No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VLAN

Configuring VLAN

This section describes the VLAN configuration.

Assigning a LAN to VLANs

VLANs can isolate the hosts that require no communication with each other, which improves network security, reduces broadcast traffic, and suppresses broadcast storms.

Context

Ports on a Layer 2 switching device can be bound to a specific VLAN. After a port is added to a VLAN, packets of the user that is connected to the port can only be forwarded within the VLAN, but not forwarded to another VLAN. This implementation ensures that broadcast packets are forwarded only within a single VLAN.

You must create VLANs, configure the port type, and associate ports with VLANs.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.

    The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in batches, and then run the vlan vlan-id command to enter the view of a specified VLAN.

    NOTE:

    If a device is configured with multiple VLANs, configuring names for these VLANs is recommended:

    Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.

  3. Run:

    quit

    The system view is displayed.

  4. Configure the port type and features.

    1. Run the interface interface-type interface-number command to enter the view of an Ethernet port to be added to the VLAN.

    2. Run the port link-type { access | hybrid | trunk } command to configure the port type.

      By default, the port type is Hybrid.

      • If an Ethernet port is directly connected to a terminal, set the port type to access or hybrid.

      • If an Ethernet port is connected to another access point, set the port type to trunk or hybrid.

  5. Add ports to the VLAN.

    Run either of the following commands as needed:

    • For access ports:

      Run the port default vlan vlan-id command to add a port to a specified VLAN.

      To add ports to a VLAN in batches, run the port interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the VLAN view.

    • For trunk ports:

      • Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add the port to specified VLANs.

      • (Optional) Run the port trunk pvid vlan vlan-id command to specify the default VLAN for a trunk interface.

    • For hybrid ports:

      • Run either of the following commands to add a port to VLANs in untagged or tagged mode:

        • Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add a port to VLANs in untagged mode.

          In untagged mode, a port removes tags from frames and then forwards the frames. This is applicable to scenarios in which Ethernet ports are connected to terminals.

        • Run the port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add a port to VLANs in tagged mode.

          In tagged mode, a port forwards frames without removing their tags. This is applicable to scenarios in which Ethernet ports are connected to access pointes.

      • (Optional) Run the port hybrid pvid vlan vlan-id command to specify the default VLAN of a hybrid interface.

      By default, all ports are added to VLAN 1.

Checking the Configuration
  • Run the display vlan [ vlan-id [ verbose ] ] command to view information about all VLANs or a specified VLAN.

Configuring VLANIF Interfaces for Inter-VLAN Communication

A VLANIF interface is a Layer 3 logical interface. After VLANIF interfaces are created on the device, communication between VLANs is allowed.

Context

After VLANs are configured, users in the same VLAN can communication with each other while users in different VLANs cannot. To implement inter-VLAN communication, configure VLANIF interfaces which are Layer 3 logical interfaces.

If a VLAN goes Down because all ports in the VLAN go Down, the system immediately reports the VLAN Down event to the corresponding VLANIF interface, instructing the VLANIF interface to go Down. To prevent network flapping caused by changes of VLANIF interface status, enable VLAN damping on the VLANIF interface. After the last Up port in a VLAN goes Down, the system starts a delay timer and informs the corresponding VLANIF interface of the VLAN Down event after the timer expires. If a port in the VLAN goes Up during the delay period, the VLANIF interface remains Up.

MTU is short for maximum transmission unit. An MTU value determines the maximum number of bytes each time a sender can send. If the size of packets exceeds the MTU supported by a transit node or a receiver, the transit node or receiver fragments the packets or even discards them, aggravating the network transmission load. To avoid this problem, set the MTU value of the VLANIF interface.

NOTE:

To implement communication between VLANs, hosts in each VLAN must use the IP address of the corresponding VLANIF interface as the gateway address.

Pre-configuration Tasks

Before creating a VLANIF interface, complete the following tasks:

  • Create a VLAN.

  • Associate the VLAN with the physical interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface vlanif vlan-id

    A VLANIF interface is created and the VLAIF interface view is displayed.

    The VLAN ID specified in this command must be the ID of an existing VLAN.

    A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.

  3. Run:

    ip address ip-address { mask | mask-length } [ sub ]

    An IP address is assigned to the VLANIF interface for communication at the network layer.

    If IP addresses assigned to VLANIF interfaces belong to different network segments, a routing protocol must be configured on the switch to provide reachable routes. Otherwise, VLANIF interfaces cannot communicate with each other at the network layer.

  4. (Optional) Run:

    damping time delay-time

    The delay period of VLAN damping is configured.

    The delay-time value ranges from 0 to 20, in seconds. By default, the delay is 0 second, indicating that VLAN damping is disabled.

  5. (Optional) Run:

    mtu mtu

    The MTU value of the VLANIF interface is configured.

    The mtu value ranges from 128 to 9216. By default, the value is 1500.

    NOTE:
    • After changing the maximum transmission unit (MTU) using the mtu command on a VLANIF interface, you need to restart the VLANIF interface to make the new MTU take effect. To restart the VLANIF interface, run the shutdown command and then the undo shutdown command, or run the restart command in the VLANIF interface view.

Checking the Configuration
  • Run the display interface vlanif [ vlan-id ] command to verify that the VLANIF interface and protocol are enabled and view the interface description and IP address.

Configuring an mVLAN to Implement Integrated Management

Management VLAN (mVLAN) configuration allows users to use the VLANIF interface of the mVLAN to log in to the management access point to manage devices in a centralized manner.

Context

To use a network management system to manage multiple devices, create a VLANIF interface on each device and configure a management IP address for the VLANIF interface. You can then log in to a device and manage it using its management IP address. If a user-side interface is added to the VLAN, users connected to the interface can also log in to the device. This brings security risks to the device.

After a VLAN is configured as a management VLAN, no access interface or dot1q-tunnel interface can be added to the VLAN. An access interface or a dot1q-tunnel interface is connected to users. The management VLAN forbids users connected to access and dot1q-tunnel interfaces to log in to the device, improving device performance.

Pre-configuration Tasks

Before creating a VLANIF interface, complete the following tasks:

  • Create a VLAN.

  • Associate the VLAN with the physical interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

    NOTE:

    If a device is configured with multiple VLANs, configuring names for these VLANs is recommended:

    Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.

  3. Run:

    management-vlan

    An mVLAN is configured.

    After an mVLAN is configured, an interface added to the mVLAN must be a trunk or hybrid interface.

    VLAN 1 cannot be configured as an mVLAN.

  4. Run:

    quit

    The VLAN view is quit.

  5. Run:

    interface vlanif vlan-id

    A VLANIF interface is created and the VLANIF interface view is displayed.

  6. Run:

    ip address ip-address { mask | mask-length } [ sub ]

    The IP address of the VLANIF interface is configured.

    After assigning an IP address to the VLANIF interface, you can run the stelnet command to log in to a management access point to manage attached devices.

Checking the Configuration
  • Run the display vlan command to check information about the mVLAN. The command output shows information about the mVLAN in the line started with an asterisk sign (*).

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 117431

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next