S1720, S2700, S5700, and S6720 Series Ethernet

Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6 VLAN Aggregation Configuration

About This Chapter

This chapter describes how to configure VLAN aggregation. VLAN aggregation

allows for communication between hosts on the same network segment that are
in different VLANs. A network can conserve IP addresses with VLAN aggregation
technology.

6.1 Overview of VLAN Aggregation

6.2 Understanding VLAN Aggregation
6.3 Application Scenarios for VLAN Aggregation
6.4 Licensing Requirements and Limitations for VLAN Aggregation
6.5 Default Settings for VLAN Aggregation
6.6 Configuring VLAN Aggregation

6.7 Example for Configuring VLAN Aggregation

6.8 FAQ About VLAN Aggregation

6.1 Overview of VLAN Aggregation

Definition
VLAN aggregation, also called super-VLAN, partitions a broadcast domain into
multiple VLANs (sub-VLANs) on a physical network and aggregates the sub-
VLANs into a single logical VLAN (super-VLAN). The sub-VLANs use the same IP
subnet and default gateway address, so the number of IP addresses used is
reduced.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 291

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Purpose
VLAN technology is commonly used on packet switching networks because it can
flexibly control broadcast domains and is easy to deploy. Usually, a Layer 3 switch
uses a Layer 3 logical interface in each VLAN to allow hosts in different broadcast
domains to communicate. This wastes IP addresses. On a subnet corresponding to
a VLAN, the subnet ID, directed broadcast address, and subnet default gateway
address all cannot be used as IP addresses of hosts in the VLAN. In addition, IP
addresses available in a subnet may exceed the number of hosts. These excess IP
addresses cannot be used by other VLANs.

In Figure 6-1, VLAN 2 requires 10 host addresses. The subnet 10.1.1.0/28 with a
28-bit mask is assigned to VLAN 2, where 10.1.1.0 is the subnet ID, 10.1.1.15 is the
directed broadcast address, and 10.1.1.1 is the default gateway address. Hosts
cannot use these three addresses, but the other 13 addresses ranging from
10.1.1.2 to 10.1.1.14 are available to them.

At least three IP addresses are wasted for VLAN 2, and at least nine IP addresses
are wasted for three VLANs. Although VLAN 2 requires only 10 IP addresses, the
remaining 3 IP addresses cannot be used by other VLANs and are wasted. If more
VLANs are added, the problem is exacerbated.

Figure 6-1 Networking of a common VLAN

L3 Switch
VLANIF 2:10.1.1.1 VLANIF 4:10.1.1.25

VLANIF 3:10.1.1.17

L2 Switch L2 Switch L2 Switch

VLAN 2 VLAN 3 VLAN 4

10.1.1.0/28 10.1.1.16/29 10.1.1.24/30

VLAN aggregation is used to solve the preceding problem. VLAN aggregation

maps each sub-VLAN to a broadcast domain, associates a super-VLAN with
multiple sub-VLANs, and then assigns just one IP subnet to the super-VLAN. This
ensures that all sub-VLANs use the IP address of the associated super-VLAN as the
gateway IP address to implement Layer 3 connectivity.

Sub-VLANs share one gateway address to reduce the number of subnet IDs,
subnet default gateway addresses, and directed broadcast IP addresses used is
reduced. The switch assigns IP addresses to hosts in sub-VLANs according to the
number of hosts. This ensures that each sub-VLAN acts as an independent
broadcast domain, conserves IP addresses, and implements flexible addressing.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 292

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6.2 Understanding VLAN Aggregation

VLAN aggregation defines the super-VLAN and sub-VLAN. A sub-VLAN is an
independent broadcast domain that contains only physical interfaces. A super-
VLAN contains no physical interface and is used for creating a Layer 3 VLANIF
interface. By mapping a super-VLAN to sub-VLANs, VLAN aggregation associates
the Layer 3 VLANIF interface with physical interfaces so that all sub-VLANs share
one gateway to communicate with an external network. In addition, proxy ARP
can be used to implement Layer 3 connectivity between sub-VLANs.

Implementation
VLAN aggregation defines the super-VLAN and sub-VLAN. A sub-VLAN is an
independent broadcast domain that contains only physical interfaces. A super-
VLAN contains no physical interface and is used for creating a Layer 3 VLANIF
interface. By mapping a super-VLAN to sub-VLANs, VLAN aggregation associates
the Layer 3 VLANIF interface with physical interfaces so that all sub-VLANs share
one gateway to communicate with an external network. In addition, proxy ARP
can be used to implement Layer 3 connectivity between sub-VLANs. The super-
VLAN and sub-VLAN are different from common VLANs that contain a Layer 3
logical interface and multiple physical interfaces.
● Sub-VLAN: contains only physical interfaces, and is used to isolate broadcast
domains. A sub-VLAN cannot be used to create a Layer 3 VLANIF interface.
Hosts in each sub-VLAN use the VLANIF interface of the associated super-
VLAN to communicate with external devices over Layer 3.
● Super-VLAN: is only used for creating a Layer 3 VLANIF interface and contains
no physical interfaces. Its IP address is used as the subnet gateway. A VLANIF
interface in a super-VLAN is Up as long as a physical interface in any
associated sub-VLAN is Up. This is unlike a VLANIF interface, which is Up as
long as a physical interface is Up.
A super-VLAN can contain one or more sub-VLANs. A sub-VLAN does not occupy
an independent subnet. In a super-VLAN, the IP address of a host is the same
subnet segment as the super-VLAN regardless of which sub-VLAN belongs to.
Therefore, sub-VLANs share the same gateway.
Sub-VLANs share one gateway address to reduce the number of subnet IDs,
subnet default gateway addresses, and directed broadcast IP addresses used. This
allows different broadcast domains to use the same subnet address, allows for
flexible addressing, and conserves IP addresses.
6.1 Overview of VLAN Aggregation shows an example network topology. VLAN
10 is configured as the super-VLAN and assigned the subnet address 10.1.1.0/24.
VLAN 2, VLAN 3, and VLAN 4 are configured as sub-VLANs of super-VLAN 10.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 293

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-2 Networking of VLAN aggregation

L3 Switch
Super-VLAN10
VLANIF10：10.1.1.1/24

L2 Switch L2 Switch L2 Switch

Sub-VLAN 2 Sub-VLAN 3 Sub-VLAN 4

10.1.1.2-10.1.1.11 10.1.1.12-10.1.1.16 10.1.1.17
Gateway: Gateway: Gateway:
10.1.1.1/24 10.1.1.1/24 10.1.1.1/24

Sub-VLAN 2, sub-VLAN 3, and sub-VLAN 4 share a subnet (10.1.1.1/24). The

subnet ID (10.1.1.0), default gateway address (10.1.1.1), and directed broadcast
address of the subnet (10.1.1.255) cannot be used as host IP addresses. VLAN
aggregation allows the switch to assign IP addresses to hosts in sub-VLANs
according to the actual number of hosts. For example, when sub-VLAN 2 requires
10 addresses, 10.1.1.2-10.1.1.11 are assigned to sub-VLAN 2.

Communication Between Sub-VLANs

VLAN aggregation allows different sub-VLANs to use IP addresses on the same
network segment, but cannot implement Layer 3 forwarding between sub-VLANs.
In a super-VLAN, hosts in all sub-VLANs use IP addresses on the same network
segment and share a gateway address. However, hosts in different sub-VLANs can
use only Layer 2 forwarding and cannot communicate with each other over Layer
3.
To address this issue, configure proxy ARP.

NOTE

For details about proxy ARP, see Proxy ARP in "ARP Configuration" in the S1720, S2700,
S5700, and S6720 V200R011C10 Configuration Guide - IP Services.

Figure 6-2 shows an example of using proxy ARP to implement Layer 3

communication between sub-VLANs. To allow Host_1 in sub-VLAN 2 to
communicate with Host_2 in sub-VLAN 3, enable proxy ARP on the VLANIF
interface of super-VLAN 10.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 294

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-3 Using proxy ARP to implement Layer 3 communication between sub-
VLANs
Super-VLAN10
L3 Switch VLANIF10：10.1.1.1/24
Proxy ARP

L2 Switch L2 Switch L2 Switch

Host_1 Host_2 Host_3

Sub-VLAN2 Sub-VLAN3 Sub-VLAN4
10.1.1.2/24 10.1.1.12/24 10.1.1.17/24

Host_1 in sub-VLAN 2 communicates with Host_2 in sub-VLAN 3 as follows

(assume that the ARP table of Host_1 in sub-VLAN 2 has no entry for Host_2 in
sub-VLAN 3):
1. Host_1 compares the IP address of Host_2 in sub-VLAN 3 with its IP address,
and finds that both IP addresses are on the same network segment
10.1.1.0/24. However, the ARP table of Host_1 has no entry for Host_2 in sub-
VLAN 3.
2. Host_1 broadcasts an ARP Request packet with the destination IP address of
10.1.1.12 to request the MAC address of Host_2.
3. The Layer 3 switch (gateway) is enabled with proxy ARP between sub-VLANs.
After receiving the ARP Request packet from Host_1 in sub-VLAN 2, the Layer
3 switch searches its routing table for the destination IP address in the ARP
Request packet. The Layer 3 switch finds a matched route in its routing table
where the next-hop address is the directly connected network segment
(10.1.1.0/24 of VLANIF 10). The Layer 3 switch then broadcasts an ARP
Request packet to all sub-VLANs in super-VLAN 10, requesting the MAC
address of Host_2.
4. After receiving the ARP Request packet, Host_2 sends an ARP Reply packet.
5. After receiving the ARP Reply packet, the Layer 3 switch encapsulates the ARP
Reply packet with its MAC address and sends it to Host_1.
6. Subsequent packets sent by Host_1 to Host_2 are first sent to the gateway.
The gateway then forwards the packets across Layer 3.
The packets sent by Host_2 to Host_1 in sub-VLAN 2are processed in the same
way as the packets sent by Host_1 to Host_2.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 295

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Layer 3 Communication Between Hosts in Sub-VLANs and on an External

Network
In Figure 6-4, user hosts and servers are on different network segments, sub-
VLANs 2 to 4 and VLAN 10 are configured on Switch_1, and VLAN 10 and VLAN
20 are configured on Switch_2.

Figure 6-4 Layer 3 communication between hosts in sub-VLANs and on an

external network
Switch_2 VLANIF20
10.1.2.1/24
VLANIF10
10.1.10.2/24 Server
10.1.2.2/24
VLANIF10
10.1.10.1/24
Super-VLAN4
Switch_1 VLANIF4
10.1.1.1/24

Host_1 Host_2
Sub-VLAN2 Sub-VLAN3
10.1.1.2/24 10.1.1.12/24

When Host_1 in sub-VLAN 2 wants to communicate with the server connected to

Switch_2, the packet forwarding process is as follows (assume that a route to
10.1.2.0/24 has been configured on Switch_1, a route to 10.1.1.0/24 has been
configured on Switch_2, and no Layer 3 forwarding entry exists on either switch):
1. Host_1 compares the server's IP address (10.1.2.2) with its network segment
10.1.1.0/24 and finds that they are on different network segments. Host_1
then sends an ARP Request packet to its gateway to request the gateway's
MAC address. The ARP Request packet carries an all-F destination MAC
address and destination IP address 10.1.1.1.
2. After receiving the ARP Request packet, Switch_1 searches its ARP table for a
mapping between the super-VLAN and sub-VLANs. Switch_1 then sends an
ARP Reply packet with the MAC address of VLANIF 4 (corresponding to super-
VLAN 4) from an interface of sub-VLAN 2 to Host_1.
3. After learning the gateway's MAC address, Host_1 sends a packet with the
MAC address of VLANIF 4 (corresponding to super-VLAN 4) as the destination
MAC address and a destination IP address of 10.1.2.2.
4. After receiving the packet from Host_1, Switch_1 determines that the packet
should be forwarded at Layer 3 according to the mapping between the super-
VLAN and sub-VLANs and the destination MAC address. Switch_1 searches its
Layer 3 forwarding table for a matching entry, but no entry is found. Switch_1
sends the packet to the CPU, and the CPU searches its routing table and
obtains the next-hop address of 10.1.10.2 and the outbound interface of

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 296

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

VLANIF 10. Switch_1 determines the outbound interface according to the ARP
entry and MAC address entry, and sends the packet to Switch_2.
5. Switch_2 sends the packet to the server through Layer 3 forwarding.
After receiving the packet from Host_1, the server sends a response packet with
the destination IP address of 10.1.1.2 and the MAC address of VLANIF 20 on
Switch_2 as the destination MAC address. Then the following process occurs:
1. The response packet reaches Switch_1 through Layer 3 forwarding. When the
response packet reaches Switch_1, the destination MAC address is changed to
the MAC address of VLANIF 10 on Switch_1.
2. After receiving the packet, Switch_1 determines that the packet should be
forwarded at Layer 3 according to the destination MAC address. Switch_1
searches its Layer 3 forwarding table for a matching entry, but no entry is
found. Switch_1 sends the packet to the CPU, and the CPU searches its routing
table and obtains the next-hop address of 10.1.1.2 and the outbound interface
of VLANIF 4. Switch_1 searches the mapping between the super-VLAN and
sub-VLANs and determines that the packet should be sent to Host_1 from an
interface in sub-VLAN 2 according to the ARP entry and MAC address entry.
3. The response packet reaches Host_1.

Layer 2 Communication Between Hosts in Sub-VLANs and Other Devices

Figure 6-5 shows an example network for Layer 2 communication between hosts
in sub-VLANs and other devices. In this example:
● Sub-VLAN 2, sub-VLAN 3, and super-VLAN 4 are configured on Switch_1.
● IF_1 and IF_2 on Switch_1 are access interfaces.
● IF_3 is a trunk interface that allows both VLAN 2 and VLAN 3.
● The interface of Switch_2 connected to Switch_1 is a trunk interface and
allows both VLAN 2 and VLAN 3.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 297

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-5 Layer 2 communication between hosts in sub-VLANs and on an

external network

Internet

Switch_2

Trunk IF_1
Allowed VLAN=2,3
IF_3
Super-VLAN4
Switch_1 VLANIF4
10.1.1.1/24
IF_1 IF_2

Host_1 Host_2
Sub-VLAN2 Sub-VLAN3
10.1.1.2/24 10.1.1.12/24

A tag with VLAN 2 is added to packets sent from Host_1 to Switch_1. Although
sub-VLAN 2 belongs to super-VLAN 4, Switch_1 does not change the tag with
VLAN 2 to a tag with VLAN 4 in packets. Therefore, packets sent from IF_3 of
Switch_1 still carry VLAN 2.

Switch_1 does not send packets from VLAN 4. When another device sends packets
from VLAN 4 to Switch_1, Switch_1 discards the packets because there is no
physical interface corresponding to super-VLAN 4 on Switch_1. IF_3 on Switch_1
does not allow packets from super-VLAN 4. For other devices, only sub-VLAN 2
and sub-VLAN 3 are valid.

The communication between Switch_1 configured with VLAN aggregation and

other devices is similar to normal Layer 2 communication without super-VLAN.

6.3 Application Scenarios for VLAN Aggregation

In Figure 6-6, a company has multiple departments using different switches. To
improve service security, the company adds different departments to different
VLANs, but IP addresses of the company are limited.

The requirements are as follows:

● All departments want to access the Internet.

● Department 1 and department 2 need to communicate with each other.
● Department 3 and department 4 need to communicate with each other.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 298

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Figure 6-6 Networking of VLAN aggregation

Internet

Switch
Proxy ARP

L2 switch L2 switch L2 switch L2 switch

Super VLAN 2 Super VLAN 3

Sub VLAN 21 Sub VLAN 22 Sub VLAN 31 Sub VLAN 32

VLAN aggregation can be deployed to meet the preceding requirements. Deploy

super-VLAN 2 and super-VLAN 3 on the switch, and add sub-VLAN 21 and sub-
VLAN 22 to super-VLAN 2 and sub-VLAN 31 and sub-VLAN 32 to super-VLAN 3.
After IP addresses are assigned to super-VLAN 2 and super-VLAN 3 on the switch,
users in department 1 and department 2 can access the Internet using the IP
address of super-VLAN 2, and users in department 3 and department 4 can access
the Internet using the IP address of super-VLAN 3.

Therefore, VLAN aggregation allows all departments to access the Internet access
and conserves IP addresses.

To allow communication between department 1 and 2 and departments 3 and 4,

configure proxy ARP on the switch in super-VLAN 2 and super-VLAN 3.

6.4 Licensing Requirements and Limitations for VLAN

Aggregation

Involved Network Elements

Other network elements are not required.

Licensing Requirements
VLAN aggregation, also called super-VLAN, is a basic feature of a switch and is not
under license control.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 299

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Version Requirements

Table 6-1 Products and versions supporting VLAN aggregation

Product Product Software Version
Model

S1700 S1720GFR Not supported

S1720GW, Not supported

S1720GWR

S1720GW- Not supported

E,
S1720GWR
-E

S1720X, Not supported

S1720X-E

Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.

S2700 S2700SI Not supported

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2710SI Not supported

S2720EI Not supported

S2750EI Not supported

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700EI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI Not supported

S5700S-LI Not supported

S5710-C-LI Not supported

S5710-X-LI Not supported

S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)

S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00

S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 300

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Product Product Software Version

Model

S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10

S5720LI, Not supported

S5720S-LI

S5720SI, V200R008C00, V200R009C00, V200R010C00,

S5720S-SI V200R011C00, V200R011C10

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10

S5730SI V200R011C10

S5730S-EI V200R011C10

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)

S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10

S6720LI, Not supported

S6720S-LI

S6720SI, V200R011C00, V200R011C10

S6720S-SI

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● VLAN 1 cannot be configured as a super-VLAN.
● A physical interface cannot be added to a VLAN configured as a super-VLAN.
● A VLAN that has been configured as a guest VLAN cannot be configured as a
super-VLAN.
● A traffic policy takes effect in a super-VLAN only after the traffic policy is
configured in all sub-VLANs of the super-VLAN.
● When the dot1q termination vid or qinq termination pe-vid ce-vid
command is used to configure a VLAN for the VLAN termination sub-
interface, the VLAN cannot be configured as the super-VLA or sub-VLAN.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 301

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

● An IP address must have been assigned to the VLANIF interface corresponding

to the super-VLAN. Otherwise, proxy ARP cannot take effect.
● In V200R010C00 and earlier versions, only IPv4 addresses can be configured
for VLANIF interfaces of super-VLANs. In versions later than V200R010C00,
both IPv4 and IPv6 addresses can be configured for VLANIF interfaces of
super-VLANs.

6.5 Default Settings for VLAN Aggregation

Table 6-2 Default setting for VLAN aggregation

Parameter Default Setting

Super-VLAN Not configured

Proxy ARP on a VLANIF interface Disabled

corresponding to a super-VLAN

6.6 Configuring VLAN Aggregation

6.6.1 Creating a Sub-VLAN

Context
In VLAN aggregation, physical interfaces can be added to a sub-VLAN but a
VLANIF interface cannot be created for the sub-VLAN. All the interfaces in a sub-
VLAN use the same IP address of the VLANIF interface associated with the super-
VLAN. VLAN aggregation reduces subnet IDs, subnet default gateway addresses,
and directed broadcast IP addresses, and allows the switch to assign IP addresses
to hosts in sub-VLANs according to the number of hosts.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 302

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

NOTE

If a device is configured with multiple VLANs, configuring names for these VLANs is
recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured,
you can run the vlan vlan-name vlan-name command in the system view to enter the
corresponding VLAN view.
The vlan configuration command completes the VLAN configuration when the VLAN is not
created.

Step 3 Run interface interface-type interface-number

The interface view is displayed.

Step 4 Configure the link type of the interface.

Run either of the following commands as needed:

● Set the link type of the interface to Access.

a. Run port link-type access
The link type of the interface is set to Access.
b. Run port default vlan vlan-id
The interface is added to the sub-VLAN.
● Set the link type of the interface to Trunk.
a. Run port link-type trunk
The link type of the interface is set to Trunk.
b. Run port trunk allow-pass vlan vlan-id
The interface is added to the sub-VLAN.
● Set the link type of the interface to Hybrid.
a. Run port link-type hybrid
The link type of the interface is set to Hybrid.
b. Run port hybrid tagged vlan vlan-id or port hybrid untagged vlan
vlan-id
The interface is added to the sub-VLAN.

Step 5 Run quit

Return to the system view.

----End

6.6.2 Creating a Super-VLAN

Context
A super-VLAN consists of several sub-VLANs. No physical interface can be added
to a super-VLAN, but a VLANIF interface can be configured for the super-VLAN
and an IP address can be assigned to the VLANIF interface.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 303

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run vlan vlan-id
A VLAN is created and the VLAN view is displayed.
The VLAN ID of a super-VLAN must be different from each sub-VLAN ID.
Step 3 Run aggregate-vlan
A super-VLAN is created.
A super-VLAN cannot contain any physical interfaces.
VLAN 1 cannot be configured as a super-VLAN.
Step 4 Run access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
A sub-VLAN is added to a super-VLAN.
Before adding any sub-VLANs to a super-VLAN, ensure that they are not
configured with VLANIF interfaces.

----End

6.6.3 Configuring a VLANIF Interface Corresponding to a

Super-VLAN

Context
The IP address of the VLANIF interface associated with a super-VLAN must contain
the subnets that users in sub-VLANs belong to. All the sub-VLANs will use that IP
address to conserve IP addresses.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
A VLANIF interface is created for a super-VLAN, and the view of the VLANIF
interface is displayed.
Step 3 Run either of the following commands as needed:
● Run ip address ip-address { mask | mask-length }
An IPv4 address is assigned to the VLANIF interface.
● Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length
An IPv6 address is assigned to the VLANIF interface.

----End

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 304

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

6.6.4 (Optional) Enabling Proxy ARP on the VLANIF Interface

Corresponding to a Super-VLAN

Context
VLAN aggregation allows sub-VLANs to use the same subnet address, but prevents
PCs in different sub-VLANs from communicating with each other over Layer 3.
PCs in common VLANs can communicate with each other over Layer 3 using
different gateway addresses. VLAN aggregation enables PCs in a super-VLAN to
use the same subnet address and gateway address. Because PCs in different sub-
VLANs belong to one subnet, they can only communicate with PCs in their sub-
VLAN. PCs in different sub-VLANs cannot communicate with each other.
Proxy ARP is required to enable PCs in a sub-VLAN to communicate with PCs in
another sub-VLAN or PCs on other networks. After a super-VLAN and its VLANIF
interface are created, proxy ARP must be enabled to allow the super-VLAN to
forward or process ARP Request and Reply packets.

NOTE

After proxy ARP is enabled on the VLANIF interface corresponding to a super-VLAN, PCs in
all sub-VLANs of the super-VLAN can communicate. If PCs in some sub-VLANs of the super-
VLAN need to communicate, see 6.8.1 How Do I Implement Communication Between
Specific Sub-VLANs in a Super-VLAN.

VLAN aggregation simplifies configurations for networks where many VLANs are
configured and PCs in different VLANs need to communicate with each other.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface vlanif vlan-id
The view of the VLANIF interface corresponding to the super-VLAN is displayed.
Step 3 Run arp-proxy inter-sub-vlan-proxy enable
Proxy ARP is enabled between sub-VLANs.

----End

6.6.5 Verifying the VLAN Aggregation Configuration

Procedure
● Run the display vlan [ { vlan-id | vlan-name vlan-name } [ verbose ] ]
command to check information about all VLANs or a specified VLAN.
● Run the display interface vlanif [ vlan-id ] command to check the VLANIF
interface configuration.
● Run the display sub-vlan [ vlan-id ] command to check the sub-VLAN
configuration.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 305

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

● Run the display super-vlan [ vlan-id ] command to check the super-VLAN

configuration.

----End

6.7 Example for Configuring VLAN Aggregation

Networking Requirements
In Figure 6-7, a company has many departments on the same network segment.
To improve service security, the company adds different departments to different
VLANs (VLAN 2 and VLAN 3). Each department that wants to access the Internet
and PCs in different departments need to communicate with each other.

Figure 6-7 Networking of VLAN aggregation

Internet

Router

GE0/0/1
VLAN10
SwitchB Super-VLAN 4
GE0/0/5
GE0/0/5
SwitchA
GE0/0/1 GE0/0/4
GE0/0/2 GE0/0/3

VLAN2 VLAN3

Configuration Roadmap
Configure VLAN aggregation on SwitchB to add VLANs of different departments
to a super-VLAN so that PCs in different departments can access the Internet
using the super-VLAN. Deploy proxy ARP in the super-VLAN so that PCs in
different departments can communicate with each other. The configuration
roadmap is as follows:

1. Configure VLANs and interfaces on SwitchA and SwitchB, add PCs from
different departments to different VLANs, and configure interfaces to
transparently transmit packets from VLANs to SwitchB.
2. Configure a super-VLAN, a VLANIF interface, and a static route on SwitchB so
that PCs in different departments can access the Internet.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 306

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

3. Configure proxy ARP in the super-VLAN on SwitchB so that PCs in different

departments can communicate at Layer 3.

Procedure
Step 1 Configure VLANs and interfaces on SwitchA and SwitchB, add PCs from different
departments to different VLANs, and configure interfaces to transparently transmit
packets from VLANs to SwitchB.
1. Configure SwitchA.
# Configure GE0/0/1 as an access interface. The configurations of GE0/0/2,
GE0/0/3, and GE0/0/4 are similar to the configuration of GE0/0/1, and are not
mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] quit

# Create VLAN 2 and add GE0/0/1 and GE0/0/2 to VLAN 2.

[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 0/0/1 0/0/2
[SwitchA-vlan2] quit

# Create VLAN 3 and add GE0/0/3 and GE0/0/4 to VLAN 3.

[SwitchA] vlan 3
[SwitchA-vlan3] port gigabitethernet 0/0/3 0/0/4
[SwitchA-vlan3] quit

# Configure the interface of SwitchA connected to SwitchB to transparently

transmit packets from VLAN 2 and VLAN 3 to SwitchB.
[SwitchA] interface gigabitethernet 0/0/5
[SwitchA-GigabitEthernet0/0/5] port link-type trunk
[SwitchA-GigabitEthernet0/0/5] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/5] quit

2. Configure SwitchB.
# Create VLAN 2, VLAN 3, VLAN 4, and VLAN 10 and configure the interface
of SwitchB connected to SwitchA to transparently transmit packets from VLAN
2 and VLAN 3 to SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3 4 10
[SwitchB] interface gigabitethernet 0/0/5
[SwitchB-GigabitEthernet0/0/5] port link-type trunk
[SwitchB-GigabitEthernet0/0/5] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet0/0/5] quit

Step 2 Configure a super-VLAN and a VLANIF interface corresponding to the super-VLAN.

# Configure super-VLAN 4 on SwitchB and add VLAN 2 and VLAN 3 to super-VLAN

4 as sub-VLANs.
[SwitchB] vlan 4
[SwitchB-vlan4] aggregate-vlan
[SwitchB-vlan4] access-vlan 2 to 3
[SwitchB-vlan4] quit

# Create and configure VLANIF 4 so that PCs in different departments can access
the Internet using super-VLAN 4.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 307

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

[SwitchB] interface vlanif 4

[SwitchB-Vlanif4] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vlanif4] quit

Step 3 Configure a static route.

# Configure the uplink interface GE0/0/1 on SwitchB to transparently transmit
packets from the VLAN that SwitchB and router belong to.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet0/0/1] quit

# Create and configure VLANIF 10 and specify the IP address of VLANIF 10 as the
IP address for connecting SwitchB and the router (egress gateway).
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.10.1.1 255.255.255.0
[SwitchB-Vlanif10] quit

# Configure a static route to the router on SwitchB so that PCs can access the
Internet.
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2

NOTE

Configure the router interface connected to SwitchB and assign the IP address of 10.10.1.2
to the router interface. See the router configuration manual.

Step 4 Assign IP addresses to PCs.

Configure an IP address for each PC and make the PCs reside on the same
network segment as VLAN 4.
After the configuration is complete, PCs in each department can access the
Internet, and PCs in VLAN 2 and VLAN 3 cannot ping each other.
Step 5 Configure proxy ARP.
# Configure proxy ARP in super-VLAN 4 on SwitchB so that PCs in different
departments can communicate at Layer 3.
[SwitchB] interface vlanif 4
[SwitchB-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[SwitchB-Vlanif4] quit

Step 6 Verify the configuration.

After the configuration is complete, PCs in VLAN 2 and VLAN 3 can ping each
other and access the Internet.

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
port link-type access

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 308

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

port default vlan 2

#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return

● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 4 10
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface Vlanif10
ip address 10.10.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
#
return

6.8 FAQ About VLAN Aggregation

6.8.1 How Do I Implement Communication Between Specific
Sub-VLANs in a Super-VLAN
When VLAN aggregation is configured, hosts in a super-VLAN use IP addresses on
the same network segment and share the same gateway address. Hosts in
different sub-VLANs belong to the same subnet, so the switch forwards packets
between the hosts by searching for ARP entries but not through the gateway.
Proxy ARP allows the switch to establish ARP entries for all sub-VLANs for
interworking.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 309

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - Ethernet Switching 6 VLAN Aggregation Configuration

To implement communication between some sub-VLANs, configure static ARP

entries to bind destination IP addresses to the gateway MAC address on hosts in
the sub-VLANs.
For example, if host B with the gateway MAC address of 00-aa-00-62-c6-09 wants
to access host B with the IP address of 10.10.10.2/24, perform the following
operations:
1. Choose Start > Run, enter cmd, and press Enter.
2. Enter arp -s 10.10.10.2 00-aa-00-62-c6-09.
After the preceding configuration is complete, host A can access host B. If host B
needs to access host A, configure a static ARP entry to bind host A's IP address to
the gateway MAC address on host B.

6.8.2 How Can a Traffic Policy Be Configured in a Super-VLAN

or Sub-VLAN to Make the Traffic Policy Take Effect
The packets received and sent by the switch configured with VLAN aggregation
carry sub-VLAN tags but not super-VLAN tags, so a traffic policy must be
configured in all sub-VLANs of a super-VLAN. A traffic policy only in the super-
VLAN will not take effect.

Issue 13 (2021-10-20) Copyright © Huawei Technologies Co., Ltd. 310