S1720, S2700, S5700, and S6720 V200R011C10 Command Reference
This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
MUX VLAN Configuration Commands
display mux-vlan
Usage Guidelines
Usage Scenario
After configuring the MUX VLAN function, you can use the display mux-vlan command to verify the configuration. This command displays the principal VLAN ID, subordinate VLAN ID, VLAN type, and interfaces in each VLAN.
Precautions
If no MUX VLAN is configured by using the mux-vlan command, the display mux-vlan command does not display any information.
Example
# Display the MUX VLAN configuration.
<HUAWEI> display mux-vlan Principal Subordinate Type Interface ----------------------------------------------------------------------------- 100 - principal 100 120 separate GigabitEthernet0/0/1 100 130 group GigabitEthernet0/0/2 100 140 group GigabitEthernet0/0/3 -----------------------------------------------------------------------------
Item |
Description |
|---|---|
Principal |
ID of a principal VLAN. To specify the parameter, run the mux-vlan command. |
Subordinate |
ID of a subordinate VLAN To specify the parameter, run the subordinate group, or subordinate separate command. |
Type |
Type of a VLAN.
|
Interface |
Interfaces in a VLAN. |
mux-vlan
Function
The mux-vlan command configures a VLAN as a principal VLAN.
The undo mux-vlan command cancels the configuration.
By default, no VLAN is configured as a principal VLAN.
Usage Guidelines
Usage Scenario
All employees and customers of an enterprise can access servers on the enterprise network. The enterprise allows employees to communicate but expects to isolate customers from one another. To meet this requirement, the enterprise can add the servers to a VLAN, add employees to another VLAN, and add each customer to a different VLAN. This wastes VLAN IDs and increases workload on VLAN configuration.
The MUX VLAN function is introduced to solve this problem. The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves the following VLANs:
- Principal VLAN: allows member interfaces to communicate with each other and with interfaces in subordinate VLANs.
- Subordinate VLAN
- Subordinate separate VLAN: allows member interfaces to communicate with only interfaces in the principal VLAN. An interface in a subordinate separate VLAN cannot communicate with interfaces in the same VLAN or other subordinate VLANs.
- Subordinate group VLAN: allows member interfaces to communicate with interfaces in the same VLAN and interfaces in the principal VLAN. An interface in a subordinate group VLAN cannot communicate with interfaces in other subordinate VLANs.
According to features of the preceding VLANs, the enterprise can add the servers to the principal VLAN, add employees to a subordinate group VLAN, and add customers to a subordinate separate VLAN. Customers are then allowed to access the servers but isolated from one another. This saves VLAN IDs on the enterprise network and facilitates network management.
Prerequisites
The VLAN to be configured as a principal VLAN is not a super-VLAN, a sub-VLAN, or a subordinate VLAN.
Follow-up Procedure
Configure subordinate VLANs for the principal VLAN and enable the MUX VLAN function on interfaces.
Precautions
The VLAN ID assigned to a principal VLAN cannot be used to configure the super-VLAN or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.
If a VLAN has been configured as a principal VLAN, it cannot be configured as a subordinate VLAN of another principal VLAN.
port mux-vlan enable
Function
The port mux-vlan enable command enables the MUX VLAN function on an interface.
The undo port mux-vlan enable command disables the MUX VLAN function on an interface.
By default, the MUX VLAN function is disabled on an interface.
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan vlan-id | Enables MUX VLAN for a specified VLAN. If an interface is added to multiple VLANs, specify vlan-id in the command. |
The value is an integer ranging from 1 to 4094. |
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, MultiGE interface view, VE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
Usage Scenario
The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves a MUX VLAN and several subordinate VLANs. Subordinate VLANs are classified into subordinate group VLANs and subordinate separate VLANs. Subordinate VLANs can communicate with the principal VLAN but cannot communicate with each other. Interfaces in a subordinate group VLAN can communicate with each other, and interfaces in a subordinate separate VLAN are isolated from each other.
The MUX VLAN function takes effect only after it is enabled on an interface.
Prerequisites
The interface has been added to a principal or subordinate VLAN as an access, hybrid, or trunk interface.
The interface can allow multiple common VLANs, but can join only one MUX VLAN.
Precautions
Disabling MAC address learning or limiting the number of learned MAC addresses on an interface affects the MUX VLAN function on the interface.
The MUX VLAN and port security functions conflict on an interface. That is, the port-security enable and port mux-vlan enable vlan vlan-id commands cannot be used on the same interface.
- The MUX VLAN and MAC address authentication conflict on an interface; therefore, the port mux-vlan enable vlan vlan-id and mac-authen command cannot be used on the same interface.
- The MUX VLAN and 802.1x authentication conflict on an interface; therefore, the port mux-vlan enable vlan vlan-id and dot1x enable command cannot be used on the same interface.
You cannot create a VLANIF interface for a subordinate group VLAN or separate VLAN. However, you can create a VLANIF interface for a principal VLAN on the device excluding the S1720GFR, S2750EI, S5700LI, S5700S-28P-LI-AC, S5700S-28P-PWR-LI-AC, and S5700S-52P-LI-AC.
The port mux-vlan enable command is not supported on a negotiation-auto or negotiation-desirable port.
When the interface is enabled with MUX VLAN and configured with the PVID using the port trunk pvid vlan command, do not configure the PVID as the ID of the principal VLAN or subordinate VLAN of the MUX VLAN. For example, VLAN 10 is the principal VLAN, VLAN 11 is a subordinate group VLAN, and VLAN 12 is a subordinate separate VLAN. After the port mux-vlan enable vlan 10 command is used on the interface to enable MUX VLAN, do not run the port trunk pvid vlan command to set the PVID to VLAN 11 or VLAN 12.
subordinate group
Function
The subordinate group command configures subordinate group VLANs for a principal VLAN.
The undo subordinate group command removes subordinate group VLANs from a principal VLAN.
By default, a principal VLAN does not have any subordinate group VLAN.
Format
subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>
undo subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>
Parameters
Parameter |
Description |
Value |
|---|---|---|
vlan-id1 [ to vlan-id2 ] |
Specifies a range of VLAN IDs.
|
|
Usage Guidelines
Usage Scenario
All employees and customers of an enterprise can access servers on the enterprise network. The enterprise allows employees to communicate but expects to isolate customers from one another. To meet this requirement, the enterprise can add the servers to a VLAN, add employees to another VLAN, and add each customer to a different VLAN. This wastes VLAN IDs and increases workload on VLAN configuration.
The MUX VLAN function is introduced to solve this problem. The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves the following VLANs:
- Principal VLAN: allows member interfaces to communicate with each other and with interfaces in subordinate VLANs.
- Subordinate VLAN
- Subordinate separate VLAN: allows member interfaces to communicate with only interfaces in the principal VLAN. An interface in a subordinate separate VLAN cannot communicate with interfaces in the same VLAN or other subordinate VLANs.
- Subordinate group VLAN: allows member interfaces to communicate with interfaces in the same VLAN and interfaces in the principal VLAN. An interface in a subordinate group VLAN cannot communicate with interfaces in other subordinate VLANs.
According to features of the preceding VLANs, the enterprise can add the servers to the principal VLAN, add employees to a subordinate group VLAN, and add customers to a subordinate separate VLAN. Customers are then allowed to access the servers but isolated from one another. This saves VLAN IDs on the enterprise network and facilitates network management.
After interfaces using by employees are added to the subordinate group VLAN, employees can access servers of the enterprise and communicate with one another.
Prerequisites
The specified subordinate group VLANs are not super-VLANs and do not have any VLANIF interface.
Before configuring a VLAN as a subordinate group VLAN, run the undo subordinate group command to delete all its member interfaces.
Follow-up Procedure
Add interfaces to subordinate group VLANs and enable the MUX VLAN function on the interfaces.
Precautions
Before configuring a VLAN as a subordinate separate VLAN, ensure that the VLAN and its principal VLAN have been created. Otherwise, this command does not take effect even if it is executed successfully.
Subordinate VLANs must be different from the principal VLAN.
A VLAN cannot be configured as a subordinate group VLAN and a subordinate separate VLAN simultaneously.
If you run the subordinate group command multiple times in the same VLAN view, all the specified VLANs are configured as subordinate group VLANs. A maximum of 128 subordinate group VLANs can be configured in a primary VLAN.
When you configure a subordinate VLAN using the subordinate group, subordinate separate command or create a VLAN with an ID same as an existing subordinate VLAN, the device deletes existing dynamic MAC address entries and duplicated MUX MAC address entries of the principal VLAN of this subordinate VLAN.
The VLAN ID assigned to a group VLAN cannot be used to configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.
subordinate separate
Function
The subordinate separate command configures a subordinate separate VLAN for a principal VLAN.
The undo subordinate separate command removes the subordinate separate VLAN from a principal VLAN.
By default, a principal VLAN does not have any subordinate separate VLAN.
Usage Guidelines
Usage Scenario
All employees and customers of an enterprise can access servers on the enterprise network. The enterprise allows employees to communicate but expects to isolate customers from one another. To meet this requirement, the enterprise can add the servers to a VLAN, add employees to another VLAN, and add each customer to a different VLAN. This wastes VLAN IDs and increases workload on VLAN configuration.
The MUX VLAN function is introduced to solve this problem. The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves the following VLANs:
- Principal VLAN: allows member interfaces to communicate with each other and with interfaces in subordinate VLANs.
- Subordinate VLAN
- Subordinate separate VLAN: allows member interfaces to communicate with only interfaces in the principal VLAN. An interface in a subordinate separate VLAN cannot communicate with interfaces in the same VLAN or other subordinate VLANs.
- Subordinate group VLAN: allows member interfaces to communicate with interfaces in the same VLAN and interfaces in the principal VLAN. An interface in a subordinate group VLAN cannot communicate with interfaces in other subordinate VLANs.
According to features of the preceding VLANs, the enterprise can add the servers to the principal VLAN, add employees to a subordinate group VLAN, and add customers to a subordinate separate VLAN. Customers are then allowed to access the servers but isolated from one another. This saves VLAN IDs on the enterprise network and facilitates network management.
After interfaces using by customers are added to the subordinate separate VLAN, customers can neither communicate with each other nor access servers of the enterprise.
Prerequisites
The specified subordinate separate VLANs are not super-VLANs and do not have any VLANIF interface.
Before configuring a VLAN as a subordinate separate VLAN, run the undo subordinate separate command to delete all its member interfaces.
Follow-up Procedure
Add interfaces to the subordinate separate VLAN and enable the MUX VLAN function on the interfaces.
Precautions
Before configuring a VLAN as a subordinate separate VLAN, ensure that the VLAN and its principal VLAN have been created. Otherwise, this command does not take effect even if it is executed successfully.
Subordinate VLANs must be different from the principal VLAN.
A VLAN cannot be configured as a subordinate group VLAN and a subordinate separate VLAN simultaneously.
A principal VLAN can be configured with only one subordinate separate VLAN. Before configuring another VLAN as the subordinate separate VLAN, run the undo subordinate separate command to delete the previous one.
When you configure a subordinate VLAN using the subordinate group, subordinate separate command or create a VLAN with an ID same as an existing subordinate VLAN, the device deletes existing dynamic MAC address entries and duplicated MUX MAC address entries of the principal VLAN of this subordinate VLAN.
The VLAN ID assigned to a separate VLAN cannot be used to configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.