Configuring IP Subnet-based VLAN Assignment
Context
IP subnet-based and protocol-based VLAN assignments are network layer-based VLAN assignments. They reduce manual VLAN configuration workload and allow users to easily join a VLAN, transfer from one VLAN to another, and exit from a VLAN. IP subnet-based VLAN assignment applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, when a PC configured with multiple IP addresses needs to access servers on different network segments or when a switch adds PCs to other VLANs when the PCs' IP addresses change.
A switch that has IP subnet-based VLAN assignment enabled processes only untagged frames, and treats tagged frames in the same manner as interface-based VLAN assignment.
After receiving untagged frames from an interface, the switch determines the VLANs that the frames belong to using the source IP addresses or network segments, and then transmits the frames to the specified VLANs.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
vlan vlan-id
A VLAN is created and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in a batch, and then run the vlan vlan-id command to enter the view of a specified VLAN.
If a device is configured with multiple VLANs, configuring names for these VLANs is recommended:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
The vlan configuration command completes vLAN configurations when the VLAN is not created.
- Run:
ip-subnet-vlan [ ip-subnet-index ] ip ip-address { mask | mask-length } [ priority priority ]
An IP subnet is associated with a VLAN.
ip-subnet-index specifies the index of an IP subnet. The index of an IP subnet can be configured manually or automatically generated by the system according to the sequence in which IP subnets were associated with a VLAN.
ip-address specifies the source IP address or network segment associated with a VLAN. The value is in dotted decimal notation.
priority specifies the 802.1p priority of a VLAN associated with an IP address or a network segment. The value ranges from 0 to 7. A larger value indicates a higher priority. The default value is 0. After the 802.1p priority of a VLAN associated with an IP address or a network segment is specified, the switch forwards high-priority frames first during network congestion.
- The switch supports a maximum of 256 network segments and each VLAN supports a maximum of 12 network segments.
- Run:
quitReturn to the system view.
- Configure attributes for the Ethernet interface.
Run:
interface interface-type interface-number
The view of the Ethernet interface to be added to the VLAN is displayed.
Run:
port link-type hybrid
The interface is configured as the hybrid interface.
On access and trunk interfaces, IP subnet-based VLAN assignment can be used only when the IP subnet-based VLAN is the same as the PVID. It is recommended that IP subnet-based VLAN assignment be configured on hybrid interfaces.
- port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The hybrid interface is configured to allow the IP subnet-based VLAN.
- (Optional) Run:
vlan precedence ip-subnet-vlan
The device is configured to preferentially use IP subnet-based VLAN assignment.
By default, the device preferentially uses MAC address-based VLAN assignment.
The vlan precedence command is not supported on the X series cards.
- Run:
ip-subnet-vlan enableIP subnet-based VLAN assignment is enabled.
By default, IP subnet-based VLAN assignment is disabled.
IP subnet-based VLAN assignment is invalid for packets with the VLAN ID of 0 on the X series cards.
