Building A LAN

Building a LAN http://support.huawei.com/enterprise/docinforeader!loadDocument1.ac...
Contents
3 Building a LAN
3.1 Example for Configuring Layer 3 Link Aggregation to Improve the Link Bandwidth and Reliability
3.2 Example for Configuring VLAN Assignment
3.3 Example for Configuring Sub-interfaces to Implement Inter-VLAN Communication
3.4 Example for Configuring a VLANIF Interface to Implement Inter-VLAN Communication
3.5 Example for Configuring GVRP to Implement Automatic VLAN Registration
3.6 Example for Configuring Transparent Bridging to Implement Communication on the Same Network Segment
3.7 Example for Configuring Transparent Bridging to Implement Communication on Different Network Segments
3.8 Example for Configuring a Transparent Bridge to Transmit QinQ Packets
3.9 Example for Configuring the UDP Helper to Enable Inter-Network Users to Access Each Other Using Host Names
3.10 Example for Configuring the Proxy ARP to Implement Remote Communication of Routers on the Same Subnet
Building a LAN
Specifications
This example applies to all versions of AR routers.
For V200R006 and later versions, AR161, AR161W, AR169, AR169W, AR161G-L, AR169G-L, and AR169-P-M9 do not support this funciotn.
Networking Requirements
Router_1 and Router_2 are connected through three Layer 3 Ethernet interfaces. Link aggregation needs to be configured between Router_1 and Router_2 to implement interworking between Router_1 and Router_2,
increase the link bandwidth, and improve the link reliability.
Figure 3-1 Networking of Layer 3 link aggregation
Procedure
1. Configure Router_1.
#
sysname Router_1
#
interface Eth-Trunk1 //Create an Eth-Trunk, switch the Eth-Trunk to Layer 3 mode, and configure an IP address.
undo portswitch
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0 //Add GE1/0/0, GE2/0/0, and GE3/0/0 to Eth-Trunk 1.
eth-trunk 1
#
interface GigabitEthernet2/0/0
eth-trunk 1
#
eth-trunk 1
#
return
#
sysname Router_2
#
interface Eth-Trunk1
undo portswitch
ip address 10.1.1.2 255.255.255.0
#
eth-trunk 1
#
eth-trunk 1
#
eth-trunk 1
#
return
3. Verify the configuration.

# Run the display eth-trunk command on Router_1 and Router_2. The command output shows that GE1/0/0, GE2/0/0, and GE3/0/0 are added to Eth-Trunk 1.
# Router_1 and Router_2 can ping each other.
Configuration Notes
Member interfaces of an Eth-Trunk must use the same Ethernet type and rate.
Interfaces that use different Ethernet types and rates cannot join the same Eth-Trunk. For example, GE and FE interfaces cannot join the same Eth-Trunk, and GE electrical and optical interfaces cannot join
the same Eth-Trunk.
1 de 6 09/12/2017 20:19
If an interface of the local device is added to an Eth-Trunk, an interface of the remote device directly connected to the interface of the local device must also be added to an Eth-Trunk so that the two ends can
communicate.
Member interfaces cannot be configured with some services. For example, the IP address of a member interface cannot be configured.

Specifications
As shown in Figure 3-2, the device of a company connects to two departments. User_1 and User_2 belong to department 1 and connect to the company network through different devices, and User_3 and User_4
belong to department 2 and connect to the company network through different devices.
To ensure communication security and prevent broadcast packets from being flooded, the company requires that hosts in a department should be allowed to communicate and hosts in different departments should be
isolated.
You can configure interface-based VLAN assignment on the device so that the device adds interfaces connected to users in the same department to the same VLAN. Users in the same VLAN can directly communicate
with each other, and users in different VLANs cannot communicate at Layer 2.
Figure 3-2 Networking of VLAN assignment
Procedure
#
sysname Router_1
#
vlan batch 2 to 3 //Create VLAN 2 and VLAN 3.
#
interface Ethernet2/0/1 //Configure the interface connected to User_1 as an access interface. The default VLAN is VLAN 2.
port link-type access
port default vlan 2
#
port default vlan 3
#
interface Ethernet2/0/3 //Configure the interface connected to Router_1 and Router_2 as a trunk interface and configure the interface to allow VLAN 2 and VLAN 3.
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
#
sysname Router_2
#
vlan batch 2 to 3 //Create VLAN 2 and VLAN 3.
#
port default vlan 2
#
port default vlan 3
#
interface Ethernet2/0/3 //Configure the interface connected to Router_2 and Router_1 as a trunk interface and configure the interface to allow VLAN 2 and VLAN 3.
#
return

# Configure User_1 and User_2 on the same network segment, for example, 10.1.100.0/24; configure User_3 and User_4 on the same network segment, for example, 10.1.200.0/24.
# User_1 and User_2 can ping each other, but cannot ping User_3 or User_4. User_3 and User_4 can ping each other, but cannot ping User_1 or User_2.
Configuration Notes
To ensure that packets from VLAN 2 and VLAN 3 are correctly transmitted, create VLAN 2 and VLAN 3 on the device and configure the interface to allow VLAN 2 and VLAN 3.
The interfaces connected to users do not need to distinguish VLANs. The interfaces only receive and send untagged frames and add the default VLAN tag to untagged frames, so the interfaces need to be
configured as access interfaces.
The interconnected interfaces between devices need to allow packets from VLAN 2 and VLAN 3, so the interfaces need to be configured as trunk interfaces.

Specifications
On the switch, a trunk interface connects to Eth1/0/0 on the router and an access interface connects to PCs. PC1 joins VLAN 10 and PC2 joins VLAN 20.
Two sub-interfaces are created on Eth1/0/0 of the router and assigned IP addresses as gateway addresses of the two VLANs. The two sub-interfaces use 802.1q encapsulation to implement inter-VLAN
communication.
Figure 3-3 Networking diagram of inter-VLAN communication through sub-interfaces
2 de 6 09/12/2017 20:19
Procedure
1. Configure the router.

#
sysname Router
#
interface Ethernet1/0/0.1
control-vid 1 dot1q-termination //Configure the dot1q termination sub-interface. V200R002C01 and later versions do not support this command.
dot1q termination vid 10 //Configure the interface to process packets with VLAN 10.
ip address 10.10.10.1 255.255.255.0 //Configure the gateway address for VLAN 10.
arp broadcast enable // The interface can process broadcast ARP packets. In V200R003C01 and later versions, ARP broadcast is enabled by default.
#
interface Ethernet1/0/0.2
control-vid 2 dot1q-termination
dot1q termination vid 20 //Configure the interface to process packets with VLAN 20.
ip address 10.10.20.1 255.255.255.0 //Configure the gateway address for VLAN 20.
arp broadcast enable
#
return

# PC1 and PC2 can successfully ping each other.
Configuration Notes
The switch downlink interface connected to a PC must be the access interface and the switch uplink interface connected to a device must be the trunk interface.
The gateway address configured on the PC must be the same as the sub-interface IP address.
ARP broadcast must be enabled on the sub-interface.
The VLAN ID of a sub-interface must be the same as the VLAN ID of the PC.

Specifications
Layer 2 interfaces Eth2/0/1 and Eth2/0/2 of the router connect to PC1 and PC2 on different network segments.
Two VLANs are configured so that Layer 2 packets from PC1 and PC2 are broadcast in the VLANs that PC1 and PC2 belong to. A VLANIF interface is configured on the router so that PC1 and PC2 in different
VLANs can communicate with each other.
Figure 3-4 Networking diagram of inter-VLAN communication through a VLANIF interface
Procedure

#
sysname Router
#
vlan batch 10 20 //Create VLANs.
#
interface Vlanif10 //Create a VLANIF interface.
ip address 10.10.10.1 255.255.255.0 //Configure the gateway address for PC terminals in the VLAN.
#
interface Vlanif20
ip address 10.10.20.1 255.255.255.0
#
interface Ethernet2/0/1
port link-type access //Set the link type of the interface to access.
port default vlan 10 //Add the interface to the VLAN.
#
port default vlan 20
#
return

# PC1 and PC2 can successfully ping each other.
Configuration Notes
PCs in different VLANs are located on different network segments.

The router interface connected to PCs must be the Layer 2 access or hybrid interface.
The gateway address configured on the PC must be the same as the VLANIF interface IP address.
The VLANIF interface number must be the same as the VLAN ID.

Specifications
RouterA and RouterC connect to RouterB through Layer 2 interfaces, and VLANs 100 to 200 are manually configured on RouterA and RouterC. RouterB needs to automatically learn the VLANs. GVRP is enabled
on each router and interface so that VLAN information can be registered and updated dynamically.
Figure 3-5 Networking diagram of GVRP
Procedure
1. Configure RouterA.
#
3 de 6 09/12/2017 20:19
sysname RouterA
#
vlan batch 100 to 200 //Create VLANs.
#
gvrp //Enable GVRP globally.
#
port link-type trunk //Set the link type of the interface to trunk.
port trunk allow-pass vlan 2 to 4094 //Add the interface to all VLANs.
gvrp //Enable GVRP on the interface.
#
return
2. Configure RouterC.
#
sysname RouterC
#
vlan batch 100 to 200
#
gvrp
#
gvrp
#
return
3. Configure RouterB.
#
sysname RouterB
#
gvrp
#
port trunk allow-pass vlan 2 to 4094 //The GVRP-enabled interface needs to be added to all VLANs.
gvrp
#
gvrp
#
return

# Run the display vlan summary command on RouterB. The command output shows that RouterB has learned VLANs 100 to 200 and the type is dynamic.
# Run the display vlan brief command. The command output shows that Eth2/0/0 and Eth2/0/1 have joined VLANs 100 to 200.
Configuration Notes
The link type of Layer 2 interfaces must be trunk.

The GVRP-enabled interface must be added to all VLANs.
Specifications
PCs on LAN 1 and LAN 2 communicate through local bridging and can directly perform network applications over the WAN.
Figure 3-6 Networking diagram of local bridging
Procedure
#
sysname RouterA
#
bridge 1 //Create a bridge group and generate the virtual bridge.
#
bridge 1 //Add an interface to the bridge group as the virtual bridge interface.
#
#
return
#
sysname RouterB
#
bridge 1
#
bridge 1
#
bridge 1
#
return

# PCs on LAN 1 and LAN 2 can successfully ping each other.
Configuration Notes
Interfaces added to a bridge group must be Layer 3 interfaces of Ethernet, ATM, and serial types.
PCs on LAN 1 and LAN 2 are on the same network segment.
Specifications
LAN 1 and LAN 2 use the same network segment and a route to LAN 3 is configured on the router.
4 de 6 09/12/2017 20:19
Eth1/0/0 and Eth2/0/0 are added to the same bridge group so that PCs on LAN 1 and LAN 2 can communicate.
Bridge-if 1 is created on the router. PCs on LAN 1 and LAN 2 communicate with PCs on LAN 3 through the route on Bridge-if 1.
Figure 3-7 Networking diagram of local bridging with IP routing
Procedure

#
sysname Router
#
bridge 1 //Create a bridge group and generate a virtual bridge.
routing ip //Enable a bridge group to route IP protocol packets.
#
#
bridge 1
#
ip address 202.1.1.1 255.255.255.0
#
interface Bridge-if1 //Create a Bridge-if interface and bind it to the virtual bridge interface.
ip address 192.168.1.1 255.255.255.0 //Assign an IP address to the Bridge-if interface.
#
ip route-static 192.168.2.0 255.255.255.0 202.1.1.2
#
return

# PCs on LAN 1 and LAN 2 can successfully ping each other.
# PCs on LAN 1 and LAN 2 and PCs on LAN 3 can successfully ping each other.
Configuration Notes
Interfaces added to a bridge group must be Layer 3 interfaces of Ethernet, ATM, and serial types.
PCs on LAN 1 and LAN 2 are on the same network segment.
The ID of the Bridge-if interface must be the same as the bridge group ID.

Applicability
In V200R008C20 and earlier versions, only the AR100&AR120&AR150&AR160&AR200 series support this example.
In V200R008C30 and later versions, only the AR100&AR120&AR150&AR160&AR200 series, AR1220E, AR1220EV, AR1220EVW, and AR1220F support this example.
Multiple departments of an enterprise are located in different areas. As services develop, departments in different areas need to transmit tagged packets. Through remote bridging and QinQ of the transparent bridge,
tagged packets can be transmitted between departments in different areas.
In Figure 3-8, Router_A and Router_B are located in different areas and connected through an intermediate link. PC1 and PC2 belong to different LANs. Through remote bridging and QinQ of the transparent bridge,
tagged packets can be transmitted between hosts in different areas.
Figure 3-8 Configuring the transparent bridge to transmit QinQ packets
Procedure
1. Configure Router_A.
# Router_A is used as an example. The configuration of Router_B is similar, and is not mentioned here.
#
vlan batch 2 to 4094
#
bridge 1 //Create a bridge group and generate a virtual bridge.
#
bridge 1 //Add the LAN-side interface to bridge 1.
bridge vlan-transmit enable //Enable the interface to transparently transmit VLAN packets.
#
undo portswitch
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2.1
bridge 1 //Add the WAN-side sub-interface to bridge 1.
bridge vlan-transmit enable //Enable the interface to transparently transmit VLAN packets.
vlan allow-pass vid 3105 //Configure the VLAN allowed by the sub-interface.
vlan dot1q-tunnel 3105 //Configure the dotlq tunnel function on the sub-interface.
#
return

# PC1 and PC2 can ping each other.
Configuration Notes
When the type of the WAN-side interface is VDSL or G.SHDSL, run the set workmode slot slot-id vdsl ptm or set workmode slot slot-id shdsl ptm command to configure the interface to work in PTM mode.
Applicability
This example applies to all versions and AR routers.
As shown in Figure 3-9, the IP addresses of GE0/0/1 and GE0/0/2 on the router are 10.110.1.1/16 and 10.210.1.1/24. The IP address of the NetBIOS-NS name server is 10.2.1.1/16. The router and NetBIOS-NS name
5 de 6 09/12/2017 20:19
server are on different network segments. The next-hop address of the route from the router to 10.2.0.0/16 is 10.210.1.2/24.
The router is configured to forward broadcast packets with destination UDP port number 137 and destination IP addresses 255.255.255.255 and 10.110.255.255 to the NetBIOS-NS name server. When the router
receives a broadcast NetBIOS-NS Register packet, it changes the destination IP address in the IP header of the broadcast packet to the IP address of the NetBIOS-NS name server and forwards the packet to the
NetBIOS-NS name server.
Figure 3-9 UDP helper configuration
Procedure

#
udp-helper enable //Enable the UDP helper function.
#
ip address 10.110.1.1 255.255.0.0
udp-helper server 10.2.1.1 //Configure the destination server to which UDP packets are forwarded.
#
ip address 10.210.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.210.1.2 //Configure a static route between the UDP helper and destination server and ensure that the route is reachable.
#

# Run the display udp-helper server command on the router to view the destination server to which UDP packets are forwarded.
# Run the display udp-helper port command on the router to view the configured UDP ports to which packets need to be relayed.
Configuration Notes
Enable UDP helper globally.

Ensure that the UDP helper has a reachable route to the destination server.
Applicability
This example applies to all versions and AR routers.
RouterA and RouterC are on the same subnet. Proxy ARP needs to be configured on RouterB to enable RouterA and RouterC to communicate.
Figure 3-10 Proxy ARP configuration
Procedure
#
ip address 10.1.1.2 255.255.0.0
#
#
ip address 10.1.1.1 255.255.255.0
arp-proxy enable
#
ip address 10.1.2.2 255.255.255.0
arp-proxy enable
#
3. Configure RouterC.
#
ip address 10.1.2.1 255.255.0.0
#

# After proxy ARP is configured on RouterB, ping 10.1.2.1 from RouterA. The ping operation succeeds. Run the display arp command on RouterB to view ARP entries.
<RouterB> display arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.2 5489-9874-b8b2 7 D-0 GE0/0/0
10.1.1.1 5489-9874-b86f I - GE0/0/0
10.1.2.1 5489-9874-b8b0 20 D-0 GE0/0/1
10.1.2.2 5489-9874-b87f I - GE0/0/1
------------------------------------------------------------------------------
Total:4 Dynamic:2 Static:0 Interface:2
6 de 6 09/12/2017 20:19

Building A LAN

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Building A LAN

Caricato da

Copyright:

Formati disponibili

Building a LAN http://support.huawei.com/enterprise/docinforeader!loadDocument1.ac...

3.2 Example for Configuring VLAN Assignment

3.3 Example for Configuring Sub-interfaces to Implement Inter-VLAN Communication

3.4 Example for Configuring a VLANIF Interface to Implement Inter-VLAN Communication

3.5 Example for Configuring GVRP to Implement Automatic VLAN Registration

3.8 Example for Configuring a Transparent Bridge to Transmit QinQ Packets

3. Verify the configuration.

3.2 Example for Configuring VLAN Assignment

3. Verify the configuration.

3.3 Example for Configuring Sub-interfaces to Implement Inter-VLAN Communication

1. Configure the router.

2. Verify the configuration.

3.4 Example for Configuring a VLANIF Interface to Implement Inter-VLAN Communication

1. Configure the router.

2. Verify the configuration.

PCs in different VLANs are located on different network segments.

3.5 Example for Configuring GVRP to Implement Automatic VLAN Registration

4. Verify the configuration.

The link type of Layer 2 interfaces must be trunk.

3. Verify the configuration.

1. Configure the router.

2. Verify the configuration.

3.8 Example for Configuring a Transparent Bridge to Transmit QinQ Packets

2. Verify the configuration.

1. Configure the router.

2. Verify the configuration.

Enable UDP helper globally.

4. Verify the configuration.

Potrebbero piacerti anche