No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Policy-based VLAN Assignment

Configuring Policy-based VLAN Assignment

Context

Policy-based VLAN assignment allows plug-and-play of user terminals and provides secure data isolation for terminal users.

The switch provides policy-based VLAN assignment based on just MAC and IP addresses or based on both MAC and IP addresses and interfaces.

Policy-based VLAN assignment uses a policy to bind a terminal's MAC address and IP address, or its interface, to a specific VLAN. If the IP or MAC addresses of terminals added to a VLAN are changed, they will exit from the VLAN.

The switch that has policy-based VLAN assignment enabled processes only untagged frames, and treat tagged frames in the same manner as VLANs configured based on ports.

When receiving an untagged frame, the switch determines the VLAN according to the policy matching both MAC and IP addresses of the frame, and then transmits the frame in the VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vlan vlan-id

    A VLAN is created and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.

    The VLAN ID ranges from 1 to 4094. If VLANs need to be created in a batch, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command. Then run the vlan vlan-id command to enter the view of a specified VLAN.

    NOTE:

    If a device is configured with multiple VLANs, it is recommended to configure a name for each VLAN.

    To do so, run the name vlan-name command in the VLAN view. After a VLAN name is configured, run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.

    The vlan configuration command completes the VLAN configurations before the VLAN is created.

  3. Run policy-vlan mac-address mac-address ip ip-address [ interface interface-type interface-number ] [ priority priority ]

    Policy-based VLAN assignment is configured.

    If interface interface-type interface-number is not specified, MAC-IP binding policies are applied to all interfaces in a specified VLAN.

  4. Run quit

    Return to the system view.

  5. Configure attributes for the Ethernet interface.

    1. Run interface interface-type interface-number

      The view of the interface that allows the policy-based VLAN is displayed.

    2. Run port link-type hybrid

      The interface is configured as a hybrid interface.

    3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

      The hybrid interface is configured to allow the policy-based VLAN.

      On access and trunk interfaces, policy-based VLAN assignment can be used only when the policy-based VLAN is the same as the PVID. It is recommended that policy-based VLAN assignment be configured on hybrid interfaces.

    NOTE:

    Policy-based VLAN assignment is invalid for packets with the VLAN ID of 0.

    On the S1720GF, S1720GFR, S1720GW, S1720GW-E, S1720GWR, S1720GWR-E, S1720X, S1720X-E, S2720EI, S2750, S5700LI, S5700S-LI, S5710-X-LI, S5720I-SI, S5720LI, S5720S-LI, S5720S-SI, and S5720SI, when the ip error-packet-check disable command is used to disable IP packet check, IP subnet-based VLAN assignment and policy-based VLAN assignment do not take effect.

Verifying the Configuration

  • Run the display policy-vlan { all | vlan vlan-id } command in any view to check the configuration of policy-based VLAN assignment.
  • Run the display vlan command in any view to check information about VLANs.
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 155026

Downloads: 674

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next