No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Principles

Principles

This section describes principles of VLAN.

Basic Concepts of VLAN

VLAN frame format

A conventional Ethernet frame is encapsulated with the Length/Type field for an upper-layer protocol following the Destination address and Source address fields, as shown in Figure 7-20.

Figure 7-20  Conventional Ethernet frame format

IEEE 802.1Q is an Ethernet networking standard for a specified Ethernet frame format. It adds a 4-byte field between the Source address and the Length/Type fields of the original frame, as shown in Figure 7-21.

Figure 7-21  802.1Q frame format

Table 7-11 describes the fields contained in an 802.1Q tag.
Table 7-11  Fields contained in an 802.1Q tag
Field Length Name Description
TPID 2 bytes Tag Protocol Identifier (TPID), indicating the frame type. The value 0x8100 indicates an 802.1Q-tagged frame. If an 802.1Q-incapable device receives an 802.1Q frame, it will discard the frame.
PRI 3 bits Priority (PRI), indicating the frame priority. The value ranges from 0 to 7. The greater the value, the higher the priority. These values can be used to prioritize different classes of traffic to ensure that frames with high priorities are transmitted first when traffic is heavy.
CFI 1 bit Canonical Format Indicator (CFI), indicating whether the MAC address is in canonical format. If the value is 0, the MAC address is in the canonical format. CFI is used to ensure compatibility between Ethernet networks and Token Ring networks. It is always set to zero for Ethernet switches.
VID 12 bits VLAN ID (VID), indicating the VLAN to which the frame belongs. VLAN IDs range from 0 to 4095. The values 0 and 4095 are reserved, and therefore VLAN IDs range from 1 to 4094.
Each frame sent by an 802.1Q-capable switch carries a VLAN ID. In a VLAN, Ethernet frames are classified into the following types:
  • Tagged frames: frames with 4-byte 802.1Q tags.
  • Untagged frames: frames without 4-byte 802.1Q tags.
Link Types

As shown in Figure 7-22, there are the following types of VLAN links:

  • Access link: connects a host to a switch. Generally, a host does not know which VLAN it belongs to, and host hardware cannot distinguish frames with VLAN tags. Therefore, hosts send and receive only untagged frames.

  • Trunk link: connects a switch to another switch or to a router. Data of different VLANs are transmitted along a trunk link. The two ends of a trunk link must be able to distinguish frames with VLAN tags. Therefore, only tagged frames are transmitted along trunk links.

Figure 7-22  Link types

NOTE:
  • A host does not need to know the VLAN to which it belongs. It sends only untagged frames.
  • After receiving an untagged frame from a host, a switching device determines the VLAN to which the frame belongs. The determination is based on the configured VLAN assignment method such as port information, and then the switching device processes the frame accordingly.
  • If the frame needs to be forwarded to another switching device, the frame must be transparently transmitted along a trunk link. Frames transmitted along trunk links must carry VLAN tags to allow other switching devices to properly forward the frame based on the VLAN information.
  • Before sending the frame to the destination host, the switching device connected to the destination host removes the VLAN tag from the frame to ensure that the host receives an untagged frame.

Generally, only tagged frames are transmitted on trunk links; only untagged frames are transmitted on access links. In this manner, switching devices on the network can properly process VLAN information and hosts are not concerned about VLAN information.

Port Types

After the 802.1Q defines VLAN frames, some ports on the device can identify VLAN frames, while others cannot. According to whether VLAN frames can be identified, ports can be classified into three types:

  • Access port

    As shown in Figure 7-22, the access port on a switch connects to the port on a host. The access port can only connect to an access link. Only the VLAN whose ID is the same as the default VLAN ID is allowed on the access port. Ethernet frames sent from the access port are untagged frames.

  • Trunk port

    As shown in Figure 7-22, a trunk port on a switch connects to another switch. It can only connect to a trunk link. Multiple tagged VLAN frames are allowed on the trunk port.

  • Hybrid port

    As shown in Figure 7-23, a hybrid port on a switch can connect either to a host or to another switch. A hybrid port can connect either to an access link or to a trunk link. The hybrid port allows multiple VLAN frames and removes tags from some VLAN frames on the outbound port.

    Figure 7-23  Port types

Default VLAN

Each port can be configured with a default VLAN with a port default VLAN ID (PVID). The meaning of the default VLAN varies according to the port type.

For details on different PVIDs and methods of processing Ethernet frames, see Frame processing based on the port type.

VLAN Assignment

VLAN assignment can be based on interface numbers, and VLAN frames are processed depending on the interface type.

The network administrator configures a port default VLAN ID (PVID), that is, the default VLAN ID, for each port on the switching device. That is, a port belongs to a VLAN by default.
  • When a data frame reaches a port, it is marked with the PVID if the data frame carries no VLAN tag and the port is configured with a PVID.
  • If the data frame carries a VLAN tag, the switching device will not add a VLAN tag to the data frame even if the port is configured with a PVID.

Principle of VLAN Communication

Basic Principle of VLAN Communication

To improve the efficiency in processing frames, frames within a switch all carry VLAN tags for uniform processing. When a data frame reaches a port of the switch, if the frame carries no VLAN tag and the port is configured with a PVID, the frame is marked with the port's PVID. If the frame has a VLAN tag, the switch will not mark a VLAN tag for the frame regardless of whether the port is configured with a PVID.

The switch processes frames differently according to the type of port receiving the frames. The following describes the frame processing according to the port type.

Table 7-12  Frame processing based on the port type

Port Type

Untagged Frame Processing

Tagged Frame Processing

Frame Transmission

Access port

Accepts an untagged frame and adds a tag with the default VLAN ID to the frame.

  • Accepts the tagged frame if the frame's VLAN ID matches the default VLAN ID.
  • Discards the tagged frame if the frame's VLAN ID differs from the default VLAN ID.

After the PVID tag is stripped, the frame is transmitted.

Trunk port

  • Adds a tag with the default VLAN ID to the untagged frame and then transmits it if the default VLAN ID is permitted by the port

  • Adds a tag with the default VLAN ID to the untagged frame and then discards it if the default VLAN ID is denied by the port.
  • Accepts the tagged frame if the frame's VLAN ID is permitted by the port.
  • Discards the tagged frame if the frame's VLAN ID is denied by the port.
  • If the frame's VLAN ID matches the default VLAN ID and the VLAN ID is permitted by the port, the switch removes the tag and transmits the frame.
  • If the frame's VLAN ID differs from the default VLAN ID, but the VLAN ID is still permitted by the port, the switch will directly transmit the frame.

Hybrid port

  • Adds a tag with the default VLAN ID to an untagged frame and accepts the frame if the port permits the default VLAN ID.

  • Adds a tag with the default VLAN ID to an untagged frame and discards the frame if the port denies the default VLAN ID.
  • Accepts a tagged frame if the VLAN ID carried in the frame is permitted by the port.
  • Discards a tagged frame if the VLAN ID carried in the frame is denied by the port.

If the frame's VLAN ID is permitted by the port, the frame is transmitted. The port can be configured whether to transmit frames with tags.

NOTE:

Because all interfaces join VLAN 1 by default, broadcast storms may occur if unknown unicast, multicast, or broadcast packets exist in VLAN 1. To prevent loops, delete interfaces that do not need to be added to VLAN 1 from VLAN 1.

Intra-VLAN Communication

Sometimes VLAN hosts are connected to different switches, in which case the VLAN spans multiple switches. Since ports between these switches must recognize and send packets belonging to the VLAN, the trunk link technology becomes helpful in simplifying this solution.

The trunk link plays the following two roles:

  • Trunk line

    The trunk link transparently transmits VLAN packets between switches.

  • Backbone line

    The trunk link transmits packets belonging to multiple VLANs.

Figure 7-24  Trunk link communication

As shown in Figure 7-24, the trunk link between DeviceA and DeviceB must both support the intra-communication of VLAN 2 and the intra-communication of VLAN 3. Therefore, the ports at both ends of the trunk link must be configured to belong to both VLANs. That is, Port2 on DeviceA and Port1 on DeviceB must belong to both VLAN 2 and VLAN 3.

Host A sends a frame to Host B in the following process:

  1. The frame is first sent to Port4 on DeviceA.
  2. A tag is added to the frame on Port4. The VID field of the tag is set to 2, that is, the ID of the VLAN to which Port4 belongs.
  3. DeviceA queries its MAC address table for the MAC forwarding entry with the destination MAC address of Host B.
    • If this entry exists, DeviceA sends the frame to the outbound interface Port2.
    • If this entry does not exist, DeviceA sends the frame to all interfaces bound to VLAN 2 except for Port4.
  4. Port2 sends the frame to DeviceB.
  5. After receiving the frame, DeviceB queries its MAC address table for the MAC forwarding entry with the destination MAC address of Host B.
    • If this entry exists, DeviceB sends the frame to the outbound interface Port3.
    • If this entry does not exist, DeviceB sends the frame to all interfaces bound to VLAN 2 except for Port1.
  6. Port3 sends the frame to Host B.
Inter-VLAN Communication

After VLANs are configured, hosts in different VLANs cannot directly communicate with each other. To implement communication between VLANs, use either of the following methods:

  • VLANIF interface

    Layer 3 switching combines routing and switching techniques to implement routing on a switch, improving the overall performance of the network. After sending the first data flow, a Layer 3 switch generates a mapping table on which it records the mapping between the MAC address and the IP address for the data flow. If the switch needs to send the same data flow again, it directly sends the data flow at Layer 2 based on the mapping table. In this manner, network delays caused by route selection are eliminated, and data forwarding efficiency is improved.

    In order for new data flows to be correctly forwarded, the routing table must have the correct routing entries. Therefore, VLANIF interfaces are used to configure routing protocols on Layer 3 switches to reach Layer 3 routes.

    A VLANIF interface is a Layer 3 logical interface, which can be configured on either a Layer 3 switch or a router.

    As shown in Figure 7-25, hosts connected to the switch are assigned to VLAN 2 and VLAN 3. To implement inter-VLAN communication, configure as follows:

    • Create two VLANIF interfaces on the device, and configure IP addresses for them.

    • Set the default gateway address to the IP address of the VLANIF interface mapping the VLAN to which the user host belongs.

    Figure 7-25  Inter-VLAN communication through VLANIF interfaces

    Host A communicates with host C as follows:

    1. Host A checks the IP address of host C and determines that host C is in another subnet.
    2. Host A sends an ARP request packet to Device to request Device's MAC address.
    3. After receiving the ARP request packet, Device returns an ARP reply packet in which the source MAC address is the MAC address of VLANIF2.
    4. Host A obtains Device's MAC address.
    5. Host A sends a packet whose destination MAC address is the MAC address of the VLANIF interface and destination IP address is host C's IP address to Device.
    6. After receiving the packet, Device forwards the packet and detects that the route to host C is a direct route. The packet is forwarded by VLANIF3.
    7. Functioning as the gateway of hosts in VLAN3, Device broadcasts an ARP packet requesting host C's MAC address.
    8. After receiving the packet, host C returns an ARP reply packet.
    9. After receiving the reply packet, DeviceA sends the packet from host A to host C. All packets sent from host A to host C are sent to Device first to implement Layer 3 forwarding.

VLAN Damping

Assume that a specific VLAN has been configured with a VLANIF interface. When the VLAN goes Down after all interfaces in the VLAN goes Down, the VLAN reports the Down event to the VLANIF interface. The status of the VLANIF interface changes. To avoid network flapping due to the status change of the VLANIF interface, you can enable VLAN damping on the VLANIF interface and set a delay after which the VLANIF interface goes Down.

With VLAN damping enabled, when the last Up interface in the VLAN goes Down, the Down event will be reported to the VLANIF interface after a delay (the delay can be set as required). If an interface in the VLAN goes Up during the delay, the status of the VLANIF interface keeps unchanged. That is, the VLAN damping function postpones the time at which the VLAN reports a Down event to the VLANIF interface, avoiding unnecessary route flapping.

VLAN Management

To use a network management system to manage multiple devices, create a VLANIF interface on each device and configure a management IP address for the VLANIF interface. You can then log in to a device and manage it using its management IP address. If a user-side interface is added to the VLAN, users connected to the interface can also log in to the device. This brings security risks to the device.

After a VLAN is configured as a management VLAN, no access interface or dot1q-tunnel interface can be added to the VLAN. An access interface or a dot1q-tunnel interface is connected to users. The management VLAN forbids users connected to access and dot1q-tunnel interfaces to log in to the device, improving device performance.

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 119121

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next