to 3999) are supported. Required Use either command. You must configure at least the source IPv4 address and subnet mask. For more information about the rule command, see the ACL and QoS Command Reference.
Create an IPv4 basic ACL rule Create an IPv4 ACL rule to match a specific IP subnet Create an IPv4 advanced ACL rule
rule [ rule-id ] { deny | permit } [ fragment | logging | counting | source { sour-addr sour-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } |
13 of 26
22/Jan/2012 15:29
To do
Use the command

destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type icmp-code | icmp-message } | logging | counting | precedence precedence | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] *
Remarks
Return to system view Create a class Use the IPv4 basic or advanced ACL as the match criteria of the class
quit traffic classifier tcl-name [ operator { and | or } ]
Required By default, the operator of a class is AND. Required Required
if-match acl { acl-number | name acl-name }
Configure the class to match ARP packets
if-match protocol arp
For more information about the if-match command, see the ACL and QoS Command Reference. Required Required Required Required Required
Return to system view Create a class Use the IPv4 basic or advanced ACL as the match criteria of the class Return to system view Create a traffic behavior Configure the traffic behavior to mark matching packets with a specific VLAN Return to system view Create a policy and enter policy view Associate the classes with the traffic behavior in the policy to transmit ARP packets and IPv4 packets from the specified subnet in the specified VLAN Return to system view
quit traffic classifier tcl-name [ operator { and | or } ] if-match acl {acl-number | name acl-name } quit traffic behavior behavior-name remark service-vlan-id vlan-id-value quit qos policy policy-name
classifier tcl-name behavior behavior-name
Required
quit Enter Ethernet interface view Enter port group view interface interface-type interface-number
Apply the policy to an interface or multiple interfaces Apply the QoS policy
Enter interface or port group view
Required port-group manual port-group-name Use any approach. To apply the policy to a Layer 2 aggregate interface, you must apply the policy to every member port of the Layer 2 aggregate interface.
qos apply policy policy-name { inbound | outbound } Apply the policy to the specified VLANs Apply the policy globally qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound }
qos apply policy policy-name global { inbound | outbound }
IP subnet-based VLAN configuration example

As shown in Figure 9, PC A and PC B in a lab are located on different IP subnets. PC A and PC B are connected to Switch through L2 Switch. Configure Switch to assign different VLANs and gateways to the PCs by IP subnet. Figure 9 Network diagram for IP subnet-based VLAN configuration
14 of 26
22/Jan/2012 15:29
Configuration considerations
To satisfy the requirements, you can configure IP subnet-based VLANs. Create VLAN 10 and VLAN 20. Assign users on subnet 1.1.1.0/24 to VLAN 10, and users on 2.1.1.0/24 to VLAN 20.
1.
Configure Switch
# Create VLAN-interface 10 and VLAN-interface 20. The configuration steps are omitted. # Configure port GigabitEthernet 3/0/1 as a hybrid port to permit packets from VLANs 1, 10, and 20 to pass through untagged, and configure the default VLAN ID of the port as 1.
[Switch] interface GigabitEthernet 3/0/1 [Switch-GigabitEthernet3/0/1] port link-type hybrid [Switch-GigabitEthernet3/0/1] port hybrid vlan 10 20 1 untagged Please wait... Done. [Switch-GigabitEthernet3/0/1] port hybrid pvid vlan 1
# Configure ACL 3000 to permit packets from subnet 1.1.1.0/24 to pass through, and ACL 3001 to permit packets from subnet 2.1.1.0/24 to pass through.
[Switch] acl number 3000 [Switch-acl-adv-3000] rule 0 permit ip source 1.1.1.0 0.0.0.255 [Switch-acl-adv-3000] quit [Switch] acl number 3001 [Switch-acl-adv-3001] rule 0 permit ip source 2.1.1.0 0.0.0.255 [Switch-acl-adv-3001] quit
# Configure a QoS policy named test to transmit ARP and IPv4 packets from subnet 1.1.1.0/24 through VLAN 10 and transmit ARP and IPv4 packets from subnet 2.1.1.0/24 through VLAN 20.
[Switch] traffic classifier 1 [Switch-classifier-1] if-match acl 3000 [Switch-classifier-1] quit [Switch] traffic classifier 2 [Switch-classifier-2] if-match acl 3000 [Switch-classifier-2] if-match protocol arp [Switch-classifier-2] quit [Switch] traffic classifier 3 [Switch-classifier-3] if-match acl 3001 [Switch-classifier-3] quit [Switch] traffic classifier 4 [Switch-classifier-4] if-match acl 3001 [Switch-classifier-4] if-match protocol arp [Switch-classifier-4] quit [Switch] traffic behavior 1 [Switch-behavior-1] remark service-vlan-id 10 [Switch-behavior-1] quit [Switch] traffic behavior 2 [Switch-behavior-2] remark service-vlan-id 20 [Switch-behavior-2] quit [Switch] qos policy test [Switch-qospolicy-test] classifier 1 behavior 1 [Switch-qospolicy-test] classifier 2 behavior 1 [Switch-qospolicy-test] classifier 3 behavior 2 [Switch-qospolicy-test] classifier 4 behavior 2 [Switch-qospolicy-test] quit
# Apply the QoS policy to the incoming packets of port GigabitEthernet 3/0/1.
[Switch] interface GigabitEthernet 3/0/1 [Switch-GigabitEthernet3/0/1] qos apply policy test inbound
Verification
Ping the gateway (IP address of VLAN-interface 10, for example, 1.1.1.1) from PC A, and the gateway (IP address of VLAN-interface 20, for example, 2.1.1.1) from PC B. The ping operations succeed.
15 of 26
22/Jan/2012 15:29
Log in to Switch and display ARP entries.

[Switch] display arp Type: S-Static IP Address 1.1.1.100 2.1.1.100 D-Dynamic MAC Address 0000-0000-0001 0000-0000-0002 A-Authorized VLAN ID 10 20 Interface GE3/0/1 GE3/0/1 Aging Type N/A N/A D D
Configuration precautions
IP subnet-based VLANs are only effective to hybrid ports.
Displaying and maintaining VLAN

To do...
Display VLAN information
Use the command

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] [ | { begin | exclude | include } regular-expression ] display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regularexpression ] display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ] display port { hybrid | trunk } [ | { begin | exclude | include } regular-expression ] display mac-vlan { all | dynamic | mac-address mac-address | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] display mac-vlan interface [ | { begin | exclude | include } regular-expression ] display protocol-vlan vlan { vlan-id [ to vlan-id ] | all } [ | { begin | exclude | include } regularexpression ] display protocol-vlan interface { interface-type interface-number [ to interface-type interfacenumber ] | all } [ | { begin | exclude | include } regular-expression ] reset counters interface vlan-interface [ vlan-interface-id ]
Remarks
Available in any view
Display VLAN interface information
Display hybrid ports or trunk ports on the switch Display MAC address-to-VLAN entries Display all ports with MAC-based VLAN enabled Display protocol information and protocol indexes of the specified VLANs Display protocol-based VLAN information on specified ports
Clear statistics on a port
Available in user view
Super VLAN configuration

This chapter includes these sections: Overview Configuring a super VLAN Displaying and maintaining super VLAN Super VLAN configuration example
Overview
Super VLAN, also called VLAN aggregation, was introduced to save IP address space. A super VLAN is associated with multiple sub-VLANs. You can create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a sub-VLAN. You cannot assign a physical port to a super VLAN, but you can assign a physical port to a sub-VLAN. All ports of a sub-VLAN use the VLAN interface IP address of the associated super VLAN. Packets cannot be forwarded between sub-VLANs at Layer 2. To enable Layer 3 communication between sub-VLANs, you should configure the VLAN interface IP address of the associated super VLAN as the gateway IP address. This enables multiple sub-VLANs to share the same gateway address, which saves IP address resources. After creating a super VLAN and the VLAN interface, enable local proxy Address Resolution Protocol (ARP) on the switch. The super VLAN can use local proxy ARP to forward and process ARP requests and responses and to provide Layer 3 communication between sub-VLANs. NOTE: For more information about local proxy ARP, see the Layer 3IP Services Configuration Guide.
Configuring a super VLAN

NOTE: By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in DOWN state. Before configuring these interfaces, use the undo shutdown command to bring them up. To configure a super VLAN, complete the following tasks:
16 of 26
22/Jan/2012 15:29
1. 2. 3.
Configure sub-VLANs. Configure a super VLAN, and associate the super VLAN with the sub-VLANs configured earlier. Configure a VLAN interface for the super VLAN. The VLAN interface enables communication among hosts and sub-VLANs.
Configuring sub-VLANs
Follow these steps to configure a super VLAN: To do
Enter system view Create a sub-VLAN and enter VLAN view
Use the command

system-view
Remarks
Required
vlan vlan-id
If the specified VLAN already exists, this command enters VLAN view only.
Configuring a super VLAN

Follow these steps to configure a super VLAN: To do
Enter system view
Use the command

system-view
Remarks
Required
Enter VLAN view
vlan vlan-id
If the specified VLAN does not exist, this command creates the VLAN first, and then enters VLAN view. Required Required
Configure the VLAN as a super VLAN Associate the super VLAN with the specified sub-VLAN(s)
supervlan
subvlan vlan-list
VLANs specified by vlan-list must be the sub-VLANs configured earlier.
Configure a VLAN interface for the super VLAN

Follow these steps to configure a VLAN interface for the super VLAN: To do
Enter system view Create a VLAN interface, and enter VLAN interface view
Use the command

system-view interface vlan-interface vlan-interface-id
Remarks
Required The value of vlan-interface-id must be the ID of the super VLAN. Required By default, the IP address of a VLAN interface is not configured. Required Disabled by default
Configure the IP address of the VLAN interface
ip address ip-address { mask | mask-length } [ sub ]
Enable local proxy ARP
local-proxy-arp enable
NOTE: Configure the IP address of the VLAN interface with that of the corresponding super VLAN. For more information about the local proxy ARP function, see the Layer 3IP Services Configuration Guide. For more information about the local-proxy-arp enable command, see the Layer 3IP Services Command Reference. You cannot configure a super VLAN as the guest VLAN for a port, and vice versa. For more information about guest VLANs, see the Security Configuration Guide. You can configure Layer 2 multicast for a super VLAN, but the configuration is ineffective. You can configure DHCP, Layer 3 multicast, and dynamic routing for the VLAN interface of a super VLAN, but these features cannot take effect. H3C does not recommend you to configure VRRP for the VLAN interface of a super VLAN, because it affects network performance. You cannot create a VLAN interface for a sub-VLAN.
Displaying and maintaining super VLAN

To do
Display the mapping between a super VLAN and its sub-VLAN(s)
Use the command

display supervlan [ supervlan-id ] [ | { begin | exclude | include } regularexpression ]
Remarks
Super VLAN configuration example

As shown in Figure 10, Create super VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24.
17 of 26
22/Jan/2012 15:29
Create the sub-VLANs VLAN 2, VLAN 3, and VLAN 5. Assign GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to VLAN 2, GigabitEthernet 3/0/3 and GigabitEthernet 3/0/4 to VLAN 3, and GigabitEthernet 3/0/5 and GigabitEthernet 3/0/6 to VLAN 5. The sub-VLANs are isolated at Layer 2 but connected at Layer 3.
Figure 10 Network diagram for super VLAN configuration
# Create VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24.
<Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0
# Enable local proxy ARP.

[Sysname-Vlan-interface10] local-proxy-arp enable [Sysname-Vlan-interface10] quit
# Create VLAN 2, and assign ports GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to it.
[Sysname] vlan 2 [Sysname-vlan2] port gigabitethernet 3/0/1 gigabitethernet 3/0/2
[Sysname-vlan2] quit [Sysname] vlan 3 [Sysname-vlan3] port gigabitethernet 3/0/3 gigabitethernet 3/0/4
[Sysname-vlan3] quit [Sysname] vlan 5 [Sysname-vlan5] port gigabitethernet 3/0/5 gigabitethernet 3/0/6
# Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its sub-VLANs.
[Sysname-vlan5] quit [Sysname] vlan 10 [Sysname-vlan10] supervlan [Sysname-vlan10] subvlan 2 3 5 [Sysname-vlan10] quit [Sysname] quit
Verification
# Display information about super VLAN to verify the configuration above.
<Sysname> display supervlan SuperVLAN ID : SubVLAN ID : 10
2-3 5
VLAN ID: 10 VLAN Type: static It is a Super VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0010 Name: VLAN 0010 Tagged Ports: none
Untagged Ports: none
VLAN ID: 2 VLAN Type: static It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none
18 of 26
22/Jan/2012 15:29
Untagged Ports: GigabitEthernet3/0/1 GigabitEthernet3/0/2
Voice VLAN configuration

This chapter includes these sections: Overview Configuring a voice VLAN Displaying and maintaining voice VLAN Voice VLAN configuration examples
Overview
As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist. Usually, compared to data traffic, voice traffic is given a higher transmission priority for the purpose of reducing transmission delay and packet loss. A voice VLAN is configured especially for voice traffic. After assigning the ports connecting to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, thus improving the transmission priority of voice traffic and ensuring voice quality. NOTE: Common voice devices include IP phones and integrated access devices (IADs). Only IP phones are used in the voice VLAN configuration examples in this chapter.
OUI addresses
A switch determines whether a received packet is a voice packet by checking its source MAC address. A packet whose source MAC address complies with the voice devices Organizationally Unique Identifier (OUI) address is regarded as voice traffic. You can configure the OUI addresses of a device in advance or use the default OUI addresses. Table 1 lists the default OUI address for each vendors devices. Table 1 The default OUI addresses of different vendors Number
1 2 3 4 5 6 7
OUI address
0001-e300-0000 0003-6b00-0000 0004-0d00-0000 00d0-1e00-0000 0060-b900-0000 00e0-7500-0000 00e0-bb00-0000
Vendor
Siemens phone Cisco phone Avaya phone Pingtel phone Philips/NEC phone Polycom phone 3Com phone
NOTE: In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are
19 of 26
22/Jan/2012 15:29
different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet. They are the results of the AND operation of the two arguments mac-address and oui-mask in the voice vlan mac-address command. You can remove the default OUI address of a switch manually and then add new ones manually.
Voice VLAN assignment modes

A port can be assigned to a voice VLAN in one of the following two modes: In automatic mode, the system matches the source MAC address carried in the untagged packets sent when an IP phone is powered on against the switchs OUI addresses. If a match is found, the switch automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence. You can configure voice VLAN aging time on the switch. The switch removes a port from the voice VLAN if no packet is received from the port during the aging time. Assigning/removing ports to/from a voice VLAN are automatically performed by the switch. The automatic mode is suitable for scenarios where PCs and IP phones connected in series access the network through the switch and ports on the switch transmit both voice traffic and data traffic at the same time, as shown in Figure 11. When the voice VLAN works normally, in case of a switch reboot, the switch reassigns ports in automatic voice VLAN assignment mode to the voice VLAN after the reboot, thus ensuring that existing voice connections can work normally. In this case, port assignment to the voice VLAN is not triggered by voice traffic streams.
Figure 11 PCs and IP phones connected in series access the network
In manual mode, you need to manually assign an IP phone accessing port to a voice VLAN. Then, the switch matches the source MAC addresses carried in the packets against the switchs OUI addresses. If a match is found, the switch issues ACL rules and configures the packet precedence. In this mode, assigning/removing ports to/from a voice VLAN are performed manually. The manual mode is suitable for scenarios where only IP phones access the network through the switch and ports on the switch only transmit voice traffic, as shown in Figure 12. In this mode, ports assigned to a voice VLAN transmit voice traffic exclusively, which prevents the impact of data traffic on the transmission of voice traffic.
Figure 12 Only IP phones access the network
Both modes forward tagged packets according to their tags. The following tables list the required configurations on ports of different link types in order for these ports to support tagged or untagged voice traffic sent from IP phones when different voice VLAN assignment modes are configured. IP phones send tagged voice traffic Table 2 Required configurations on ports of different links types in order for the ports to support tagged voice traffic Port link type
Access Manual Automatic Trunk Manual Yes The default VLAN of the port cannot be the voice VLAN. The default VLAN of the port cannot be the voice VLAN. Configure the port to permit packets of its default VLAN to pass through. The default VLAN of the port cannot be the voice VLAN. Yes Manual The default VLAN of the port cannot be the voice VLAN. Configure the port to permit packets of the voice VLAN to pass through tagged.
V oice VLAN assignment mode

Automatic
Support for tagged voice traffic

No
Configuration requirements
Automatic Hybrid
IP phones send untagged voice traffic
When IP phones send untagged voice traffic, you can only configure the voice traffic receiving ports on the switch to operate in manual voice VLAN assignment mode. Table 3 Required configurations on ports of different links types in order for the ports to support tagged voice traffic Voice VLAN assignment mode
Automatic
Port link type

Access
Support for untagged voice traffic

No
20 of 26
22/Jan/2012 15:29
Port link type
Voice VLAN assignment mode

Manual Automatic
Support for untagged voice traffic

Yes No Yes No
Configure the default VLAN of the port as the voice VLAN. Configure the default VLAN of the port as the voice VLAN and assign the port to the voice VLAN. Configure the default VLAN of the port as the voice VLAN and configure the port to permit packets of the voice VLAN to pass through untagged.
Trunk Manual Automatic Hybrid Manual Yes
CAUTION: If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X authentication and guest VLAN, you should assign different VLAN IDs for the voice VLAN, the default VLAN of the connecting port, and the 802.1X guest VLAN. If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must configure the default VLAN of the IP phones accessing port as the voice VLAN. In this case, the 802.1X authentication function cannot be implemented.
NOTE: The default VLANs for all ports are VLAN 1. You can configure the default VLAN of a port and assign a port to certain VLANs by using commands. For more information, see the chapter VLAN configuration. Use the display interface command to display the default VLAN of a port and the VLANs to which the port is assigned.
Security mode and normal mode of voice VLANs

V oice VLAN-enabled ports operate in security mode or normal mode, depending on their inbound packet filtering mechanisms. Normal mode: In this mode, voice VLAN-enabled ports receive packets carrying the voice VLAN tag and forward packets in the voice VLAN without checking their source MAC addresses against the OUI addresses configured for the switch. If the default VLAN of the port is the voice VLAN and the port works in manual VLAN assignment mode, the port forwards all received untagged packets in the voice VLAN. In normal mode, the voice VLANs are vulnerable to traffic attacks. Vicious users may forge a large amount of voice packets and send them to the switch to consume the voice VLAN bandwidth, affecting normal voice communication. Security mode: In this mode, only voice packets whose source MAC addresses match the recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, while all other packets are dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, thus reducing the consumption of system resources due to source MAC addresses checking. TIP: H3C does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you have to, ensure that the voice VLAN security mode is disabled. Table 4 How a voice VLAN-enabled port processes packets in security/normal mode Voice VLAN mode Packet type
Untagged packets Security mode Packets carrying the voice VLAN tag Packets carrying other tags Untagged packets Packets carrying the voice VLAN tag Packets carrying other tags
Packet processing mode

If the source MAC address of a packet matches an OUI address configured for the switch, it is forwarded in the voice VLAN; otherwise, it is dropped. Forwarded or dropped depending on whether the port allows packets of these VLANs to pass through The port does not check the source MAC addresses of inbound packets. In this way, both voice traffic and non-voice traffic can be transmitted in the voice VLAN.
Normal mode
Forwarded or dropped depending on whether the port allows packets of these VLANs to pass through
Configuring a voice VLAN

Configuration prerequisites
1.
Create a VLAN Configure QoS priority settings for voice traffic on an interface
Before configuring a VLAN as a voice VLAN, create the VLAN first.

2.
Configure QoS priority settings for voice VLAN traffic on an interface before enabling voice VLAN on the interface. If the configuration order is reversed, your priority configuration will fail. For more information, see Configuring QoS priority settings for voice traffic on an interface.
21 of 26
22/Jan/2012 15:29
3.
Configure the voice VLAN assignment mode. For more information, see Configuring a port to operate in automatic voice VLAN assignment mode and Configuring a port to operate in manual voice VLAN assignment mode.
NOTE: A port can belong to only one voice VLAN at a time. V oice VLAN cannot be enabled on member ports of an aggregation group. For more information about link aggregation member ports, see the chapter Ethernet link aggregation configuration.
Configuring QoS priority settings for voice traffic on an interface

In voice VLAN applications, you can improve the quality of voice traffic by configuring the appropriate QoS priority settings, including the Class of Service (CoS) and Differentiated Services Code Point (DSCP) values, for voice traffic. V oice traffic carries its own QoS priority settings. You can configure the switch either to modify or not to modify the QoS priority settings carried by incoming voice traffic. Follow these steps to configure QoS priority settings for voice traffic: To do...
Enter system view Enter interface view Configure the interface to trust the QoS priority settings in incoming voice traffic, that is, not to modify the CoS and DSCP values marked for incoming traffic of the voice VLAN Configure the interface to modify the CoS and DSCP values marked for incoming traffic of the voice VLAN into specified values
Use the command...

system-view interface interface-type interfacenumber
Remarks
Required Use either command
voice vlan qos trust
By default, an interface modifies the CoS value and the DSCP value marked for voice VLAN traffic into 6 and 46 respectively. The voice vlan qos command and the voice vlan qos trust command can overwrite each other, whichever is configured last.
voice vlan qos cos-value dscp-value
NOTE: Configure the QoS priority settings for voice traffic on an interface before enabling voice VLAN on the interface. If the configuration order is reversed, your priority trust setting will fail.
Configuring a port to operate in automatic voice VLAN assignment mode

Follow these steps to set a port to operate in automatic voice VLAN assignment mode: To do...
Enter system view
Use the command...

system-view
Remarks
Optional 1440 minutes by default.
Set the voice VLAN aging time
voice vlan aging minutes
The voice VLAN aging time configuration is only applicable on ports in automatic voice VLAN assignment mode. Optional Enabled by default. Optional
Enable the voice VLAN security mode
voice vlan security enable
Add a recognizable OUI address
voice vlan mac-address oui mask oui-mask [ description text ]
By default, each voice VLAN has default OUI addresses configured. For the default OUI addresses of different vendors, see Table 1. Optional
Enter Ethernet interface view
interface interface-type interfacenumber
Configure the port to operate in automatic voice VLAN assignment mode
voice vlan mode auto
Automatic voice VLAN assignment mode is enabled by default. The voice VLAN assignment modes on different ports are independent of one another.
Enable voice VLAN on the port
voice vlan vlan-id enable
Required Disabled by default
NOTE: A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. For more information, see the chapter VLAN configuration.
Configuring a port to operate in manual voice VLAN assignment mode

Follow these steps to set a port to operate in manual voice VLAN assignment mode: To do... Use the command... Remarks
22 of 26
22/Jan/2012 15:29
To do...
Enter system view Enable the voice VLAN security mode
Use the command...

system-view voice vlan security enable
Remarks
Optional Enabled by default. Optional
Add a recognizable OUI address
voice vlan mac-address oui mask oui-mask [ description text ]
By default, each voice VLAN has default OUI addresses configured. For the default OUI addresses of different vendors, see Table 1. Required Disabled by default Required
Enter interface view Configure the port to operate in manual voice VLAN assignment mode Assign the access, trunk, or hybrid port in manual voice VLAN assignment mode to the voice VLAN
interface interface-type interfacenumber undo voice vlan mode auto
For the configuration procedure, see the chapter VLAN configuration.
After you assign an access port to the voice VLAN, the voice VLAN becomes the default VLAN of the port automatically. Optional
Configure the voice VLAN as the default VLAN of the trunk or hybrid port Enable voice VLAN on the port
For the configuration procedure, see the chapter VLAN configuration.
This operation is required for untagged inbound voice traffic and prohibited for tagged inbound voice traffic. Required
voice vlan vlan-id enable
NOTE: To make voice VLAN take effect on a port that is enabled with voice VLAN and operates in manual voice VLAN assignment mode, you must manually assign the port to the voice VLAN.
Displaying and maintaining voice VLAN

To do...
Display the voice VLAN state Display the OUI addresses currently supported by system
Use the command...

display voice vlan state [ | { begin | exclude | include } regular-expression ] display voice vlan oui [ | { begin | exclude | include } regular-expression ]
Remarks
Available in any view Available in any view
Voice VLAN configuration examples

Automatic voice VLAN mode configuration example
As shown in Figure 13, The MAC address of IP phone A is 0011-1100-0001. The phone connects to a downstream device named PC A whose MAC address is 0022-1100-0002 and to GigabitEthernet 3/0/1 on an upstream device named Switch A. The MAC address of IP phone B is 0011-2200-0001. The phone connects to a downstream device named PC B whose MAC address is 0022-2200-0002 and to GigabitEthernet 3/0/2 on Switch A. Switch A uses voice VLAN 2 to transmit voice packets for IP phone A and voice VLAN 3 to transmit voice packets for IP phone B. Configure GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to work in automatic voice VLAN assignment mode. In addition, if one of them has not received any voice packet in 30 minutes, the port is removed from the corresponding voice VLAN automatically.
Figure 13 Network diagram for automatic voice VLAN assignment mode configuration
# Create VLAN 2 and VLAN 3.
23 of 26
22/Jan/2012 15:29
<SwitchA> system-view [SwitchA] vlan 2 to 3 Please wait... Done.
# Set the voice VLAN aging time to 30 minutes.

[SwitchA] voice vlan aging 30
# Since GigabitEthernet 3/0/1 might receive both voice traffic and data traffic at the same time, to ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to work in security mode, that is, configure the voice VLANs to transmit only voice packets. (Optional. By default, voice VLANs work in security mode.)
[SwitchA] voice vlan security enable
# Configure the allowed OUI addresses as MAC addresses prefixed by 0011-1100-0000 or 0011-2200-0000. In this way, Switch A identifies packets whose MAC addresses match any of the configured OUI addresses as voice packets.
[SwitchA] voice vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [SwitchA] voice vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP phone B
# Configure GigabitEthernet 3/0/1 as a hybrid port.

[SwitchA] interface gigabitethernet 3/0/1 [SwitchA-GigabitEthernet3/0/1] port link-type hybrid
# Configure GigabitEthernet 3/0/1 to operate in automatic voice VLAN assignment mode. (Optional. By default, a port operates in automatic voice VLAN assignment mode.)
[SwitchA-GigabitEthernet3/0/1] voice vlan mode auto
# Configure VLAN 2 as the voice VLAN for GigabitEthernet 3/0/1.

[SwitchA-GigabitEthernet3/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet3/0/1] quit
# Configure GigabitEthernet 3/0/2.

[SwitchA] interface gigabitethernet 3/0/2 [SwitchA-GigabitEthernet3/0/2] port link-type hybrid [SwitchA-GigabitEthernet3/0/2] voice vlan mode auto [SwitchA-GigabitEthernet3/0/2] voice vlan 3 enable
Verification
# Display the OUI addresses, OUI address masks, and description strings supported currently.
<SwitchA> display voice vlan oui Oui Address 0001-e300-0000 0003-6b00-0000 0004-0d00-0000 0011-1100-0000 0011-2200-0000 0060-b900-0000 00d0-1e00-0000 00e0-7500-0000 00e0-bb00-0000 Mask ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 Description Siemens phone Cisco phone Avaya phone IP phone A IP phone B Philips/NEC phone Pingtel phone Polycom phone 3com phone
# Display the current states of voice VLANs.

<SwitchA> display voice vlan state Maximum of Voice VLANs: 128 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 30 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE COS DSCP
-------------------------------------------------------------------GigabitEthernet3/0/1 GigabitEthernet3/0/2 2 3 AUTO AUTO 6 6 46 46
Manual voice VLAN assignment mode configuration example

As shown in Figure 14, Create VLAN 2 and configure it as a voice VLAN permitting only voice traffic to pass through. The IP phones send untagged voice traffic. Configure GigabitEthernet 3/0/1 as a hybrid port. Configure GigabitEthernet 3/0/1 to operate in manual voice VLAN assignment mode. Configure GigabitEthernet 3/0/1 to allow voice traffic with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a description string of test to be forwarded in the voice VLAN.
Figure 14 Network diagram for manual voice VLAN assignment mode configuration
24 of 26
22/Jan/2012 15:29
# Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.)
<SwitchA> system-view [SwitchA] voice vlan security enable
# Add a recognizable OUI address 0011-2200-0000.

[SwitchA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test
# Create VLAN 2.
[SwitchA] vlan 2 [SwitchA-vlan2] quit
# Configure GigabitEthernet 3/0/1 to operate in manual voice VLAN assignment mode.

[SwitchA] interface gigabitethernet 3/0/1 [SwitchA-GigabitEthernet3/0/1] undo voice vlan mode auto
# Configure GigabitEthernet 3/0/1 as a hybrid port.

[SwitchA-GigabitEthernet3/0/1] port link-type hybrid
# Configure the voice VLAN (VLAN 2) as the default VLAN of GigabitEthernet 3/0/1 and configure GigabitEthernet 3/0/1 to permit the voice traffic of VLAN 2 to pass through untagged.
[SwitchA-GigabitEthernet3/0/1] port hybrid pvid vlan 2 [SwitchA-GigabitEthernet3/0/1] port hybrid vlan 2 untagged
# Enable voice VLAN on GigabitEthernet 3/0/1.

[SwitchA-GigabitEthernet3/0/1] voice vlan 2 enable
Verification
# Display the OUI addresses, OUI address masks, and description strings supported currently.
<SwitchA> display voice vlan oui Oui Address 0001-e300-0000 0003-6b00-0000 0004-0d00-0000 0011-2200-0000 00d0-1e00-0000 0060-b900-0000 00e0-7500-0000 00e0-bb00-0000 Mask ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 ffff-ff00-0000 Description Siemens phone Cisco phone Avaya phone test Pingtel phone Philips/NEC phone Polycom phone 3com phone
# Display the current voice VLAN state.

<SwitchA> display voice vlan state Maximum of Voice VLANs: 128 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE
----------------------------------------------GigabitEthernet3/0/1 2 MANUAL
25 of 26
22/Jan/2012 15:29
Please rate this document Is the document well organized? Is the information provided accurate? Is the information provided complete? Are the configuration examples helpful? Are the descriptions clear and easy to 5 understand? Other comments or suggestions 4 3 2 1 5 5 5 5 4 4 4 4 3 3 3 3 2 2 2 2 1 1 1 1
Thanks for your voting.If you provide your e-mail address,we will contact you as soon as possible.
Submit
TOP H3C reserves the right to modify its collaterals without any prior notice. For the latest information of the collaterals, please consult H3C sales or call 400 hotline. Site Map | Contact Us | Legal & Privacy
H3C Technologies Co., Limited Copyright 2003-2012, All rights reserved
26 of 26
22/Jan/2012 15:29

H3C - Technical Support &amp Documents - 04-Layer 2 - LAN Switching Configuration Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

H3C - Technical Support &amp Documents - 04-Layer 2 - LAN Switching Configuration Guide

Uploaded by

Copyright:

Available Formats

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Home T echnical Support & Documents Release1335-5W130

H3C S12500 Series Switches

H3C S12500 Configuration Guide-

04-Layer 2 - LAN Switching Configuration Guide

Chapters Download(496.79 KB)

Super VLAN configuration

Voice VLAN configuration

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Protocols and standards

Configuring basic VLAN settings

Use the command

Enter VLAN view

Configure a name for the VLAN

Configure the description of the current VLAN

VLAN ID is used by default, for example, VLAN 0001.

NOTE: As the default VLAN, VLAN 1 cannot be created or removed.

Configuring basic settings of a VLAN interface

Use the command

Assign an IP address to the VLAN interface

ip address ip-address { mask | mask-length } [ sub ]

mtu size default

Bring up the VLAN interface

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Use the command

VLAN interface configuration example

# Create VLAN 5 and assign GigabitEthernet 3/0/1 to it.

# Create VLAN 10 and assign GigabitEthernet 3/0/2 to it.

# Create VLAN-interface 5 and configure its IP address as 192.168.0.10/24.

# Create VLAN-interface 10 and configure its IP address as 192.168.1.20/24.

# Configure the default gateway of the PC as 192.168.0.10.

# Configure the default gateway of the PC as 192.168.1.20.

Port-based VLAN configuration

Port link type

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Figure 5 Network diagram for port link type configuration

Actions (in the outbound direction)

Remove the default VLAN tag and send the frame.

Check whether the default VLAN is permitted on the port:

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Actions (in the inbound direction) Untagged frame Tagged frame

Actions (in the outbound direction)

Assigning an access port to a VLAN

Use the command

Assign one or a group of access ports to the current VLAN

Use the command

Assign the current access port(s) to a VLAN

Assigning a trunk port to a VLAN

Use the command

Use any command.

Required Required By default, a trunk port carries only VLAN 1. Optional

Configure the default VLAN of the trunk port(s)

port trunk pvid vlan vlan-id

VLAN 1 is the default VLAN by default.

Assigning a hybrid port to a VLAN

H3C - Technical Support & Documents - 04-Layer 2 - LAN Switching Con...

Use the command

Use any command.

port hybrid vlan vlan-id-list { tagged | untagged }

Configure the default VLAN of the hybrid port

port hybrid pvid vlan vlan-id

VLAN 1 is the default by default.