No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Assigning VLANs Based on MAC Addresses

Example for Assigning VLANs Based on MAC Addresses

Networking Requirements

On a company network, the network administrator adds users in a department to the same VLAN. To improve information security, only users is this department are allowed to access the intranet.

In Figure 5-23, User1, User2, and User3 connect to the key department demanding high security. It is required that only the three users be allowed to access the intranet through Switch.

To improve information security of the key department, you can configure MAC address-based VLAN assignment and bind MAC addresses of User1, User2, and User3 to a VLAN.

Figure 5-23 Networking diagram for assigning VLANs based on MAC addresses

Configuration Roadmap

  1. Create VLANs and determine which VLAN the users of employees belong to.

  2. Add Ethernet interfaces to VLANs so that packets from the VLANs can pass through the interfaces.

  3. Associate MAC addresses of User1, User2, and User3 with the specified VLAN so that the VLAN of the packet can be determined based on the source MAC address.

Procedure

  1. Configure the Switch.

    # Create VLANs.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 10
    [*Switch] commit
    

    # Add interfaces to the VLANs. The configuration of 10GE1/0/3 and 10GE1/0/4 is the same as that of 10GE1/0/2.

    [~Switch] interface 10ge 1/0/1
    [~Switch-10GE1/0/1] port link-type hybrid
    [*Switch-10GE1/0/1] port hybrid tagged vlan 10
    [*Switch-10GE1/0/1] quit
    [*Switch] interface 10ge 1/0/2
    [*Switch-10GE1/0/2] port link-type hybrid
    [*Switch-10GE1/0/2] port hybrid untagged vlan 10
    [*Switch-10GE1/0/2] quit
    [*Switch] commit
    

    # Associate MAC addresses of User1, User2, and User3 with VLAN 10.

    [~Switch] vlan 10
    [~Switch-vlan10] mac-vlan mac-address 22-22-22
    [*Switch-vlan10] mac-vlan mac-address 33-33-33
    [*Switch-vlan10] mac-vlan mac-address 44-44-44
    [*Switch-vlan10] quit
    [*Switch] commit
    

    # Enable MAC address-based VLAN assignment on 10GE1/0/2. The configuration of 10GE1/0/3 and 10GE1/0/4 is the same as that of 10GE1/0/2.

    [~Switch] interface 10ge 1/0/2
    [~Switch-10GE1/0/2] mac-vlan enable
    [*Switch-10GE1/0/2] quit
    [*Switch] commit
    

  2. Verify the configuration.

    User1, User2, and User3 can access the intranet, whereas other users cannot access the intranet.

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10
#
vlan 10
 mac-vlan mac-address 0022-0022-0022
 mac-vlan mac-address 0033-0033-0033
 mac-vlan mac-address 0044-0044-0044
#
interface 10GE1/0/1
 port link-type hybrid
 port hybrid tagged vlan 10
#
interface 10GE1/0/2
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
interface 10GE1/0/3
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
interface 10GE1/0/4
 port link-type hybrid
 port hybrid untagged vlan 10
 mac-vlan enable
#
return
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 97657

Downloads: 276

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next