01-05 VLAN Configuration
Uploaded by
Francesc01-05 VLAN Configuration
Uploaded by
FrancescCloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5 VLAN Configuration
Virtual local area network (VLAN) technology has advantages of broadcast
domain isolation, security hardening, flexible networking, and good extensibility.
5.1 Overview of VLANs
5.2 Understanding VLANs
5.3 Application Scenarios for VLANs
5.4 Summary of VLAN Configuration Tasks
5.5 Licensing Requirements and Limitations for VLANs
5.6 Default Settings for VLANs
5.7 Assigning a LAN to VLANs
5.8 Configuring Inter-VLAN Communication
5.9 Configuring VLAN Aggregation to Save IP Addresses
5.10 Configuring MUX VLAN
5.11 Configuring an mVLAN to Implement Integrated Management
5.12 Configuring Transparent Transmission of Protocol Packets in a VLAN to
Improve Forwarding Efficiency
5.13 Configuring an Interface to Discard Incoming Tagged Packets
5.14 Configuring a Hash Mode of the VLAN-XLATE Table
5.15 Maintaining VLANs
5.16 Configuration Examples for VLANs
5.17 Troubleshooting VLANs
5.1 Overview of VLANs
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 280
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Definition
Virtual Local Area Network (VLAN) technology divides a physical LAN into
multiple broadcast domains, each of which is called a VLAN.
Purpose
Ethernet technology implements data communication over shared media based on
Carrier Sense Multiple Access/Collision Detection (CSMA/CD). When an Ethernet
network has a large number of hosts, both collisions and broadcast storms
become a serious problem, affecting network performance and in some cases
causing the network to completely break down. Although using switches to
connect LANs can prevent collisions, they cannot isolate broadcast packets or
improve network quality.
VLAN technology divides a physical LAN into multiple VLANs to isolate broadcast
domains. Because each VLAN functions as a separate broadcast domain, hosts can
communicate directly with other hosts only if they are in the same VLAN.
Figure 5-1 Networking diagram for a typical VLAN application
Router
SwitchA SwitchB
VLAN2 VLAN3
Figure 5-1 shows a simple VLAN networking diagram. Two switches are placed in
different locations (for example, in different floors of a building). Each switch is
connected to two servers that respectively belong to different VLANs, and the four
servers belong to two VLANs.
Benefits
The VLAN technology brings the following benefits to customers:
● Limits scope of broadcast domains: A broadcast domain is limited in a VLAN.
This saves bandwidth and improves network processing capabilities.
● Enhances LAN security: Packets from different VLANs are transmitted
separately, preventing hosts in a VLAN from communicating directly with
hosts in another VLAN.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 281
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
● Improves network robustness: A fault in one VLAN does not affect hosts in
other VLANs.
● Allows flexible definition of virtual groups: With VLAN technology, hosts in
different geographical locations can be grouped together, thereby simplifying
network construction and maintenance.
5.2 Understanding VLANs
5.2.1 Basic Concepts of VLANs
VLAN Frame Format
A conventional Ethernet frame is encapsulated with the Length/Type field for an
upper-layer protocol following the Destination address and Source address fields,
as shown in Figure 5-2.
Figure 5-2 Conventional Ethernet frame format
6bytes 6bytes 2bytes 46-1500bytes 4bytes
Destination Source Length/Type Data FCS
address address
IEEE 802.1Q is an Ethernet networking standard for a specified Ethernet frame
format. It adds a 4-byte field between the Source address and the Length/Type
fields of the original frame, as shown in Figure 5-3.
Figure 5-3 802.1Q frame format
6bytes 6bytes 4bytes 2bytes 46-1500bytes 4bytes
Destination Source 802.1Q Length/ Data FCS
address address Tag Type
TPID PRI CFI VID
2bytes 3bits 1bit 12bits
Table 5-1 describes the fields contained in a 802.1Q tag.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 282
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Table 5-1 Fields contained in an 802.1Q tag
Field Leng Name Description
th
TPID 2 Tag Protocol Identifier The value 0x8100 indicates an
bytes (TPID), indicating the frame 802.1Q-tagged frame. If an
type. 802.1Q-incapable device receives
an 802.1Q frame, it will discard
the frame.
PRI 3 bits Priority (PRI), indicating the The value ranges from 0 to 7. The
frame priority. greater the value, the higher the
priority. These values can be used
to prioritize different classes of
traffic to ensure that frames with
high priorities are transmitted first
when traffic is heavy.
CFI 1 bit Canonical Format Indicator If the value is 0, the MAC address
(CFI), indicating whether is in the canonical format. CFI is
the MAC address is in used to ensure compatibility
canonical format. between Ethernet networks and
Token Ring networks. It is always
set to zero for Ethernet switches.
VID 12 VLAN ID (VID), indicating VLAN IDs range from 0 to 4095.
bits the VLAN to which the The values 0 and 4095 are
frame belongs. reserved, and therefore VLAN IDs
range from 1 to 4094 (VLANs
4064 to 4094 are default reserved
VLANs. You can run the vlan
reserved command to configure
the reserved VLAN range).
Each frame sent by a 802.1Q-capable switch carries a VLAN ID. The following are
the two types of Ethernet frames in a VLAN:
● Tagged frames: frames with 4-byte 802.1Q tags.
● Untagged frames: frames without 4-byte 802.1Q tags.
Link Types
As shown in Figure 5-4, there are the following types of VLAN links:
● Access link: connects a host to a switch. Generally, a host does not know
which VLAN it belongs to, and host hardware cannot distinguish frames with
VLAN tags. Therefore, hosts send and receive only untagged frames.
● Trunk link: connects a switch to another switch or to a router. Data of
different VLANs is transmitted along a trunk link. The two ends of a trunk link
must be able to distinguish frames with VLAN tags. Therefore, only tagged
frames are transmitted along trunk links.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 283
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-4 Link types
VLAN3 VLAN3
Server3 Server4
Access link
3
3 3
2 Trunk link Trunk link 2
DeviceB DeviceA DeviceC
2
Access link
Server1 Server2
VLAN2 VLAN2
untagged frames in VLAN2 2 frames tagged with VLAN2
untagged frames in VLAN3 3 frames tagged with VLAN3
Access Link
Trunk Link
NOTE
● A host does not need to know the VLAN to which it belongs. It sends only untagged
frames.
● After receiving an untagged frame from a host, a switching device determines the
VLAN to which the frame belongs. The determination is based on the configured
VLAN assignment method such as port information, and then the switching device
processes the frame accordingly.
● If the frame needs to be forwarded to another switching device, the frame must be
transparently transmitted along a trunk link. Frames transmitted along trunk links
must carry VLAN tags to allow other switching devices to properly forward the frame
based on the VLAN information.
● Before sending the frame to the destination host, the switching device connected to
the destination host removes the VLAN tag from the frame to ensure that the host
receives an untagged frame.
Generally, only tagged frames are transmitted on trunk links; only untagged frames are
transmitted on access links. In this manner, switching devices on the network can properly
process VLAN information and hosts are not concerned about VLAN information.
Port Types
After the 802.1Q defines VLAN frames, ports can be classified into four types:
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 284
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
● Access port
As shown in Figure 5-4, an access port on a switch connects to the port on a
host. The access port can only connect to an access link. Only the VLAN
whose ID is the same as the default VLAN ID is allowed on the access port.
Ethernet frames sent from the access port are untagged frames.
● Trunk port
As shown in Figure 5-4, a trunk port on a switch connects to another switch.
It can only connect to a trunk link. Multiple tagged VLAN frames are allowed
on the trunk port.
● Hybrid port
As shown in Figure 5-5, a hybrid port on a switch can connect either to a host
or to another switch. A hybrid port can connect either to an access link or to a
trunk link. The hybrid port allows multiple VLAN frames and removes tags
from some VLAN frames on the outbound port.
Figure 5-5 Port types
Hybrid Port
Access Link
Trunk Link
● QinQ port
QinQ ports are enabled with the IEEE 802.1 QinQ protocol. A QinQ port adds
a tag to a single-tagged frame and supports a maximum of 4094 x 4094
VLAN tags, which meets the requirement for the VLAN quantity.
Figure 5-6 shows the format of a QinQ frame. The outer tag is often called
the public tag and carries the VLAN ID of the public network, whereas the
inner tag is often called the private tag and carries the VLAN ID of the private
network.
Figure 5-6 Format of a QinQ frame
6 bytes 6 bytes 4 bytes 4 bytes 2 bytes 46-1500 bytes 4 bytes
Destination Source 802.1Q 802.1Q Length/ FCS
Data
address address Tag Tag Type (CRC-32)
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 285
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
For details on the QinQ protocol, see QinQ.
Default VLAN
The default VLAN ID of an interface is called the port default VLAN ID (PVID). The
meaning of the default VLAN varies according to the port type.
For details on different PVIDs and methods of processing Ethernet frames, see
Frame processing based on the port type.
VLAN Assignment
VLAN assignment is a basic VLAN configuration. Users in the same VLAN can
communicate with each other. Table 5-2 shows the VLAN assignment methods
and their usage scenarios.
Table 5-2 Differences between VLAN assignment modes
VLAN Principle Advantage Disadvanta
Assignment ge
Mode
VLAN In this mode, VLANs are It is simple to VLANs must
assignment classified based on interface define VLAN be re-
based on numbers of the switch. members. configured
interface The network administrator when VLAN
configures a port VLAN ID members
(PVID), that is, default VLAN change
ID, for each port on the locations.
switching device. That is, a
port belongs to a VLAN by
default.
● When a data frame
reaches a port, it is
marked with the PVID if
the data frame carries no
VLAN tag and the port is
configured with a PVID.
● If the data frame carries
a VLAN tag, the
switching device will not
add a VLAN tag to the
data frame even if the
port is configured with a
PVID.
Different types of ports
process VLAN frames in
different manners.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 286
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
VLAN Principle Advantage Disadvanta
Assignment ge
Mode
VLAN In this mode, VLANs are When the physical ● This
assignment classified based on the MAC locations of users mode is
based on addresses of network change, you do not applicabl
MAC interface cards (NICs). The need to re- e to only
addresses network administrator configure VLANs a simple
configures the mappings for the users. This networki
between MAC addresses improves the ng
and VLAN IDs. security of users environm
In this case, when a and increases the ent
switching device receives an flexibility of user where
untagged packet, it searches access. the NIC
the MAC-VLAN table for a seldom
tag to be added to the changes.
packet according to the ● In
MAC address of the packet. addition,
all
members
on the
network
must be
pre-
defined.
VLAN When receiving an Packets sent from This mode
assignment untagged packet, a specified network is applicable
based on IP switching device adds a segments or IP to the
subnets VLAN tag to the packet addresses are networking
based on the source IP transmitted in environmen
address of the packet. specific VLANs. t where
This facilitates users are
management. distributed
in an
orderly
manner and
multiple
users are on
the same
network
segment.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 287
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
VLAN Principle Advantage Disadvanta
Assignment ge
Mode
Protocol- VLANs are assigned based This mode binds ● The
based VLAN on protocol (suite) types service types to network
assignment and encapsulation formats VLANs, facilitating administr
of frames. management and ator
A network administrator maintenance. must
preconfigures mappings preconfig
between protocol types and ure
VLAN IDs. When receiving mapping
an untagged frame, the s
switch adds the VLAN tag between
mapping the protocol type all
of the frame to the frame. protocol
The frame is then types
transmitted in the specified and
VLAN. VLAN
IDs.
● The
switch
needs to
analyze
protocol
address
formats
and
convert
the
formats,
which
consume
s
excessive
resources
.
Therefore
, this
mode
slows
down
switch
response
time.
The switch supports multiple VLAN assignment modes, the priority is of MAC
address-based VLAN assignment or IP subnet-based VLAN assignment, protocol-
based VLAN assignment, interface-based VLAN assignment in a descending order.
● If packets match both MAC address-based VLAN assignment and IP subnet-
based VLAN assignment, by default, MAC address-based VLAN assignment is
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 288
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
preferentially adopted. Alternatively, you can run commands to change
priorities of these two VLAN assignment modes to select a VLAN assignment
mode.
● Interface-based VLAN assignment has the lowest priority and is the most
common VLAN assignment mode.
5.2.2 Principle of VLAN Communication
Basic Principle of VLAN Communication
To improve the efficiency in processing frames, frames within a switch all carry
VLAN tags for uniform processing. When a data frame reaches a port of the
switch, if the frame carries no VLAN tag and the port is configured with a PVID,
the frame is marked with the port's PVID. If the frame has a VLAN tag, the switch
will not mark a VLAN tag for the frame regardless of whether the port is
configured with a PVID.
The switch processes frames differently according to the type of port receiving the
frames. The following describes the frame processing according to the port type.
Table 5-3 Frame processing based on the port type
Port Untagged Frame Tagged Frame Frame
Type Processing Processing Transmission
Access Accepts an untagged ● Accepts the tagged After the PVID tag
port frame and adds a tag frame if the frame's is stripped, the
with the default VLAN VLAN ID matches frame is
ID to the frame. the default VLAN transmitted.
ID.
● Discards the tagged
frame if the frame's
VLAN ID differs
from the default
VLAN ID.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 289
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Port Untagged Frame Tagged Frame Frame
Type Processing Processing Transmission
Trunk ● Adds a tag with the ● Accepts a tagged ● If the frame's
port default VLAN ID to frame if the VLAN VLAN ID
the untagged frame ID carried in the matches the
and then transmits frame is permitted default VLAN ID
it if the default by the port. and the VLAN
VLAN ID is ● Discards a tagged ID is permitted
permitted by the frame if the VLAN by the port, the
port. ID carried in the switch removes
● Adds a tag with the frame is denied by the tag and
default VLAN ID to the port. transmits the
the untagged frame frame.
and then discards it ● If the frame's
if the default VLAN VLAN ID differs
ID is denied by the from the
port. default VLAN
ID, but the
VLAN ID is still
permitted by
the port, the
switch will
directly transmit
the frame.
Hybrid ● Adds a tag with the ● Accepts a tagged If the frame's
port default VLAN ID to frame if the VLAN VLAN ID is
an untagged frame ID carried in the permitted by the
and accepts the frame is permitted port, the frame is
frame if the port by the port. transmitted. The
permits the default ● Discards a tagged port can be
VLAN ID. frame if the VLAN configured
● Adds a tag with the ID carried in the whether to
default VLAN ID to frame is denied by transmit frames
an untagged frame the port. with tags.
and discards the
frame if the port
denies the default
VLAN ID.
QinQ QinQ ports are enabled with the IEEE 802.1 QinQ protocol. A QinQ
port port adds a tag to a single-tagged frame, and supports a maximum of
4094 x 4094 VLAN tags, which meets the requirement on the number
of VLANs.
NOTE
Because all interfaces join VLAN 1 by default, broadcast storms may occur if unknown
unicast, multicast, or broadcast packets exist in VLAN 1. To prevent loops, delete interfaces
that do not need to be added to VLAN 1 from VLAN 1.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 290
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Intra-VLAN Communication
Sometimes VLAN users are connected to different switches, in which case the
VLAN spans multiple switches. Since ports between these switches must recognize
and send packets belonging to the VLAN, the trunk link technology becomes
helpful in simplifying this solution.
The trunk link plays the following two roles:
● Trunk line
The trunk link transparently transmits VLAN packets between switches.
● Backbone line
The trunk link transmits packets belonging to multiple VLANs.
Figure 5-7 Trunk link communication
VLAN 3
DeviceA Port2 Port1 DeviceB
Port4 Trunk Link Port3
VLAN 2
UserA UserB
As shown in Figure 5-7, the trunk link between DeviceA and DeviceB must both
support the intra-communication of VLAN 2 and the intra-communication of
VLAN 3. Therefore, the ports at both ends of the trunk link must be configured to
belong to both VLANs. That is, Port2 on DeviceA and Port1 on DeviceB must
belong to both VLAN 2 and VLAN 3.
User A sends a frame to User B in the following process:
1. The frame is first sent to Port4 on DeviceA.
2. A tag is added to the frame on Port4. The VID field of the tag is set to 2, that
is, the ID of the VLAN to which Port4 belongs.
3. DeviceA queries its MAC address table for the MAC forwarding entry with the
destination MAC address of User B.
– If this entry exists, DeviceA sends the frame to the outbound interface
Port2.
– If this entry does not exist, DeviceA sends the frame to all interfaces
bound to VLAN 2 except for Port4.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 291
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
4. Port2 sends the frame to DeviceB.
5. After receiving the frame, DeviceB queries its MAC address table for the MAC
forwarding entry with the destination MAC address of User B.
– If this entry exists, DeviceB sends the frame to the outbound interface
Port3.
– If this entry does not exist, DeviceB sends the frame to all interfaces
bound to VLAN 2 except for Port1.
6. Port3 sends the frame to User B.
Inter-VLAN Communication
After VLANs are configured, users in different VLANs cannot directly communicate
with each other. To implement communication between VLANs, use either of the
following methods:
● Layer 3 sub-interface
As shown in Figure 5-8, DeviceA is a Layer 3 switch supporting Layer 3 sub-
interface, and DeviceB is a Layer 2 switch. LANs are connected using the
switched Ethernet interface on DeviceB and the routed Ethernet interface on
DeviceA. User hosts are assigned to VLAN2 and VLAN3. To implement inter-
VLAN communication, configure as follows:
– On DeviceA, create two Layer 3 sub-interfaces Port1.1 and Port2.1 on the
Ethernet interface connecting to DeviceB, and configure 802.1Q
encapsulation on Layer 3 sub-interfaces corresponding to VLAN2 and
VLAN3.
– Configure IP addresses for Layer 3 sub-interfaces.
– Set types of Ethernet interfaces connecting DeviceB and DeviceA to
Trunk or Hybrid, to allow VLAN2 and VLAN3 frames.
– Set the default gateway address to the IP address of the Layer 3 sub-
interface mapping the VLAN to which the user host belongs.
Figure 5-8 Inter-VLAN communication using Layer 3 sub-interfaces
DeviceA
Port1.1 Port2.1
VLAN Trunk
DeviceB
Access port
Host A Host B Host C Host D
VLAN2 VLAN3
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 292
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Host A communicates with host C as follows:
a. Host A checks the IP address of host C and determines that host C is in
another VLAN.
b. Host A sends an ARP request packet to DeviceA to request DeviceA's MAC
address.
c. After receiving the ARP request packet, DeviceA returns an ARP reply
packet in which the source MAC address is the MAC address of the Layer
3 sub-interface mapping VLAN2.
d. Host A obtains DeviceA's MAC address.
e. Host A sends a packet whose destination MAC address is the MAC
address of the Layer 3 sub-interface and destination IP address is host C's
IP address to DeviceA.
f. After receiving the packet, DeviceA forwards the packet and detects that
the route to host C is a direct route. The packet is forwarded by the Layer
3 sub-interface mapping VLAN3.
g. Functioning as the gateway of hosts in VLAN3, DeviceA broadcasts an
ARP packet requesting host C's MAC address.
h. After receiving the packet, host C returns an ARP reply packet.
i. After receiving the reply packet, DeviceA sends the packet from host A to
host C. All packets sent from host A to host C are sent to DeviceA first to
implement Layer 3 forwarding.
● VLANIF interface
Layer 3 switching combines routing and switching techniques to implement
routing on a switch, improving the overall performance of the network. After
sending the first data flow, a Layer 3 switch generates a mapping table on
which it records the mapping between the MAC address and the IP address
for the data flow. If the switch needs to send the same data flow again, it
directly sends the data flow at Layer 2 based on the mapping table. In this
manner, network delays caused by route selection are eliminated, and data
forwarding efficiency is improved.
In order for new data flows to be correctly forwarded, the routing table must
have the correct routing entries. Therefore, VLANIF interfaces are used to
configure routing protocols on Layer 3 switches to reach Layer 3 routes.
A VLANIF interface is a Layer 3 logical interface, which can be configured on
either a Layer 3 switch or a router.
As shown in Figure 5-9, hosts connected to the switch are assigned to VLAN 2
and VLAN 3. To implement inter-VLAN communication, configure as follows:
– Create two VLANIF interfaces on the device, and configure IP addresses
for them.
– Set the default gateway address to the IP address of the VLANIF interface
mapping the VLAN to which the user host belongs.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 293
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-9 Inter-VLAN communication through VLANIF interfaces
Device
VLANIF2 VLANIF3
UserA UserB UserC UserD
VLAN2 VLAN3
Host A communicates with host C as follows:
a. Host A checks the IP address of host C and determines that host C is in
another subnet.
b. Host A sends an ARP request packet to Device to request Device's MAC
address.
c. After receiving the ARP request packet, Device returns an ARP reply
packet in which the source MAC address is the MAC address of VLANIF2.
d. Host A obtains Device's MAC address.
e. Host A sends a packet whose destination MAC address is the MAC
address of the VLANIF interface and destination IP address is host C's IP
address to Device.
f. After receiving the packet, Device forwards the packet and detects that
the route to host C is a direct route. The packet is forwarded by VLANIF3.
g. Functioning as the gateway of hosts in VLAN3, Device broadcasts an ARP
packet requesting host C's MAC address.
h. After receiving the packet, host C returns an ARP reply packet.
i. After receiving the reply packet, Device sends the packet from host A to
host C. All packets sent from host A to host C are sent to Device first to
implement Layer 3 forwarding.
5.2.3 VLAN Aggregation
Background of VLAN Aggregation
VLAN is widely applied to switching networks because of its flexible control of
broadcast domains and convenient deployment. On a Layer-3 switch, the
interconnection between the broadcast domains is implemented using one VLAN
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 294
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
to correspond to one Layer 3 logic interface. However, this can waste IP addresses.
Figure 5-10 shows the VLAN division in the device.
Figure 5-10 Networking of a common VLAN
L3 Switch
VLANIF2:10.1.1.1 VLANIF4:10.1.1.25
VLANIF3:10.1.1.17
L2 Switch L2 Switch L2 Switch
VLAN 2 VLAN 3 VLAN 4
10.1.1.0/28 10.1.1.16/29 10.1.1.24/30
Table 5-4 Example of assigning server addresses on a common VLAN
VLAN Subnet Gateway Number of Number of Practical
Address Available Available Requiremen
Addresses Servers ts
2 10.1.1.0/28 10.1.1.1 14 13 10
3 10.1.1.16/2 10.1.1.17 6 5 5
9
4 10.1.1.24/3 10.1.1.25 2 1 1
0
As shown in Table 5-4, VLAN 2 requires 10 server addresses. The subnet
10.1.1.0/28 with the mask length as 28 bits is assigned for VLAN 2. 10.1.1.0 is the
address of the subnet, and 10.1.1.15 is the directed broadcast address. These two
addresses cannot serve as the host address. In addition, as the default address of
the network gateway of the subnet, 10.1.1.1 cannot be used as the host address.
The other 13 addresses ranging from 10.1.1.2 to 10.1.1.14 can be used by the
servers. In this way, although VLAN 2 needs only 10 addresses, 13 addresses need
to be assigned for it according to the division of the subnet.
VLAN 3 requires five server addresses. The subnet 10.1.1.16/29 with the mask
length as 29 bits needs to be assigned for VLAN 3. VLAN 4 requires only one
address. The subnet 10.1.1.24/30 with the mask length as 30 bits needs to be
assigned for VLAN 4.
In above, 16 (10+5+1) addresses are needed for all the preceding VLANs. However,
28 (16+8+4) addresses are needed according to the common VLAN addressing
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 295
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
mode even if the optimal scheme is used. Nearly half of the addresses is wasted.
In addition, if VLAN 2 is accessed to three servers instead of 10 servers later, the
extra addresses will not be used by other VLANs and will be wasted.
This division is inconvenient for the later network upgrade and expansion. Assume
that two more servers need to be added to VLAN 4 and VLAN 4 does not want to
change the assigned IP addresses, and the addresses after 10.1.1.24 has been
assigned to others, a new subnet with the mask length as 29 bits and a new VLAN
need to be assigned for the new customers of VLAN 4. Therefore, the customers of
VLAN 4 have only three servers, but the customers are assigned to two subnets
and are not in the same VLAN. As a result, this is inconvenient for network
management.
In above, many IP addresses are used as the addresses of subnets, directional
broadcast addresses of subnets, and default addresses of network gateways of
subnets. These IP addresses cannot be used as the server addresses in the VLAN.
The limit on address assignation reduces the addressing flexibility, so that many
idle addresses are wasted. To solve this problem, VLAN aggregation is used.
Principle
The VLAN aggregation technology, also known as the super-VLAN, provides a
mechanism that partitions the broadcast domain using multiple VLANs in a
physical network so that different VLANs can belong to the same subnet. In VLAN
aggregation, two concepts are involved, namely, super-VLAN and sub-VLAN.
● Super-VLAN: It is different from the common VLAN. In the super-VLAN, only
Layer 3 interfaces are created and physical ports are not contained. The super-
VLAN can be viewed as a logical Layer 3 concept. It is a collection of many
sub-VLANs.
● Sub-VLAN: It is used to isolate broadcast domains. In the sub-VLAN, only
physical ports are contained and Layer 3 VLANIF interfaces cannot be created.
The Layer 3 switching with the external network is implemented through the
Layer 3 interface of the super-VLAN.
A super-VLAN can contain one or more sub-VLANs retaining different broadcast
domains. The sub-VLAN does not occupy an independent subnet segment. In the
same super-VLAN, IP addresses of servers belong to the subnet segment of the
super-VLAN, regardless of the mapping between servers and sub-VLANs.
The same Layer 3 interface is shared by sub-VLANs. Some subnet IDs, default
gateway addresses of the subnets, and directed broadcast addresses of the
subnets are saved and different broadcast domains can use the addresses in the
same subnet segment. As a result, subnet differences are eliminated, addressing
becomes flexible and idle addresses are reduced.
Table 5-4 is used to explain the implementation. Suppose that user demands are
unchanged. In VLAN 2, 10 server addresses are demanded; in VLAN 3, five server
addresses are demanded; in VLAN 4, one server address is demanded.
According to the implementation of VLAN aggregation, create VLAN 10 and
configure VLAN 10 as a super-VLAN. Then assign a subnet address 10.1.1.0/24
with the mask length being 24 to VLAN 10; 10.1.1.0 is the subnet ID and 10.1.1.1
is the gateway address of the subnet, as shown in Figure 5-11. Address
assignments of sub-VLANs (VLAN 2, VLAN 3, and VLAN 4) are shown in Table
5-5.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 296
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-11 Networking of VLAN aggregation
L3 Switch
Super VLAN 10
VLANIF10:10.1.1.1/24
VLAN 2 VLAN 3 VLAN 4
Sub VLAN 2 Sub VLAN 3 Sub VLAN 4
Host IP Host IP Host IP
10.1.1.2-10.1.1.11 10.1.1.12-10.1.1.16 10.1.1.17
Table 5-5 Example for assigning Server addresses in VLAN aggregation mode
VLAN Subnet Gateway Number of Number of Practical
address available available requirement
addresses servers s
2 10.1.1.0/2 10.1.1.1 10 10.1.1.2-10.1.1.1 10
4 1
3 5 10.1.1.12-10.1.1. 5
16
4 1 10.1.1.17 1
In VLAN aggregation implementation, sub-VLANs are not divided according to the
previous subnet border. Instead, their addresses are flexibly assigned in the subnet
corresponding to the super-VLAN according to the required server number.
As the Table 5-5 shows that VLAN 2, VLAN 3, and VLAN 4 share a subnet
(10.1.1.0/24), a default gateway address of the subnet (10.1.1.1), and a directed
broadcast address of the subnet (10.1.1.255). In this manner, the subnet ID
(10.1.1.16, 10.1.1.24), the default gateway of the subnet (10.1.1.17, 10.1.1.25), and
the directed broadcast address of the subnet (10.1.1.15, 10.1.1.23, and 10.1.1.27)
can be used as IP addresses of servers.
Totally, 16 addresses (10 + 5 + 1 = 16) are required for the three VLANs. In
practice, in this subnet, a total of 16 addresses are assigned to the three VLANs
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 297
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
(10.1.1.2 to 10.1.1.17). A total of 19 IP addresses are used, that is, the 16 server
addresses together with the subnet ID (10.1.1.0), the default gateway of the
subnet (10.1.1.1), and the directed broadcast address of the subnet (10.1.1.255). In
the network segment, 236 addresses (255 - 19 = 236) are available, which can be
used by any server in the sub-VLAN.
Communication Between VLANs
● Introduction
VLAN aggregation ensures that different VLANs use the IP addresses in the
same subnet segment. This, however, leads to the problem of Layer 3
forwarding between sub-VLANs.
In common VLAN mode, the servers of different VLANs can communicate
with each other based on the Layer 3 forwarding through their respective
gateways. In VLAN aggregation mode, the servers in a super-VLAN use the IP
addresses in the same network segment and share the same gateway address.
The servers in different sub-VLANs belong to the same subnet. Therefore, they
communicate with each other based on the Layer 2 forwarding, rather than
the Layer 3 forwarding through a gateway. In practice, servers in different
sub-VLANs are separated in Layer 2. As a result, sub-VLANs fails to
communicate with each other.
To solve the preceding problem, you can use Proxy ARP.
NOTE
For details about proxy ARP, see ARP in the IP Services.
● Layer 3 communication between different sub-VLANs
If hosts on the same network segment of the same physical network but in
different VLANs need to communicate at Layer 3, you need to enable inter-
VLAN proxy ARP on the corresponding VLANIF interfaces.
As shown in Figure 5-12, Host A and Host B on the same network segment
are connected to the Switch, Host A belongs to VLAN 3, and Host B belongs
to VLAN 2. Host A and Host B belong to different sub-VLANs, so they cannot
communicate at Layer 2.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 298
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-12 Inter-VLAN proxy ARP implementation
Switch
Super-VLAN 4
VLANIF 4
IP:10.10.10.3/24
MAC:3-3-3
VLAN 3 VLAN 2
Sub-VLAN 3 Sub-VLAN 2
HostA HostB
IP:10.10.10.1/24 IP:10.10.10.2/24
MAC:1-1-1 MAC:2-2-2
You can enable inter-VLAN proxy ARP on VLANIF 4 of the Switch to solve this
problem.
a. Host A sends an ARP Request packet for the MAC address of Host B.
b. After receiving the ARP Request packet, the Switch detects that the
destination IP address is not its IP address and determines that the
requested MAC address is not its MAC address. The Switch then checks
whether there is an ARP entry of Host B.
▪ If there is an ARP entry that matches Host B and VLAN information
in this entry is different from that in the receiving port, the Switch
checks whether inter-VLAN proxy ARP is enabled on the
corresponding VLANIF interface.
○ If inter-VLAN proxy ARP is enabled, the Switch sends the MAC
address of VLANIF 4 to Host A.
After receiving the ARP Replay packet from the Switch, Host A
considers the packet as the ARP Replay packet from Host B. Host
A learns the MAC address of VLANIF 4 on the Switch and uses
this MAC address to send data packets to Host B.
○ If inter-VLAN proxy ARP is not enabled, the Switch discards the
ARP Request packet sent by Host A.
▪ If there is no ARP entry of Host B, the Switch discards the ARP
Request packet sent by Host A, and checks whether inter-VLAN proxy
ARP is enabled on the corresponding VLANIF interface.
○ If inter-VLAN proxy ARP is enabled, the Switch broadcasts the
ARP Request packet with the IP address of Host B as the
destination IP address within VLAN 2. After the Switch receives
an ARP Reply packet from Host B, the Switch generates an ARP
entry indicating the mapping between the IP and MAC addresses
of Host B.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 299
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
○ If inter-VLAN proxy ARP is not enabled, the Switch does not
perform any operations.
● Layer 2 communication between a sub-VLAN and an external network
As shown in Figure 5-13, in the Layer 2 VLAN communication based on ports,
the received or sent frames are not tagged with the super-VLAN ID.
Figure 5-13 Networking of Layer 2 communication between a sub-VLAN and
an external network
Internet
Switch2
Port1 VLAN Trunk all
Port3 VLAN Trunk all
Switch1
Port1 Port2
Super VLAN 10
VLANIF10:10.1.1.1/24
VLAN 2 VLAN 3
Server A Server B
10.1.1.2/24 10.1.1.3/24
The frame that accesses Switch1 through Port1 on Server A is tagged with the
ID of VLAN 2. The VLAN ID, however, is not changed to the ID of VLAN 10 on
Switch1 even if VLAN 2 is the sub-VLAN of VLAN 10. After passing through
Port3, which is the trunk type, this frame still carries the ID of VLAN 2.
That is, Switch1 itself does not send the frames of VLAN 10. In addition,
Switch1 discards the frames of VLAN 10 that are sent to Switch1 by other
devices because Switch1 has no corresponding physical port for VLAN 10.
A super-VLAN has no physical port. This limitation is obligatory, as shown
below:
– If you configure the super-VLAN and then the trunk interface, the frames
of a super-VLAN are filtered automatically according to the VLAN range
set on the trunk interface.
As shown in Figure 5-13, no frame of the super-VLAN 10 passes through
Port3 on Switch1, even though the interface allows frames from all
VLANs to pass through.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 300
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
– If you finish configuring the trunk interface and allow all VLANs to pass
through, you still cannot configure the super-VLAN on Switch1. The root
cause is that any VLAN with physical ports cannot be configured as the
super-VLAN, and the trunk interface allows only the frames tagged with
VLAN IDs to pass through. Therefore, no VLAN can be configured as a
super-VLAN.
As for Switch1, the valid VLANs are just VLAN 2 and VLAN 3, and all frames
are forwarded in these VLANs.
● Layer 3 communication between a sub-VLAN and an external network
Figure 5-14 Networking of Layer 3 communication between a sub-VLAN and
an external network
VLANIF20
10.1.3.1/24
Port2
Switch2 VLANIF10
10.1.2.2/24 Server C
Port1
10.1.3.2/24
Port3 VLANIF10
10.1.2.1/24
Switch1
Port1 Port2
Super VLAN 4
VLANIF4:10.1.1.1/24
VLAN 2 VLAN 3
Server A Server B
10.1.1.2/24 10.1.1.3/24
As shown in Figure 5-14, Switch1 is configured with super-VLAN 4, sub-VLAN
2, sub-VLAN 3, and a common VLAN 10. Switch2 is configured with two
common VLANs, namely, VLAN 10 and VLAN 20. Suppose that Switch1 is
configured with the route to the network segment 10.1.3.0/24, and Switch2 is
configured with the route to the network segment 10.1.1.0/24. Then Server A
in sub-VLAN 2 that belongs to the super-VLAN 4 needs to access Server C in
Switch2.
a. After comparing the IP address of Server C 10.1.3.2 with its IP address,
Server A finds that two IP addresses are not in the same network
segment 10.1.1.0/24.
b. Server A initiates an ARP broadcast to its gateway to request for the MAC
address of the gateway.
c. After receiving the ARP request, Switch1 identifies the correlation
between the sub-VLAN and the super-VLAN, and offers an ARP response
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 301
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
to Server A through sub-VLAN 2. The source MAC address in the ARP
response packet is the MAC address of VLANIF4 for super-VLAN 4.
d. Server A learns the MAC address of the gateway.
e. Server A sends the packet to the gateway, with the destination MAC
address as the MAC address of VLANIF4 for super-VLAN 4, and the
destination IP address as 10.1.3.2.
f. After receiving the packet, Switch1 performs the Layer 3 forwarding and
sends the packet to Switch2, with the next hop address as 10.1.2.2, the
outgoing interface as VLANIF10.
g. After receiving the packet, Switch2 performs the Layer 3 forwarding and
sends the packet to Server C through the directly-connected interface
VLANIF20.
h. The response packet from Server C reaches Switch1 after the Layer 3
forwarding on Switch2.
i. After receiving the packet, Switch1 performs the Layer 3 forwarding and
sends the packet to Server A through the super-VLAN.
5.2.4 VLAN Damping
In a specified VLAN where a VLANIF interface has been configured, when all
interfaces in the VLAN go Down, the VLAN becomes Down. The interface Down
event is reported to the VLANIF interface, causing the VLANIF interface status
change. To avoid network flapping due to the status change of the VLANIF
interface, you can enable VLAN damping on the VLANIF interface and set a delay
after which the VLANIF interface goes Down.
With VLAN damping enabled, when the last Up interface in the VLAN goes Down,
the Down event will be reported to the VLANIF interface after a delay (the delay
can be set as required). If an interface in the VLAN goes Up during the delay, the
status of the VLANIF interface keeps unchanged. That is, the VLAN damping
function postpones the time at which the VLAN reports a Down event to the
VLANIF interface, avoiding unnecessary route flapping.
5.2.5 MUX VLAN
Background
On a data center network, the data center administrator has the following
requirements: All servers of the data center can access the external network. Some
servers can communicate, whereas some servers are isolated. To allow all servers
to access external networks, configure communication between VLANs. If there
are a large number of servers in a data center, assign VLANs to servers that
cannot communicate with each other. This wastes VLAN IDs and requires great
workload on network configuration and maintenance.
Multiplex VLAN (MUX VLAN) controls network resources by VLAN. MUX VLAN
allows some servers in a data center to communicate and some servers to be
isolated. In addition, MUX VLAN saves VLAN IDs and facilitates maintenance.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 302
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Basic Concepts
As shown in Table 5-6, a MUX VLAN is classified into principal VLANs and
subordinate VLANs; a subordinate VLAN is classified into separate VLANs and
group VLANs.
Table 5-6 Classification of a MUX VLAN
MUX VLAN VLAN Type Associated Access Authority
Port
Principal - Principal port A principal port can
VLAN communicate with all ports in a
MUX VLAN.
Subordinate Separate Separate A separate port can
VLAN VLAN port communicate only with a
principal port and is isolated
from other types of ports.
A separate VLAN must be
bound to a principal VLAN.
Group VLAN Group port A group port can communicate
with a principal port and the
other ports in the same group,
but cannot communicate with
ports in other groups or a
separate port.
A group VLAN must be bound
to a principal VLAN.
Principle of Communication in MUX VLAN
As shown in Figure 5-15, the principal port connects to the external network, the
separate port connects to users who do not need to communicate, and the group
port connects to users who need to communication. By doing this, internal users
of the data center can communicate and some users are isolated.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 303
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-15 Application scenario of MUX VLAN at the access layer
Internet
Principal Port
Switch
Group Port Separate Port
Server1 Server2 Server3 Server4
Group VLAN Separate VLAN
On an aggregation device, you can create a VLANIF interface for the principal
VLAN. The IP address of the VLANIF interface can be used as the gateway address
of a server. As shown in Figure 5-16, MUX VLAN is configured on aggregation
switch Switch1 to implement isolation or interworking.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 304
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-16 Application scenario of MUX VLAN at the aggregation layer
Internet
VLAN2
(Principal VLAN)
Switch1
Switch2 Switch3 Switch4 Switch5
ServerB ServerC ServerD ServerE
VLAN3(Group VLAN) VLAN4(Separate VLAN)
5.2.6 VLAN Management
To use a network management system to manage multiple devices, create a
VLANIF interface on each device and configure a management IP address for the
VLANIF interface. You can then log in to a device and manage it using its
management IP address. If a user-side interface is added to the VLAN, users
connected to the interface can also log in to the device. This brings security risks
to the device.
After a VLAN is configured as a management VLAN (mVLAN), no access interface
or dot1q-tunnel interface can be added to the VLAN. An access interface or a
dot1q-tunnel interface is connected to users. The mVLAN forbids users connected
to access and dot1q-tunnel interfaces to log in to the device, improving device
performance.
5.2.7 Transparent Transmission of Protocol Packets in a VLAN
When a gateway device or Layer 2 switch is enabled with snooping functions such
as DHCP/IGMP/MLD snooping, the device needs to parse and process protocol
packets such as ARP, DHCP, and IGMP packets. That is, protocol packets received
by an interface are sent to the CPU for processing. The interface sends protocol
packets without differentiating VLANs. If the preceding functions are deployed,
protocol packets from all VLANs are sent to the CPU for processing.
If the device works as the gateway or provides the snooping functions for only
some VLANs, the device does not need to process protocol packets in other VLANs.
After the protocol packets in other VLANs are sent to the CPU, the CPU needs to
forward them to other devices. This mechanism is called software forwarding.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 305
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Protocol packet processing in software forwarding decreases the forwarding
efficiency.
To address this issue, deploy transparent transmission of protocol packets in
VLANs where protocol packets do not need to be processed. This function enables
the device to transparently transmit the protocol packets in the VLANs to other
devices, which improves the forwarding speed and efficiency.
5.3 Application Scenarios for VLANs
5.3.1 VLAN Assignment
Port-Based VLAN Assignment
Figure 5-17 Networking diagram of port-based VLAN assignment
SwitchA
Switch
UserA UserB UserC
VLAN 2 VLAN 3 VLAN 4
According to different requirements for interfaces, the switch in a data center
assigns interfaces connected to users to different VLANs so that services of users
are isolated. Each user has a virtual switch and each VLAN is a virtual work group.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 306
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
MAC Address-Based VLAN Assignment
Figure 5-18 Networking diagram of MAC address-based VLAN assignment
User C
SwitchA
VLAN 10
User A User A
VLAN 10 VLAN 10
As shown in Figure 5-18, User A is initially connected to Switch A in a data center.
Now, it is required that User A be connected to another interface of SwicthA. To
ensure that User A can still communicate with User C, configure the assignment of
VLANs based on MAC addresses on Switch A. As long as the MAC address of User
A remains unchanged, no configuration needs to be changed for User A to
communicate with User C.
5.3.2 Inter-VLAN Communication
Inter-VLAN communication can be classified into the following two types:
Multiple VLANs Belong to the Same Device
Figure 5-19 Networking diagram of communications between multiple VLANs on
the same device
Switch A
Trunk Link
L2 Switch
UserA UserB UserC
VLAN 2 VLAN 3 VLAN 4
As shown in Figure 5-19, if VLAN 2, VLAN 3, and VLAN 4 only belong to SwitchA,
you can configure a VLANIF interface for each VLAN on SwitchA to implement the
communications between these VLANs.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 307
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Multiple VLANs Belong to Different Devices
Figure 5-20 Networking diagram of communications between multiple VLANs on
different devices
Trunk Link
Switch A Switch B
(L3 Switch) (L3 Switch)
Trunk Link Trunk Link
L2 Switch L2 Switch
UserA UserB UserC UserA UserB UserC
VLAN 2 VLAN 3 VLAN 4 VLAN 2 VLAN 3 VLAN 4
As shown in Figure 5-20, VLAN 2, VLAN 3, and VLAN 4 are VLANs across different
switches. In such a situation, you can configure a VLANIF interface respectively on
Switch A and Switch B for each VLAN, and then configure a static route or run a
routing protocol between Switch A and Switch B.
5.3.3 VLAN Aggregation
Figure 5-21 Networking diagram of VLAN aggregation application
Network
Switch
Proxy ARP
L2 Switch L2 Switch L2 Switch L2 Switch
Super VLAN 2 Super VLAN 3
Sub VLAN 21 Sub VLAN 22 Sub VLAN 31 Sub VLAN 32
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 308
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
As shown in Figure 5-21, four VLANs, namely, VLAN 21, VLAN 22, VLAN 31, and
VLAN 32, are configured. If these VLANs need to communicate with each other,
you should configure an IP address for each VLAN on the Switch.
Alternatively, you can enable VLAN aggregation to aggregate VLAN 21 and VLAN
22 into super VLAN 2, and VLAN 31 and VLAN 32 into super VLAN 3. Therefore,
you can save IP addresses by only assigning IP addresses to the super VLANs.
After Proxy ARP is configured on Switch, the sub-VLANs in each super VLAN can
communicate with each other.
5.4 Summary of VLAN Configuration Tasks
Table 5-7 lists the VLAN configuration tasks.
Table 5-7 VLAN configuration tasks
Item Description Task
Assigning a LAN to LANs can isolate the 5.7 Assigning a LAN to
VLANs hosts that do not need VLANs
to communicate with
each other, which
improves network
security, reduces
broadcast traffic, and
prevents broadcast
storms.
Configuring Inter-VLAN After VLANs are 5.8 Configuring Inter-
Communication configured, users in the VLAN Communication
same VLAN can
communication with
each other while users in
different VLANs cannot.
To implement inter-VLAN
communication,
configure the VLANIF
interfaces which are
Layer 3 logical interfaces,
Layer 3 sub-interface.
Configuring VLAN VLAN aggregation saves 5.9 Configuring VLAN
Aggregation to Save IP IP addresses and Aggregation to Save IP
Addresses implements inter-VLAN Addresses
communication.
Configuring a MUX Configuring a MUX 5.10 Configuring MUX
VLAN to Separate Layer VLAN allows users in VLAN
2 Traffic different VLANs to
communicate with each
other, and separates
users in a certain VLAN.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 309
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Item Description Task
Configuring an mVLAN Management VLAN 5.11 Configuring an
to Implement Integrated (mVLAN) configuration mVLAN to Implement
Management allows users to use the Integrated
VLANIF interface of the Management
mVLAN to log in to the
management switch to
centrally manage
devices.
Configuring Transparent A switch directly 5.12 Configuring
Transmission of Protocol transparently transmits Transparent
Packets in a VLAN to protocol packets in a Transmission of
Improve Forwarding specified VLAN without Protocol Packets in a
Efficiency sending them to the VLAN to Improve
CPU. Forwarding Efficiency
Configuring an Interface If a user connects a 5.13 Configuring an
to Discard Incoming switch to a user-side Interface to Discard
Tagged Packets interface without Incoming Tagged
permission, the user-side Packets
interface may receive
tagged packets. To
prevent unauthorized
access, you can configure
the user-side interface to
discard incoming tagged
packets.
5.5 Licensing Requirements and Limitations for VLANs
Involved Network Elements
Other network elements are not required.
Licensing Requirements
VLAN is a basic function of the switch, and as such is controlled by the license for
basic software functions. The license for basic software functions has been loaded
and activated before delivery. You do not need to manually activate it.
Version Requirements
Table 5-8 Products and minimum versions supporting VLAN technology
Product Minimum Version Required
CE8860EI V100R006C00
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 310
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Product Minimum Version Required
CE8861EI/CE8868EI V200R005C10
CE8850-32CQ-EI V200R002C50
CE8850-64CQ-EI V200R005C00
CE7850EI V100R003C00
CE7855EI V200R001C00
CE6810EI V100R003C00
CE6810-48S4Q-LI, CE6810-48S- V100R003C10
LI
CE6810-32T16S4Q-LI, V100R005C10
CE6810-24S2Q-LI
CE6850EI V100R001C00
CE6850-48S6Q-HI V100R005C00
CE6850-48T6Q-HI, CE6850U-HI, V100R005C10
CE6851HI
CE6855HI V200R001C00
CE6856HI V200R002C50
CE6857EI V200R005C10
CE6860EI V200R002C50
CE6865EI V200R005C00
CE6870-24S6CQ-EI V200R001C00
CE6870-48S6CQ-EI V200R001C00
CE6870-48T6CQ-EI V200R002C50
CE6875-48S4CQ-EI V200R003C00
CE6880EI V200R002C50
CE5810EI V100R002C00
CE5850EI V100R001C00
CE5850HI V100R003C00
CE5855EI V100R005C10
CE5880EI V200R005C10
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 311
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
NOTE
For details about the mapping between software versions and switch models, see the
Hardware Query Tool.
Feature Dependencies and Limitations
● Plan service and management VLANs separately so that broadcast storms in
service VLANs will not affect the management of switches.
● Specify the VLANs from which packets need to be transparently transmitted
by a trunk interface. You are advised not to run the port trunk allow-pass
vlan all command to configure a trunk interface to transparently transmit
packets of all VLANs.
● The CE6810LI does not support IPv4 or IPv6 Layer 3 forwarding. After the IPv4
or IPv6 function is enabled on an interface of the CE6810LI, the configured
IPv4 or IPv6 address can only be used to manage the switch.
● VLAN 1 is a built-in VLAN of the system, does not need to be created, and
cannot be deleted. Do not configure VLAN 1 as a management VLAN or
super-VLAN. To prevent broadcast storms on a backbone device, cancel
adding interfaces to VLAN 1.
● On the CE6870EI and CE6875EI, MAC address-based VLAN assignment cannot
be used with port security or MAC address learning limit.
● Switches excluding the CE5880EI, CE6875EI, CE6880EI , CE6870EI do not
support VLAN-based mirroring when having MAC address-based VLAN
assignment configured.
● On the CE6870EI and CE6875EI, a few packets will be lost after the mac-vlan
enable or undo mac-vlan enable command is executed when MAC address-
based VLAN assignment is configured. Exercise caution when performing this
operation.
● On the CE6870EI and CE6875EI, PVID of an interface must be the same as an
IP subnet-based VLAN ID when the IP subnet-based VLAN is used for Layer 3
forwarding.
● When an interface has a PVID configured and the encapsulation untag
command is executed to configure a Layer 2 sub-interface to accept untagged
packets, untagged packets are forwarded to the VXLAN through the Layer 2
sub-interface if the Layer 2 sub-interface is Up. If the Layer 2 sub-interface is
Down, untagged packets are forwarded based on the PVID.
● When a hybrid interface has a PVID and the port hybrid tagged vlan
command configured, the BPDUs sent by the interface carry the PVID when
the interface is running protocols such as STP, LACP, LLDP, GVRP, HGMP, and
802.3AH. As a result, the interface cannot be interconnected with the peer
end. To prevent this problem, configure the interface to work in untagged
mode when the interface is running these protocols.
● The outer VLAN ID encapsulated for a QinQ Layer 2 sub-interface cannot be
the same as the default VLAN ID and allowed VLAN ID of the corresponding
Layer 2 main interface.
● VLANs, VXLANs, carrier VLANs, and main interfaces share system resources. If
system resources are insufficient, the configurations of these features may fail.
● Reserved VLANs
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 312
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
– Reserved VLANs conflict with common VLANs, so reserved VLANs cannot
be used as common VLANs.
– Created reserved VLANs take effect only after the switch restarts, so the
VLANs that are being used cannot be configured as reserved VLANs.
– Reserved VLANs can only be used by Layer 3 main interfaces of the
CE6855HI, CE7855EI, CE6856HI, CE6865EI, CE6857EI, CE8861EI, and
CE8868EI.
▪ These reserved VLANs take effect without requiring the restart of the
switch. You can configure a maximum of eight reserved VLAN ranges
for Layer 3 main interfaces. The reserved VLAN ranges specified
using the vlan reserved for main-interface startvlanid to endvlanid
command multiple times cannot overlap.
▪ When you run the undo vlan reserved for main-interface
startvlanid to endvlanid command to cancel a specific reserved VLAN
range, the entire reserved VLAN range will be canceled. If a main
interface has been added to a reserved VLAN in the range, the undo
vlan reserved for main-interface command cannot be executed.
▪ The reserved VLANs of main interfaces cannot be included in the
Layer 2 reserved VLAN range configured using the vlan reserved
command.
▪ If the dynamic VLAN to be learned through GVRP is within the
reserved VLAN range of main interfaces, the dynamic VLAN cannot
be learned.
▪ In an SVF system, the VID configured for a Layer 2 sub-interface
using the encapsulation dot1q vid vid command cannot be a VLAN
ID that is in the reserved VLAN range of a main interface.
● VLAN aggregation
– Physical interfaces cannot be added to a VLAN that configured as a
super-VLAN.
– A VLAN can be added to only one super-VLAN.
– A super-VLAN must be different from its sub-VLANs.
– An IP address must be assigned to the VLANIF interface for a super-VLAN.
Otherwise, proxy ARP does not take effect.
● MUX VLAN
– The interface that has the MUX VLAN function enabled cannot be added
to VLANs in the same MUX VLAN.
– An access interface can be added to only one MUX VLAN. A trunk or
hybrid interface can be added to a maximum of 32 MUX VLANs.
– Disabling MAC address learning or limiting the number of learned MAC
addresses on an interface that has the MUX VLAN function enabled will
affect the MUX VLAN function.
– All member VLANs in a MUX VLAN must belong to the same STP
instance; otherwise, traffic forwarding may fail or loops may occur. The
VLANs in QinQ and VLAN mapping must also belong to the same STP
instance.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 313
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
– The VLAN ID assigned to a principal VLAN cannot be used to configure
VLAN mapping, VLAN stacking, super-VLAN, or sub-VLAN.
– The VLAN ID assigned to a group VLAN or separate VLAN cannot be used
to configure a VLANIF interface, VLAN mapping, VLAN stacking, super-
VLAN, or sub-VLAN.
– The MUX VLAN function conflicts with port security and VLAN ID-based
selective QinQ and cannot be configured together with these features.
– MUX VLAN cannot be configured together with TRILL, MPLS, EVN, and
VBST.
– In MUX VLAN cascading scenarios on switches except the CE6810LI, a
VLANIF interface can be created for a principal VLAN, but this VLANIF
interface cannot forward traffic from sub-VLANs at Layer 3.
– On the CE6810LI, VLANIF interfaces cannot be created for a principal
VLAN and sub-VLANs.
– A VLANIF interface cannot be created for a VLAN configured with the
MUX VLAN function on the CE6881, CE6863, and CE6820.
● VLAN traffic statistics collection
– Traffic statistics collection in a VLAN and traffic statistics collection on a
Layer 2 sub-interface are mutually exclusive on the CE6870EI and
CE6875EI.
– On the CE6870EI and CE6875EI, traffic statistics collection does not take
effect in a MUX VLAN.
– Traffic statistics are accumulative and cannot be automatically cleared by
the system. To clear traffic statistics in a VLAN, run the reset vlan
statistics command in the VLAN.
– The traffic statistics function occupies system resources. If system
resources are insufficient, configurations may fail. Disable this function
when traffic statistics do not need to be collected.
– On all switch models running versions earlier than V100R006C00, the
following traffic statistics collection functions are listed in descending
order of priority: Traffic statistics collection in a VLAN, MQC-based traffic
statistics collection, and traffic statistics collection on a VLANIF interface.
When the three functions are all configured, only the traffic statistics
collection function with a higher priority takes effect. The following table
lists the traffic statistics collection functions in descending order of
priority in V100R006C00 and later versions.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 314
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Table 5-9 Priorities of traffic statistics collection functions
Model Priorities of traffic statistics
collection functions
CE5880EI, CE6880EI, Inbound and outbound directions:
Traffic statistics collection in a
VLAN > Traffic statistics collection
on a VLANIF interface
Traffic statistics collection based
on 5-tuple information of IP
packets and MQC-based traffic
statistics collection are compatible
with the two statistics collection
functions.
CE6850EI, CE6810EI, CE6810LI, Inbound direction: Traffic statistics
CE5855EI, CE5810EI collection in a VLAN > Traffic
statistics collection on a VLANIF
interface
Outbound direction: Traffic
statistics collection based on 5-
tuple information of IP packets >
MQC-based traffic statistics
collection > Traffic statistics
collection in a VLAN > Traffic
statistics collection on a VLANIF
interface.
CE6870EI, CE6875EI Traffic statistics collection based
on 5-tuple information of IP
packets > MQC-based traffic
statistics collection > Traffic
statistics collection on a VLANIF
interface
Other switch models Inbound direction: The four
collection methods are compatible
with each other.
Outbound direction: Traffic
statistics collection based on 5-
tuple information of IP packets >
Traffic statistics collection on a
VLANIF interface; Traffic statistics
collection based on 5-tuple
information of IP packets > MQC-
based traffic statistics collection
Traffic statistics collection in a
VLAN can be used together with
traffic statistics collection based
on 5-tuple information of IP
packets, based on MQC, and on a
VLANIF interface.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 315
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
– On the CE6875EI, statistics on outgoing traffic do not include statistics on
packets forwarded at Layer 3.
– On the CE6870EI and CE6875EI, the outgoing traffic statistics in a VLAN
bound to an EVN instance are inaccurate.
– On the CE5880EI, and CE6880EI, when the packet forwarding mode is set
to cut-through, VLAN traffic statistics collection is not supported.
– On the CE6870EI and CE6875EI, if port mirroring is configured on an
interface and the interface is added to a VLAN, traffic statistics on the
interface will be twice the actual statistics during outgoing VLAN traffic
statistics collection.
● VLANIF interface traffic statistics collection
– After you run the undo statistics enable command to disable traffic
statistics collection on a VLANIF interface, traffic statistics on the VLANIF
interface will not be collected and the collected traffic statistics on the
interface will be cleared. Statistics on IPv4 packets and IPv6 packets can
be collected separately. You can run the undo statistics enable
command to clear statistics of a specific packet type. For details, see the
statistics enable (VLANIF interface view) command.
– Enabling traffic statistics collection on a VLANIF interface may affect the
forwarding performance. For example, some interfaces may fail to
forward packets at line rate when all interfaces are configured to forward
packets at line rate. Therefore, use this statistics collection function if
required.
– On the CE6870EI and CE6875EI:
– The following services are in descending order of priority: M-LAG
unidirectional isolation, MQC (traffic policing, traffic statistics collection,
and packet filtering), querying the outbound interface of packets with
specified 5-tuple information, source MAC address, and destination MAC
address, local VLAN mirroring, sFlow, NetStream, and VLANIF interface
statistics collection. When the services are configured on an interface in
the outbound direction, only the service with the highest priority takes
effect. For example, when both packet filtering and VLANIF interface
statistics collection are configured on a VLANIF interface, packet filtering
takes effect.
For sFlow and NetStream, the preceding limitations apply only to Layer 2
sub-interfaces and Layer 3 sub-interfaces. For details about the priorities
between MQC-based traffic statistics collection and traffic statistics
collection on a VLANIF interface, see Licensing Requirements and
Limitations for Traffic Statistics Collection.
– If traffic statistics collection on Layer 3 sub-interfaces is disabled on the
CE8860EI, CE8850EI, CE7850EI, CE6860EI, CE6856HI, CE6855HI,
CE6851HI, CE6850U-HI, CE6850HI, CE6850EI, CE6810EI, CE6810LI,
CE5855EI, CE5850HI, CE5850EI, and CE5810EI, the downstream traffic
statistics on a VLANIF interface are incorrectly included in the traffic
statistics on the Layer 3 sub-interface with the same VLAN ID.
5.6 Default Settings for VLANs
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 316
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Table 5-10 Default settings for VLANs
Parameter Default Setting
Port link type Access
Default VLAN ID 1
Damping time 0s
Traffic statistics function of VLAN Disabled
Traffic statistics function of the Disabled
VLANIF interface
5.7 Assigning a LAN to VLANs
VLANs can isolate the hosts that require no communication with each other, which
improves network security, reduces broadcast traffic, and suppresses broadcast
storms.
5.7.1 Configuring Interface-based VLAN Assignment
Context
VLANs can be assigned based on interfaces. With interface-based VLAN
assignment, an interface is added to a VLAN, after which the interface can
forward packets from the VLAN. Interface-based VLAN assignment allows hosts in
the same VLAN to communicate and prevents hosts in different VLANs from
communicating, limiting broadcast packets to within a VLAN.
Before configuring interface-based VLAN assignment, create a VLAN, configure
the link type of an interface, and add the interface to the VLAN.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run vlan assign { global | local } { vlan-id1 [ to vlan-id2 ] } &<1-5>
VLANs are assigned globally.
NOTE
CE5800 series switches excluding CE5880EI, CE6810EI, CE6810LI, and CE6850EI do not support
this command.
On a large Layer 2 network, Software Defined Network (SDN) controller is used to
facilitate control and deployment. You can directly configure services or protocols
on the SDN controller. The SDN controller then delivers information to the
forwarder through OpenFlow, implementing uniform maintenance and
management. You can also directly configure services or protocols on the
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 317
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
forwarder. To prevent VLAN conflicts on the SDN controller and forwarder and
reduce maintenance costs, run the vlan assign command to configure VLAN
assignment.
● global: After VLANs are assigned globally, the VLAN created by the vlan vlan-
id command must be in the allocated VLAN range.
● local: After VLANs are assigned locally, the VLANs allowed by all interfaces
must be in the allocated VLAN range.
Step 3 (Optional) Run vlan reserved vlan-id
A reserved VLAN is configured.
By default, the reserved VLAN ID ranges from 4064 to 4094. After vlan-id is
specified, the VLAN specified by vlan-id to the VLAN specified by vlan-id plus 30
are configured as reserved VLANs.
NOTE
CE5880EI and CE6880EI do not support this step.
Step 4 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed. If the specified VLAN has been
created, this command displays the VLAN view.
The value ranges from 1 to 4094. It cannot be the reserved VLAN ID. To batch
create VLANs, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command
to create VLANs. Then run the vlan vlan-id command to enter the VLAN view.
NOTE
When multiple VLANs are created on a switch, you are advised to configure names for the
VLANs to facilitate management.
Run the name vlan-name command in the VLAN view to create a VLAN name. After the
VLAN name is configured, you can run the vlan vlan-name vlan-name command in the
system view to enter the corresponding VLAN view.
Step 5 Run quit
Return to the system view.
Step 6 Configure attributes for an Ethernet interface.
1. Run the interface interface-type interface-number command to enter the
view of the Ethernet interface that wants to join the VLAN.
2. Run the port link-type { access | hybrid | trunk | dot1q-tunnel } command
to configure the link type of the Ethernet interface.
By default, the link type of an interface is access.
– If an Ethernet interface directly connects to a terminal, the link type of
the Ethernet interface can be access or hybrid.
– If an Ethernet interface connects to an interface of another switch, the
link type of the Ethernet interface can be trunk or hybrid.
3. (Optional) Run the port priority priority-value command to configure the
priority of the Ethernet interface.
By default, the priority of an Ethernet interface is 0. The value ranges from 0
to 7. A larger value indicates a higher priority.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 318
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Step 7 Add the Ethernet interface to a VLAN. By default, the VLAN and default VLAN that
an interface joins are both VLAN 1.
Run the following command as required.
● Access or QinQ interface
Run the port default vlan vlan-id command to add the interface to the
specified VLAN.
Run the port interface-type { interface-number1 [ to interface-number2 ] }
&<1-10> command in the VLAN view to add one interface or a group of
interfaces to a VLAN.
● Trunk interface
– Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }
&<1-40> | all } command to add the interface to the specified VLAN.
– (Optional) Run the port trunk pvid vlan vlan-id command to configure
the default VLAN of the trunk interface.
● Hybrid interface
– Run the following command as required.
▪ Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }
&<1-10> | all } command to add a hybrid interface to a VLAN in
untagged mode.
In untagged mode, an interface removes tags from outgoing packets.
This mode applies to the scenario where an Ethernet interface
directly connects to a terminal.
▪ Run the port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] }
&<1-10> | all } command to add a hybrid interface to a VLAN in
tagged mode.
In tagged mode, an interface does not remove tags from outgoing
packets. This mode applies to the scenario where an Ethernet
interface connects to an interface of another switch.
– (Optional) Run the port hybrid pvid vlan vlan-id command to configure
the default VLAN of the hybrid interface.
Step 8 Run commit
The configuration is committed.
----End
5.7.2 Dividing a LAN into VLANs Based on MAC Addresses
Context
NOTE
The switch enabled with MAC address-based VLAN assignment cannot process protocol
packets sent to the CPU, and it is recommended that MAC address-based VLAN assignment
be used in Layer 2 transparent transmission scenarios.
MAC address-based VLAN assignment is used if user locations do not need to be
concerned. This improves security and flexibility for terminal users.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 319
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
VLANs configured based on MAC addresses process only untagged frames, and
treat tagged frames in the same manner as VLANs configured based on ports.
After receiving an untagged frame, a port searches for a MAC-VLAN mapping
based on the source MAC address in the frame.
● If a mapping is found, the port forwards the frame based on the VLAN ID and
priority value in the mapping.
● If no matching mapping is found, the port matches the frame with other
matching rules.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run vlan assign global { vlan-id1 [ to vlan-id2 ] } &<1-5>
VLANs that can be globally assigned are specified.
NOTE
CE5800 series switches excluding CE5880EI, CE6810EI, CE6810LI, and CE6850EI do not support
this command.
After VLANs are assigned, the VLANs created using the vlan vlan-id command
must be within the assignable VLAN range.
Step 3 (Optional) Run vlan reserved vlan-id
A reserved VLAN is configured.
By default, the reserved VLAN ID ranges from 4064 to 4094. After vlan-id is
specified, the VLAN specified by vlan-id to the VLAN specified by vlan-id plus 30
are configured as reserved VLANs.
NOTE
CE5880EI and CE6880EI do not support this step.
Step 4 Run vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094 (excluding reserved VLANs). If VLANs need to
be created in batches, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>
command to create VLANs in batches, and then run the vlan vlan-id command to
enter the view of a specified VLAN.
NOTE
If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 5 Run mac-vlan mac-address mac-address [ priority priority ]
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 320
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
A MAC address is mapped to the VLAN.
● The mac-address value is in H-H-H format. An H is a hexadecimal number
that contains one to four digits, such as 00e0 and fc01. If an H contains less
than four digits, 0s are padded ahead. For example, if you specify an H as e0,
it is displayed as 00e0. A MAC address cannot be set to all 0s, all Fs or
multicast addresses.
● priority specifies the 802.1p priority relevant to the MAC addresses. The value
ranges from 0 to 7. A larger value indicates a higher priority. The default
value is 0. After the 802.1p priority is specified, frames with high priorities are
first forwarded when traffic is congested. CE6870EI and CE6875EI do not
support this parameter.
Step 6 Run quit
The system view is displayed.
Step 7 Configure attributes for Ethernet interfaces.
1. Run the interface interface-type interface-number command to enter the
view of the interface.
2. Run the port link-type hybrid command to set the link type of the interface
to hybrid.
The interface where MAC address-based VLAN assignment is to be enabled is
a hybrid interface.
By default, the link type is access.
3. Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> |
all } command to configure the hybrid interface to allow frames with a
specified VLAN ID to pass through.
Step 8 Run mac-vlan enable
MAC address-based VLAN assignment is enabled.
By default, MAC address-based VLAN assignment is disabled.
NOTE
● For CE6870EI and CE6875EI, MAC address-based VLAN assignment cannot be used with
port security or MAC address limiting on the same interface.
● When MAC address-based VLAN assignment is used, the priority of packets with the
VLAN ID of 0 cannot be modified.
● When MAC address-based assignment is configured on the CE6870EI and CE6875EI,
running the mac-vlan enable or undo mac-vlan enable command may cause few
packets to be discarded. Exercise caution when you run this command.
Step 9 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 321
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.7.3 Dividing a LAN into VLANs Based on IP Subnets
Context
NOTE
The CE6810LI does not support IP subnet-based VLAN assignment.
The switch enabled with IP subnet-based VLAN assignment cannot process protocol packets
sent to the CPU, and it is recommended that IP subnet-based VLAN assignment be used in
Layer 2 transparent transmission scenarios.
IP subnet-based assignment allows users to easily join a VLAN, transfer from one
VLAN to another, and exit from a VLAN. IP subnet-based VLAN assignment is
applicable to networks that have traveling users and require simple management.
The switch enabled with IP subnet-based VLAN assignment processes only
untagged frames. After receiving untagged frames, the switch determines the
VLANs to which the frames belong based on their source IP addresses and
network segment addresses before sending them to corresponding VLANs.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run vlan assign global { vlan-id1 [ to vlan-id2 ] } &<1-5>
VLANs that can be globally assigned are specified.
NOTE
CE5800 series switches excluding CE5880EI, CE6810EI, CE6810LI, and CE6850EI do not support
this command.
After VLANs are assigned, the VLANs created using the vlan vlan-id command
must be within the assignable VLAN range.
Step 3 (Optional) Run vlan reserved vlan-id
A reserved VLAN is configured.
By default, the reserved VLAN ID ranges from 4064 to 4094. After vlan-id is
specified, the VLAN specified by vlan-id to the VLAN specified by vlan-id plus 30
are configured as reserved VLANs.
NOTE
CE5880EI and CE6880EI do not support this step.
Step 4 Run vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094 (excluding reserved VLANs). If VLANs need to
be created in batches, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>
command to create VLANs in batches, and then run the vlan vlan-id command to
enter the view of a specified VLAN.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 322
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
NOTE
If the switch is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 5 Run ip-subnet-vlan [ ip-subnet-index ] ip ip-address { mask | mask-length }
[ priority priority ]
An IP subnet is associated with the VLAN.
● ip-subnet-index specifies the IP subnet index. The subnet index can be
specified by a user or automatically generated by the system.
● ip-address specifies the source IP address or network address based on which
a VLAN is configured. The value is in dotted decimal notation.
● priority specifies the 802.1p priority value related to the VLAN configured
based on the IP address or network address. The value ranges from 0 to 7.
The greater the value, the higher the priority. The default value is 0. After the
802.1p priority value is specified, frames with high priorities are first
forwarded when traffic is congested. The CE6870EI and CE6875EI do not
support this parameter.
The CE5810EI and CE5855EI support 256 subnets, the CE6870EI and CE6875EI
support 16 subnets, and other models support 512 subnets. The IP subnet or the
IP address associated with a VLAN cannot be a multicast network segment or
multicast address.
Step 6 Run quit
The system view is displayed.
Step 7 Configure attributes for Ethernet interfaces.
1. Run the interface interface-type interface-number command to enter the
view of the Ethernet interface configured with IP subnet-based VLAN
assignment.
2. Run the port link-type hybrid command to set the link type of the interface
to hybrid.
IP subnet-based VLAN assignment must be configured on the hybrid interface.
By default, the link type is access.
3. Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> |
all } command to add the hybrid interface to the IP subnet-based VLAN.
Step 8 (Optional) Run vlan precedence ip-subnet-vlan
IP subnet-based VLAN assignment is configured with a higher priority.
By default, MAC address-based VLAN assignment is used.
NOTE
The CE6810LI, CE6870EI, and CE6875EI do not support this step.
Step 9 Run ip-subnet-vlan enable
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 323
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
IP subnet-based VLAN assignment is enabled.
By default, IP subnet-based VLAN assignment is disabled.
Step 10 Run commit
The configuration is committed.
----End
5.7.4 Protocol-based VLAN Assignment
Context
NOTE
CE6810LI does not support protocol-based VLAN assignment.
The switch enabled with protocol-based VLAN assignment cannot process protocol packets
sent to the CPU, and it is recommended that protocol-based VLAN assignment be used in
Layer 2 transparent transmission scenarios.
Both IP subnet-based and protocol-based VLAN assignment are called network
layer-based VLAN assignment, which reduces manual VLAN configuration
workload and allows users to easily join a VLAN, transfer from one VLAN to
another, and exit from a VLAN. The switch that has protocol-based VLAN
assignment enabled processes only untagged frames, and treats tagged frames in
the same manner as interface-based VLAN assignment.
When receiving an untagged frame from an interface, the switch identifies the
protocol profile of the frame and then determines the VLAN that the frame
belongs to.
● If protocol-based VLANs are configured on the interface and the protocol
profile of the frame matches a protocol-based VLAN, the switch adds the
VLAN tag to the frame.
● If protocol-based VLANs are configured on the interface and the protocol
profile of the frame matches no protocol-based VLAN, the switch adds the
PVID of the interface to the frame.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run vlan assign global { vlan-id1 [ to vlan-id2 ] } &<1-5>
VLANs that can be globally assigned are specified.
NOTE
CE5800 series switches excluding CE5880EI, CE6810EI, CE6810LI, and CE6850EI do not support
this command.
After VLANs are assigned, the VLANs created using the vlan vlan-id command
must be within the assignable VLAN range.
Step 3 (Optional) Run vlan reserved vlan-id
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 324
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
A reserved VLAN is configured.
By default, the reserved VLAN ID ranges from 4064 to 4094. After vlan-id is
specified, the VLAN specified by vlan-id to the VLAN specified by vlan-id plus 30
are configured as reserved VLANs.
NOTE
CE5880EI and CE6880EI do not support this step.
Step 4 Run vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094 (excluding reserved VLANs). If VLANs need to
be created in batches, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>
command to create VLANs in batches, and then run the vlan vlan-id command to
enter the view of a specified VLAN.
NOTE
If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Manually configuring and maintaining VLANs is challenging on a large Layer 2 network.
Configuration inconsistency may occur. To improve maintenance efficiency and simplify
configuration, run the vlan range { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create a
temporary VLAN range and configure services in the VLAN range view. Services are then
delivered in batches to all the VLANs in the VLAN range.
Step 5 Run protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw
| snap } | mode { ethernetii-etype etype-id1 | llc dsap dsap-id ssap ssap-id |
snap-etype etype-id2 } }
Protocols are associated with VLANs and a protocol profile is specified.
● protocol-index specifies the index of a protocol profile.
A protocol profile depends on protocol types and encapsulation formats, and
a VLAN associated with a protocol can be defined in a protocol profile.
● When specifying the source and destination service access points, pay
attention to the following points:
– dsap-id and ssap-id cannot be both set to 0xaa.
– dsap-id and ssap-id cannot be both set to 0xe0. 0xe0 indicates llc,
encapsulation format of IPX packets.
– dsap-id and ssap-id cannot be both set to 0xff. 0xff indicates raw,
encapsulation format of IPX packets.
Step 6 Run quit
The system view is displayed.
Step 7 Configure attributes for the Ethernet interface.
1. Run interface interface-type interface-number
The view of the interface that allows the protocol-based VLAN is displayed.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 325
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
2. Run port link-type hybrid
The interface is configured as the hybrid interface.
Protocol-based VLAN assignment can only be configured on hybrid interfaces.
3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The hybrid interface is configured to allow the protocol-based VLAN.
Step 8 Run protocol-vlan vlan vlan-id { all | protocol-index1 [ to protocol-index2 ] }
[ priority priority ]
The interface is associated with a protocol-based VLAN.
● vlan-id must be the ID of a protocol-based VLAN.
● priority specifies the 802.1p priority of a protocol-based VLAN. The value
ranges from 0 to 7. A larger value indicates a higher priority. The default
value is 0. After the 802.1p priority of a protocol-based VLAN is specified, the
switch first forwards high-priority frames in the case of congestion.
Step 9 Run commit
The configuration is committed.
----End
5.7.5 Verifying the Configuration of Assigning a LAN to VLANs
Procedure
● Run the display vlan reserved command to view information about reserved
VLANs.
● Run the display port vlan [ interface-type interface-number ] [ active ]
command to view information about interfaces of the VLAN.
● Run the display vlan command to check information about all VLANs or a
specified VLAN.
● Run the display mac-vlan { mac-address { all | mac-address } | vlan vlan-id }
command to check information about VLANs configured based on MAC
addresses.
● Run the display ip-subnet-vlan vlan { all | vlan-id1 [ to vlan-id2 ] }
command to check information about IP subnet associated with VLANs.
● Run the display protocol-vlan vlan { all | vlan-id1 [ to vlan-id2 ] } command
to check the types and indexes of the protocols associated with VLANs.
● Run the display protocol-vlan interface { all | interface-type interface-
number } command to check information about VLANs configured based on
protocols associated with ports.
----End
5.8 Configuring Inter-VLAN Communication
This section describes how to configure VLANIF interfaces and Layer 3 sub-
interfaces to implement inter-VLAN communication.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 326
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Pre-configuration Tasks
Before creating a VLANIF interface, complete the following tasks:
● Create a VLAN.
● Associate the VLAN with the physical interface.
5.8.1 Configuring VLANIF Interfaces for Inter-VLAN
Communication
Context
After VLANs are configured, users in the same VLAN can communicate with each
other while users in different VLANs cannot. To implement inter-VLAN
communication, configure VLANIF interfaces which are Layer 3 logical interfaces.
If a VLAN goes Down because all ports in the VLAN go Down, the system
immediately reports the VLAN Down event to the corresponding VLANIF interface,
instructing the VLANIF interface to go Down. To prevent network flapping caused
by changes of VLANIF interface status, enable VLAN damping on the VLANIF
interface. After the last Up port in a VLAN goes Down, the system starts a delay
timer and informs the corresponding VLANIF interface of the VLAN Down event
after the timer expires. If a port in the VLAN goes Up during the delay period, the
VLANIF interface remains Up.
If a new VLANIF interface does not need to be enabled immediately (the new
VLANIF interface may affect services on the live network), run the set shutdown
default vlanif command to shut down the VLANIF interface. Then the VLANIF
interfaces that are created subsequently are disabled by default, and the system
generates the shutdown command configuration for them. To enable the
configured VLANIF interface, run the undo shutdown command to manually
enable it.
MTU is short for maximum transmission unit. An MTU value determines the
maximum number of bytes each time a sender can send. If the size of packets
exceeds the MTU supported by a transit node or a receiver, the transit node or
receiver fragments the packets or even discards them, aggravating the network
transmission load. To avoid this problem, set the MTU value of the VLANIF
interface.
After configuring bandwidth for VLANIF interfaces, you can use the NMS to query
the bandwidth. This facilitates traffic monitoring.
NOTE
To implement communication between VLANs, hosts in each VLAN must use the IP address
of the corresponding VLANIF interface as the gateway address.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run set shutdown default vlanif
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 327
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
New VLANIF interfaces are configured in shutdown state.
By default, a new VLANIF interface is enabled.
Step 3 Run interface vlanif vlan-id
A VLANIF interface is created and the VLANIF interface view is displayed.
The VLAN ID specified in this command must be the ID of an existing VLAN.
A VLANIF interface is Up only when at least one physical port added to the
corresponding VLAN is Up.
Step 4 Run ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface for communication at the
network layer.
If IP addresses assigned to VLANIF interfaces belong to different network
segments, a routing protocol must be configured on the device to provide
reachable routes. Otherwise, VLANIF interfaces cannot communicate with each
other at the network layer.
Step 5 (Optional) Run damping time delay-time
The delay period of VLAN damping is configured.
The delay-time value ranges from 0 to 20, in seconds. By default, the delay is 0
seconds, indicating that VLAN damping is disabled.
Step 6 (Optional) Run mtu mtu
The MTU value of the VLANIF interface is configured.
By default, the value is 1500.
NOTE
● The MTU refers to the maximum length of the Layer 3 IP header and subsequent data
frames, excluding the Layer 2 frame header.
● The mtu value plus the Layer 2 frame header of a VLANIF interface must be smaller
than the jumboframe value of the peer interface; otherwise, some packets may be
discarded.
Step 7 (Optional) Run bandwidth bandwidth
The bandwidth of the VLANIF interface is configured.
By default, the bandwidth of a VLANIF interface is 1000 Mbit/s.
Step 8 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 328
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.8.2 Configuring Layer 3 Sub-interfaces for Inter-VLAN
Communication
Context
Users belong to different VLANs and are located on different network segments
can communicate with each other by configuring Layer 3 sub-interfaces.
NOTE
To implement communication between VLANs, hosts in each VLAN must use the IP address
of the corresponding Layer 3 sub-interface as the gateway address.
NOTE
The CE6810LI does not support configuring Layer 3 sub-interfaces.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
The mode switching function takes effect when the interface only has attribute
configurations (for example, shutdown and description configurations).
Alternatively, if configuration information supported by both Layer 2 and Layer 3
interfaces exists (for example, mode lacp and lacp system-id configurations), no
configuration that is not supported after the working mode of the interface is
switched can exist. If unsupported configurations exist on the interface, delete the
configurations first and then run the undo portswitch command.
NOTE
If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch
batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in
the system view to switch these interfaces to Layer 3 mode in batches.
Step 4 Run quit
Return to the system view.
Step 5 Run interface interface-type interface-number.subinterface-number
The Layer 3 sub-interface view is displayed.
Step 6 Run ip address ip-address { mask | mask-length } [ sub ]
The IP address of the Layer 3 sub-interface is set.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 329
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Step 7 Run dot1q termination vid pe-vid
The VLANs allowed by the dot1q Layer 3 sub-interface are specified.
Each Layer 3 sub-interface can terminate only one VLAN tag.
Layer 3 sub-interfaces of different main interfaces can be associated with the
same VLAN ID. However, different Layer 3 sub-interfaces of the same main
interface cannot be associated with the same VLAN ID.
Step 8 Run commit
The configuration is committed.
----End
5.8.3 Verifying the Inter-VLAN Communication Configuration
Prerequisites
The configurations of inter-VLAN communication are complete.
Procedure
● Run the display vlan [ vlan-id1 [ to vlan-id2 ] | vlan-name vlan-name |
summary ] command to check information about all VLANs or a specified
VLAN.
● Run the display interface vlanif [ vlan-id ] command to check information
about VLANIF interfaces.
Before running this command, ensure that VLANIF interfaces have been
configured.
----End
5.9 Configuring VLAN Aggregation to Save IP
Addresses
VLAN aggregation prevents the waste of IP addresses and implements inter-VLAN
communication.
5.9.1 Creating a Sub-VLAN
Context
In VLAN aggregation, a sub-VLAN can contain only physical interfaces (it cannot
contain VLANIF interfaces). All the interfaces in a sub-VLAN use the same IP
address of the VLANIF interface associated with the super-VLAN. VLAN
aggregation reduces the number of subnet IDs, subnet default gateway addresses,
and directed broadcast IP addresses needed on the network segment and ensures
that IP addresses are assigned efficiently. VLAN aggregation allows each sub-
VLAN to function as a broadcast domain to implement broadcast isolation and
saves IP address resources.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 330
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A sub-VLAN is created and the sub-VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, it is recommended that you configure a name for
each VLAN.
To do so, run the name vlan-name command in the VLAN view. After a VLAN name is
configured, run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 3 Run quit
Return to the system view.
Step 4 Configure the link type of the interface.
● Configure the link type of the interface as access.
a. Run interface interface-type interface-number
The interface view is displayed.
b. Run port link-type access
The link type of the interface is set to access.
c. Run port default vlan vlan-id
The interface is added to the sub-VLAN.
d. Run quit
Return to the system view.
● Configure the link type of the interface as trunk.
a. Run interface interface-type interface-number
The interface view is displayed.
b. Run port link-type trunk
The link type of the interface is set to trunk.
c. Run port trunk allow-pass vlanvlan-id
The interface is added to the sub-VLAN.
d. Run quit
Return to the system view.
● Configure the link type of the interface as hybrid.
a. Run interface interface-type interface-number
The interface view is displayed.
b. Run port link-type hybrid
The link type of the interface is set to hybrid.
c. Run port hybrid tagged vlanvlan-id
Or run port hybrid untagged vlanvlan-id
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 331
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
The interface is added to the sub-VLAN.
d. Run quit
Return to the system view.
Step 5 Run commit
The configuration is committed.
----End
5.9.2 Creating a Super-VLAN
Prerequisites
Before configuring a super-VLAN, ensure that sub-VLANs have been configured.
Context
A super-VLAN consists of several sub-VLANs. A VLANIF interface can be configured
for the super-VLAN and assigned an IP address (no physical interface can be
added to a super-VLAN).
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created, and the VLAN view is displayed.
The VLAN ID of a super-VLAN must be different from every sub-VLAN ID.
Step 3 Run aggregate-vlan
A super-VLAN is created.
A super-VLAN cannot contain any physical interfaces.
VLAN 1 cannot be configured as a super-VLAN.
Step 4 Run access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
A sub-VLAN is added to a super-VLAN.
Before adding sub-VLANs to a super-VLAN, ensure that these sub-VLANs are not
configured with VLANIF interfaces.
The device supports 256 sub-VLANs in a super-VLAN.
Step 5 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 332
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.9.3 Assigning an IP Address to the VLANIF Interface of a
Super-VLAN
Context
The IP address of the VLANIF interface of a super-VLAN must contain the subnet
segments where users in sub-VLANs reside. All the sub-VLANs use the IP address
of the VLANIF interface of the super-VLAN, saving IP addresses.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
A VLANIF interface is created for a super-VLAN, and the view of the VLANIF
interface is displayed.
Step 3 Run ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface.
Step 4 Run commit
The configuration is committed.
----End
5.9.4 (Optional) Enabling Proxy ARP on the VLANIF Interface
of a Super-VLAN
Context
VLAN aggregation does not support Layer 3 communication between hosts in
different sub-VLANs.
To enable hosts in one sub-VLAN to communicate with hosts in another sub-VLAN
or on another network over Layer 3, enable proxy ARP.
After a super-VLAN and its VLANIF interface are created, proxy ARP must be
enabled to allow the super-VLAN to forward or process ARP request and reply
packets. Proxy ARP helps PCs in sub-VLANs communicate with each other at the
network layer.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
The view of the VLANIF interface of the super-VLAN is displayed.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 333
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Step 3 Run arp proxy inter-vlan enable
Inter-sub-VLAN proxy ARP is enabled.
An IP address must have been assigned to the VLANIF interface corresponding to
the super-VLAN. Otherwise, proxy ARP cannot take effect.
Step 4 Run commit
The configuration is committed.
----End
5.9.5 (Optional) Configuring an IP Address Pool for a Sub-
VLAN
Specifying an IP address range for users in a sub-VLAN filters out unauthorized
users of which IP addresses are beyond the range.
Context
Specifying an IP address range for users in a sub-VLAN filters out unauthorized
users of which IP addresses are beyond the range.
After configuring an IP address pool for a sub-VLAN, note the following points:
● Only packets with IP addresses in the IP address pool are processed in the
sub-VLAN. The packets include ARP Request packets, ARP Reply packets, and
ARP proxy packets. Packets with IP addresses beyond the IP address pool are
discarded.
NOTE
If the sub-VLAN and DHCP address pools are used together, ensure that the range of the
sub-VLAN address pool covers the range of the DHCP address pool. Or, do not use the sub-
VLAN and DHCP address pools together.
● Only entries mapping IP addresses in the IP address pool are learned in the
sub-VLAN.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The view of a created sub-VLAN is displayed.
Step 3 Run ip pool start-address [ to end-address ]
An IP address pool is configured for the sub-VLAN.
Step 4 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 334
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.9.6 Verifying the VLAN Aggregation Configuration
Procedure
● Run the display vlan [ vlan-id [ verbose ] ] or display vlan [ vlan-id1 [ to
vlan-id2 ] | vlan-name vlan-name | summary ] command to check VLAN
information.
● Run the display interface vlanif [ vlan-id ] command to check information
about a specific VLANIF interface.
● Run the display sub-vlan [ vlan-id ] command to check mappings between
sub-VLANs and super-VLANs.
● Run the display super-vlan [ vlan-id ] command to check sub-VLANs
contained in a super-VLAN.
----End
5.10 Configuring MUX VLAN
Configuring a MUX VLAN allows users in different VLANs to communicate with
each other, and separates users in a certain VLAN.
NOTE
CE5880EI and CE6880EI do not support MUX VLAN.
Pre-configuration Tasks
Before configuring a MUX VLAN, complete the following task:
● Creating VLANs
5.10.1 Configuring a Principal VLAN for a MUX VLAN
Context
Ports added to a principal VLAN can communicate with every port in the MUX
VLAN.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been
created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094 (VLANs 4064 to 4094 are default reserved
VLANs. You can run the vlan reserved command to configure the reserved VLAN
range). If VLANs need to be created in batches, run the vlan batch { vlan-id1 [ to
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 335
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
vlan-id2 ] } &<1-10> command to create VLANs in batches, and then run the vlan
vlan-id command to enter the view of a specified VLAN.
NOTE
If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 3 Run mux-vlan
The VLAN is configured as a principal VLAN.
The VLAN ID assigned to a principal VLAN can no longer be used to configure the
VLANIF interface, Super-VLAN, Sub-VLAN, VLAN Mapping, VLAN Stacking.
Step 4 Run commit
The configuration is committed.
----End
5.10.2 Configuring a Group VLAN for a Subordinate VLAN
Context
A VLAN associated with a group port is called a group VLAN. Group ports in a
group VLAN can communicate with each other.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The view of a created principal VLAN is displayed.
Step 3 Run subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>
A group VLAN is configured for the subordinate VLAN.
A maximum of 128 group VLANs can be configured for a principal VLAN.
The VLAN ID assigned to a group VLAN can no longer be used to configure the
VLANIF interface, Super-VLAN, Sub-VLAN, VLAN Mapping, VLAN Stacking.
Step 4 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 336
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.10.3 Configuring a Separate VLAN for a Subordinate VLAN
Context
A VLAN associated with separate ports is called a separate VLAN. Ports in a
separate VLAN cannot communicate with each other.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The view of a created principal VLAN is displayed.
Step 3 Run subordinate separate vlan-id
A separate VLAN is configured for a subordinate VLAN.
Only one separate VLAN can be configured for a principal VLAN.
Group VLANs and separate VLANs in one MUX VLAN cannot use the same VLAN
ID.
The VLAN ID assigned to a separate VLAN can no longer be used to configure the
VLANIF interface, Super-VLAN, Sub-VLAN, VLAN Mapping, VLAN Stacking.
Step 4 Run commit
The configuration is committed.
----End
5.10.4 Enabling the MUX VLAN Function on a Port
Context
After the MUX VLAN function is enabled on a port, the principal VLAN and
subordinate VLAN can communicate with each other; ports in a group VLAN can
communicate with each other; ports in a separate VLAN cannot communicate with
each other.
Pre-configuration Tasks
Before enabling the MUX VLAN function on a port, complete the following task:
● Adding the port to a principal or subordinate VLAN as an access, hybrid, or
trunk interface
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 337
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run port link-type { hybrid | access | trunk }
The port link-type is set.
Step 4 Run port mux-vlan enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The MUX VLAN function is enabled.
After the MUX VLAN function is enabled on an interface, VLAN stacking and VLAN
mapping cannot be configured on the interface.
NOTE
● Access interfaces can be added to only one MUX VLAN group. Trunk and hybrid
interfaces can be added to multiple MUX VLAN groups. An interface can be added to a
maximum of 32 MUX VLAN groups.
● The interface enabled with the MUX VLAN function cannot be added to other VLANs of
the MUX VLAN group.
● Disabling MAC address learning or limiting the number of learned MAC addresses on an
interface affects the MUX VLAN function on the interface.
● The MUX VLAN and port security functions cannot be enabled on the same interface.
● In a cascading scenario, the MUX VLAN cannot be enabled between interfaces
connecting access and aggregation devices.
Step 5 Run commit
The configuration is committed.
----End
5.10.5 Verifying the MUX VLAN Configuration
Procedure
● Run the display mux-vlan command to check information about the MUX
VLAN.
----End
5.11 Configuring an mVLAN to Implement Integrated
Management
Context
Management VLAN (mVLAN) configuration allows users to use the VLANIF
interface of the mVLAN to log in to the management switch to centrally manage
devices. To use a network management system to manage multiple devices, create
a VLANIF interface on each device and configure a management IP address for the
VLANIF interface. You can then log in to a device and manage it using its
management IP address. If a user-side interface is added to the VLAN, users
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 338
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
connected to the interface can also log in to the device. This brings security risks
to the device.
After a VLAN is configured as an mVLAN, no access interface or dot1q-tunnel
interface can be added to the VLAN. An access interface or a dot1q-tunnel
interface is connected to users. The mVLAN forbids users connected to access and
dot1q-tunnel interfaces to log in to the device, improving device performance.
Pre-configuration Tasks
Before creating a VLANIF interface, complete the following tasks:
● Create a VLAN.
● Associate the VLAN with the physical interface.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 3 Run management-vlan
An mVLAN is configured.
After an mVLAN is configured, an interface added to the mVLAN must be a trunk
or hybrid interface.
VLAN 1 cannot be configured as an mVLAN.
Step 4 Run quit
The VLAN view is quit.
Step 5 Run interface vlanif vlan-id
A VLANIF interface is created and the VLANIF interface view is displayed.
Step 6 Run ip address ip-address { mask | mask-length } [ sub ]
The IP address of the VLANIF interface is configured.
After assigning an IP address to the VLANIF interface, you can run the stelnet
command to log in to a management switch to manage attached devices.
Step 7 Run commit
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 339
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
The configuration is committed.
----End
Verifying the Configuration
● Run the display vlan command to check information about the mVLAN. The
command output shows information about the mVLAN in the line started
with an asterisk sign (*).
5.12 Configuring Transparent Transmission of Protocol
Packets in a VLAN to Improve Forwarding Efficiency
VLAN transparent transport improves forwarding efficiency. A switch directly
forwards protocol packets of a specific VLAN without sending the packets to its
CPU.
Context
If the device is a gateway of some VLANs or snooping functions are deployed in
some VLANs, the device does not need to process protocol packets in other VLANs.
After the protocol packets in other VLANs are sent to the CPU, the CPU needs to
forward them to other devices. This mechanism is called software forwarding.
Software forwarding affects the forwarding speed and efficiency of protocol
packets because protocol packets need to be processed.
To address this issue, deploy transparent transmission of protocol packets in
VLANs where protocol packets do not need to be processed. This function enables
the device to transparently transmit the protocol packets in the VLANs to other
devices, which improves the forwarding speed and efficiency.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
The VLAN view is displayed.
NOTE
If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
Step 3 Run protocol-transparent
Transparent transmission of protocol packets in a VLAN is enabled.
By default, transparent transmission of protocol packets in a VLAN is disabled.
Transparent transmission of protocol packets cannot be configured in VLAN 1.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 340
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
NOTE
A VLAN enabled with transparent transmission of protocol packets cannot be configured as
a multicast VLAN or MUX VLAN.
Step 4 Run commit
The configuration is committed.
----End
Verifying the Configuration
Run the display this command in the VLAN view to check the configuration for
transparent transmission of protocol packets in a VLAN.
5.13 Configuring an Interface to Discard Incoming
Tagged Packets
Context
All packets sent from user devices are untagged, so user-side interfaces on a
switch does not receive tagged packets, and the interface must be configured as
an access interface. If a user connects a switch to a user-side interface without
permission, the user-side interface may receive tagged packets. To prevent
unauthorized access, you can configure the user-side interface to discard incoming
tagged packets.
Only interfaces that are connected to user devices and do not receive tagged
packets can be configured to discard incoming tagged packets.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The member interface view is displayed.
Step 3 Run port discard tagged-packet
The interface is configured to discard incoming tagged packets.
By default, an interface does not discard incoming tagged packets.
Step 4 Run commit
The configuration is committed.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 341
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.14 Configuring a Hash Mode of the VLAN-XLATE
Table
When a hash conflict in the VLAN-XLATE table occurs, run the assign forward
vlan-xlate command to change the uplink and downlink hash modes of the
VLAN-XLATE table to reduce hash conflicts.
Context
NOTE
● After a hash mode of the VLAN-XLATE table is configured, you must restart the device to
make the configuration take effect.
● Only the CE6850HI, CE6851HI, CE6855HI, CE6856HI, CE6850U-HI, CE6855HI, CE6857EI,
CE6860EI, CE6865EI, CE7800 series, and CE8800 series switches support this function.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run assign forward vlan-xlate { egress | ingress } hash { crc16-lower | crc16-
upper | crc32-lower | crc32-upper | lsb }
A hash mode of the VLAN-XLATE table is configured.
By default, the uplink and downlink hash modes of the VLAN-XLATE table are
both crc32-lower.
Step 3 Run commit
The configuration is committed.
----End
Verifying the Configuration
Run the display forward vlan-xlate hash mode command in all views to check
the uplink and downlink hash modes of the VLAN-XLATE table.
5.15 Maintaining VLANs
5.15.1 Collecting Traffic Statistics Collection in a VLAN
Context
You can enable traffic statistics collection on a VLAN or on a VLANIF interface to
monitor VLAN traffic.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 342
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Procedure
● Configure traffic statistics collection in a VLAN.
a. Run the system-view command to enter the system view.
b. Run the vlan vlan-id command to enter the VLAN view.
c. In the VLAN view, run the statistics enable command to enable traffic
statistics collection in a VLAN.
By default, traffic statistics collection is disabled in a VLAN.
NOTE
If the forwarding mode on a CE5880EI or CE6880EI switch is cut through, the switch
cannot collect traffic statistics in a VLAN.
Traffic statistics collection in a VLAN and traffic statistics collection on a Layer 2 sub-
interface are mutually exclusive on the CE6870EI and CE6875EI.
d. Run the commit command to commit the configuration.
● Configure traffic statistics collection on a VLANIF interface.
NOTE
The CE6810LI cannot collect traffic statistics on a VLANIF interface.
a. Run the system-view command to enter the system view.
b. Run the interface vlanif vlan-id command to enter the VLANIF interface
view.
c. (Optional) Run the ipv6 enable command to enable IPv6 function on the
interface.
By default, the IPv6 function is disabled on an interface.
Before enabling IPv6 packet statistics collection on a VLANIF interface,
enable the IPv6 function on the interface.
d. Enable traffic statistics collection on the VLANIF interface.
▪ For CE5800 (excluding the CE5855EI), CE6810EI, CE6850EI, and
CE6880EI, run the statistics enable command.
▪ For CE6870EI and CE6875EI switches, run the statistics [ ipv6 ]
enable [ inbound | outbound ] command.
▪ For CE5855EI, CE6800 series (excluding the CE6810EI, CE6850EI,
CE6870EI, CE6875EI, and CE6880EI, CE7800 series, and CE8800 series,
run the statistics [ ipv4 | ipv6 ] enable command.
By default, traffic statistics collection is disabled on a VLANIF interface.
e. Run the commit to commit the configuration.
----End
Follow-up Procedure
● Run the display vlan vlan-id statistics command in any view to check traffic
statistics in a specified VLAN.
● Run the display interface vlanif [ vlan-id ] command in any view to check
traffic statistics on a VLANIF interface.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 343
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.15.2 Clearing Statistics of VLAN Packets
Context
If you want to collect traffic statistics for a specified time on an interface, you
must first clear existing statistics on the interface.
NOTICE
Statistics about VLAN packets cannot be restored after you clear it. So, confirm the
action before you use the command.
To clear the statistics of VLAN packets, run the following reset vlan statistics
command in the user view:
Procedure
● Run the reset vlan vlan-id statistics command to clear the packets of the
specified VLAN statistics.
----End
5.15.3 Enabling GMAC Ping to Detect Layer 2 Network
Connectivity
Context
Similar to IP ping, GMAC ping efficiently detects and locates Ethernet faults and
monitors link quality.
NOTE
CE5880EI and CE6880EI do not support this function.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the ping mac enable command to globally enable GMAC ping.
By default, GMAC ping is disabled.
After GMAC ping is enabled on the device, the device can ping the remote device
and respond to the received GMAC ping packets.
Step 3 Run the commit command to commit the configuration.
Step 4 Run the ping mac mac-address vlan vlan-id [ interface interface-type interface-
number | -c count | -s packetsize | -t timeout ] * command to perform GMAC ping
to check connectivity of the link between the local device and the remote device.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 344
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
5.15.4 Enabling GMAC Trace to Locate Faults
Context
Similar to IP traceroute, GMAC trace efficiently detects and locates Ethernet faults
and monitors the link quality.
NOTE
CE5880EI and CE6880EI do not support this function.
Procedure
Step 1 Configure the devices at both ends of a link and an intermediate device.
Perform the following operations on the devices at both ends of the link to be
tested and intermediate device.
1. Run the system-view command to enter the system view.
2. Run the trace mac enable command to globally enable GMAC trace.
By default, GMAC trace is disabled.
After GMAC ping is enabled on the device, the device can ping the remote
device and respond to received GMAC ping packets.
3. Run the commit command to commit the configuration.
Step 2 Perform GMAC trace.
Perform the following operations on the device at one end of the link to be tested.
1. Run the system-view command to enter the system view.
2. Run the trace mac mac-address vlan vlan-id [ interface interface-type
interface-number | -t timeout ]* command to locate a connectivity fault
between the local device and the remote device.
----End
5.16 Configuration Examples for VLANs
This section only provides configuration examples for individual features. For
details about multi-feature configuration examples, feature-specific configuration
examples, interoperation examples, protocol or hardware replacement examples,
and industry application examples, see the Typical Configuration Examples.
5.16.1 Example for Assigning VLANs Based on Ports
Networking Requirements
In Figure 5-22, multiple user terminals are connected to switches in a data center.
Users who use the same service all access the network using different devices.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 345
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
To ensure communication security and avoid broadcast storms, the administrator
wants to allow users who use the same service to communicate with each other
but isolate users who use different services.
Configure the switch with port-based VLAN assignment and add ports connected
to users who use the same service to the same VLAN. This way, users who use the
same services can directly communicate, but users using different services cannot
communicate over Layer 2.
Figure 5-22 Networking diagram for assigning VLANs based on ports
10GE1/0/3 10GE1/0/3
SwitchA SwitchB
10GE1/0/1 10GE1/0/2 10GE1/0/1 10GE1/0/2
User1 User3 User2 User4
VLAN2 VLAN3 VLAN2 VLAN3
Configuration Roadmap
1. Create VLANs and add ports connected to users using different services to
different VLANs to isolate Layer 2 traffic.
2. Configure the type of link between SwitchA and SwitchB and VLANs to allow
users who use the same service to communicate.
Procedure
Step 1 Create VLAN2 and VLAN3 on SwitchA, and add ports connecting to user terminals
to different VLANs. Configuration of SwitchB is the same as that of SwitchA.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] vlan batch 2 3
[*SwitchA] interface 10ge 1/0/1
[*SwitchA-10GE1/0/1] port default vlan 2
[*SwitchA-10GE1/0/1] quit
[*SwitchA] interface 10ge 1/0/2
[*SwitchA-10GE1/0/2] port default vlan 3
[*SwitchA-10GE1/0/2] quit
[*SwitchA] commit
Step 2 Configure the type of the port connected to SwitchB on SwitchA and the allowed
VLANs. The configuration of SwitchB is the same as that of SwitchA.
[~SwitchA] interface 10ge 1/0/3
[~SwitchA-10GE1/0/3] port link-type trunk
[*SwitchA-10GE1/0/3] port trunk allow-pass vlan 2 3
[*SwitchA-10GE1/0/3] commit
Step 3 Verify the configuration.
Add User1 and User2 to the same IP address segment, for example,
192.168.100.0/24. Add User3 and User4 to the same IP address segment, for
example, 192.168.200.0/24.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 346
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Only User1's and User2's terminals can ping each other. Only User3's and User4's
terminals can ping each other.
----End
Configuration Files
● Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface 10GE1/0/1
port default vlan 2
#
interface 10GE1/0/2
port default vlan 3
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
● Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2 to 3
#
interface 10GE1/0/1
port default vlan 2
#
interface 10GE1/0/2
port default vlan 3
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
5.16.2 Example for Assigning VLANs Based on MAC Addresses
Networking Requirements
On a company network, the network administrator adds users in a department to
the same VLAN. To improve information security, only users is this department are
allowed to access the intranet.
In Figure 5-23, User1, User2, and User3 connect to the key department
demanding high security. It is required that only the three users be allowed to
access the intranet through Switch.
To improve information security of the key department, you can configure MAC
address-based VLAN assignment and bind MAC addresses of User1, User2, and
User3 to a VLAN.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 347
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-23 Networking diagram for assigning VLANs based on MAC addresses
Enterprise
network
10GE1/0/1
Switch
10GE1/0/2 10GE1/0/3 10GE1/0/4
MAC:22-22-22 MAC:33-33-33 MAC:44-44-44
User1 User2 User3
VLAN 10
Configuration Roadmap
1. Create VLANs and determine which VLAN the users of employees belong to.
2. Add Ethernet interfaces to VLANs so that packets from the VLANs can pass
through the interfaces.
3. Associate MAC addresses of User1, User2, and User3 with the specified VLAN
so that the VLAN of the packet can be determined based on the source MAC
address.
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 10
[*Switch] commit
# Add interfaces to the VLANs. The configuration of 10GE1/0/3 and 10GE1/0/4 is
the same as that of 10GE1/0/2.
[~Switch] interface 10ge 1/0/1
[~Switch-10GE1/0/1] port link-type hybrid
[*Switch-10GE1/0/1] port hybrid tagged vlan 10
[*Switch-10GE1/0/1] quit
[*Switch] interface 10ge 1/0/2
[*Switch-10GE1/0/2] port link-type hybrid
[*Switch-10GE1/0/2] port hybrid untagged vlan 10
[*Switch-10GE1/0/2] quit
[*Switch] commit
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 348
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
# Associate MAC addresses of User1, User2, and User3 with VLAN 10.
[~Switch] vlan 10
[~Switch-vlan10] mac-vlan mac-address 22-22-22
[*Switch-vlan10] mac-vlan mac-address 33-33-33
[*Switch-vlan10] mac-vlan mac-address 44-44-44
[*Switch-vlan10] quit
[*Switch] commit
# Enable MAC address-based VLAN assignment on 10GE1/0/2. The configuration
of 10GE1/0/3 and 10GE1/0/4 is the same as that of 10GE1/0/2.
[~Switch] interface 10ge 1/0/2
[~Switch-10GE1/0/2] mac-vlan enable
[*Switch-10GE1/0/2] quit
[*Switch] commit
Step 2 Verify the configuration.
User1, User2, and User3 can access the intranet, whereas other users cannot
access the intranet.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
vlan 10
mac-vlan mac-address 0022-0022-0022
mac-vlan mac-address 0033-0033-0033
mac-vlan mac-address 0044-0044-0044
#
interface 10GE1/0/1
port link-type hybrid
port hybrid tagged vlan 10
#
interface 10GE1/0/2
port link-type hybrid
port hybrid untagged vlan 10
mac-vlan enable
#
interface 10GE1/0/3
port link-type hybrid
port hybrid untagged vlan 10
mac-vlan enable
#
interface 10GE1/0/4
port link-type hybrid
port hybrid untagged vlan 10
mac-vlan enable
#
return
5.16.3 Example for Assigning VLANs Based on IP Subnets
Networking Requirements
A data center network has multiple services, including office services, production
services, and disaster recovery services. Each service uses a unique IP subnet. To
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 349
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
facilitate management, packets of the same service must be transmitted in the
same VLAN, and packets of different services be transmitted in different VLANs.
In Figure 5-24, the switch connects to the office server, production server, and
disaster recovery server on different network segments. Different services need to
be assigned to different VLANs and distributed to different remote networks.
NOTE
The CE6810LI does not support IP subnet-based VLAN assignment.
Figure 5-24 Networking diagram for assigning VLANs based on IP subnets
Production
Campus center Disaster
office recovery
network center
RouterB
RouterA 10GE1/0/3 RouterC
10GE1/0/2 10GE1/0/4
Switch
10GE1/0/5 10GE1/0/7
10GE1/0/6
Office service server Disaster service server
192.168.1.2 192.168.3.2
/24 /24
Production sErvice server
192.168.2.2
/24
Configuration Roadmap
1. Create VLANs and determine which VLAN each service belongs to.
2. Associate IP subnets with VLANs so that VLANs of packets can be determined
based on the source IP addresses or specified network segments.
3. Add interfaces to VLANs so that packets of the IP subnet-based VLANs can
pass through the interfaces.
4. Enable IP subnet-based VLAN assignment.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 350
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Procedure
Step 1 Create VLANs.
# Create VLAN 100, VLAN 200, and VLAN 300 on the Switch.
<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 100 200 300
[*Switch] commit
Step 2 Configure interfaces.
# Set the link type of 10GE1/0/5, 10GE1/0/6, and 10GE1/0/7 to hybrid and add it
to VLAN 100, VLAN 200, and VLAN 300 respectively in untagged mode. And
enable IP subnet-based VLAN assignment on 10GE1/0/5, 10GE1/0/6, and
10GE1/0/7.
[~Switch] interface 10ge 1/0/5
[~Switch-10GE1/0/5] port link-type hybrid
[*Switch-10GE1/0/5] port hybrid untagged vlan 100
[*Switch-10GE1/0/5] ip-subnet-vlan enable
[*Switch-10GE1/0/5] quit
[*Switch] interface 10ge 1/0/6
[*Switch-10GE1/0/6] port link-type hybrid
[*Switch-10GE1/0/6] port hybrid untagged vlan 200
[*Switch-10GE1/0/6] ip-subnet-vlan enable
[*Switch-10GE1/0/6] quit
[*Switch] interface 10ge 1/0/7
[*Switch-10GE1/0/7] port link-type hybrid
[*Switch-10GE1/0/7] port hybrid untagged vlan 300
[*Switch-10GE1/0/7] ip-subnet-vlan enable
[*Switch-10GE1/0/7] quit
[*Switch] commit
# Add 10GE1/0/2 of the Switch to VLAN 100.
[~Switch] interface 10ge 1/0/2
[~Switch-10GE1/0/2] port link-type trunk
[*Switch-10GE1/0/2] port trunk allow-pass vlan 100
[*Switch-10GE1/0/2] quit
[*Switch] commit
# Add 10GE1/0/3 of the Switch to VLAN 200.
[~Switch] interface 10ge 1/0/3
[~Switch-10GE1/0/3] port link-type trunk
[*Switch-10GE1/0/3] port trunk allow-pass vlan 200
[*Switch-10GE1/0/3] quit
[*Switch] commit
# Add 10GE1/0/4 of the Switch to VLAN 300.
[~Switch] interface 10ge 1/0/4
[~Switch-10GE1/0/4] port link-type trunk
[*Switch-10GE1/0/4] port trunk allow-pass vlan 300
[*Switch-10GE1/0/4] quit
[*Switch] commit
Step 3 Configure IP subnet-based VLAN assignment.
# Associate IP subnet 192.168.1.2/24 with VLAN 100.
[~Switch] vlan 100
[~Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24
[*Switch-vlan100] quit
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 351
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
# Associate IP subnet 192.168.2.2/24 with VLAN 200.
[*Switch] vlan 200
[*Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24
[*Switch-vlan200] quit
# Associate IP subnet 192.168.3.2/24 with VLAN 300.
[*Switch] vlan 300
[*Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24
[*Switch-vlan300] quit
[*Switch] commit
Step 4 Verify the configuration.
Run the display ip-subnet-vlan vlan all command on the Switch. The following
information is displayed:
[~Switch] display ip-subnet-vlan vlan all
IP-subnet-VLAN count: 3 total count: 3
----------------------------------------------------------------
VLAN Index IpAddress SubnetMask Priority
----------------------------------------------------------------
100 1 192.168.1.2 255.255.255.0 0
200 1 192.168.2.2 255.255.255.0 0
300 1 192.168.3.2 255.255.255.0 0
----------------------------------------------------------------
The product service, office service, and disaster recovery service can only be
transmitted in the production center, campus office network, and disaster recovery
data center respectively.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 100 200 300
#
vlan 100
ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0
#
vlan 200
ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0
#
vlan 300
ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 100
device transceiver 10GBASE-COPPER
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 200
device transceiver 10GBASE-COPPER
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 300
device transceiver 10GBASE-COPPER
#
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 352
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
interface 10GE1/0/5
port link-type hybrid
port hybrid untagged vlan 100
ip-subnet-vlan enable
device transceiver 10GBASE-COPPER
#
interface 10GE1/0/6
port link-type hybrid
port hybrid untagged vlan 200
ip-subnet-vlan enable
device transceiver 10GBASE-COPPER
#
interface 10GE1/0/7
port link-type hybrid
port hybrid untagged vlan 300
ip-subnet-vlan enable
device transceiver 10GBASE-COPPER
#
return
5.16.4 Example for Implementing Inter-VLAN Communication
Using VLANIF Interfaces
Networking Requirements
Users in a company use different services and locate at different network
segments. Users who use the same service belong to different VLANs and they
want to communicate with each other.
In Figure 5-25, User 1 and User 2 use the same service and need to communicate,
but belong to different VLANs and are located on different network segments.
Figure 5-25 Networking diagram for implementing inter-VLAN communication
using VLANIF interfaces
Switch
10GE1/0/1 10GE1/0/2
VLANIF10 VLANIF20
10.10.10.2/24 10.10.20.2/24
VLAN 10 VLAN 20
User1 User2
10.10.10.3/24 10.10.20.3/24
Configuration Roadmap
1. Create VLANs on the switches for different users.
2. Add interfaces to VLANs so that packets of the VLANs can pass through the
interfaces.
3. Create VLANIF interfaces and configure IP addresses for the VLANIF interfaces
to implement Layer 3 communication.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 353
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
NOTE
To implement communication between VLANs, hosts in each VLAN must use the IP address
of the corresponding VLANIF interface as the gateway address.
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 10 20
[*Switch] commit
# Add interfaces to VLANs.
[~Switch] interface 10ge 1/0/1
[~Switch-10GE1/0/1] port default vlan 10
[*Switch-10GE1/0/1] quit
[*Switch] interface 10ge 1/0/2
[*Switch-10GE1/0/2] port default vlan 20
[*Switch-10GE1/0/2] quit
[*Switch] commit
# Assign IP addresses to the VLANIF interfaces.
[~Switch] interface vlanif 10
[*Switch-Vlanif10] ip address 10.10.10.2 24
[*Switch-Vlanif10] quit
[*Switch] interface vlanif 20
[*Switch-Vlanif20] ip address 10.10.20.2 24
[*Switch-Vlanif20] quit
[*Switch] commit
Step 2 Verify the configuration.
Configure the IP address 10.10.10.3/24 on user 1's host, configure the VLANIF 10
interface IP address 10.10.10.2/24 as the gateway address.
Configure the IP address 10.10.20.3/24 on user 1's host, configure the VLANIF 10
interface IP address 10.10.20.2/24 as the gateway address.
After the preceding configurations are complete, User 1 in VLAN 10 and User 2 in
VLAN 20 can communicate.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
ip address 10.10.20.2 255.255.255.0
#
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 354
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
interface 10GE1/0/1
port default vlan 10
#
interface 10GE1/0/2
port default vlan 20
#
return
5.16.5 Example for Configuring VLAN Aggregation
Networking Requirements
A company has many departments that reside on the same network segment. For
security purposes, the company adds different departments to different VLANs.
Users in different departments need to communicate with each other.
In Figure 5-26, VLAN 2 and VLAN 3 are assigned to different departments,
SwitchA is the access device, and SwitchB is the gateway. Users in VLAN 2 and
VLAN 3 need to communicate with each other.
Figure 5-26 Networking of VLAN aggregation
Internet
Router
10GE1/0/1 VLAN 10
SwitchB Super-VLAN 4
VLANIF 4:10.1.1.1/24
10GE1/0/5
10GE1/0/5
SwitchA
10GE1/0/1 10GE1/0/3
10GE1/0/2 10GE1/0/4
VLAN2 VLAN3
VLAN 2 VLAN 3
Configuration Roadmap
You can configure VLAN aggregation on SwitchB and add VLANs of different
departments to the super-VLAN so that users in different departments can access
the Internet using the super-VLAN. Proxy ARP can be configured in the super-
VLAN so that users in different departments can communicate with each other.
The configuration roadmap is as follows:
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 355
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
1. Configure VLANs and interfaces on SwitchA and SwitchB, add users of
different departments to different VLANs, and configure interfaces on SwitchA
and SwitchB to transparently transmit packets from VLANs.
2. Configure a super-VLAN, a VLANIF interface, and a static route on SwitchB to
provide Internet access for hosts.
3. Configure proxy ARP in the super-VLAN on SwitchB so that users in different
departments can communicate at Layer 3.
Procedure
Step 1 Configure VLANs and interfaces on SwitchA and SwitchB, add users of different
departments to different VLANs, and configure an interface to transparently
transmit packets to SwitchB.
1. Configure SwitchA.
# Configure 10GE1/0/1 as an access interface. The configurations of
10GE1/0/2 to 10GE1/0/4 are similar to the configuration of 10GE1/0/1, and
are not mentioned here.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type access
[*SwitchA-10GE1/0/1] quit
[*SwitchA] commit
# Create VLAN 2 and VLAN 3, add 10GE1/0/1 and 10GE1/0/2 to VLAN 2, and
add 10GE1/0/3 and 10GE1/0/4 to VLAN 3.
[~SwitchA] vlan batch 2 3
[*SwitchA] vlan 2
[*SwitchA-vlan2] port 10ge 1/0/1 1/0/2
[*SwitchA-vlan2] quit
[*SwitchA] vlan 3
[*SwitchA-vlan3] port 10ge 1/0/3 1/0/4
[*SwitchA-vlan3] quit
[*SwitchA] commit
# Configure the interface of SwitchA connected to SwitchB to transparently
transmit packets from VLAN 2 and VLAN 3 to SwitchB.
[~SwitchA] interface 10ge 1/0/5
[~SwitchA-10GE1/0/5] port link-type trunk
[*SwitchA-10GE1/0/5] port trunk allow-pass vlan 2 3
[*SwitchA-10GE1/0/5] quit
[*SwitchA] commit
2. Configure SwitchB.
# Create VLAN 2, VLAN 3, VLAN 4, and VLAN 10, and configure the interface
of SwitchB connected to SwitchA to transparently transmit packets from VLAN
2 and VLAN 3 to SwitchB.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] vlan batch 2 3 4 10
[*SwitchB] interface 10ge 1/0/5
[*SwitchB-10GE1/0/5] port link-type trunk
[*SwitchB-10GE1/0/5] port trunk allow-pass vlan 2 3
[*SwitchB-10GE1/0/5] quit
[*SwitchB] commit
Step 2 Configure a super-VLAN and a VLANIF interface corresponding to the super-VLAN.
# Configure super-VLAN 4 on SwitchB and add VLAN 2 and VLAN 3 to super-VLAN
4 as sub-VLANs.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 356
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
[~SwitchB] vlan 4
[~SwitchB-vlan4] aggregate-vlan
[*SwitchB-vlan4] access-vlan 2 to 3
[*SwitchB-vlan4] quit
[*SwitchB] commit
# Create and configure VLANIF 4 so that users in different departments can access
the Internet using super-VLAN 4.
[~SwitchB] interface vlanif 4
[*SwitchB-Vlanif4] ip address 10.1.1.1 24
[*SwitchB-Vlanif4] quit
[*SwitchB] commit
Step 3 Configure a static route.
# Configure the uplink interface 10GE1/0/1 on SwitchB to transparently transmit
packets from the VLAN to which SwitchB and the router belong.
[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] port link-type trunk
[*SwitchB-10GE1/0/1] port trunk allow-pass vlan 10
[*SwitchB-10GE1/0/1] quit
[*SwitchB] commit
# Create and configure VLANIF 10 and specify its IP address of VLANIF 10 as the
IP address for connecting SwitchB and the router.
[~SwitchB] interface vlanif 10
[*SwitchB-Vlanif10] ip address 10.10.1.1 24
[*SwitchB-Vlanif10] quit
[*SwitchB] commit
# On SwitchB, configure a static route to the router so that users can access the
Internet.
[~SwitchB] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[*SwitchB] commit
NOTE
Configure the router interface connected to SwitchB and assign to it the IP address of
10.10.1.2. For details, see the router configuration manual.
Step 4 Assign IP addresses to servers.
Configure an IP address for each server. Ensure that the servers reside on the same
network segment as VLAN 4.
After the preceding steps are complete, servers in each department can access the
Internet. However, servers in VLAN 2 and VLAN 3 cannot ping each other. Proxy
ARP needs to be configured on SwitchB.
Step 5 Configure proxy ARP.
# Configure proxy ARP in super-VLAN 4 on SwitchB so that users in different
departments can communicate at Layer 3.
[~SwitchB] interface vlanif 4
[~SwitchB-Vlanif4] arp proxy inter-vlan enable
[*SwitchB-Vlanif4] quit
[*SwitchB] commit
Step 6 Verify the configuration.
After the configuration is complete, users in VLAN 2 and VLAN 3 can ping each
other and access the Internet.
----End
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 357
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface 10GE1/0/1
port default vlan 2
#
interface 10GE1/0/2
port default vlan 2
#
interface 10GE1/0/3
port default vlan 3
#
interface 10GE1/0/4
port default vlan 3
#
interface 10GE1/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 4 10
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.1 255.255.255.0
arp proxy inter-vlan enable
#
interface Vlanif10
ip address 10.10.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
#
return
5.16.6 Example for Configuring the MUX VLAN on the Access
Layer Device
Networking Requirements
In Figure 5-27, office service servers ServerB, ServerC, ServerD, and ServerE are
deployed on a data center network. All servers can connect to the campus office
network. The data center administrator requires that ServerB should communicate
with ServerC and ServerD should be isolated from ServerE.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 358
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
To solve the problem, deploy the MUX VLAN on the switch connected to servers,
and connect the principal port to the office network, separate port to servers that
do not need to communicate, and group port to servers that need to
communicate. This saves VLAN IDs on the network and facilitates network
management.
NOTE
CE5880EI and CE6880EI do not support this configuration.
Figure 5-27 MUX VLAN configuration
Campus
office
network
VLAN2
10GE1/0/1 (Principal VLAN)
Switch
10GE1/0/2 10GE1/0/5
10GE1/0/3 10GE1/0/4
UserB UserC UserD UserE
VLAN3(Group VLAN) VLAN4(Separate VLAN)
Configuration Roadmap
1. Configure the principal VLAN.
2. Configure the group VLAN.
3. Configure the separate VLAN.
4. Add interfaces to the VLANs and enable the MUX VLAN function.
Procedure
Step 1 Configure a MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 2 3 4
[*Switch] commit
# Configure the Group VLAN and Separate VLAN in the MUX VLAN.
[~Switch] vlan 2
[~Switch-vlan2] mux-vlan
[*Switch-vlan2] subordinate group 3
[*Switch-vlan2] subordinate separate 4
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 359
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
[*Switch-vlan2] quit
[*Switch] commit
# Add interfaces to the VLANs and enable the MUX VLAN function on the
interfaces.
[~Switch] interface 10ge 1/0/1
[~Switch-10GE1/0/1] port default vlan 2
[*Switch-10GE1/0/1] port mux-vlan enable vlan 2
[*Switch-10GE1/0/1] quit
[*Switch] interface 10ge 1/0/2
[*Switch-10GE1/0/2] port default vlan 3
[*Switch-10GE1/0/2] port mux-vlan enable vlan 3
[*Switch-10GE1/0/2] quit
[*Switch] interface 10ge 1/0/3
[*Switch-10GE1/0/3] port default vlan 3
[*Switch-10GE1/0/3] port mux-vlan enable vlan 3
[*Switch-10GE1/0/3] quit
[*Switch] interface 10ge 1/0/4
[*Switch-10GE1/0/4] port default vlan 4
[*Switch-10GE1/0/4] port mux-vlan enable vlan 4
[*Switch-10GE1/0/4] quit
[*Switch] interface 10ge 1/0/5
[*Switch-10GE1/0/5] port default vlan 4
[*Switch-10GE1/0/5] port mux-vlan enable vlan 4
[*Switch-10GE1/0/5] quit
[*Switch] commit
Step 2 Verify the configuration.
● Server B, Server C, Server D, and Server E can access external networks.
● Server B and Server C can ping each other.
● Server D and Server E cannot ping each other.
● Server B and Server C cannot ping Server D or host E. Server D and Server E
cannot ping Server B or Server C.
----End
Configuration File
Configuration file of the Switch
#
sysname Switch
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface 10GE1/0/1
port default vlan 2
port mux-vlan enable vlan 2
#
interface 10GE1/0/2
port default vlan 3
port mux-vlan enable vlan 3
#
interface 10GE1/0/3
port default vlan 3
port mux-vlan enable vlan 3
#
interface 10GE1/0/4
port default vlan 4
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 360
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
port mux-vlan enable vlan 4
#
interface 10GE1/0/5
port default vlan 4
port mux-vlan enable vlan 4
#
return
5.16.7 Example for Configuring the MUX VLAN on the
Aggregation Device
Networking Requirements
Figure 5-28 shows a data center network where office servers ServerA, ServerB,
ServerC, and ServerD are deployed. All servers can connect to the campus office
network. The data center administrator requires that ServerA should communicate
with ServerB and ServerC should be isolated from ServerD.
In Figure 5-28, Switch1 is located at the aggregation layer, the gateway is
connected to downstream terminals, and Switch2 and Switch3 are access devices.
You can configure MUX VLAN on Switch1 to Switch3. MUX VLAN meets enterprise
requirements, saves VLAN IDs, and facilitates network maintenance.
NOTE
CE5880EI and CE6880EI switches do not support the MUX VLAN function. CE6810LI
switches do not support VLANIF interfaces corresponding to the principal VLAN and sub-
VLAN. They are not applicable to the preceding scenario.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 361
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-28 Networking of MUX VLAN
Campus
office
network
Gateway VLANIF2
10GE1/0/1 IP:10.10.10.1/24
10GE1/0/1
VLAN2
Switch1 (Principal VLAN)
10
2 GE
1 /0/ 1/0
1 0 GE /3
1 /0/ 1 10
GE
GE 1/0
10 /1
Switch2 Switch3
10GE1/0/2 10GE1/0/3 10GE1/0/2 10GE1/0/3
ServerA ServerB ServerC ServerD
VLAN3(Group VLAN) VLAN4(Separate VLAN)
Configuration Roadmap
1. Create VLAN 2 to VLAN 4 on Switch1 to Switch3, configure VLAN 2 as the
principal VLAN, VLAN 3 as the subordinate group VLAN, and VLAN 4 as the
subordinate separate VLAN.
2. Connect the gateway to Switch1 through 10GE1/0/1, create VLANIF 2 on the
gateway, configure the IP address 10.10.10.1/24 as the gateway address of
downstream servers.
3. Configure 10GE1/0/1 on Switch2 and Switch3 to allow packets from VLAN 2
to VLAN 4, enable MUX VLAN on the downlink interface, and add the
downlink interface to the VLAN that servers belong to.
Procedure
Step 1 Configure MUX VLAN.
# Create VLAN 2 to VLAN 4 on Switch1, Switch2, and Switch3, and configure
VLAN 2 as the principal VLAN, VLAN 3 as the subordinate group VLAN, and VLAN
4 as the subordinate separate VLAN. Switch1 is used as an example. The
configurations of Switch2 and Switch3 are the same as that of Switch1.
<HUAWEI> system-view
[~HUAWEI] sysname Switch1
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 362
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
[*HUAWEI] commit
[~Switch1] vlan batch 2 3 4
[*Switch1] vlan 2
[*Switch1-vlan2] mux-vlan
[*Switch1-vlan2] subordinate group 3
[*Switch1-vlan2] subordinate separate 4
[*Switch1-vlan2] quit
[*Switch1] commit
# Add 10GE1/0/1 on Switch1 to VLAN 2 and enable MUX VLAN on it, and
configure 10GE1/0/2 and 10GE1/0/3 to allow packets from VLAN 2 to VLAN 4.
[~Switch1] interface 10ge 1/0/1
[~Switch1-10GE1/0/1] port link-type trunk
[*Switch1-10GE1/0/1] port trunk allow-pass vlan 2
[*Switch1-10GE1/0/1] port mux-vlan enable vlan 2
[*Switch1-10GE1/0/1] quit
[*Switch1] interface 10ge 1/0/2
[*Switch1-10GE1/0/2] port link-type trunk
[*Switch1-10GE1/0/2] port trunk allow-pass vlan 2 to 4
[*Switch1-10GE1/0/2] quit
[*Switch1] interface 10ge 1/0/3
[*Switch1-10GE1/0/3] port link-type trunk
[*Switch1-10GE1/0/3] port trunk allow-pass vlan 2 to 4
[*Switch1-10GE1/0/3] quit
[*Switch1] commit
Step 2 Create VLANIF 2 on 10GE1/0/1 connecting the gateway to Switch1, and configure
the IP address 10.10.10.1/24 as the gateway address of downstream servers.
<HUAWEI> system-view
[~HUAWEI] sysname Gateway
[*HUAWEI] commit
[~Gateway] vlan batch 2
[*Gateway] interface 10ge 1/0/1
[*Gateway-10GE1/0/1] port link-type trunk
[*Gateway-10GE1/0/1] port trunk allow-pass vlan 2
[*Gateway-10GE1/0/1] quit
[*Gateway] interface vlanif 2
[*Gateway-Vlanif2] ip address 10.10.10.1 24
[*Gateway-Vlanif2] quit
[*Gateway] commit
NOTE
If the MUX VLAN contains multiple group VLANs and devices in group VLANs need to
communicate, run the arp proxy intra-vlan enable command on the VLANIF interface of
the gateway to configure intra-VLAN proxy ARP.
Step 3 Configure 10GE1/0/1 on Switch2 and Switch3 to allow packets from VLAN 2 to
VLAN 4, enable MUX VLAN on 10GE1/0/2 and 10GE1/0/3, and add the downlink
interfaces to the VLAN that servers belong to. Switch2 is used as an example. The
configuration of Switch3 is the same as that of Switch2.
# Configure 10GE1/0/1 as a trunk interface and configure it to allow packets from
VLAN 2 to VLAN 4.
[~Switch2] interface 10ge 1/0/1
[~Switch2-10GE1/0/1] port link-type trunk
[*Switch2-10GE1/0/1] port trunk allow-pass vlan 2 to 4
[*Switch2-10GE1/0/1] quit
[*Switch2] commit
# Enable MUX VLAN on 10GE1/0/2 and 10GE1/0/3, and add them to the VLAN to
which servers belong.
[~Switch2] interface 10ge 1/0/2
[~Switch2-10GE1/0/2] port default vlan 3
[*Switch2-10GE1/0/2] port mux-vlan enable vlan 3
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 363
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
[*Switch2-10GE1/0/2] quit
[*Switch2] commit
[~Switch2] interface 10ge 1/0/3
[~Switch2-10GE1/0/3] port default vlan 3
[*Switch2-10GE1/0/3] port mux-vlan enable vlan 3
[*Switch2-10GE1/0/3] quit
[*Switch2] commit
Step 4 Configure IP addresses for servers.
Configure an IP address for each server to ensure that the IP addresses of servers
are on the same network segment as the gateway address.
Step 5 Verify the configuration.
After the configuration is complete, each server can access the Internet, SwitchA
and SwitchB can ping each other, SwitchC and SwitchD cannot ping each other,
and SwitchA and SwitchB cannot ping SwitchC or SwitchD.
----End
Configuration Files
● Gateway configuration file
#
sysname Gateway
#
vlan batch 2
#
interface Vlanif2
ip address 10.10.10.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
return
● Switch1 configuration file
#
sysname Switch1
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 2
port mux-vlan enable vlan 2
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
return
● Switch2 configuration file
#
sysname Switch2
#
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 364
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
interface 10GE1/0/2
port default vlan 3
port mux-vlan enable vlan 3
#
interface 10GE1/0/3
port default vlan 3
port mux-vlan enable vlan 3
#
return
● Switch3 configuration file
#
sysname Switch3
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4
#
interface 10GE1/0/2
port default vlan 4
port mux-vlan enable vlan 4
#
interface 10GE1/0/3
port default vlan 4
port mux-vlan enable vlan 4
#
return
5.16.8 Example for Configuring Transparent Transmission of
Protocol Packets in a VLAN
Networking Requirements
In Figure 5-29, a data center network has office servers ServerA and ServerB.
ServerA and ServerB belong to VLAN 10 and obtain IP addresses through DHCP.
SwitchB is a Layer 2 switching device and has DHCP snooping enabled to defend
against DHCP-oriented attacks. In this case, protocol packets in all VLANs are sent
to the CPU for processing, and the CPU needs to forward the packets to other
devices. This affects the forwarding speed and efficiency of protocol packets. To
address this issue, enable transparent transmission of protocol packets in VLAN 10
on SwitchB. After protocol packets from VLAN 10 reach SwitchB, SwitchB directly
forwards the protocol packets without sending them to the CPU. This accelerates
forwarding of protocol packets.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 365
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Figure 5-29 Networking for configuring transparent transmission of protocol
packets in a VLAN
DHCP Server
Internet
10GE1/0/2
SwitchB
10GE1/0/1
10GE1/0/3
SwitchA
10GE1/0/1 10GE1/0/2
ServerA ServerB
VLAN10
Configuration Roadmap
1. Allocate the downlink interfaces of SwitchA connected to office servers to
VLAN 10.
2. Enable transparent transmission of protocol packets in a VLAN on SwitchB.
When protocol packets from a specified VLAN reach SwitchB, SwitchB directly
forwards the protocol packets without sending them to the CPU.
Procedure
Step 1 Add the downlink interfaces on SwitchA to VLAN 10 and configure the uplink
interfaces to allow VLAN 10.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] vlan 10
[*SwitchA-vlan10] quit
[*SwitchA] interface 10ge 1/0/1
[*SwitchA-10GE1/0/1] port default vlan 10
[*SwitchA-10GE1/0/1] quit
[*SwitchA] interface 10ge 1/0/2
[*SwitchA-10GE1/0/2] port default vlan 10
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 366
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
[*SwitchA-10GE1/0/2] quit
[*SwitchA] interface 10ge 1/0/3
[*SwitchA-10GE1/0/3] port link-type trunk
[*SwitchA-10GE1/0/3] port trunk allow-pass vlan 10
[*SwitchA-10GE1/0/3] quit
[*SwitchA] commit
Step 2 Enable transparent transmission of protocol packets in a VLAN on SwitchB.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] vlan 10
[*SwitchB-vlan10] quit
[*SwitchB] interface 10ge 1/0/1
[*SwitchB-10GE1/0/1] port link-type trunk
[*SwitchB-10GE1/0/1] port trunk allow-pass vlan 10
[*SwitchB-10GE1/0/1] quit
[*SwitchB] interface 10ge 1/0/2
[*SwitchB-10GE1/0/2] port link-type trunk
[*SwitchB-10GE1/0/2] port trunk allow-pass vlan 10
[*SwitchB-10GE1/0/2] quit
[*SwitchB] vlan 10
[*SwitchB-vlan10] protocol-transparent
[*SwitchB-vlan10] quit
[*SwitchB] commit
Step 3 Verify the configuration.
Run the display this command in the view of VLAN 10 on SwitchB. You can see
that transparent transmission of protocol packets is enabled in VLAN 10.
[~SwitchB] vlan 10
[~SwitchB-vlan10] display this
#
vlan 10
protocol-transparent
#
return
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface 10GE1/0/1
port default vlan 10
#
interface 10GE1/0/2
port default vlan 10
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 367
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
#
vlan 10
protocol-transparent
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return
5.17 Troubleshooting VLANs
5.17.1 User Terminals in the Same VLAN Cannot Ping Each
Other
Fault Description
User terminals in the same VLAN cannot ping each other.
Procedure
Step 1 Check whether the interfaces connected to the user terminals are in Up state.
Run the display interface interface-type interface-number command in any view
to check the status of the interfaces.
● If the interface is Down, rectify the interface fault.
● If the interface is Up, go to Step 2.
Step 2 Check whether the IP addresses of user terminals are in the same network
segment.
● If they are in different network segments, change the IP addresses of the user
terminals.
● If they are in the same network segment, go to Step 3
Step 3 Check whether the MAC address entries on the Switch are correct.
Run the display mac-address command on the Switch to check whether the MAC
addresses, interfaces, and VLANs in the learned MAC address entries are correct. If
the learned MAC address entries are incorrect, run the undo mac-address mac-
address vlan vlan-id command on the system view to delete the current entries so
that the Switch can learn MAC address entries again.
After the MAC address table is updated, check the MAC address entries again.
● If the MAC address entries are incorrect, go to Step 4.
● If the MAC address entries are correct, go to Step 5.
Step 4 Check whether the VLAN is properly configured.
● Check the VLAN configuration according to the following table.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 368
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Check Item Method
Whether the Run the display vlan vlan-id command in any view to
VLAN has been check whether the VLAN has been created. If not, run the
created vlan command in system view to create the VLAN.
Whether the Run the display vlan vlan-id command in any view to
interfaces are check whether the VLAN contains the interfaces. If not,
added to the add the interfaces to the VLAN.
VLAN NOTE
If the interfaces are located on different devices, add the
interfaces connecting the devices to the VLAN.
The default type of a Switch interface is Access. You can run the
port link-type command to change the interface type.
– Add an access interface to the VLAN using either of
the following methods:
1. Run the port default vlan command in the
interface view.
2. Run the port command in the VLAN view.
– Add a trunk interface to the VLAN.
Run the port trunk allow-pass vlan command in the
interface view.
– Add a hybrid interface to the VLAN using either of the
following methods:
1. Run the port hybrid tagged vlan command in the
interface view.
2. Run the port hybrid untagged vlan command in
the interface view.
Whether Check the connections between interfaces and user
connections terminals according to the network plan. If any user
between terminal is connected to an incorrect interface, connect it
interfaces and to the correct interface.
user terminals
are correct
After the preceding operations, if the MAC address entries are correct, go to
Step 5.
Step 5 Check whether Layer 2 port isolation is configured.
Run the interface interface-type interface-number command in the system view
to enter the interface view, and then run the display this command to check
whether Layer 2 port isolation is configured on the interface.
● If Layer 2 port isolation is not configured, go to Step 6.
● If Layer 2 port isolation is configured, run the undo port-isolate enable
command on the interface to disable port isolation. If the fault persists, go to
Step 6.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 369
CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 5 VLAN Configuration
Step 6 Check whether the correct static Address Resolution Protocol (ARP) entries are
configured on the user terminals. If the static ARP entries are incorrect, modify
them.
----End
5.17.2 A VLANIF Interface Goes Down
Fault Description
A VLANIF interface is in Down state.
Common Causes and Solutions
Table 5-11 lists the common causes and solutions.
Table 5-11 Common causes and solutions for the VLANIF interface going down
Common Cause Solution
No interface is added to the Add interfaces to the corresponding
corresponding VLAN. VLAN.
All interfaces added to the VLAN are Rectify the fault. A VLANIF interface is
physically Down. Up as long as an interface in the
corresponding VLAN is Up.
No IP address is assigned to the Run the ip address command in the
VLANIF interface. view of the VLANIF interface to assign
an IP address to the VLANIF interface.
The VLANIF interface is shut down. Run the undo shutdown (interface
view) command in the view of the
VLANIF interface to enable the VLANIF
interface.
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 370
You might also like
- 05.switching Basics - L2 Switching PrinciplesNo ratings yet05.switching Basics - L2 Switching Principles49 pages
- Cisco Nexus 5000 Series NX-OS Software Configuration Guide Chapter9No ratings yetCisco Nexus 5000 Series NX-OS Software Configuration Guide Chapter910 pages
- 05 VLAN Principles and Configuration - 1609743790342No ratings yet05 VLAN Principles and Configuration - 160974379034236 pages
- B Cisco n5k Layer2 Config GD Rel 502 N2 1 Chapter 0110No ratings yetB Cisco n5k Layer2 Config GD Rel 502 N2 1 Chapter 011010 pages
- CNE Tutorial 13 - VLAN and Subnetting UpdatedNo ratings yetCNE Tutorial 13 - VLAN and Subnetting Updated14 pages
- Exploring VLANs (Virtual Local Area Networks) !No ratings yetExploring VLANs (Virtual Local Area Networks) !10 pages
- Mastering VLANs Section 1 Introduction of ? ? 1739339522No ratings yetMastering VLANs Section 1 Introduction of ? ? 173933952211 pages
- HCNP - Carrier IP Online Pre-Learning (H31-124-EnU) - EClassNo ratings yetHCNP - Carrier IP Online Pre-Learning (H31-124-EnU) - EClass25 pages
- B Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide 7x Chapter 0100No ratings yetB Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide 7x Chapter 010016 pages
- Vlan Introduction: Vlans Provide Segmentation Based On Broadcast DomainsNo ratings yetVlan Introduction: Vlans Provide Segmentation Based On Broadcast Domains35 pages
- Information About Access and Trunk InterfacesNo ratings yetInformation About Access and Trunk Interfaces8 pages
- Week 3 - Lab Instructions - VLAN ConfigurationNo ratings yetWeek 3 - Lab Instructions - VLAN Configuration11 pages
- Planning and Implementing Vlans With Hp-Ux: HP Part Number: 5992-0538 Published: March 2007No ratings yetPlanning and Implementing Vlans With Hp-Ux: HP Part Number: 5992-0538 Published: March 200718 pages
- Layer 2 Engineering - Vlans: Campus Network Design & Operations WorkshopNo ratings yetLayer 2 Engineering - Vlans: Campus Network Design & Operations Workshop20 pages
- Lecture 05: Virtual Local Area Networks (Vlans) : TN 323: Lan SwitchingNo ratings yetLecture 05: Virtual Local Area Networks (Vlans) : TN 323: Lan Switching33 pages
- Routing Between Vlans Overview: What Is A Vlan?No ratings yetRouting Between Vlans Overview: What Is A Vlan?11 pages
- Week 9 Global Population and Mobility Global CityNo ratings yetWeek 9 Global Population and Mobility Global City43 pages
- Basic of Patent Law in Bangladesh: Assignment On100% (1)Basic of Patent Law in Bangladesh: Assignment On10 pages
- Community Forestry in The Philippines: Paradoxes and Perspectives in Development Practice Juan M. Pulhin, PH.DNo ratings yetCommunity Forestry in The Philippines: Paradoxes and Perspectives in Development Practice Juan M. Pulhin, PH.D28 pages
- 2018 01 22 GAR Guide To Damages in International Arbitration Strategic Issues in Employing Deploying ExpertsNo ratings yet2018 01 22 GAR Guide To Damages in International Arbitration Strategic Issues in Employing Deploying Experts31 pages
- A Social Anthropology of Ghosts in Twenty-First-Century AmericaNo ratings yetA Social Anthropology of Ghosts in Twenty-First-Century America26 pages
- Office of The Secretary: Department Order ) Subject: 62 Upgrading of Rank of Accredited Project Engineers and InspectorsNo ratings yetOffice of The Secretary: Department Order ) Subject: 62 Upgrading of Rank of Accredited Project Engineers and Inspectors2 pages
- Issues and Challenges in Emerging LiteratureNo ratings yetIssues and Challenges in Emerging Literature3 pages
- Is It Normal To Have A Crush On A Furry - Google SearchNo ratings yetIs It Normal To Have A Crush On A Furry - Google Search1 page
- Name: Orange Book Vocabulary - Week Four 1. 2.No ratings yetName: Orange Book Vocabulary - Week Four 1. 2.2 pages
- Study Guide Designing Cisco Data Centre Infrastructure (300-610) ExamFrom EverandStudy Guide Designing Cisco Data Centre Infrastructure (300-610) ExamNo ratings yet
- VLAN Configuration and Implementation Techniques: Definitive Reference for Developers and EngineersFrom EverandVLAN Configuration and Implementation Techniques: Definitive Reference for Developers and EngineersNo ratings yet
- VXLAN Network Virtualization Guide: Definitive Reference for Developers and EngineersFrom EverandVXLAN Network Virtualization Guide: Definitive Reference for Developers and EngineersNo ratings yet
- WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksFrom EverandWAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksNo ratings yet
