Interface-based VLAN Assignment

Principle of interface-based VLAN assignment

Configuration methods of interface-based VLAN

assignment

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1

Principle of Interface-based VLAN Assignment
Interface-based VLAN assignment is the simplest and often used. That is, specify interfaces for
VLANs and establish the mapping between interfaces and VLANs.
Interfaces in the same VLAN can be located on the same switch or different switches.

Can an interface be
added to multiple
VLANs?

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 2

 Types of Links and Interfaces
Whether an interface can be added to multiple VLANs depends on types of links and
interfaces. A switch has two types of links and three types of interfaces.

Link Type Application Scenario

Access link An access link can transmit data frames of only one VLAN. It
connects a switch to a user terminal, such as a host, server, and
simplified Layer 2 switch.
Trunk link A trunk link can transmit data frames from multiple VLANs. It
connects a switch to another switch.

Interface Connected Device Number of Specified VLANs

Type
Access Host 1
Trunk Switch or router 1 to 4094
Hybrid Host, switch, and router Access link: 1
Trunk link: 1 to 4094

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 3

Example for Configuring Interface-based VLAN Assignment
Networking Requirements
On an enterprise network, the access switch ACC c
onnects to User1 and User2 that belong to Departm
ent 1 and Department 2, respectively.
The aggregation switch AGG connects to Server 1 a
nd Server 2 that belong to Department 1 and Depart
ment 2, respectively.
To ensure security of network resources, the compa
ny allows staff of each department to access only its
own server.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 4

Example for Configuring Interface-based VLAN Assignment
Requirement analysis:
Based on the principle of VLAN communication, users of the same VLAN can c
ommunicate directly, whereas users of different VLANs cannot communicate dir
ectly. Allocate User1 and Server1 to the same VLAN and User2 and Server 2 to
the same VLAN so that User1 can access only Server1 and User 2 can access
only Server 2.

Department Interface VLAN

Department1 ACC's GE0/0/23 (User1) 10

AGG's GE0/0/23 (Server1)
Department2 ACC's GE0/0/24 (User2) 20
AGG's GE0/0/24 (Server2)
Department1 ACC's GE1/0/18 (ALL) 10 and 20
Department2
AGG's GE1/0/18 (ALL) 10 and 20

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 5

Example for Configuring Interface-based VLAN Assignment
Configuration roadmap:
Use the following methods to configure the ACC and AGG, respectively
.
1. Create VLANs.
2. Configure interface types.
3. Add interfaces to VLANs.
Verify the configuration:
1. Configure User1 and Server1 on the same network segment.
2. Configure User2 and Server2 on the same network segment.
3. Ping Server1 and Server2 from User1, and ping Server2 and
Server1 from User2.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 6

 Changing Interface Types
Product Version Method Command Precaution

V2R3 and Delete the VLAN Access undo port default vlan -
configuration of
earlier versions the original Trunk undo port trunk pvid vlan When you use the undo port trunk
undo port trunk allow- allow-pass vlan all command, the undo
V2R5 and interface to port trunk allow-pass vlan 1 command
pass { vlan vlan-id1 [ to
later versions of restore the
vlan-id2 ] | all } configuration is generated on the
default VLAN interface. You need to execute the port
X3 series configuration of trunk allow-pass vlan 1 command.
the interface.
Hybrid undo port hybrid pvid When you use the undo port hybrid vlan
vlan all or undo port hybrid untagged all
undo port hybrid [ tagged command, the undo port hybrid vlan 1
| untagged ] { vlan vlan- command configuration is generated on
the interface. You need to execute the
id1 [ to vlan-id2 ] | all }
port hybrid vlan 1 command.

V2R5 and later Change the - After the interface type is

interface type changed, the VLAN
versions of X7 directly. configuration on the
series interface will also be
deleted.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 7

Batch Adding Interfaces to VLANs
Interface Type Method Configuration Process

Access Batch adding interfaces in 1. Enter the VLAN view.

the VLAN view 2. Run the port interface-type { interface-number1 [ to
interface-number2 ] } &<1-10> command to batch add
interfaces.

Batch adding interfaces 1. Create a VLAN.

using the port group 2. Create a port group.
3. Run the group-member { interface-type interface-
number1 [ to interface-type interface-number2 ] } &<1-10>
command in the port group view to batch add interfaces.
4. Configure the interface type and VLAN in the port group
Trunk&Hybrid Batch adding interfaces view.
using the port group

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 8