No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

This section provides several configuration examples of VLANs including networking requirements, configuration roadmap, and configuration procedure.

Example for Assigning VLANs Based on Ports

Networking Requirements

As shown in Figure 5-57, multiple user terminals are connected to switches in a data center. Users who use the same service access the network using different devices.

To ensure the communication security and avoid broadcast storms, the administrator wants to allow users who use the same service to communicate with each other but isolate users who use different services.

Configure port-based VLANs on the switch and add ports connecting to terminals of users who use the same service to the same VLAN. Users in different VLANs cannot perform Layer 2 communication. Users in the same VLAN can communicate directly.

Figure 5-57 Networking diagram for assigning VLANs based on ports
Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs and add ports connecting to user terminals to VLANs to isolate Layer 2 traffic between users who use different services.
  2. Configure the type of link between SwitchA and SwitchB and VLANs to allow users who use the same service to communicate.

Procedure

  1. Create VLAN2 and VLAN3 on SwitchA, and add ports connecting to user terminals to different VLANs. Configuration of SwitchB is similar to that of SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 2 3
    [*SwitchA] interface 10ge 1/17/1
    [*SwitchA-10GE1/17/1] port default vlan 2
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] interface 10ge 1/17/2
    [*SwitchA-10GE1/17/2] port default vlan 3
    [*SwitchA-10GE1/17/2] quit
    [*SwitchA] commit

  2. Configure the type of port connecting to SwitchB on SwitchA and VLANs. Configuration of SwitchB is similar to that of SwitchA.

    [~SwitchA] interface 10ge 1/17/3
    [~SwitchA-10GE1/17/3] port link-type trunk
    [*SwitchA-10GE1/17/3] port trunk allow-pass vlan 2 3
    [*SwitchA-10GE1/17/3] commit

  3. Verify the configuration.

    Add User1 and User2 to the same IP address segment, for example, 192.168.100.0/24. Add User3 and User4 to the same IP address segment, for example, 192.168.200.0/24.

    Only User1's and User2's terminals can ping each other. Only User3's and User4's terminals can ping each other.

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 2 to 3
#
interface 10GE1/17/1
 port default vlan 2
#
interface 10GE1/17/2
 port default vlan 3
#
interface 10GE1/17/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 2 to 3
#
interface 10GE1/17/1
 port default vlan 2
#
interface 10GE1/17/2
 port default vlan 3  
#
interface 10GE1/17/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

Example for Assigning VLANs based on MAC Addresses

Networking Requirements

On an enterprise network, the network administrator adds users in a department to the same VLAN. To improve information security, only users is this department are allowed to access the intranet.

As shown in Figure 5-58, User1, User2, and User3 connect to the key department demanding high security. It is required that only the three users be allowed to access the intranet through Switch.

To improve information security of the key department, you can configure MAC address-based VLAN assignment and bind MAC addresses of User1, User2, and User3 to a VLAN.

Figure 5-58 Networking diagram for assigning VLANs based on MAC addresses
Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs and determine which VLAN the Users of employees belong to.

  2. Add Ethernet interfaces to VLANs so that packets of the VLANs can pass through the interfaces.

  3. Associate MAC addresses of User1, User2, and User3 with the specified VLAN so that the VLAN of the packet can be determined based on the source MAC address.

Procedure

  1. Configure the Switch Module.

    # Create VLANs.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 10
    [*Switch] commit
    

    # Add interfaces to the VLANs. The configuration of 10GE1/17/3 or 10GE1/17/4 is similar to the configuration of 10GE1/17/2 and the configuration details are not mentioned here.

    [~Switch] interface 10ge 1/17/1
    [~Switch-10GE1/17/1] port link-type hybrid
    [*Switch-10GE1/17/1] port hybrid tagged vlan 10
    [*Switch-10GE1/17/1] quit
    [*Switch] interface 10ge 1/17/2
    [*Switch-10GE1/17/2] port link-type hybrid
    [*Switch-10GE1/17/2] port hybrid untagged vlan 10
    [*Switch-10GE1/17/2] quit
    [*Switch] commit
    

    # Associate MAC addresses of User1, User2, and User3 with VLAN 10.

    [~Switch] vlan 10
    [~Switch-vlan10] mac-vlan mac-address 22-22-22
    [*Switch-vlan10] mac-vlan mac-address 33-33-33
    [*Switch-vlan10] mac-vlan mac-address 44-44-44
    [*Switch-vlan10] quit
    [*Switch] commit
    

    # Enable MAC address-based VLAN assignment on 10GE1/17/2. The configuration of 10GE1/17/3 or 10GE1/17/4 is similar to the configuration of 10GE1/17/2 and the configuration details are not mentioned here.

    [~Switch] interface 10ge 1/17/2
    [~Switch-10GE1/17/2] mac-vlan enable
    [*Switch-10GE1/17/2] quit
    [*Switch] commit
    

  2. Verify the configuration.

    User1, User2, and User3 can access the intranet, whereas other cannot access the intranet.

Configuration Files

Configuration file of the Switch Module

#
sysname Switch
#
vlan batch 10
#
vlan 10
 mac-vlan mac-address 0022-0022-0022
 mac-vlan mac-address 0033-0033-0033
 mac-vlan mac-address 0044-0044-0044
#
interface 10GE1/17/1
 port link-type hybrid
 port hybrid tagged vlan 10
#
interface 10GE1/17/2
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
interface 10GE1/17/3
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
interface 10GE1/17/4
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
return

Example for Assigning VLANs Based on IP Subnets

Networking Requirements

A data center network has multiple services, including office services, production services, and disaster recovery services. Each service uses a unique IP subnet. To facilitate management, packets of the same service must be transmitted in the same VLAN, and packets of different services must be transmitted in different VLANs.

On the network shown in Figure 5-59, the switch connects to the office server, production server, and disaster recovery server on different network segments. Different services need to be assigned to different VLANs and distributed to different remote networks.

Figure 5-59 Networking diagram for assigning VLANs based on IP subnets

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs and determine which VLAN each service belongs to.
  2. Associate IP subnets with VLANs so that VLANs of packets can be determined based on the source IP addresses or specified network segments.

  3. Add interfaces to VLANs so that packets of the IP subnet-based VLANs can pass through the interfaces.
  4. Enable IP subnet-based VLAN assignment.

Procedure

  1. Create VLANs.

    # Create VLAN 100, VLAN 200, and VLAN 300 on the Switch.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 100 200 300
    [*Switch] commit
    

  2. Configure interfaces.

    # Set the link type of 10GE1/17/5, 10GE1/17/6, and 10GE1/17/7 to hybrid and add it to VLAN 100, VLAN 200, and VLAN 300 respectively in untagged mode. And enable IP subnet-based VLAN assignment on 10GE1/17/5, 10GE1/17/6, and 10GE1/17/7.

    [~Switch] interface 10ge 1/17/5
    [~Switch-10GE1/17/5] port link-type hybrid
    [*Switch-10GE1/17/5] port hybrid untagged vlan 100
    [*Switch-10GE1/17/5] ip-subnet-vlan enable
    [*Switch-10GE1/17/5] quit
    [*Switch] interface 10ge 1/17/6
    [*Switch-10GE1/17/6] port link-type hybrid
    [*Switch-10GE1/17/6] port hybrid untagged vlan 200
    [*Switch-10GE1/17/6] ip-subnet-vlan enable
    [*Switch-10GE1/17/6] quit
    [*Switch] interface 10ge 1/17/7
    [*Switch-10GE1/17/7] port link-type hybrid
    [*Switch-10GE1/17/7] port hybrid untagged vlan 300
    [*Switch-10GE1/17/7] ip-subnet-vlan enable
    [*Switch-10GE1/17/7] quit
    [*Switch] commit

    # Add 10GE1/17/2 of the Switch to VLAN 100.

    [~Switch] interface 10ge 1/17/2
    [~Switch-10GE1/17/2] port link-type trunk
    [*Switch-10GE1/17/2] port trunk allow-pass vlan 100
    [*Switch-10GE1/17/2] quit
    [*Switch] commit
    

    # Add 10GE1/17/3 of the Switch to VLAN 200.

    [~Switch] interface 10ge 1/17/3
    [~Switch-10GE1/17/3] port link-type trunk
    [*Switch-10GE1/17/3] port trunk allow-pass vlan 200
    [*Switch-10GE1/17/3] quit
    [*Switch] commit

    # Add 10GE1/17/4 of the Switch to VLAN 300.

    [~Switch] interface 10ge 1/17/4
    [~Switch-10GE1/17/4] port link-type trunk
    [*Switch-10GE1/17/4] port trunk allow-pass vlan 300
    [*Switch-10GE1/17/4] quit
    [*Switch] commit

  3. Configure IP subnet-based VLAN assignment.

    # Associate IP subnet 192.168.1.2/24 to VLAN 100.

    [~Switch] vlan 100
    [~Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24
    [*Switch-vlan100] quit

    # Associate IP subnet 192.168.2.2/24 to VLAN 200.

    [*Switch] vlan 200
    [*Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24
    [*Switch-vlan200] quit
    

    # Associate IP subnet 192.168.3.2/24 to VLAN 300.

    [*Switch] vlan 300
    [*Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24
    [*Switch-vlan300] quit
    [*Switch] commit
    

  4. Verify the configuration.

    Run the display ip-subnet-vlan vlan all command on the Switch Module. The following information is displayed:

    [~Switch] display ip-subnet-vlan vlan all
     ip-subnet-vlan count: 3                  total count: 3
     ----------------------------------------------------------------
     VLAN    Index   IpAddress           SubnetMask          Priority
     ----------------------------------------------------------------
     100     1       192.168.1.2         255.255.255.0       0
     200     1       192.168.2.2         255.255.255.0       0
     300     1       192.168.3.2         255.255.255.0       0
     ----------------------------------------------------------------
    

    The product service, office service, and disaster recovery service can only be transmitted in the production center, campus office network, and disaster recovery data center respectively.

Configuration Files
  • Configuration file of the Switch

    #
    sysname Switch
    #
    vlan batch 100 200 300
    #
    vlan 100
     ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0
    vlan 200
     ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0
    vlan 300
     ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0
    #
    interface 10GE1/17/2
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface 10GE1/17/3 
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    interface 10GE1/17/4 
     port link-type trunk
     port trunk allow-pass vlan 300
    #
    interface 10GE1/17/5
     port link-type hybrid
     port hybrid untagged vlan 100
     ip-subnet-vlan enable
    #
    interface 10GE1/17/6
     port link-type hybrid
     port hybrid untagged vlan 200
     ip-subnet-vlan enable
    #
    interface 10GE1/17/7
     port link-type hybrid
     port hybrid untagged vlan 300
     ip-subnet-vlan enable
    #
    return

Example for Implementing Inter-VLAN Communication Using VLANIF Interfaces

Networking Requirements

Users in an enterprise use different services and locate at different network segments. Users who use the same service belong to different VLANs and they want to communicate with each other.

As shown in Figure 5-60, User 1 and User 2 use the same service but belong to different VLANs and locate at different network segments. User 1 wants to communicate with User 2.

Figure 5-60 Networking diagram for implementing inter-VLAN communication using VLANIF interfaces
Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs on the switches for different users.
  2. Add interfaces to VLANs so that packets of the VLANs can pass through the interfaces.
  3. Create VLANIF interfaces and configure IP addresses for the VLANIF interfaces to implement Layer 3 communication.
NOTE:

To implement communication between VLANs, hosts in each VLAN must use the IP address of the corresponding VLANIF interface as the gateway address.

Procedure

  1. Configure the Switch Module.

    # Create VLANs.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 10 20
    [*Switch] commit
    

    # Add interfaces to VLANs.

    [~Switch] interface 10ge 1/17/1
    [~Switch-10GE1/17/1] port default vlan 10
    [*Switch-10GE1/17/1] quit
    [*Switch] interface 10ge 1/17/2
    [*Switch-10GE1/17/2] port default vlan 20
    [*Switch-10GE1/17/2] quit
    [*Switch] commit
    

    # Assign IP addresses to the VLANIF interfaces.

    [~Switch] interface vlanif 10
    [*Switch-Vlanif10] ip address 10.10.10.2 24
    [*Switch-Vlanif10] quit
    [*Switch] interface vlanif 20
    [*Switch-Vlanif20] ip address 10.10.20.2 24
    [*Switch-Vlanif20] quit
    [*Switch] commit
    

  2. Verify the configuration.

    Configure the IP address 10.10.10.3/24 on user 1's host, configure the VLANIF 10 interface IP address 10.10.10.2/24 as the gateway address.

    Configure the IP address 10.10.20.3/24 on user 1's host, configure the VLANIF 10 interface IP address 10.10.20.2/24 as the gateway address.

    After the preceding configurations are complete, User 1 in VLAN 10 and User 2 in VLAN 20 can communicate.

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
 ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
 ip address 10.10.20.2 255.255.255.0
#
interface 10GE1/17/1
 port default vlan 10
#
interface 10GE1/17/2
 port default vlan 20
#
return

Example for Configuring VLAN Aggregation

Networking Requirements

Multiple departments in an enterprise locate at the same network segment. To improve the service security, assign departments to different VLANs. Some departments need to communicate.

As shown in Figure 5-61, departments in VLAN 2 and VLAN 3 want to communicate with each other.

You can configure VLAN aggregation on the switch to isolate VLAN 2 from VLAN 3 at Layer 2 and allow them to communicate at Layer 3. VLAN 2 and VLAN 3 use the same subnet segment, saving IP addresses.

Figure 5-61 Networking diagram for configuring VLAN aggregation
Configuration Roadmap

The configuration roadmap is as follows:

  1. Add interfaces of the Switch Module to sub-VLANs to isolate sub-VLANs at Layer 2.

  2. Add the sub-VLANs to a super-VLAN.

  3. Configure the IP address for the VLANIF interface.

  4. Configure proxy ARP for the super-VLAN to allow sub-VLANs to communicate at Layer 3.

Procedure

  1. Create VLAN 2 and add 10GE1/17/1 and 10GE1/17/2 to VLAN 2.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan 2
    [*Switch-vlan2] port 10ge 1/17/1 1/17/2
    [*Switch-vlan2] quit
    [*Switch] commit
    

  2. Create VLAN 3 and add 10GE1/17/3 and 10GE1/17/4 to VLAN 3.

    [~Switch] vlan 3
    [*Switch-vlan3] port 10ge 1/17/3 1/17/4
    [*Switch-vlan3] quit
    [*Switch] commit
    

  3. Configure VLAN 4.

    # Configure the super-VLAN.

    [~Switch] vlan 4
    [*Switch-vlan4] aggregate-vlan
    [*Switch-vlan4] access-vlan 2 to 3
    [*Switch-vlan4] quit
    [*Switch] commit

    # Configure the VLANIF interface.

    [~Switch] interface vlanif 4
    [*Switch-Vlanif4] ip address 10.1.1.12  255.255.255.0
    [*Switch-Vlanif4] quit
    [*Switch] commit
    

  4. Configure the PCs.

    Configure an IP address for each PC. Ensure that the PC IP addresses are in the same network segment as VLAN 4.

    When the configuration is complete, the PCs and the Switch Module can ping each other, but the PCs in VLAN 2 and the PCs in VLAN 3 cannot ping each other. You need to configure proxy ARP on the switch.

  5. Configure proxy ARP.

    [~Switch] interface vlanif 4 
    [*Switch-Vlanif4] arp proxy inter-vlan enable
    [*Switch-Vlanif4] quit
    [*Switch] commit
    

  6. Verify the configuration.

    When the configuration is complete, the PCs in VLAN 2 and VLAN 3 can ping each other.

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 2 to 4
#
vlan 4
 aggregate-vlan
 access-vlan 2 to 3
#
interface Vlanif4
 ip address 10.1.1.12  255.255.255.0
 arp proxy inter-vlan enable
#
interface 10GE1/17/1
 port default vlan 2
#
interface 10GE1/17/2
 port default vlan 2
#
interface 10GE1/17/3
 port default vlan 3
#
interface 10GE1/17/4
 port default vlan 3
#
return

Example for Configuring the MUX VLAN on the Access Layer Device

Networking Requirements

As shown in Figure 5-62, office service servers ServerB, ServerC, ServerD, and ServerE are deployed on a data center network. All servers can connect to the campus office network. The data center administrator requires that ServerB should communicate with ServerC and ServerD should be isolated from ServerE.

To solve the problem, deploy the MUX VLAN on the switch connected to servers, and connect the principal port to the office network, separate port to servers that do not need to communicate, and group port to servers that need to communicate. This saves VLAN IDs on the network and facilitates network management.

Figure 5-62 MUX VLAN configuration
Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the principal VLAN.

  2. Configure the group VLAN.

  3. Configure the separate VLAN.

  4. Add interfaces to the VLANs and enable the MUX VLAN function.

Procedure

  1. Configure a MUX VLAN.

    # Create VLAN 2, VLAN 3, and VLAN 4.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 2 3 4
    [*Switch] commit
    

    # Configure the Group VLAN and Separate VLAN in the MUX VLAN.

    [~Switch] vlan 2
    [~Switch-vlan2] mux-vlan
    [*Switch-vlan2] subordinate group 3
    [*Switch-vlan2] subordinate separate 4
    [*Switch-vlan2] quit
    [*Switch] commit
    

    # Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.

    [~Switch] interface 10ge 1/17/1
    [~Switch-10GE1/17/1] port default vlan 2
    [*Switch-10GE1/17/1] port mux-vlan enable vlan 2
    [*Switch-10GE1/17/1] quit
    [*Switch] interface 10ge 1/17/2
    [*Switch-10GE1/17/2] port default vlan 3
    [*Switch-10GE1/17/2] port mux-vlan enable vlan 3
    [*Switch-10GE1/17/2] quit
    [*Switch] interface 10ge 1/17/3
    [*Switch-10GE1/17/3] port default vlan 3
    [*Switch-10GE1/17/3] port mux-vlan enable vlan 3
    [*Switch-10GE1/17/3] quit
    [*Switch] interface 10ge 1/17/4
    [*Switch-10GE1/17/4] port default vlan 4
    [*Switch-10GE1/17/4] port mux-vlan enable vlan 4
    [*Switch-10GE1/17/4] quit
    [*Switch] interface 10ge 1/17/5
    [*Switch-10GE1/17/5] port default vlan 4
    [*Switch-10GE1/17/5] port mux-vlan enable vlan 4
    [*Switch-10GE1/17/5] quit
    [*Switch] commit

  2. Verify the configuration.

    • Server B, Server C, Server D, and Server E can access external networks.

    • Server B and Server C can ping each other.

    • Server D and Server E cannot ping each other.

    • Server B and Server C cannot ping Server D or host E. Server D and Server E cannot ping Server B or Server C.

Configuration File

Configuration file of the Switch Module

#
 sysname Switch
#
vlan batch 2 to 4
#
vlan 2
 mux-vlan
 subordinate separate 4 
 subordinate group 3
#
interface 10GE1/17/1
 port default vlan 2 
 port mux-vlan enable vlan 2
#
interface 10GE1/17/2
 port default vlan 3
 port mux-vlan enable vlan 3
#
interface 10GE1/17/3
 port default vlan 3
 port mux-vlan enable vlan 3
#
interface 10GE1/17/4
 port default vlan 4
 port mux-vlan enable vlan 4
#
interface 10GE1/17/5
 port default vlan 4
 port mux-vlan enable vlan 4
#
return

Example for Configuring the MUX VLAN on the Aggregation Device

Context

As shown in Figure 5-63, office service servers ServerB, ServerC, ServerD, and ServerE are deployed on a data center network. All servers can connect to the campus office network. The data center administrator requires that ServerB should communicate with ServerC and ServerD should be isolated from ServerE.

As shown in Figure 5-63, Switch1 is deployed at the aggregation layer and used as the gateway of downstream terminals. Switch2, Switch3, Switch4, Switch5, are access layer devices. You can configure MUX VLAN on Switch1. This saves VLAN IDs on the enterprise network and facilitates network management.

Figure 5-63 Network of MUX VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the principal VLAN and a VLANIF interface. The IP address of the VLANIF interface is used as the gateway IP address of downstream hosts and server.

  2. Configure the group VLAN.

  3. Configure the separate VLAN.

  4. Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.

  5. Add interfaces of access layer devices to VLANs.

Procedure

  1. Configure the MUX VLAN.

    # Create VLAN 2, VLAN 3, and VLAN 4, and a VLANIF interface for VLAN 2. The IP address of the VLANIF interface is used as the gateway IP address of servers.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch1
    [*HUAWEI] commit
    [~Switch1] vlan batch 2 3 4
    [*Switch1] interface vlanif 2
    [*Switch1-Vlanif2] ip address 192.168.100.100 24
    [*Switch1-Vlanif2] quit
    [*Switch1] commit
    

    # Configure the group VLAN and separate VLAN.

    [~Switch1] vlan 2
    [~Switch1-vlan2] mux-vlan
    [*Switch1-vlan2] subordinate group 3
    [*Switch1-vlan2] subordinate separate 4
    [*Switch1-vlan2] quit
    [*Switch1] commit
    

    # Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.

    [~Switch1] interface 10ge 1/17/1
    [~Switch1-10GE1/17/1] port link-type trunk
    [*Switch1-10GE1/17/1] port trunk allow-pass vlan 2
    [*Switch1-10GE1/17/1] port mux-vlan enable vlan 2
    [*Switch1-10GE1/17/1] quit
    [*Switch1] interface 10ge 1/17/2
    [*Switch1-10GE1/17/2] port link-type trunk
    [*Switch1-10GE1/17/2] port trunk allow-pass vlan 3
    [*Switch1-10GE1/17/2] port mux-vlan enable vlan 3
    [*Switch1-10GE1/17/2] quit
    [*Switch1] interface 10ge 1/17/3
    [*Switch1-10GE1/17/3] port link-type trunk
    [*Switch1-10GE1/17/3] port trunk allow-pass vlan 3
    [*Switch1-10GE1/17/3] port mux-vlan enable vlan 3
    [*Switch1-10GE1/17/3] quit
    [*Switch1] interface 10ge 1/17/4
    [*Switch1-10GE1/17/4] port link-type trunk
    [*Switch1-10GE1/17/4] port trunk allow-pass vlan 4
    [*Switch1-10GE1/17/4] port mux-vlan enable vlan 4
    [*Switch1-10GE1/17/4] quit
    [*Switch1] interface 10ge 1/17/5
    [*Switch1-10GE1/17/5] port link-type trunk
    [*Switch1-10GE1/17/5] port trunk allow-pass vlan 4
    [*Switch1-10GE1/17/5] port mux-vlan enable vlan 4
    [*Switch1-10GE1/17/5] quit
    [*Switch1] commit

  2. Add interfaces of access layer switches to VLANs. The configuration details are not mentioned here.
  3. Verify the configuration.

    • Server B, Server C, Server D, and Server E can access external networks.

    • Server B and Server C can ping each other.

    • Server D and Server E cannot ping each other.

    • Server B and Server C cannot ping Server D or host E. Server D and Server E cannot ping Server B or Server C.

Configuration Files

Configuration file of Switch1

#
sysname Switch1
#
vlan batch 2 to 4
#
vlan 2
 mux-vlan
 subordinate separate 4 
 subordinate group 3
#
interface Vlanif2                                                             
 ip address 192.168.100.100 255.255.255.0  
#
interface 10GE1/17/1
 port link-type trunk
 port trunk allow-pass vlan 2 
 port mux-vlan enable vlan 2
#
interface 10GE1/17/2
 port link-type trunk
 port trunk allow-pass vlan 3
 port mux-vlan enable vlan 3
#
interface 10GE1/17/3
 port link-type trunk
 port trunk allow-pass vlan 3
 port mux-vlan enable vlan 3
#
interface 10GE1/17/4
 port link-type trunk
 port trunk allow-pass vlan 4
 port mux-vlan enable vlan 4
#
interface 10GE1/17/5
 port link-type trunk
 port trunk allow-pass vlan 4
 port mux-vlan enable vlan 4
#
return

Example for Configuring Transparent Transmission of Protocol Packets in a VLAN

Networking Requirements

As shown in Figure 5-64, a data center network has office servers ServerA and ServerB. ServerA and ServerB belong to VLAN 10 and obtain IP addresses through DHCP. SwitchB is a Layer 2 switching device and has DHCP snooping enabled to defend against DHCP-oriented attacks. In this case, protocol packets in all VLANs are sent to the CPU for processing, and the CPU needs to forward the packets to other devices. This affects the forwarding speed and efficiency of protocol packets. To address this issue, enable transparent transmission of protocol packets in VLAN 10 on SwitchB. After protocol packets from VLAN 10 reach SwitchB, SwitchB directly forwards the protocol packets without sending them to the CPU. This accelerates forwarding of protocol packets.

Figure 5-64 Networking for configuring transparent transmission of protocol packets in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Allocate the downlink interfaces of SwitchA connected to office servers to VLAN 10.

  2. Enable transparent transmission of protocol packets in a VLAN on SwitchB. When protocol packets from a specified VLAN reach SwitchB, SwitchB directly forwards the protocol packets without sending them to the CPU.

Procedure

  1. Add the downlink interfaces on SwitchA to VLAN 10 and configure the uplink interfaces to allow VLAN 10.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan 10
    [*SwitchA-vlan10]quit
    [*SwitchA] interface 10ge 1/17/1
    [*SwitchA-10GE1/17/1] port default vlan 10
    [*SwitchA-10GE1/17/1] quit
    [*SwitchA] interface 10ge 1/17/2
    [*SwitchA-10GE1/17/2] port default vlan 10
    [*SwitchA-10GE1/17/2] quit
    [*SwitchA] interface 10ge 1/17/3
    [*SwitchA-10GE1/17/3] port link-type trunk
    [*SwitchA-10GE1/17/3] port trunk allow-pass vlan 10
    [*SwitchA-10GE1/17/3] quit
    [*SwitchA] commit

  2. Enable transparent transmission of protocol packets in a VLAN on SwitchB.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] vlan 10
    [*SwitchB-vlan10] quit
    [*SwitchB] interface 10ge 1/17/1
    [*SwitchB-10GE1/17/1] port link-type trunk
    [*SwitchB-10GE1/17/1] port trunk allow-pass vlan 10
    [*SwitchB-10GE1/17/1] quit
    [*SwitchB] interface 10ge 1/17/2
    [*SwitchB-10GE1/17/2] port link-type trunk
    [*SwitchB-10GE1/17/2] port trunk allow-pass vlan 10
    [*SwitchB-10GE1/17/2] quit
    [*SwitchB] vlan 10
    [*SwitchB-vlan10] protocol-transparent
    [*SwitchB-vlan10] quit
    [*SwitchB] commit

  3. Verify the configuration.

    Run the display this command in the view of VLAN 10 on SwitchB. You can see that transparent transmission of protocol packets is enabled in VLAN 10.

    [~SwitchB] vlan 10
    [~SwitchB-vlan10] display this
    #
    vlan 10
     protocol-transparent
    #
    return
    

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 10
#
interface 10GE1/17/1
 port default vlan 10
#
interface 10GE1/17/2
 port default vlan 10
#
interface 10GE1/17/3
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 10
#
vlan 10
 protocol-transparent
#
interface 10GE1/17/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface 10GE1/17/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57168

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next