Operation Manual VLAN Quidway S8500 Series Routing Switches

Table of Contents

Table of Contents
Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 VLAN Overview.................................................................................................................. 1-1 1.2 Configuring VLAN .............................................................................................................. 1-1 1.2.1 Creating/Deleting a VLAN ....................................................................................... 1-2 1.2.2 Specifying a Description for a VLAN or VLAN interface ......................................... 1-2 1.2.3 Naming the Current VLAN ...................................................................................... 1-3 1.2.4 Shutting down/Bringing up a VLAN Interface.......................................................... 1-3 1.2.5 Configuring Port-Based VLAN ................................................................................ 1-3 1.3 Displaying and Maintaining VLAN ..................................................................................... 1-4 1.4 Overview of Protocol-Based VLAN and IP Subnet-Based VLAN...................................... 1-4 1.4.1 Brief Introduction ..................................................................................................... 1-4 1.5 Configuring Protocol-Based VLAN .................................................................................... 1-5 1.5.1 Configuration Task List ........................................................................................... 1-5 1.5.2 Configuring a Protocol VLAN .................................................................................. 1-5 1.5.3 Applying a Protocol-Based VLAN to a Port............................................................. 1-6 1.6 Displaying Protocol-Based VLAN Configuration................................................................ 1-6 1.7 Configuring an IP Subnet-Based VLAN............................................................................. 1-6 1.7.1 Configuration Task List ........................................................................................... 1-6 1.7.2 Configuring an IP Subnet-Based VLAN .................................................................. 1-7 1.7.3 Applying an IP Subnet-Based VLAN to a Port ........................................................ 1-7 1.8 Displaying and Maintaining IP Subnet-Based VLAN Configuration .................................. 1-8 1.9 VLAN Configuration Examples .......................................................................................... 1-8 1.9.1 VLAN Configuration Example ................................................................................. 1-8 1.9.2 Protocol-Based VLAN and IP Subnet-Based VLAN Configuration Example.......... 1-9 Chapter 2 Super VLAN Configuration ......................................................................................... 2-1 2.1 Super VLAN Overview....................................................................................................... 2-1 2.2 Configuring a Super VLAN ................................................................................................ 2-1 2.3 Super VLAN Configuration Example ................................................................................. 2-3 Chapter 3 Isolate-User-VLAN Configuration .............................................................................. 3-1 3.1 Isolate-User-VLAN Overview............................................................................................. 3-1 3.2 Configuring Isolate-User-VLAN ......................................................................................... 3-2 3.2.1 Configuration Task List ........................................................................................... 3-2 3.2.2 Configuring an Isolate-User-VLAN.......................................................................... 3-2 3.2.3 Configuring a Secondary VLAN .............................................................................. 3-2 3.2.4 Mapping an Isolate-User-VLAN to Secondary VLANs............................................ 3-3 3.3 Displaying and Maintaining Isolate-User-VLANs............................................................... 3-4 3.4 Isolate-User-VLAN Configuration Example ....................................................................... 3-4

Huawei Technologies Proprietary i

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

Chapter 1 VLAN Configuration

When configuring VLAN, go to these sections for information you are interested in: VLAN Overview Configuring VLAN Displaying and Maintaining VLAN Overview of Protocol-Based VLAN and IP Subnet-Based VLAN Configuring Protocol-Based VLAN Displaying Protocol-Based VLAN Configuration Configuring an IP Subnet-Based VLAN Displaying and Maintaining IP Subnet-Based VLAN Configuration VLAN Configuration Examples

1.1 VLAN Overview

A Virtual Local Area Network (VLAN) groups the devices in a LAN logically, not physically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Q in 1999 to standardize the VLAN implementations. The VLAN technology allows network administrators to logically divide a physical LAN into different broadcast domains or the so-called virtual LANs. Every VLAN contains a group of workstations with the same demands. The workstations, physically separated, are not necessarily on the same physical LAN segment. You can establish VLANs of the following types on switches: Port-based MAC address-based IP multicast-based (A multicast group can be a VLAN.) Network layer-based (A VLAN can be established by the network layer addresses or protocols of the hosts.) With the VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs. This is helpful to control network traffic, save device investment, simplify network management and enhance security.

1.2 Configuring VLAN

The following sections describe VLAN configuration tasks: Creating/Deleting a VLAN Specifying a Description for a VLAN or VLAN interface Naming the Current VLAN Shutting down/Bringing up a VLAN Interface

Huawei Technologies Proprietary 1-1

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

Configuring Port-Based VLAN

1.2.1 Creating/Deleting a VLAN

You can use the following commands to create/delete a VLAN. If the VLAN to be created exists, the system will enter the VLAN view directly. Otherwise, the system will create the VLAN first, and then enter the VLAN view. To do Create a VLAN and enter the VLAN view Create VLANs in batch Delete an VLAN or VLANs Use the command vlan vlan-id vlan vlan-id-list undo vlan { vlan-id [ to vlan-id ] | all } Remarks Available in system view Available in system view Available in system view

Caution: VLAN 1 is the system-default VLAN and cannot be removed. VLANs with their ports being VLAN VPN-enabled cannot be removed. Guest VLANs cannot be deleted. Protocol-enabled VLANs cannot be deleted. Dynamic VLANs cannot be deleted, and the system does not play the prompt when you attempt to delete dynamic VLAN(s).

1.2.2 Specifying a Description for a VLAN or VLAN interface

To do Specify a description for a VLAN or VLAN interface Restore the default description of the current VLAN or VLAN interface Use the command description string Remarks Available in VLAN view or VLAN interface view Available in VLAN view or VLAN interface view

undo description

By default, the description of a VLAN is the VLAN ID of the VLAN, such as VLAN 0001. The description of a VLAN interface is the VLAN interface name, such as Vlan-interface1 Interface.

Huawei Technologies Proprietary 1-2

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

1.2.3 Naming the Current VLAN

To do Name the current VLAN Restore the default name of the current VLAN Use the command name string undo name Remarks Available in VLAN view Available in VLAN view

By default, the name of the current VLAN is its VLAN ID.

1.2.4 Shutting down/Bringing up a VLAN Interface

To do Shut down a VLAN interface Bring up a VLAN interface Use the command shutdown undo shutdown Remarks Available in VLAN interface view Available in VLAN interface view

Shutting down or bringing up a VLAN interface has no effect on the status of any Ethernet port in this VLAN. By default, when all the Ethernet ports in a VLAN are in the Down state, this VLAN interface is also Down. When there are one or more Ethernet ports in the Up state, this VLAN interface is also Up.

1.2.5 Configuring Port-Based VLAN

To do Add Ethernet ports to a VLAN Remove Ethernet ports from a VLAN Use the command port interface-list undo port interface-list Remarks Available in VLAN view Available in VLAN view

By default, the system adds all the ports to a default VLAN whose ID is 1. Note that you can add/remove the trunk and Hybrid ports to/from a VLAN with the port/undo port command in Ethernet port view, but not in VLAN view.

Huawei Technologies Proprietary 1-3

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

1.3 Displaying and Maintaining VLAN

To do Display information about VLAN interfaces Display information about the specified VLAN(s) Display the protocol information and protocol indexes configured on the specified VLANs Display the protocol information and protocol indexes configured on the specified ports Use the command display interface vlan-interface [ vlan-id ] display vlan [ vlan-id to vlan-id | all | static | dynamic ] display protocol-vlan vlan { vlan-list | all } Remarks Available in any view Available in any view Available in any view

display protocol-vlan interface { interface-list | all }

Available in any view

1.4 Overview of Protocol-Based VLAN and IP Subnet-Based VLAN

1.4.1 Brief Introduction
Protocol-based VLAN and IP subnet-based VLAN are supplements to port-based VLAN packet forwarding. Protocol-based VLAN can determine the VLAN to which a received untagged packet belongs according to its type and encapsulation format. IP subnet-based VLAN can determine the VLAN to which a received untagged IPv4 packet belongs according to its source IP address. Protocol-based VLAN and IP subnet-based VLAN improve the granularity of sorting untagged packets. A tagged packet is still forwarded through port-based VLAN. An untagged packet is forwarded as follows: If an IPv4 packet is received and the IP subnet-based VLAN function is enabled on the port, the source IP address of the packet will be matched against all applied IP subnet protocols. If a match is found, the packet will be forwarded in the VLAN configured with the matched IP subnet protocol. If a non-IPv4 packet is received or the IP subnet-based VLAN function is disabled on the port, the source IP address of the packet will not be matched against IP subnet protocols. If no matching is made or the matching fails, the following processing will be made: If the protocol-based VLAN function is enabled on the port, the protocol and encapsulation type of the received packet will be matched to all the protocols

Huawei Technologies Proprietary 1-4

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

applied to the port. If the matching is successful, the packet will be forwarded in the VLANs to which the matched protocols belong. If the protocol-based VLAN function is disabled on the port or the matching fails, the packet will be forwarded in the default VLAN of the port.

1.5 Configuring Protocol-Based VLAN

1.5.1 Configuration Task List
Complete the following tasks to configure a protocol-based VLAN: Task Configuring a Protocol VLAN Applying a Protocol-Based VLAN to a Port Required Required Remarks

1.5.2 Configuring a Protocol VLAN

To do Enter system view Enter VLAN view Use the command system-view vlan vlan-id protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | snap } | mode { ethernetii [ etype etype-id ] | llc [ dsap dsap-id ] [ ssap ssap-id ] | snap [ etype etype-id ] } } display protocol-vlan vlan { vlan-list | all } Required Remarks

Configure a protocol-based VLAN

Required

Display the configuration information

Available in any view

Caution: You cannot configure the same protocol under a VLAN twice while you can configure the same protocol in different VLANs. If a protocol is configured in a VLAN, you cannot remove the VLAN. If a protocol has been applied to a port, you cannot remove the protocol.

Huawei Technologies Proprietary 1-5

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

1.5.3 Applying a Protocol-Based VLAN to a Port

To do Enter system view Enter interface view Apply a protocol-based VLAN to a port Display the configuration information Use the command system-view interface interface-type interface-number port hybrid protocol-vlan vlan vlan-id { vlan-protocol-list | all } display protocol-vlan interface { interface-list | all } Required Required Available in any view Remarks

Caution: The port must be of Hybrid type and belong to the protocol-based VLAN to be applied. The same protocol configured in different VLANs cannot be applied to the same port. If a protocol-based VLAN has been applied to a port, the port cannot exit the VLAN.

1.6 Displaying Protocol-Based VLAN Configuration

To do Display the configuration information of specified protocol-based VLANs Display the configuration information of the protocol-based VLANs applied to the specified ports Use the command display protocol-vlan vlan { vlan-list | all } display protocol-vlan interface { interface-list | all } Remarks Available in any view Available in any view

1.7 Configuring an IP Subnet-Based VLAN

1.7.1 Configuration Task List
Complete the following tasks to configure an IP subnet-based VLAN: Task Configuring an IP Subnet-Based VLAN Applying an IP Subnet-Based VLAN to a Port Required Required Remarks

Huawei Technologies Proprietary 1-6

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

1.7.2 Configuring an IP Subnet-Based VLAN

To do Enter system view Enter VLAN view Assign an IP subnet to the VLAN Display the configuration information Use the command system-view vlan vlan-id ip-subnet-vlan [ index ] ip ip-address { net-mask | net-mask-length } display ip-subnet-vlan vlan { vlan-list | all } Required Required Available in any view Remarks

Caution: An IP subnet can be assigned only to one VLAN. If an IP subnet is configured in a VLAN, you cannot remove the VLAN. If an IP subnet is applied to a port, you cannot remove the IP subnet.

1.7.3 Applying an IP Subnet-Based VLAN to a Port

To do Enter system view Enter interface view Apply the specified protocol-based VLAN to the port Display the configuration information Use the command system-view interface interface-type interface-number port hybrid ip-subnet-vlan vlan vlan-id display ip-subnet-vlan interface { interface-list | all } Required Remarks

Required Available in any view

Caution: The port must be of Hybrid type and belong to the IP subnet-based VLAN to be applied. If an IP subnet-based VLAN is applied to a port, the port cannot exit the VLAN.

Huawei Technologies Proprietary 1-7

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 1 VLAN Configuration

1.8 Displaying and Maintaining IP Subnet-Based VLAN Configuration

To do Display the configuration information of the specified IP subnet-based VLANs Display the configuration information of the IP subnet-based VLANs applied to specified ports Use the command display ip-subnet-vlan vlan { vlan-list | all } display ip-subnet-vlan interface { interface-list | all } Remarks Available in any view Available in any view

1.9 VLAN Configuration Examples

1.9.1 VLAN Configuration Example
I. Network requirements
Create VLAN 2 and VLAN 3. Add Ethernet 3/1/1 and Ethernet 4/1/1 to VLAN 2. Add Ethernet 3/1/2 and Ethernet 4/1/2 to VLAN 3.

II. Network diagram

Switch

Eth3/1/1

Eth4/1/1 Eth3/1/2

Eth4/1/2

VLAN2

VLAN3

Figure 1-1 Network diagram for VLAN configuration

III. Configuration procedure

# Create VLAN 2 and enter its view.
[Quidway] vlan 2

# Add Ethernet 3/1/1 and Ethernet 4/1/1 to VLAN 2.

[Quidway-vlan2] port ethernet3/1/1 ethernet4/1/1

# Create VLAN 3 and enters its view.

[Quidway-vlan2] vlan 3

# Add Ethernet 3/1/2 and Ethernet 4/1/2 to VLAN 3.

Huawei Technologies Proprietary 1-8

Operation Manual VLAN Quidway S8500 Series Routing Switches

[Quidway-vlan3] port ethernet3/1/2 ethernet4/1/2

Chapter 1 VLAN Configuration

1.9.2 Protocol-Based VLAN and IP Subnet-Based VLAN Configuration Example

I. Network requirements
All inbound packets from E2/1/48 are untagged packets. The configurations are made for the purposes below: The inbound packets of the 10.11.113.0/24 network segment from E2/1/48 are forwarded out E2/1/1. The inbound packets of other network segments from E2/1/48 are forwarded out E2/1/3. The inbound non-IP packets from E2/1/48 are forwarded out E2/1/5.

II. Network diagram

E2/1/48

E2/1/1 E2/1/3

E2/1/5

Figure 1-2 Network diagram for protocol-based VLAN and IP subnet-based VLAN

III. Configuration procedure

# Configure an IP subnet-based VLAN.
<Quidway> system-view [Quidway] vlan 10 [Quidway-vlan10] ip-subnet-vlan ip 10.11.113.0 24 [Quidway-vlan10] port ethernet 2/1/1

# Configure a protocol-based VLAN.

[Quidway] vlan 20 [Quidway-vlan20] protocol-vlan ip [Quidway-vlan20] port ethernet 2/1/3

# Configure an egress port.

[Quidway] vlan 30 [Quidway] port ethernet 2/1/5

# Configure an ingress port.

Huawei Technologies Proprietary 1-9

Operation Manual VLAN Quidway S8500 Series Routing Switches

[Quidway]interface ethernet 2/1/48 [Quidway-Ethernet2/1/48] port link-type hybrid

Chapter 1 VLAN Configuration

[Quidway-Ethernet2/1/48] port hybrid vlan 10 20 30 untag [Quidway-Ethernet2/1/48] port hybrid pvid vlan 30

# Apply the protocol to a port.

[Quidway-Ethernet2/1/48] port hybrid ip-subnet-vlan vlan 10 [Quidway-Ethernet2/1/48] port hybrid protocol-vlan vlan 20 all

Huawei Technologies Proprietary 1-10

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 2 Super VLAN Configuration

Chapter 2 Super VLAN Configuration

When configuring super VLAN, go to these sections for information you are interested in: Super VLAN Overview Configuring a Super VLAN Super VLAN Configuration Example

2.1 Super VLAN Overview

Super VLAN, also called VLAN aggregation, is a collection of sub VLANs, each being a distinct broadcast domains isolated at Layer 2. You can create a virtual interface with an IP address for a super VLAN but not for the sub VLANs in it. When users in a sub VLAN need to communicate with each other, they use the IP address of the virtual interface of the super VLAN as the IP address of the gateway. As the IP address is shared by all sub VLANs, IP addresses are saved. For different sub VLANs to communicate with one another at Layer 3, or for a sub VLAN to communicate with other networks, you can enable the proxy ARP (Address Resolution Protocol) function. The super VLAN can use proxy ARP to forward and process ARP requests and responses so that the isolated sub VLANs can communicate with each other at Layer 3. By default, proxy ARP is disabled in a sub VLAN.

2.2 Configuring a Super VLAN

Super VLAN configuration includes: Configure a VLAN to be a super VLAN Configure sub VLANs Establish mappings between the super VLAN and the sub VLANs Enable proxy ARP for the sub VLANs

Note: You can configure multiple super VLANs for a switch. Configuring the VLAN interface and IP address for a super VLAN is the same as that for a common VLAN. Configuring sub VLANs is the same as configuring a common VLAN. This section only provides the configuration steps. For detailed information, refer to VLAN Configuration.

Huawei Technologies Proprietary 2-1

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 2 Super VLAN Configuration

Follow these steps to configure a super VLAN: To do Enter system view Enter VLAN view Set the VLAN type to super VLAN Exit Super VLAN view Create a sub VLAN and enter sub VLAN view Add Ethernet ports to sub a VLAN Exit sub VLAN view Enter Super VLAN view Configure the mapping between the super VLAN and the sub VLANs Enter sub VLAN view Use the command system-view vlan vlan-id Required Required supervlan The VLAN-ID is the configured VLAN ID in the range 1 to 4094. Required Optional Required Optional Enable proxy ARP for the sub VLAN arp proxy enable This command is necessary for multiple sub VLANs to communicate with one another. Optional Display configuration information display super vlan [ supervlan-id ] You can execute the display super vlan command in any view. Remarks

quit vlan vlan-id port interface-list quit vlan vlan-id subvlan sub-vlan-list vlan vlan-id

Huawei Technologies Proprietary 2-2

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 2 Super VLAN Configuration

Caution: A Super VLAN cannot contain ports. After you set the VLAN type to super VLAN, proxy ARP is automatically enabled on the VLAN interface. The default VLAN cannot be set to a super VLAN. You can add multiple ports (non-uplink ports) to a sub VLAN. You cannot configure a virtual VLAN interface for a sub VLAN. If no VLAN ID is specified in the undo subvlan command, the mappings between all sub VLANs and the specified super VLAN is removed; if VLAN ID(s) are specified, only the mappings between the specified sub VLANs and the specified super VLAN is removed. In a super VLAN, do not enable multicast VLAN and IGMP-snooping. Super VLAN does not support VRRP.

2.3 Super VLAN Configuration Example

I. Network requirements
Create Super VLAN 10. Create sub VLANs VLAN 2, VLAN 3 and VLAN 5. VLAN 2 contains ports 1 and 2. VLAN 3 contains ports 3 and 4. VLAN 5 contains ports 5 and 6. These sub VLANs are isolated at Layer 2. It is required that these sub VLANs communicate with one another at Layer 3.

II. Network diagram

Omitted

III. Configuration procedure

<Quidway>system-view System View: return to User View with Ctrl+Z. [Quidway] vlan 10 [Quidway-vlan10] supervlan [Quidway-vlan10] vlan 2 [Quidway-vlan2] port ethernet3/1/1 ethernet3/1/2 [Quidway-vlan2] vlan 3 [Quidway-vlan3] port Ethernet3/1/3 ethernet3/1/4 [Quidway-vlan3] vlan 5

Huawei Technologies Proprietary 2-3

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 2 Super VLAN Configuration

[Quidway-vlan5] port ethernet3/1/5 ethernet3/1/6 [Quidway-vlan5] vlan 10 [Quidway-vlan10] subvlan 2 3 5 [Quidway-vlan10] interface vlan 10 [Quidway-Vlan-interface10] ip address 10.110.1.1 255.255.255.0 [Quidway-vlan2]arp proxy enable [Quidway-vlan3]arp proxy enable [Quidway-vlan5]arp proxy enable

Huawei Technologies Proprietary 2-4

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 3 Isolate-User-VLAN Configuration

Chapter 3 Isolate-User-VLAN Configuration

When configuring Isolate-user-VLAN, go to these sections for information you are interested in: Isolate-User-VLAN Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLANs Isolate-User-VLAN Configuration Example

3.1 Isolate-User-VLAN Overview

An Isolate-user-VLAN can save the VLAN resources in a network. It adopts the two-level VLAN architecture. One level is Isolate-user-VLAN level, and the other is Secondary VLAN level, as shown in Figure 3-1. An Isolate-user-VLAN corresponds to multiple Secondary VLANs. It contains all the ports and upstream ports of the corresponding Secondary VLANs. In this way, a switch at the upper level only needs to recognize the Isolate-user-VLANs of the downstream switch instead of the Secondary VLANs, thereby streamlining the configuration and saving VLAN resources. You can use Isolate-user-VLAN to implement the isolation of Layer-2 packets by assigning a Secondary VLAN for each user, with each of the Secondary VLANs containing the ports and the upstream ports connected to the user. You can configure the ports connected to different users to be of the same Secondary VLAN to enable these users to communicate with one another at Layer 2.

VLAN 5 Isolate-user-VLAN

VLAN 6 Isolate-user-VLAN

VLAN 3 (Secondary VLAN)

VLAN 4 (Secondary VLAN)

VLAN 2 (Secondary VLAN)

VLAN 3 (Secondary VLAN)

Figure 3-1 Isolate-user-VLANs and Secondary VLANs

Huawei Technologies Proprietary 3-1

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 3 Isolate-User-VLAN Configuration

3.2 Configuring Isolate-User-VLAN

3.2.1 Configuration Task List
Complete these tasks to configure Isolate-user-VLAN: Configuration tasks Configuring an Isolate-User-VLAN Configuring a Secondary VLAN Mapping an Isolate-User-VLAN to Secondary VLANs Remarks Required Required Required

3.2.2 Configuring an Isolate-User-VLAN

To do Enter system view Create a VLAN Configure the VLAN as an Isolate-user-VLAN Use the command system-view vlan vlan-id isolate-user-vlan enable Required Required You cannot configure VLAN 1 as an Isolate-user-VLAN. Optional Add ports to the Isolate-user-VLAN An Isolate-user-VLAN can contain multiple ports, including upstream ports connecting to other switches. However the contained ports cannot be trunk ports but access or hybrid ports. Remarks

port interface-list

3.2.3 Configuring a Secondary VLAN

To do Enter system view Create a VLAN as a Secondary VLAN Use the command system-view vlan vlan-id Required You cannot configure VLAN 1 as a Secondary VLAN. Optional Add ports to the Secondary VLAN port interface-list You can add multiple ports (not uplink ports) to a Secondary VLAN. Remarks

Huawei Technologies Proprietary 3-2

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 3 Isolate-User-VLAN Configuration

Note: An Isolate-user-VLAN can correspond to up to 64 Secondary VLANs. You can configure up to 32 Isolate-user-VLANs for a system. You can configure up to 1,024 Secondary VLANs for a system. You cannot configure the same MAC address for the Secondary VLANs corresponding to an Isolate-user-VLAN. You cannot configure a VLAN interface for an Isolate-user-VLAN or Secondary VLAN; neither can you configure a VLAN with a VLAN interface as an Isolate-user-VLAN or Secondary VLAN.

3.2.4 Mapping an Isolate-User-VLAN to Secondary VLANs

To do Enter system view Map an Isolate-user-VLAN to secondary VLANs Use the command system-view isolate-user-vlan isolate-user-vlan-num secondary secondary-vlan-numlist Required Remarks

I. Note the following when mapping an Isolate-user-VLAN to Secondary VLANs

1) If the Isolate-user-VLAN contains ports For hybrid ports, if the default port VLAN ID is the same as the Isolate-user-VLAN ID, and the port joins the Isolate-user-VLAN in the Untagged mode, all the hybrid ports meeting the requirements will join the Secondary VLAN in the Untagged mode simultaneously. For those not meeting the requirements, no other processing will be made. For an access port, the system will set the port as a hybrid port and set the default port VLAN ID and Isolate-user-VLAN ID to be the same. Moreover, the port joins the Isolate-user-VLAN and Secondary VLAN in the Untagged mode. 2) If the Secondary VLAN contains ports For a hybrid port, if the default port VLAN ID is the same as the Secondary VLAN ID, and the port joins the Secondary VLAN in the Untagged mode, all the hybrid ports meeting the requirements will join the Isolate-user-VLAN in the Untagged mode simultaneously. For those not meeting the requirements, no other processing will be made. For an access port, the system will set the port as a hybrid port and set the default port VLAN ID and Secondary VLAN ID to be the same. Moreover, the port joins the Isolate-user-VLAN and Secondary VLAN in the Untagged mode.

Huawei Technologies Proprietary 3-3

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 3 Isolate-User-VLAN Configuration

II. Note the following after mapping an Isolate-user-VLAN to a Secondary VLAN

Trunk ports and access ports cannot join an Isolate-user-VLAN or Secondary VLAN. Hybrid ports can join or exit an Isolate-user-VLAN and Secondary VLAN. However, after joining an Isolate-user-VLAN or a Secondary VLAN, the Hybrid port cannot be synchronized to the configuration of other ports.

Note: You cannot directly set an Isolate-user-VLAN or Secondary VLAN as other type of VLAN than common VLAN, such as multicast VLAN, Super/Sub VLAN, Guest VLAN or VLAN running L2VPN services. When you set a common VLAN as an Isolate-user-VLAN or Secondary VLAN, the VLAN cannot contain trunk ports.

3.3 Displaying and Maintaining Isolate-User-VLANs

To do Display mappings between Isolate-user-VLANs and Secondary VLANs Use the command display isolate-user-vlan [ isolate-user-vlan-num ] Remarks

Available in any view

3.4 Isolate-User-VLAN Configuration Example

I. Network requirements
Switch A is connected to Switch B and Switch C in the downstream. 1) On Switch B

VLAN 5 is an Isolate-user-VLAN, including an upstream port (Ethernet 2/1/1) and two Secondary VLANs, VLAN 2 and VLAN 3. VLAN 2 includes Ethernet 2/1/2 and VLAN 3 includes Ethernet 2/1/3. 2) On Switch C

VLAN 6 is an Isolate-user-VLAN including an upstream port (Ethernet 2/1/1) and two Secondary VLANs: VLAN 3 and VLAN 4. VLAN 3 includes Ethernet 2/1/3 and VLAN 4 includes Ethernet2/1/4. Seen from Switch A, either Switch B or Switch C carries one VLAN, VLAN 5 and VLAN 6 respectively.
Huawei Technologies Proprietary 3-4

Operation Manual VLAN Quidway S8500 Series Routing Switches

Chapter 3 Isolate-User-VLAN Configuration

II. Network diagram

Switch A

E2/1/1 VLAN 5 E2/1/2 VLAN 3 VLAN 2 Switch B E2/1/3

E2/1/1 Switch C VLAN 6 E2/1/4 VLAN 3 VLAN 4

Figure 3-2 Network diagram for Isolate-user-VLAN

III. Configuration procedure

Only the configurations on Switch B and Switch C are listed below. 1) Configuration on Switch B

# Configure an Isolate-user-VLAN.
<Quidway> system-view [Quidway] vlan 5 [Quidway-vlan5] isolate-user-vlan enable [Quidway-vlan5] port ethernet2/1/1

# Configure Secondary VLANs.

[Quidway-vlan5] vlan 3 [Quidway-vlan3] port ethernet2/1/3 [Quidway-vlan3] vlan 2 [Quidway-vlan2] port ethernet2/1/2

# Configure the mapping between the Isolate-user-VLAN and the Secondary VLANs.
[Quidway-vlan2] quit [Quidway] isolate-user-vlan 5 secondary 2 to 3

2)

Configuration on Switch C

# Configure an Isolate-user-VLAN.
<Quidway> system-view [Quidway] vlan 6 [Quidway-vlan6] isolate-user-vlan enable [Quidway-vlan6] port ethernet2/1/1

# Configure Secondary VLANs.

[Quidway-vlan6] vlan 3

Huawei Technologies Proprietary 3-5

Operation Manual VLAN Quidway S8500 Series Routing Switches

[Quidway-vlan3] port ethernet2/1/3 [Quidway-vlan3] vlan 4 [Quidway-vlan4] port ethernet2/1/4

Chapter 3 Isolate-User-VLAN Configuration

# Configure the mapping relationship between the Isolate-user-VLAN and the Secondary VLANs.
[Quidway-vlan4] quit [Quidway] isolate-user-vlan 6 secondary 3 to 4

Huawei Technologies Proprietary 3-6