Example for Configuring Interface-based VLAN Assignment (Statically Configured Link Type)
Networking Requirements
As shown in Figure 4-24, multiple user terminals are connected to switches in an enterprise. Users who use the same service access the enterprise network using different devices.
To ensure the communication security and avoid broadcast storms, the enterprise wants to allow users who use the same service to communicate with each other and isolate users who use different services.
Configure interface-based VLAN assignments on the switch and add interfaces connected to terminals of users who use the same service to the same VLAN. Users in different VLANs communicate at Layer 2, and users in the same VLAN can communicate directly.
Procedure
- Create VLAN 2 and VLAN 3 on SwitchA, and
add interfaces connected to user terminals to different VLANs. The
configuration of SwitchB is similar to that of SwitchA, and is not
mentioned here.
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 2 3 [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type access [SwitchA-GigabitEthernet1/0/1] port default vlan 2 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type access [SwitchA-GigabitEthernet1/0/2] port default vlan 3 [SwitchA-GigabitEthernet1/0/2] quit
- Configure the type of the interface connected
to SwitchB on SwitchA and VLANs. The configuration of SwitchB is similar
to that of SwitchA, and is not mentioned here.
[SwitchA] interface gigabitethernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 3
- Verify the configuration.
Add User1 and User2 to the same IP address segment, for example, 192.168.100.0/24; add User3 and User4 to the same IP address segment, for example, 192.168.200.0/24.
Only User1's and User2's terminals can ping each other, and only User3's and User4's terminals can ping each other.
Configuration Files
SwitchA configuration file
# sysname SwitchA # vlan batch 2 to 3 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 port link-type access port default vlan 3 # interface GigabitEthernet1/0/3 port link-type trunk port trunk allow-pass vlan 2 to 3 # return
SwitchB configuration file
# sysname SwitchB # vlan batch 2 to 3 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 port link-type access port default vlan 3 # interface GigabitEthernet1/0/3 port link-type trunk port trunk allow-pass vlan 2 to 3 # return