Typical VLAN Configuration

S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Typical VLAN Configuration

Example for Configuring Interface-based VLAN Assignment
Example for Configuring Interface-based VLAN Assignment (Access Device Used as the Gateway)
Example for Configuring Interface-based VLAN Assignment (Aggregation Device Used as the Gateway)
Example for Configuring MAC Address-based VLAN Assignment
Example for Configuring IP Subnet-based VLAN Assignment
Example for Directly Connecting a Terminal to a Layer 3 Gateway to Implement Inter-VLAN Communication
Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch
Example for Configuring Communication Between Different Network Segments Through Static Routes
Example for Configuring the Super-VLAN
Example for Configuring MUX VLAN to Isolate Users in the Same VLAN

Example for Configuring Interface-based VLAN Assignment

Overview

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Table 3-69 compares different VLAN assignment modes.

Table 3-69 Comparisons among VLAN assignment modes

VLAN Assignment Mode	Implementation	Advantage	Disadvantage	Usage Scenario
Interface-based VLAN assignment	VLANs are assigned based on interfaces. A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID.	It is simple to define VLAN members.	The network administrator needs to reconfigure VLANs when VLAN members change.	Applies to networks of any scale and with devices at fixed locations.
MAC address-based VLAN assignment	VLANs are assigned based on source MAC addresses of frames. A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network.	The network administrator must predefine VLANs for all members on a network.	Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.
IP subnet-based VLAN assignment	VLANs are assigned based on source IP addresses and subnet masks. A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This mode reduces communication traffic and allows a broadcast domain to span multiple switches.	Users are evenly spread and multiple users are on the same network segment.	Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.
Protocol-based VLAN assignment	VLANs are assigned based on protocol (suite) types and encapsulation formats of frames. A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN.	This mode binds service types to VLANs, facilitating management and maintenance.	The network administrator must preconfigure mappings between all protocol types and VLAN IDs. The switch needs to analyze protocol address formats and convert the formats, which consumes excessive resources. Therefore, this mode slows down switch response time.	Applies to networks using multiple protocols.
Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces)	VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses. A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN.	This mode provides high security. MAC addresses or IP addresses of users who have been bound to VLANs cannot be changed. The network administrator can flexibly select which policies to use according to the management mode and requirements.	Each policy needs to be manually configured.	Applies to complex networks.

Interface-based VLAN assignment is the simplest and most commonly used method.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-79, the switch of an enterprise connects to many users, and users accessing the same service connect to the enterprise network through different devices. To ensure communication security and prevent broadcast storms, the enterprise requires that users using the same service communicate with each other and users accessing different services be isolated. You can configure interface-based VLAN assignment on the switch so that the switch adds interfaces connected to users using the same service to the same VLAN. Users in different VLANs cannot communicate with each other at Layer 2, and users in the same VLAN can communicate with each other.

Figure 3-79 Networking of interface-based VLAN assignment

Configuration Roadmap

The configuration roadmap is as follows:

Create VLANs and add interfaces that connect users to VLANs to isolate Layer 2 traffic of different services.
Configure link types of interfaces between SwitchA and SwitchB and VLANs allowed by interfaces so that users accessing the same service can communicate with each other through SwitchA and SwitchB.

Procedure

Create VLAN 2 and VLAN 3 on SwitchA and add interfaces that are connected to users to VLANs. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 3   //Create VLAN 2 and VLAN 3 in a batch.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access  //The interface connected to the access device must be the access interface. The default link type of an interface is not access, so you need to manually configure the access interface.
[SwitchA-GigabitEthernet1/0/1] port default vlan 2   //Add GE1/0/1 to VLAN 2.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 3   //Add GE1/0/2 to VLAN 3.
[SwitchA-GigabitEthernet1/0/2] quit

Configure the link type of the interface on SwitchA that is connected to SwitchB and VLAN allowed by the interface. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.

[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk   //The link type of interfaces connecting switches must be trunk. The default link type of an interface is not trunk, so you need to manually configure the trunk interface.
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 3    //Add GE1/0/3 to VLAN 2 and VLAN 3.

Verify the configuration.
User1 and User2 are on the same network segment, for example, 192.168.100.0/24; User3 and User4 are on the same network segment, for example, 192.168.200.0/24.

User1 and User2 can ping each other, but cannot ping User3 or User4. User3 and User4 can ping each other, but cannot ping User1 or User2.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

Example for Configuring Interface-based VLAN Assignment (Access Device Used as the Gateway)

Overview

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Interface-based VLAN assignment is the simplest and commonly used.

Interface-based VLAN assignment indicates that VLANs are assigned based on interfaces. A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. Then the frame is transmitted in a specified VLAN.

In typical hierarchical networking, when the access switch is a Layer 3 switch, the access switch can be used as the gateway of PCs to simplify the configuration of the aggregation switch.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-80, PC1 and PC2 belong to VLAN 2 and VLAN 3, respectively. PC1 and PC2 connect to the aggregation switch SW1 through the access switch SW2. PC3 belongs to VLAN 4 and connects to SW1 through SW3. SW2 functions as the gateway of PC1 and PC2, and SW3 is used as the gateway of PC3. Static routes are configured on switches so that PCs can communicate with each other and can be connected to the router.

Figure 3-80 Configuring access devices as gateways

Configuration Roadmap

The configuration roadmap is as follows:

Configure interface-based assignment on the access switch to implement Layer 2 interworking.
Configure access switches as gateways of PCs to implement communication between PCs on different network segments.
Configure static routes on the aggregation switch so that PCs can communicate with the router.

Procedure

Configure SW2.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SW2  //Change the device name to SW2 for easy identification.
[SW2] vlan batch 2 to 3  //Create VLAN 2 and VLAN 3 in a batch.

# Add interfaces to VLANs.

[SW2] interface gigabitethernet 1/0/23
[SW2-GigabitEthernet1/0/23] port link-type access  //Configure the interface connected to the PC as the access interface.
[SW2-GigabitEthernet1/0/23] port default vlan 2  //Add PC1 to VLAN 2.
[SW2-GigabitEthernet1/0/23] quit
[SW2] interface gigabitethernet 1/0/24
[SW2-GigabitEthernet1/0/24] port link-type access
[SW2-GigabitEthernet1/0/24] port default vlan 3  //Add PC2 to VLAN 3.
[SW2-GigabitEthernet1/0/24] quit

# Configure VLANIF interfaces and configure IP addresses for VLANIF interfaces as gateway addresses of PCs.

[SW2] interface vlanif 2  //Create VLANIF 2.
[SW2-Vlanif2] ip address 192.168.2.1 24  //Configure an IP address for VLANIF 2. The IP address is the gateway address of PC1.
[SW2-Vlanif2] quit
[SW2] interface vlanif 3  //Create VLANIF 3.
[SW2-Vlanif3] ip address 192.168.3.1 24  //Configure an IP address for VLANIF 3. The IP address is the gateway address of PC2.
[SW2-Vlanif3] quit

# Connect SW2 to SW1.

[SW2] vlan batch 5  //Create VLAN 5.
[SW2] interface gigabitethernet 1/0/1
[SW2-GigabitEthernet1/0/1] port link-type access
[SW2-GigabitEthernet1/0/1] port default vlan 5  //Configure SW2 and SW1 to communicate in untagged mode.
[SW2-GigabitEthernet1/0/1] quit
[SW2] interface vlanif 5  //Create VLANIF 5.
[SW2-Vlanif5] ip address 192.168.5.2 24  //Configure an IP address for VLANIF 5. The IP address is the IP address of the interconnected interface between SW1 and SW2.
[SW2-Vlanif5] quit
[SW2] ip route-static 0.0.0.0 0.0.0.0 192.168.5.1  //Configure a default route so that the PC can access the router. The next hop address is the IP address of the interface connected to SW1.

Configure SW3.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SW3  //Change the device name to SW3.
[SW3] vlan batch 4  //Create VLAN 4.

# Add interfaces to VLANs.

[SW3] interface gigabitethernet 1/0/2
[SW3-GigabitEthernet1/0/2] port link-type access  //Configure the interface connected to the PC as the access interface.
[SW3-GigabitEthernet1/0/2] port default vlan 4  //Add PC3 to VLAN 4.
[SW3-GigabitEthernet1/0/2] quit

# Configure VLANIF interfaces and configure IP addresses for VLANIF interfaces as gateway addresses of PCs.

[SW3] interface vlanif 4  //Create VLANIF 4.
[SW3-Vlanif4] ip address 192.168.4.1 24  //Configure an IP address for VLANIF 4. The IP address is the gateway address of PC3.
[SW3-Vlanif4] quit

# Connect SW3 to SW1.

[SW3] vlan batch 5  //Create VLAN 5.
[SW3] interface gigabitethernet 1/0/1
[SW3-GigabitEthernet1/0/1] port link-type access
[SW3-GigabitEthernet1/0/1] port default vlan 5  //Configure SW3 and SW1 to communicate in untagged mode.
[SW3-GigabitEthernet1/0/1] quit
[SW3] interface vlanif 5  //Create VLANIF 5.
[SW3-Vlanif5] ip address 192.168.5.3 24  //Configure an IP address for VLANIF 5. The IP address is the IP address of interconnected interface between SW3 and SW1.
[SW3-Vlanif5] quit
[SW3] ip route-static 0.0.0.0 0.0.0.0 192.168.5.1  //Configure a default route so that the PC can access the router. The next hop address is the IP address of the interface connected to SW1.

Configure SW1.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SW1  //Change the device name to SW1.
[SW1] vlan batch 5  //Create VLAN 5.

# Add interfaces connected to PCs to VLANs.

[SW1] interface gigabitethernet 1/0/1
[SW1-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to the router as the access interface.
[SW1-GigabitEthernet1/0/1] port default vlan 5
[SW1-GigabitEthernet1/0/1] quit
[SW1] interface gigabitethernet 1/0/2
[SW1-GigabitEthernet1/0/2] port link-type access  //Configure the interface connected to SW2 as the access interface.
[SW1-GigabitEthernet1/0/2] port default vlan 5
[SW1-GigabitEthernet1/0/2] quit
[SW1] interface gigabitethernet 1/0/3
[SW1-GigabitEthernet1/0/3] port link-type access  //Configure the interface connected to SW3 as the access interface.
[SW1-GigabitEthernet1/0/3] port default vlan 5
[SW1-GigabitEthernet1/0/3] quit

# Configure VLANIF interfaces so that PCs can connect to the router.

[SW1] interface vlanif 5  //Create VLANIF 5.
[SW1-Vlanif5] ip address 192.168.5.1 24  //Configure an IP address for VLANIF 5. The IP address is the IP address of the interface connected to the router.
[SW1-Vlanif5] quit

# Configure a static route so that PCs on different network segments can communicate with each other.

[SW1] ip route-static 192.168.2.0 255.255.255.0 192.168.5.2  //Configure a static route. Packets with the destination IP address of 192.168.2.0/24 are forwarded to the next hop address of 192.168.5.2. The next hop address is the IP address of the VLANIF interface connected to SW2.
[SW1] ip route-static 192.168.3.0 255.255.255.0 192.168.5.2  //Configure a static route. Packets with the destination IP address of 192.168.3.0/24 are forwarded to the next hop address of 192.168.5.2. The next hop address is the IP address of the VLANIF interface connected to SW2.
[SW1] ip route-static 192.168.4.0 255.255.255.0 192.168.5.3  //Configure a static route. Packets with the destination IP address of 192.168.4.0/24 are forwarded to the next hop address of 192.168.5.3. The next hop address is the IP address of the VLANIF interface connected to SW3.

# Configure a default route so that PCs can communicate with the router.

[SW1] ip route-static 0.0.0.0 0.0.0.0 192.168.5.4  //The IP address is the IP address of the interface connected to SW1.

Verify the configuration.
PC1, PC2, and PC3 can access each other, and they can communicate with the router.

Configuration Files

SW1 configuration file

#
sysname SW1
#
vlan batch 5
#
interface Vlanif5
 ip address 192.168.5.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 5
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 5
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 5
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.4
ip route-static 192.168.2.0 255.255.255.0 192.168.5.2
ip route-static 192.168.3.0 255.255.255.0 192.168.5.2
ip route-static 192.168.4.0 255.255.255.0 192.168.5.3
#
return

SW2 configuration file

#
sysname SW2
#
vlan batch 2 to 3 5
#
#
interface Vlanif2
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif3
 ip address 192.168.3.1 255.255.255.0
#
interface Vlanif5
 ip address 192.168.5.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 5
#
interface GigabitEthernet1/0/23
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/24
 port link-type access
 port default vlan 3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.1
#
return

SW3 configuration file

#
sysname SW3
#
vlan batch 4 to 5
#
interface Vlanif4
 ip address 192.168.4.1 255.255.255.0
#
interface Vlanif5
 ip address 192.168.5.3 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 5
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 4
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.1
#
return

Example for Configuring Interface-based VLAN Assignment (Aggregation Device Used as the Gateway)

Overview

In typical hierarchical networking, when the access switch is a Layer 2 switch, the aggregation switch can be used as the gateway of PCs. The configuration of the access switch is simplified, and PCs access the external network through one outbound interface, thereby facilitating maintenance and management.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-81, PC1 and PC2 belong to VLAN 2 and VLAN 3, respectively. PC1 and PC2 connect to the aggregation switch SW1 through the access switch SW2. PC3 belongs to VLAN 4 and connects to SW1 through SW3. No configuration is performed on SW3, and SW3 functions as the hub and is plug-and-play. SW1 functions as the gateway of PC1, PC2, and PC3 so that PCs can communicate with each other and can be connected to the router.

Figure 3-81 Configuring the aggregation device as the gateway

Configuration Roadmap

The configuration roadmap is as follows:

Configure interface-based assignment on the access switch to implement Layer 2 interworking.
Configure the aggregation switch as the gateway of PCs to implement Layer 3 interworking between PCs on different network segments.
Configure the interface connecting the aggregation switch and router.

Procedure

Configure SW2.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SW2  //Change the device name to SW2 for easy identification.
[SW2] vlan batch 2 3  //Create VLAN 2 and VLAN 3 in a batch.

# Add interfaces to VLANs.

[SW2] interface gigabitethernet 1/0/23
[SW2-GigabitEthernet1/0/23] port link-type access  //Configure the interface connected to the PC as the access interface.
[SW2-GigabitEthernet1/0/23] port default vlan 2  //Add PC1 to VLAN 2.
[SW2-GigabitEthernet1/0/23] quit
[SW2] interface gigabitethernet 1/0/24
[SW2-GigabitEthernet1/0/24] port link-type access
[SW2-GigabitEthernet1/0/24] port default vlan 3  //Add PC2 to VLAN 3.
[SW2-GigabitEthernet1/0/24] quit
[SW2] interface gigabitethernet 1/0/1
[SW2-GigabitEthernet1/0/1] port link-type trunk  //Configure the interface connected to the aggregation switch as the trunk interface.
[SW2-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 3  //Add the interface to VLAN 2 and VLAN 3.
[SW2-GigabitEthernet1/0/1] quit

Configure SW1.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SW1  //Change the device name to SW1.
[SW1] vlan batch 2 to 5  //Create VLANs 2 to 5.

# Add interfaces connected to PCs to VLANs.

[SW1] interface gigabitethernet 1/0/2
[SW1-GigabitEthernet1/0/2] port link-type trunk  //Configure the interface connected to SW1 as the trunk interface.
[SW1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 3  //Add the interface to VLAN 2 and VLAN 3.
[SW1-GigabitEthernet1/0/2] quit
[SW1] interface gigabitethernet 1/0/3
[SW1-GigabitEthernet1/0/3] port link-type access  //Configure the interface connected to PC3 as the access interface.
[SW1-GigabitEthernet1/0/3] port default vlan 4  //Add PC3 to VLAN 4.
[SW1-GigabitEthernet1/0/3] quit

# Configure VLANIF interfaces and configure IP addresses for VLANIF interfaces as gateway addresses of PCs.

[SW1] interface vlanif 2  //Create VLANIF 2.
[SW1-Vlanif2] ip address 192.168.2.1 24  //Configure an IP address for VLANIF 2. The IP address is the gateway address of PC1.
[SW1-Vlanif2] quit
[SW1] interface vlanif 3  //Create VLANIF 3.
[SW1-Vlanif3] ip address 192.168.3.1 24  //Configure an IP address for VLANIF 3. The IP address is the gateway address of PC2.
[SW1-Vlanif3] quit
[SW1] interface vlanif 4  //Create VLANIF 4.
[SW1-Vlanif4] ip address 192.168.4.1 24  //Configure an IP address for VLANIF 4. The IP address is the gateway address of PC3.
[SW1-Vlanif4] quit

# Add interfaces connected to routers to VLANs.

[SW1] interface gigabitethernet 1/0/1
[SW1-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to the router as the access interface. The interface communicates with the router in untagged mode.
[SW1-GigabitEthernet1/0/1] port default vlan 5  //Add the router to VLAN 5.
[SW1-GigabitEthernet1/0/1] quit

# Configure VLANIF interfaces so that PCs can connect to the router.

[SW1] interface vlanif 5  //Create VLANIF 5.
[SW1-Vlanif5] ip address 192.168.5.1 24  //Configure an IP address for VLANIF 5. The IP address is used for interoperation with the router.
[SW1-Vlanif5] quit

Verify the configuration.
PC1, PC2, and PC3 can access each other, and they can communicate with the router.

Configuration Files

SW1 configuration file

#
sysname SW1
#
vlan batch 2 to 5
#
interface Vlanif2
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif3
 ip address 192.168.3.1 255.255.255.0
#
interface Vlanif4
 ip address 192.168.4.1 255.255.255.0
#
interface Vlanif5
 ip address 192.168.5.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 5
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 4
#
return

SW2 configuration file

#
sysname SW2
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/23
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/24
 port link-type access
 port default vlan 3
#
return

Example for Configuring MAC Address-based VLAN Assignment

Overview

MAC address-based VLAN assignment applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Table 3-70 compares different VLAN assignment modes.

Table 3-70 Comparisons among VLAN assignment modes

VLAN Assignment Mode	Implementation	Advantage	Disadvantage	Usage Scenario
Interface-based VLAN assignment	VLANs are assigned based on interfaces. A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID.	It is simple to define VLAN members.	The network administrator needs to reconfigure VLANs when VLAN members change.	Applies to networks of any scale and with devices at fixed locations.
MAC address-based VLAN assignment	VLANs are assigned based on source MAC addresses of frames. A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network.	The network administrator must predefine VLANs for all members on a network.	Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.
IP subnet-based VLAN assignment	VLANs are assigned based on source IP addresses and subnet masks. A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This mode reduces communication traffic and allows a broadcast domain to span multiple switches.	Users are evenly spread and multiple users are on the same network segment.	Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.
Protocol-based VLAN assignment	VLANs are assigned based on protocol (suite) types and encapsulation formats of frames. A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN.	This mode binds service types to VLANs, facilitating management and maintenance.	The network administrator must preconfigure mappings between all protocol types and VLAN IDs. The switch needs to analyze protocol address formats and convert the formats, which consumes excessive resources. Therefore, this mode slows down switch response time.	Applies to networks using multiple protocols.
Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces)	VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses. A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN.	This mode provides high security. MAC addresses or IP addresses of users who have been bound to VLANs cannot be changed. The network administrator can flexibly select which policies to use according to the management mode and requirements.	Each policy needs to be manually configured.	Applies to complex networks.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-82, GE1/0/1 interfaces on SwitchA and SwitchB connect to two conference rooms, respectively. Laptop1 and Laptop2 are portal computers used in the two conferences rooms. Laptop1 and Laptop2 belong to two departments, which belong to VLAN 100 and VLAN 200, respectively. Regardless of which conference room in which Laptop1 and Laptop2 are used, Laptop1 and Laptop2 are required to access the servers of their respective departments (Server1 and Server2, respectively). The MAC addresses of Laptop1 and Laptop2 are 00e0-fcef-00c0 and 00e0-fcef-00c1.

Figure 3-82 Networking of MAC address-based VLAN assignment

Configuration Roadmap

The configuration roadmap is as follows:

Create VLANs on SwitchA and SwitchB and add interfaces to VLANs to implement Layer 2 connectivity.
Configure MAC address-based VLAN assignment on SwitchA and SwitchB.
Configure transparent transmission of VLAN tagged-packets on the switch so that Laptop1 and Laptop2 can access Server1 and Server2 of their respective departments.

Procedure

Configure SwitchA. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200   //Create VLAN 100 and VLAN 200.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk   //The link type of interfaces connecting switches must be trunk. The default link type of an interface is not trunk, so you need to manually configure the trunk interface.
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200   //Add GE1/0/2 to VLAN 100 and VLAN 200.
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] vlan 100
[SwitchA-vlan100] mac-vlan mac-address 00e0-fcef-00c0   //Packets with the MAC address of 00e0-fcef-00c0 are transmitted in VLAN 100.
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] mac-vlan mac-address 00e0-fcef-00c1   //Packets with the MAC address of 00e0-fcef-00c1 are transmitted in VLAN 200.
[SwitchA-vlan200] quit
[SwitchA] interface gigabitethernet 1/0/1 
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid   //MAC address-based VLAN assignment can only be enabled on hybrid interfaces. In V200R005C00 and later versions, the default link type of an interface is not hybrid, so you need to manually configure the hybrid interface.
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 200   //Add the interface to VLAN 100 and VLAN 200 in untagged mode.
[SwitchA-GigabitEthernet1/0/1] mac-vlan enable   //Enable MAC address-based VLAN assignment on the interface.
[SwitchA-GigabitEthernet1/0/1] quit

Configure the switch. The configurations of GE1/0/2, GE1/0/3, and GE1/0/4 are similar to the configuration of GE1/0/1, and are not mentioned here.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200  //Add GE1/0/1 to VLAN 100 and VLAN 200.
[Switch-GigabitEthernet1/0/1] quit

Verify the configuration.

# Run the display mac-vlan mac-address all command in any view to check the configuration of MAC address-based VLAN assignment.

[SwitchA] display mac-vlan mac-address all
---------------------------------------------------                             
MAC Address     MASK            VLAN    Priority                                
---------------------------------------------------                             
00e0-fcef-00c0  ffff-ffff-ffff  100     0                                       
00e0-fcef-00c1  ffff-ffff-ffff  200     0                                       
                                                                                
Total MAC VLAN address count: 2

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 mac-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
vlan 100                                                                        
 mac-vlan mac-address 00e0-fcef-00c0 priority 0                                 
vlan 200                                                                        
 mac-vlan mac-address 00e0-fcef-00c1 priority 0 
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 mac-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
vlan 100                                                                        
 mac-vlan mac-address 00e0-fcef-00c0 priority 0                                 
vlan 200                                                                        
 mac-vlan mac-address 00e0-fcef-00c1 priority 0 
#
return

Switch configuration file

#
sysname Switch
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/4
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return

Example for Configuring IP Subnet-based VLAN Assignment

Overview of IP Subnet-based VLAN Assignment

IP subnet-based VLAN assignment applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Table 3-71 compares different VLAN assignment modes.

Table 3-71 Comparisons among VLAN assignment modes

VLAN Assignment Mode	Implementation	Advantage	Disadvantage	Usage Scenario
Interface-based VLAN assignment	VLANs are assigned based on interfaces. A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID.	It is simple to define VLAN members.	The network administrator needs to reconfigure VLANs when VLAN members change.	Applies to networks of any scale and with devices at fixed locations.
MAC address-based VLAN assignment	VLANs are assigned based on source MAC addresses of frames. A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network.	The network administrator must predefine VLANs for all members on a network.	Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.
IP subnet-based VLAN assignment	VLANs are assigned based on source IP addresses and subnet masks. A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN.	When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This mode reduces communication traffic and allows a broadcast domain to span multiple switches.	Users are evenly spread and multiple users are on the same network segment.	Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.
Protocol-based VLAN assignment	VLANs are assigned based on protocol (suite) types and encapsulation formats of frames. A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN.	This mode binds service types to VLANs, facilitating management and maintenance.	The network administrator must preconfigure mappings between all protocol types and VLAN IDs. The switch needs to analyze protocol address formats and convert the formats, which consumes excessive resources. Therefore, this mode slows down switch response time.	Applies to networks using multiple protocols.
Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces)	VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses. A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN.	This mode provides high security. MAC addresses or IP addresses of users who have been bound to VLANs cannot be changed. The network administrator can flexibly select which policies to use according to the management mode and requirements.	Each policy needs to be manually configured.	Applies to complex networks.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-83, an enterprise has multiple services, including IPTV, VoIP, and Internet access. Each service uses a different IP subnet. To facilitate management, the company requires that packets of the same service be transmitted in the same VLAN and packets of different services in different VLANs. The switch receives packets of multiple services such as data, IPTV, and voice services, and user devices of these services use IP addresses on different IP subnets. The switch needs to assign VLANs to packets of different services so that the router can transmit packets with different VLAN IDs to different servers.

Figure 3-83 Networking of IP subnet-based VLAN assignment

Configuration Roadmap

The configuration roadmap is as follows:

Create VLANs and add interfaces to VLANs so that the interfaces allow the IP subnet-based VLANs.
Enable IP subnet-based VLAN assignment and associate IP subnets with VLANs so that the switch determines VLANs based on source IP addresses or network segments of packets.

Procedure

Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200 300   //Create VLAN100, VLAN 200, and VLAN 300 in a batch.

Configure interfaces.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type hybrid   //IP subnet-based VLAN assignment can only be enabled on hybrid interfaces. In V200R005C00 and later versions, the default link type of an interface is not hybrid, so you need to manually configure the hybrid interface.
[Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 200 300   //Add the interface to VLANs 100, 200, and 300 in untagged mode.
[Switch-GigabitEthernet1/0/1] ip-subnet-vlan enable   //Enable IP subnet-based VLAN assignment.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type trunk  //Configure the link type of the interface as trunk.
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 300
[Switch-GigabitEthernet1/0/2] quit

Configure IP subnet-based VLAN assignment.

[Switch] vlan 100
[Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2   //Configure the device to forward packets with the IP address of 192.168.1.2/24 and priority of 2 in VLAN 100.
[Switch-vlan100] quit
[Switch] vlan 200
[Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3   //Configure the device to forward packets with the IP address of 192.168.2.2/24 and priority of 3 in VLAN 200.
[Switch-vlan200] quit
[Switch] vlan 300
[Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4   //Configure the device to forward packets with the IP address of 192.168.3.2/24 and priority of 4 in VLAN 300.
[Switch-vlan300] quit

Verify the configuration.

# Run the display ip-subnet-vlan vlan all command on the switch. The following information is displayed:

[Switch] display ip-subnet-vlan vlan all
----------------------------------------------------------------
 Vlan    Index   IpAddress           SubnetMask          Priority
 ----------------------------------------------------------------
 100     1       192.168.1.2         255.255.255.0       2
 200     1       192.168.2.2         255.255.255.0       3
 300     1       192.168.3.2         255.255.255.0       4
 ----------------------------------------------------------------
 ip-subnet-vlan count: 3                  total count: 3

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 100 200 300
#
vlan 100
 ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
 ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
 ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid untagged vlan 100 200 300
 ip-subnet-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200 300
#
return

Example for Directly Connecting a Terminal to a Layer 3 Gateway to Implement Inter-VLAN Communication

Overview

After VLANs are assigned, broadcast packets are only forwarded within the same VLAN. That is, hosts in different VLANs cannot communicate at Layer 2 because VLAN technology isolates broadcast domains. In real-world applications, hosts in different VLANs often need to communicate, so inter-VLAN communication needs to be implemented to resolve this. Layer 3 routing or VLAN technology is required to implement inter-VLAN communication.

Huawei provides a variety of technologies to implement inter-VLAN communication. The following two technologies are commonly used:

VLANIF interface

A VLANIF interface is a Layer 3 logical interface. You can configure an IP address for a VLANIF interface to implement inter-VLAN Layer 3 communication.
Dot1q termination sub-interface

Similar to a VLANIF interface, a sub-interface is also a Layer 3 logical interface. You can configure dot1q termination and an IP address for a sub-interface to implement inter-VLAN Layer 3 communication.

VLANIF interfaces are the most commonly used for inter-VLAN communication due to their simple configurations. However, a VLANIF interface needs to be configured for each VLAN and each VLANIF interface requires an IP address, which wastes IP addresses.

The VLANIF interface and Dot1q termination sub-interface can only allow hosts on different network segments in different VLANs to communicate, whereas super-VLAN (VLAN aggregation) and the VLAN Switch function allow hosts on the same network segment in different VLANs to communicate.

Configuration Notes

The default gateway address of hosts in a VLAN must be the IP address of the VLANIF interface that corresponds to the VLAN.
This example applies to all versions of all switches.

Networking Requirements

Different user hosts of an enterprise transmit the same service, and are located on different network segments. User hosts transmitting the same service belong to different VLANs and need to communicate.

In Figure 3-84, User1 and User2 access the same service but belong to different VLANs and are located on different network segments. User1 and User2 need to communicate.

Figure 3-84 Networking for configuring inter-VLAN communication using VLANIF interfaces

Configuration Roadmap

The configuration roadmap is as follows:

Create VLANs and determine the VLANs to which users belong.
Add interfaces to VLANs and configure the interfaces to allow the VLANs.
Create VLANIF interfaces and configure IP addresses for the VLANIF interfaces to implement Layer 3 connectivity.

Procedure

Configure the switch.

# Create VLANs, and configure interfaces on the switch connected to user hosts as access interfaces and add them to VLANs.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20  
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access   //Configure the link type of the interface as access.
[Switch-GigabitEthernet1/0/1] port default vlan 10   //Add the interface to VLAN 10.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access
[Switch-GigabitEthernet1/0/2] port default vlan 20
[Switch-GigabitEthernet1/0/2] quit

# Assign IP addresses to VLANIF interfaces.

[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.10.10.2 24   //Set the IP address of VLANIF 10 to 10.10.10.2/24.
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 10.10.20.2 24   //Set the IP address of VLANIF 20 to 10.10.20.2/24.
[Switch-Vlanif20] quit

Verify the configuration.
Configure the IP address of 10.10.10.3/24 and default gateway address as 10.10.10.2/24 (VLANIF 10's IP address) for User1 in VLAN 10.

Configure the IP address of 10.10.20.3/24 and default gateway address as 10.10.20.2/24 (VLANIF 20's IP address) for User2 in VLAN 20.

After the configuration is complete, User1 in VLAN 10 and User2 in VLAN 20 can communicate.

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
 ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
 ip address 10.10.20.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 20
#
return

Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch

Overview

Huawei provides a variety of technologies to implement inter-VLAN communication. The following two technologies are commonly used:

VLANIF interface

A VLANIF interface is a Layer 3 logical interface. You can configure an IP address for a VLANIF interface to implement inter-VLAN Layer 3 communication.
Dot1q termination sub-interface

Similar to a VLANIF interface, a sub-interface is also a Layer 3 logical interface. You can configure dot1q termination and an IP address for a sub-interface to implement inter-VLAN Layer 3 communication.

Inter-VLAN communication through a dot1q termination sub-interface is used in scenarios where an Ethernet interface connects to many VLANs. Because data flows from different VLANs preempt the bandwidth of the primary Ethernet interface, communication bottlenecks may occur when the network is busy.

Configuration Notes

Only E series cards, X series cards, F series cards, SC cards among S series of the S7700&S9700 support the termination sub-interface. For details, see the card classification in Hardware Description.
X1E cards among X series support the termination sub-interface in V200R007C00 and later versions.
For Layer 2 interfaces, only hybrid and trunk interfaces support termination sub-interfaces.
The VLAN IDs terminated by a sub-interface cannot be created in the system view or be displayed.
When IP packets need to be sent out from the termination sub-interface and there is no corresponding ARP entry on the device. If ARP broadcast is not enabled on the termination sub-interface through the command arp broadcast enable, the system does not send or forward broadcast ARP packets to learn ARP entries. In this case, the IP packets are discarded directly.
This example applies to all versions of the modular switches.

Networking Requirements

In Figure 3-85, Host A and Host B belong to the R&D department, and Host C and Host D belong to the quality department. The two departments are connected through a Layer 2 switch, and require Layer 2 isolation and Layer 3 connectivity.

Figure 3-85 Networking for connecting a terminal to a Layer 3 gateway through a Layer 2 switch

Configuration Roadmap

The configuration roadmap is as follows:

Configure interface-based assignment on the Layer 2 switch to implement Layer 2 isolation.
Configure sub-interface termination on the Layer 3 switch to implement Layer 3 connectivity.

Procedure

Configure Layer 2 switch SwitchA.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA  //Change the device name to SwitchA for easy identification.
[SwitchA] vlan batch 2 to 3  //Create VLAN 2 and VLAN 3 in a batch.

# Add the interface connected to the host to VLANs.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to the PC as the access interface.
[SwitchA-GigabitEthernet1/0/1] port default vlan 2  //Add Host A to VLAN 2.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 2  //Add Host B to VLAN 2.
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type access  //Configure the interface connected to the PC as the access interface.
[SwitchA-GigabitEthernet1/0/3] port default vlan 3  //Add Host C to VLAN 3.
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] port link-type access
[SwitchA-GigabitEthernet1/0/4] port default vlan 3  //Add Host D to VLAN 3.
[SwitchA-GigabitEthernet1/0/4] quit

# Enable the interface connected to the Layer 3 switch to transparently transmit packets from a specified VLAN.

[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] port link-type trunk  //Configure the interface connected to the switch as the trunk interface.
[SwitchA-GigabitEthernet1/0/5] port trunk allow-pass vlan 2 to 3  //Add the interface to VLAN 2 and VLAN 3.
[SwitchA-GigabitEthernet1/0/5] quit

Configure Layer 3 switch SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB  //Change the device name to SwitchB.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type hybrid   //In V200R005 earlier versions, you do not need to manually configure the link type of the interface to hybrid.
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/1.1   //Create a sub-interface and enter the sub-interface view.
[SwitchB-GigabitEthernet1/0/1.1] dot1q termination vid 2   //Set the VLAN ID for dot1q termination on GE1/0/1.1 to VLAN 2.
[SwitchB-GigabitEthernet1/0/1.1] ip address 1.1.1.1 24
[SwitchB-GigabitEthernet1/0/1.1] arp broadcast enable   //A termination sub-interface directly discards broadcast packets, so the sub-interface needs to be configured to forward ARP broadcast packets.
[SwitchB-GigabitEthernet1/0/1.1] quit
[SwitchB] interface gigabitethernet 1/0/1.2   //Create a sub-interface and enter the sub-interface view.
[SwitchB-GigabitEthernet1/0/1.2] dot1q termination vid 3   //Set the VLAN ID for dot1q termination on GE1/0/1.2 to VLAN 3.
[SwitchB-GigabitEthernet1/0/1.2] ip address 2.2.2.1 24 
[SwitchB-GigabitEthernet1/0/1.2] arp broadcast enable
[SwitchB-GigabitEthernet1/0/1.2] quit

Verify the configuration.
Configure the IP address 1.1.1.2/24 for Host A and the default gateway address as the IP address 1.1.1.1.1/24 of GE1/0/1.1.

Configure the IP address 1.1.1.3/24 for Host B and the default gateway address as the IP address 1.1.1.1.1/24 of GE1/0/1.1.

Configure the IP address 2.2.2.2/24 for Host C and the default gateway address as the IP address 2.2.2.1/24 of GE1/0/1.2.

Configure the IP address 2.2.2.3/24 for Host D and the default gateway address as the IP address 2.2.2.1/24 of GE1/0/1.2.

After the configuration is complete, Host A, Host B, Host C, and Host D can ping each other and communicate at Layer 3.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/4
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

SwitchB configuration file

#
sysname SwitchB
#
interface GigabitEthernet1/0/1
 port link-type hybrid
#
interface GigabitEthernet1/0/1.1
 dot1q termination vid 2
 ip address 1.1.1.1 255.255.255.0
 arp broadcast enable
#
interface GigabitEthernet1/0/1.2
 dot1q termination vid 3
 ip address 2.2.2.1 255.255.255.0
 arp broadcast enable
#
return

Example for Configuring Communication Between Different Network Segments Through Static Routes

Overview

In addition to configuring an IP address for a VLANIF interface, you need to configure a static route or a dynamic routing protocol when PCs on different network segments across several switches need to communicate. This is because only a direct route is generated for the VLANIF interface's IP address on the switch and a VLANIF interface can only impalement interworking between PCs on different network segments through one switch.

Static routes can be easily configured and have low requirements on the system. They are applicable to simple, stable, and small-scale networks. However, static routes cannot automatically adapt to changes in the network topology, and manual intervention is required.

With routing algorithms, dynamic routing protocols can automatically adapt to changes in the network topology. They are applicable to the network where some Layer 3 devices are deployed. The configurations of dynamic routes are complex. Dynamic routes have higher requirements on the system than static ones and consume more network and system resources.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 3-86, to ensure security and facilitate management, an enterprise assigns a VLAN for a server. The user device belongs to VLAN 10, and the server belongs to VLAN 20. Access, aggregation, and core switches are deployed between the user and server. Access switches are layer 2 switches, and aggregation and core switches are Layer 3 switches. The user and server need to communicate with each other due to service requirements.

Figure 3-86 Networking for configuring communication between different network segments through static routes

Configuration Roadmap

The configuration roadmap is as follows:

Configure interface-based VLAN assignment to implement Layer 2 communication.
Configure VLANIF 10 on the aggregation switch AGG and configure an IP address for VLANIF 10 as the gateway address of the user; configure VLANIF 20 on the core switch CORE and configure an IP address for VLANIF 20 as the gateway address of the server.
On the aggregation switch AGG, configure a static route from AGG to the network segment of VLANIF 20; on the core switch CORE, configure a static route from CORE to the network segment of VLANIF 10. The communication across network segments is therefore implemented.

Procedure

Configure the access switch ACC1.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname ACC1  //Change the device name to ACC1 for easy identification.
[ACC1] vlan batch 10  //Create VLAN 10 in a batch.

# Add interfaces to VLANs.

[ACC1] interface gigabitethernet 1/0/1
[ACC1-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to a user host as the access interface.
[ACC1-GigabitEthernet1/0/1] port default vlan 10  //Add the user device to VLAN 10.
[ACC1-GigabitEthernet1/0/1] quit
[ACC1] interface gigabitethernet 1/0/2
[ACC1-GigabitEthernet1/0/2] port link-type trunk  //Configure the interface connected to the aggregation switch as the trunk interface.
[ACC1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10  //Add the interface connected to the aggregation switch to VLAN 10.
[ACC1-GigabitEthernet1/0/2] quit

Configure the access switch ACC2.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname ACC2  //Change the device name to ACC2.
[ACC2] vlan batch 20  //Create VLAN 20 in a batch.

# Add interfaces to VLANs.

[ACC2] interface gigabitethernet 1/0/1
[ACC2-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to the server as the access interface.
[ACC2-GigabitEthernet1/0/1] port default vlan 20  //Add the user device to VLAN 20.
[ACC2-GigabitEthernet1/0/1] quit
[ACC2] interface gigabitethernet 1/0/2
[ACC2-GigabitEthernet1/0/2] port link-type trunk  //Configure the interface connected to the core switch as the trunk interface.
[ACC2-GigabitEthernet1/0/2] port trunk allow-pass vlan 20  //Add the interface connected to the core switch to VLAN 20.
[ACC2-GigabitEthernet1/0/2] quit

Configure the aggregation switch AGG.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname AGG  //Change the device name to AGG.
[AGG] vlan batch 10 30  //Create VLAN 10 and VLAN 30 in a batch.

# Add interfaces to VLANs.

[AGG] interface gigabitethernet 1/0/2
[AGG-GigabitEthernet1/0/2] port link-type trunk  //Configure the interface as the trunk interface.
[AGG-GigabitEthernet1/0/2] port trunk allow-pass vlan 10  //Add the interface to VLAN 10.
[AGG-GigabitEthernet1/0/2] quit
[AGG] interface gigabitethernet 1/0/3
[AGG-GigabitEthernet1/0/3] port link-type trunk  //Configure the interface as the trunk interface.
[AGG-GigabitEthernet1/0/3] port trunk allow-pass vlan 30  //Add the interface connected to the core switch to VLAN 30.
[AGG-GigabitEthernet1/0/3] quit

# Create VLANIF 10 and configure an IP address for VLANIF 10 as the gateway address.

[AGG] interface vlanif 10  //Create VLANIF 10.
[AGG-Vlanif10] ip address 10.1.1.1 24  //Configure an IP address for VLANIF 10. The IP address is the gateway address.
[AGG-Vlanif10] quit

# Create VLANIF 30 and configure an IP address for VLANIF 30.

[AGG] interface vlanif 30  //Create VLANIF 30.
[AGG-Vlanif30] ip address 10.10.30.1 24  //Configure an IP address for VLANIF 30. The IP address cannot conflict with IP addresses of the user and server.
[AGG-Vlanif30] quit

# Configure a static route so that the PC can access the server.

[AGG] ip route-static 192.168.1.0 255.255.255.0 10.10.30.2  //Configure a static route. The packets with the destination IP address of 192.168.1.0/24 are forwarded to the IP address 10.10.30.2 of VLANIF 30 on the core switch.

Configure the core switch CORE.

# Create VLANs.

<HUAWEI> system-view
[HUAWEI] sysname CORE  //Change the device name to CORE.
[CORE] vlan batch 20 30  //Create VLAN 20 and VLAN 30 in a batch.

# Add interfaces to VLANs.

[CORE] interface gigabitethernet 1/0/2
[CORE-GigabitEthernet1/0/2] port link-type trunk  //Configure the interface as the trunk interface.
[CORE-GigabitEthernet1/0/2] port trunk allow-pass vlan 20  //Add the interface to VLAN 20.
[CORE-GigabitEthernet1/0/2] quit
[CORE] interface gigabitethernet 1/0/3
[CORE-GigabitEthernet1/0/3] port link-type trunk  //Configure the interface as the trunk interface.
[CORE-GigabitEthernet1/0/3] port trunk allow-pass vlan 30  //Add the interface to VLAN 30.
[CORE-GigabitEthernet1/0/3] quit

# Create VLANIF 20 and configure an IP address for VLANIF 20 as the gateway address of the server.

[CORE] interface vlanif 20  //Create VLANIF 20.
[CORE-Vlanif20] ip address 192.168.1.1 24  //Configure an IP address for VLANIF 20. The IP address is the gateway address of the server.
[CORE-Vlanif20] quit

# Create VLANIF 30 and configure an IP address for VLANIF 30.

[CORE] interface vlanif 30  //Create VLANIF 30.
[CORE-Vlanif30] ip address 10.10.30.2 24  //Configure an IP address for VLANIF 30.
[CORE-Vlanif30] quit

# Configure a static route so that the server and PC can access each other.

[CORE] ip route-static 10.1.1.0 255.255.255.0 10.10.30.1  //Configure a static route. The packets with the destination IP address of 10.1.1.0/24 are forwarded to the IP address 10.10.30.1 of VLANIF 30 on the aggregation switch.

Verify the configuration.
Configure the IP address of 10.1.1.2/24 for the PC in VLAN 10 and the default gateway address as 10.1.1.1 (VLANIF 10's IP address).

Configure the IP address of 192.168.1.2/24 for the server in VLAN 20 and the default gateway address as 192.168.1.1 (VLANIF 20's IP address).

After the configuration is complete, the PC in VLAN 10 and the server in VLAN 20 can access each other.

Configuration Files

ACC1 configuration file

#
sysname ACC1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

ACC2 configuration file

#
sysname ACC2
#
vlan batch 20
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 20
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
return

AGG configuration file

#
sysname AGG
#
vlan batch 10 30
#
interface Vlanif10
 ip address 10.1.1.1 255.255.255.0
#
interface Vlanif30
 ip address 10.10.30.1 255.255.255.0
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
ip route-static 192.168.1.0 255.255.255.0 10.10.30.2
#
return

CORE configuration file

#
sysname CORE
#
vlan batch 20 30
#
interface Vlanif20
 ip address 192.168.1.1 255.255.255.0
#
interface Vlanif30
 ip address 10.10.30.2 255.255.255.0
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#
ip route-static 10.1.1.0 255.255.255.0 10.10.30.1
#
return

Example for Configuring the Super-VLAN

Super-VLAN Overview

Super-VLAN, also called VLAN aggregation, reduces the number of required IP addresses, isolates broadcast storms, and controls Layer 2 access on interfaces. A super-VLAN can be associated with multiple sub-VLANs, which are isolated at Layer 2. All sub-VLANs use the IP address of the corresponding VLANIF interface for the super-VLAN to implement Layer 3 connectivity with an external network, thereby reducing the number of IP addresses required.

The super-VLAN applies to scenarios where many users and VLANs exist, IP addresses of devices in many VLANs are on the same network segment, and inter-VLAN Layer 2 isolation needs to be implemented. Inter-VLAN proxy ARP can be enabled to implement inter-VLAN communication. For example, this can be used in hotels and residential buildings requiring broadband access. A room or household is assigned a VLAN and isolated. An IP network segment cannot be allocated to each VLAN because IP addresses are finite and there are many VLANs. The VLANs can only share an IP network segment. Assume that the IP network segment of VLAN 10 is 10.10.10.0/24. A household may use only one or two IP addresses; however, over 200 IP addresses are consumed. Super-VLAN technology allows users in VLANs 11 to 100 to share the IP network segment of 10.10.10.0/24, thereby reducing the number of IP addresses required.

Super-VLAN is Layer 3 technology configured on a Layer 3 switch, whereas MUX VLAN is configured on a Layer 2 switch. The MUX VLAN is more complex to configure than super-VLAN, but its access control is more flexible. When the switch queries temporarily offline users in the super-VLAN, the gateway needs to broadcast packets in each sub-VLAN, consuming many CPU resources.

Configuration Notes

VLAN 1 cannot be configured as a super-VLAN.
No physical interface can be added to a VLAN configured as a super-VLAN.
This example applies to the following products:
- S2752EI
- S3700-SI, S3700-EI, S3700-HI
- S5700-EI, S5700-SI, S5700-HI, S5710-EI, S5720-EI, S5720-SI, S5720S-SI, S5720I-SI, S5710-HI, S5720-HI, S5730-HI, S5730-SI, S5730S-EI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S5735-S, S5735S-S, S5735-S-I
- S6700-EI, S6720-EI, S6720S-EI, S6720-SI, S6720S-SI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S
- S7703, S7706, S7712, S7703 PoE, S7706 PoE
- S9703, S9706, S9712
For the product models whose applicable versions are not listed above, see Table 1 in "Applicable Products and Versions" for details.

For details about software mappings, visit Hardware Center and select the desired product model.

The S5731-L and S5731S-L are remote units and do not support web-based management, YANG, or commands. They can be configured only through configuration delivery by the central device. For details, see "Simplified Architecture Configuration (the Solar System Solution)" in the S300, S500, S2700, S5700, and S6700 V200R023C00 Configuration Guide - Device Management.

Networking Requirements

In Figure 3-87, a company has many departments on the same network segment. To improve service security, the company assigns different departments to different VLANs. VLAN 2 and VLAN 3 belong to different departments. Each department wants to access the Internet, and PCs in different departments need to communicate.

Figure 3-87 Networking of the super-VLAN

Configuration Roadmap

Configure VLAN aggregation on SwitchB to add VLANs of different departments to a super-VLAN so that PCs in different departments can access the Internet using the super-VLAN. Deploy proxy ARP in the super-VLAN so that PCs in different departments can communicate. The configuration roadmap is as follows:

Configure VLANs and interfaces on SwitchA and SwitchB, add PCs of different departments to different VLANs, and configure interfaces on SwitchA and SwitchB to transparently transmit packets from VLANs.
Configure a super-VLAN, a VLANIF interface, and a static route on SwitchB so that PCs in different departments can access the Internet.
Configure proxy ARP in the super-VLAN on SwitchB so that PCs in different departments can communicate at Layer 3.

Procedure

Configure SwitchA.

# Add GE1/0/1, GE1/0/2, GE1/0/3, and GE1/0/4 to VLANs.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2 to 3
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access   //Configure the link type of the interface as access.
[SwitchA-GigabitEthernet1/0/1] port default vlan 2   //Add the interface to VLAN 2.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 2
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type access
[SwitchA-GigabitEthernet1/0/3] port default vlan 3   //Add the interface to VLAN 3.
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] port link-type access
[SwitchA-GigabitEthernet1/0/4] port default vlan 3
[SwitchA-GigabitEthernet1/0/4] quit

# Configure GE1/0/5 to transparently transmit packets from VLAN 2 and VLAN 3.

[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] port link-type trunk
[SwitchA-GigabitEthernet1/0/5] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet1/0/5] quit

Configure SwitchB.
# Create VLAN 2, VLAN 3, VLAN 4, and VLAN 10 and configure the interface of SwitchB connected to SwitchA to transparently transmit packets from VLAN 2 and VLAN 3 to SwitchB.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 2 3 4 10
[SwitchB] interface gigabitethernet 1/0/5
[SwitchB-GigabitEthernet1/0/5] port link-type trunk
[SwitchB-GigabitEthernet1/0/5] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet1/0/5] quit
```
# Configure super-VLAN 4 on SwitchB and add VLAN 2 and VLAN 3 to super-VLAN 4 as sub-VLANs.
```
[SwitchB] vlan 4
[SwitchB-vlan4] aggregate-vlan
[SwitchB-vlan4] access-vlan 2 to 3
[SwitchB-vlan4] quit
```
# Create and configure VLANIF 4 so that PCs in different departments can access the Internet using super-VLAN 4.
```
[SwitchB] interface vlanif 4
[SwitchB-Vlanif4] ip address 10.1.1.1 24
[SwitchB-Vlanif4] quit
```
# Configure the uplink interface GE1/0/1 to transparently transmit packets from the VLAN that SwitchB and router belong to.
```
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/1] quit
```
# Create and configure VLANIF 10 and specify the IP address of VLANIF 10 as the IP address for connecting SwitchB and the router. (Assume that the IP address used by the router to communicate with SwitchB is 10.10.1.2, and VLAN 10 is allowed to pass through the port through which the router communicates with SwitchB in tag mode.)
```
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.10.1.1 24
[SwitchB-Vlanif10] quit
```
# Configure a static route to the router on SwitchB so that users can access the Internet.
```
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
```
Configure the router interface connected to SwitchB and assign the IP address of 10.10.1.2 to the router interface. See the router configuration manual.
Assign IP addresses to PCs.
Configure IP addresses for PCs and ensure that their IP addresses are on the same network segment as 10.1.1.1/24 (IP address of VLANIF 4).

After the configuration is complete, PCs in each department can access the Internet, but PCs in VLAN 2 and VLAN 3 cannot ping each other.
Configure proxy ARP.
# Configure proxy ARP in super-VLAN 4 on SwitchB so that users in different departments can communicate at Layer 3.
```
[SwitchB] interface vlanif 4 
[SwitchB-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[SwitchB-Vlanif4] quit
```
Verify the configuration.
After the configuration is complete, users in VLAN 2 and VLAN 3 can ping each other and access the Internet.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/4
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 4 10
#
vlan 4
 aggregate-vlan
 access-vlan 2 to 3
#
interface Vlanif4
 ip address 10.1.1.1 255.255.255.0
 arp-proxy inter-sub-vlan-proxy enable
#
interface Vlanif10
 ip address 10.10.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
#
return

Example for Configuring MUX VLAN to Isolate Users in the Same VLAN

MUX VLAN Overview

Multiplex VLAN (MUX VLAN) provides a mechanism to control network resources using VLANs. It can implement inter-VLAN communication and intra-VLAN isolation. The MUX VLAN is often used in enterprises and in hotels and residential buildings requiring broadband access. An enterprise, hotel, or residential building shares the same VLAN, but each department, room, or household is isolated.

MUX VLAN is configured on a Layer 2 switch, whereas super-VLAN technology is configured on a Layer 3 switch. MUX VLAN is more flexible in access control, but its configuration is complex.

Configuration Notes

The VLAN ID assigned to a principal VLAN cannot be used to configure the super-VLAN or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.
The VLAN ID assigned to a group or separate VLAN cannot be used to configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.
Disabling MAC address learning or limiting the number of learned MAC addresses on an interface affects the MUX VLAN function on the interface.
MUX VLAN and port security cannot be configured on the same interface simultaneously.
MUX VLAN and MAC address authentication cannot be configured on the same interface simultaneously.
MUX VLAN and 802.1x authentication cannot be configured on the same interface simultaneously.
If the MUX VLAN function is enabled on an interface, VLAN mapping and VLAN stacking cannot be configured on the interface.
This example applies to all versions of all switches.

Networking Requirements

All employees of an enterprise can access servers on the enterprise network. The enterprise allows some employees to communicate but isolates other employees.

In Figure 3-88, Switch1 is deployed at the aggregation layer and used as the gateway for downstream hosts. Switch2, Switch3, Switch4, Switch5, and Switch6 are access switches. Their GE1/0/1 interfaces connect to downstream hosts, and their GE1/0/2 interfaces connect to Switch1. You can configure MUX VLAN on Switch1. This reduces the number of VLAN IDs on the enterprise network and facilitates network management.

Figure 3-88 Networking of MUX VLAN

Configuration Roadmap

The configuration roadmap is as follows:

Configure the principal VLAN and a VLANIF interface. The IP address of the VLANIF interface is used as the gateway IP address for downstream hosts and servers.
Configure the group VLAN.
Configure the separate VLAN.
Add interfaces to VLANs and enable the MUX VLAN function on the interfaces.
Add interfaces of access switches to VLANs.

Procedure

Enable the MUX VLAN function on Switch1.

# On Switch1, create VLAN 2, VLAN 3, and VLAN 4, and a VLANIF interface for VLAN 2. The IP address of the VLANIF interface is used as the gateway IP address for downstream hosts and servers.

<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 2 3 4
[Switch1] interface vlanif 2
[Switch1-Vlanif2] ip address 192.168.100.100 24
[Switch1-Vlanif2] quit

# Configure the group VLAN and separate VLAN of the MUX VLAN on Switch1.

[Switch1] vlan 2
[Switch1-vlan2] mux-vlan
[Switch1-vlan2] subordinate group 3   //Configure VLAN 3 as the group VLAN.
[Switch1-vlan2] subordinate separate 4   //Configure VLAN 4 as the separate VLAN.
[Switch1-vlan2] quit

# Add interfaces to the VLANs on Switch1 and enable the MUX VLAN function on interfaces.

[Switch1] interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] port link-type trunk
[Switch1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[Switch1-GigabitEthernet1/0/2] port mux-vlan enable vlan 2   //In V200R003C00 and earlier versions, you do not need to specify the VLAN. An interface can only join the MUX VLAN or Separate VLAN, or a group VLAN.
[Switch1-GigabitEthernet1/0/2] quit
[Switch1] interface gigabitethernet 1/0/3
[Switch1-GigabitEthernet1/0/3] port link-type trunk
[Switch1-GigabitEthernet1/0/3] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet1/0/3] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet1/0/3] quit
[Switch1] interface gigabitethernet 1/0/4
[Switch1-GigabitEthernet1/0/4] port link-type trunk
[Switch1-GigabitEthernet1/0/4] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet1/0/4] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet1/0/4] quit
[Switch1] interface gigabitethernet 1/0/5
[Switch1-GigabitEthernet1/0/5] port link-type trunk
[Switch1-GigabitEthernet1/0/5] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet1/0/5] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet1/0/5] quit
[Switch1] interface gigabitethernet 1/0/6
[Switch1-GigabitEthernet1/0/6] port link-type trunk
[Switch1-GigabitEthernet1/0/6] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet1/0/6] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet1/0/6] quit

Configure interfaces of access switches and add them to VLANs. The configurations of Switch3, Switch4, Switch5, and Switch6 are similar to the configuration of Switch2, and are not mentioned here.

<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan batch 2
[Switch2] interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] port link-type access   //Configure the link type of the interface as access.
[Switch2-GigabitEthernet1/0/1] port default vlan 2
[Switch2-GigabitEthernet1/0/1] quit
[Switch2] interface gigabitethernet 1/0/2
[Switch2-GigabitEthernet1/0/2] port link-type trunk
[Switch2-GigabitEthernet1/0/2] port trunk allow-pass vlan 2   //Configure the link type of the interface as trunk.
[Switch2-GigabitEthernet1/0/2] quit

Verify the configuration.
The server can communicate with HostB, HostC, HostD, and HostE.

HostB can communicate with HostC.

HostD cannot communicate with HostE.

HostB and HostC cannot communicate with either HostD or HostE.

Configuration Files

Switch1 configuration file

#
sysname Switch1
#
vlan batch 2 to 4
#
vlan 2
 mux-vlan
 subordinate separate 4 
 subordinate group 3
#
interface Vlanif2                                                             
 ip address 192.168.100.100 255.255.255.0  
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 
 port mux-vlan enable vlan 2
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 3
 port mux-vlan enable vlan 3
#
interface GigabitEthernet1/0/4
 port link-type trunk
 port trunk allow-pass vlan 3
 port mux-vlan enable vlan 3
#
interface GigabitEthernet1/0/5
 port link-type trunk
 port trunk allow-pass vlan 4
 port mux-vlan enable vlan 4
#
interface GigabitEthernet1/0/6
 port link-type trunk
 port trunk allow-pass vlan 4
 port mux-vlan enable vlan 4
#
return

Switch2 configuration file

#
sysname Switch2
#
vlan batch 2
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2
#
return

Switch3 configuration file

#
sysname Switch3
#
vlan batch 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 3
#
return

Switch4 configuration file

#
sysname Switch4
#
vlan batch 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 3
#
return

Switch5 configuration file

#
sysname Switch5
#
vlan batch 4
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 4
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 4
#
return

Switch6 configuration file

#
sysname Switch6
#
vlan batch 4
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 4
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 4
#
return

Example for Configuring Interface-based VLAN Assignment
Example for Configuring Interface-based VLAN Assignment (Access Device Used as the Gateway)
Example for Configuring Interface-based VLAN Assignment (Aggregation Device Used as the Gateway)
Example for Configuring MAC Address-based VLAN Assignment
Example for Configuring IP Subnet-based VLAN Assignment
Example for Directly Connecting a Terminal to a Layer 3 Gateway to Implement Inter-VLAN Communication
Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch
Example for Configuring Communication Between Different Network Segments Through Static Routes
Example for Configuring the Super-VLAN
Example for Configuring MUX VLAN to Isolate Users in the Same VLAN

Translation

Español 日本語 Русский 简体中文

Download

Updated: 2023-10-27

Document ID: EDOC1000069520

Downloads: 41835

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Example for Configuring Interface-based VLAN Assignment

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Configuring Interface-based VLAN Assignment (Access Device Used as the Gateway)

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Interface-based VLAN Assignment (Aggregation Device Used as the Gateway)

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring MAC Address-based VLAN Assignment

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring IP Subnet-based VLAN Assignment

Overview of IP Subnet-based VLAN Assignment

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Directly Connecting a Terminal to a Layer 3 Gateway to Implement Inter-VLAN Communication

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Communication Between Different Network Segments Through Static Routes

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring the Super-VLAN

Super-VLAN Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring MUX VLAN to Isolate Users in the Same VLAN

MUX VLAN Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Version

Related Documents