Example for Configuring MUX VLAN on an Access Device
Networking Requirements
All users on an enterprise network are allowed to access the enterprise server. The enterprise allows communication between certain employees while prohibiting communication between others.
As shown in Figure 7-3, MUX VLAN can be configured on the Switch connecting to user hosts. MUX VLAN meets the enterprise's requirements, conserves VLAN resources, and has fewer requirements on network maintenance.
Configuration Roadmap
The configuration roadmap is as follows:
Configure a principal VLAN.
Configure a group VLAN.
Configure a separate VLAN.
Add ports to the VLANs and enable the MUX VLAN feature.
Procedure
- Configure MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 2 3 4
# Configure a group VLAN and a separate VLAN.
[Switch] vlan 2 [Switch-vlan2] mux-vlan [Switch-vlan2] subordinate group 3 [Switch-vlan2] subordinate separate 4 [Switch-vlan2] quit
# Add ports to the VLANs and enable the MUX VLAN feature on the ports.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type access [Switch-GigabitEthernet1/0/1] port default vlan 2 [Switch-GigabitEthernet1/0/1] port mux-vlan enable vlan 2 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type access [Switch-GigabitEthernet1/0/2] port default vlan 3 [Switch-GigabitEthernet1/0/2] port mux-vlan enable vlan 3 [Switch-GigabitEthernet1/0/2] quit [Switch] interface gigabitethernet 1/0/3 [Switch-GigabitEthernet1/0/3] port link-type access [Switch-GigabitEthernet1/0/3] port default vlan 3 [Switch-GigabitEthernet1/0/3] port mux-vlan enable vlan 3 [Switch-GigabitEthernet1/0/3] quit [Switch] interface gigabitethernet 1/0/4 [Switch-GigabitEthernet1/0/4] port link-type access [Switch-GigabitEthernet1/0/4] port default vlan 4 [Switch-GigabitEthernet1/0/4] port mux-vlan enable vlan 4 [Switch-GigabitEthernet1/0/4] quit [Switch] interface gigabitethernet 1/0/5 [Switch-GigabitEthernet1/0/5] port link-type access [Switch-GigabitEthernet1/0/5] port default vlan 4 [Switch-GigabitEthernet1/0/5] port mux-vlan enable vlan 4 [Switch-GigabitEthernet1/0/5] quit
- Verify the configuration.
The server, HostB, HostC, HostD, and HostE are on the same subnet.
The server can communicate with HostB, HostC, HostD, and HostE at Layer 2.
HostB can communicate with HostC at Layer 2.
HostD cannot communicate with HostE at Layer 2.
HostB and HostC cannot communicate with HostD and HostE at Layer 2.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 2 to 4 # vlan 2 mux-vlan subordinate separate 4 subordinate group 3 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 port mux-vlan enable vlan 2 # interface GigabitEthernet1/0/2 port link-type access port default vlan 3 port mux-vlan enable vlan 3 # interface GigabitEthernet1/0/3 port link-type access port default vlan 3 port mux-vlan enable vlan 3 # interface GigabitEthernet1/0/4 port link-type access port default vlan 4 port mux-vlan enable vlan 4 # interface GigabitEthernet1/0/5 port link-type access port default vlan 4 port mux-vlan enable vlan 4 # return
Previous
