Example for Configuring MUX VLAN on the Access Device
Networking Requirements
All users on an enterprise network are allowed to access the enterprise server. The enterprise allows communication between some employees and prohibits communication between others.
As shown in Figure 7-3, MUX VLAN can be configured on the Switch connecting to user hosts. MUX VLAN meets the enterprise's requirements, conserves VLAN resources, and has fewer requirements on network maintenance.
Configuration Roadmap
The configuration roadmap is as follows:
Configure a principal VLAN.
Configure a group VLAN.
Configure a separate VLAN.
Add interfaces to the VLANs and enable the MUX VLAN function.
Procedure
- Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 2 3 4
# Configure a group VLAN and a separate VLAN.
[Switch] vlan 2 [Switch-vlan2] mux-vlan [Switch-vlan2] subordinate group 3 [Switch-vlan2] subordinate separate 4 [Switch-vlan2] quit
# Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type access [Switch-GigabitEthernet1/0/1] port default vlan 2 [Switch-GigabitEthernet1/0/1] port mux-vlan enable vlan 2 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type access [Switch-GigabitEthernet1/0/2] port default vlan 3 [Switch-GigabitEthernet1/0/2] port mux-vlan enable vlan 3 [Switch-GigabitEthernet1/0/2] quit [Switch] interface gigabitethernet 1/0/3 [Switch-GigabitEthernet1/0/3] port link-type access [Switch-GigabitEthernet1/0/3] port default vlan 3 [Switch-GigabitEthernet1/0/3] port mux-vlan enable vlan 3 [Switch-GigabitEthernet1/0/3] quit [Switch] interface gigabitethernet 1/0/4 [Switch-GigabitEthernet1/0/4] port link-type access [Switch-GigabitEthernet1/0/4] port default vlan 4 [Switch-GigabitEthernet1/0/4] port mux-vlan enable vlan 4 [Switch-GigabitEthernet1/0/4] quit [Switch] interface gigabitethernet 1/0/5 [Switch-GigabitEthernet1/0/5] port link-type access [Switch-GigabitEthernet1/0/5] port default vlan 4 [Switch-GigabitEthernet1/0/5] port mux-vlan enable vlan 4 [Switch-GigabitEthernet1/0/5] quit
- Verify the configuration.
The server, HostB, HostC, HostD, and HostE are on the same subnet.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 2 to 4 # vlan 2 mux-vlan subordinate separate 4 subordinate group 3 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 port mux-vlan enable vlan 2 # interface GigabitEthernet1/0/2 port link-type access port default vlan 3 port mux-vlan enable vlan 3 # interface GigabitEthernet1/0/3 port link-type access port default vlan 3 port mux-vlan enable vlan 3 # interface GigabitEthernet1/0/4 port link-type access port default vlan 4 port mux-vlan enable vlan 4 # interface GigabitEthernet1/0/5 port link-type access port default vlan 4 port mux-vlan enable vlan 4 # return