No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VLAN Based on Ports

Configuring a VLAN Based on Ports

Configuring a VLAN based on ports allows PCs in the VLAN to communicate with each other.

Applicable Environment

A company has multiple departments located in different buildings. For service security, it is required that employees in one department be able to communicate with each other, whereas employees in different departments be prohibited from communicating with each other. Devices on the network shown in Figure 8-5 are configured as follows:
  • Add ports connecting devices to PCs of the financial department to VLAN 5 and ports connecting devices to PCs of the marketing department to VLAN 9. This configuration prevents employees in financial and marketing departments from communicating with each other.
  • Configure links between CE and PE as trunk links to allow frames from VLAN 5 and VLAN 9 to pass through, allowing employees of the same department but different buildings to communicate with each other.

By configuring port-based VLANs on the PE, CE1, and CE2, employees in the same department can communicate with each other, whereas employees in different departments cannot.

Figure 8-5 Networking diagram for configuring a VLAN based on ports

Pre-configuration Tasks

Before configuring a VLAN based on ports, complete the following task:

  • Connecting ports and configuring physical parameters of the ports, ensuring that the ports are physically Up

Configuration Procedures

Figure 8-6 Procedure of configuring a VLAN based on ports

Creating a VLAN

Creating a VLAN isolates PCs that do not need to communicate with each other. This improves network security, reduces broadcast traffic, and prevents broadcast storms.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vlan vlan-id

    A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.

    The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, you can run the vlan batch command to create VLANs in batches, and then run the vlan vlan-id command to enter the view of a specified VLAN.

    NOTE:

    If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:

    Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.

  3. Run commit

    The configuration is committed.

Configuring the Type of a Layer 2 Ethernet Port

On a Layer 2 switching device, some ports identify frames with VLAN tags, whereas the others do not. Configure ports types for Layer 2 Ethernet ports as needed.

Context

Table 8-2 lists Layer 2 Ethernet port types.

Table 8-2 Port types

Port Type

Method for Processing a Received Untagged Frame

Method for Processing a Received Tagged Frame

Method for Sending a Frame

Application

Access port

Accepts the frame and adds a tag with the default VLAN ID to the frame.

  • Accepts the frame if the VLAN ID carried in the frame is the same as the default VLAN ID.
  • Discards the frame if the VLAN ID carried in the frame is different from the default VLAN ID.

Removes the tag from the frame and sends the frame.

An access port connects a switch to a PC and can be added to only one VLAN.

Trunk port

Discards the frame.

  • Accepts the frame if the port permits the VLAN ID carried in the frame.
  • Discards the frame if the port denies the VLAN ID carried in the frame.
  • Directly sends the frame if the port permits the VLAN ID carried in the frame.
  • Discards the frame if the port denies the VLAN ID carried in the frame.

A trunk port can be added to multiple VLANs to send and receive frames for these VLANs. A trunk port connects a switch to another switch or to a router.

Hybrid port

  • If only the port default vlan command is run on a hybrid port, the hybrid port receives the frame and adds the default VLAN tag to the frame.
  • If only the port trunk allow-pass command is run on a hybrid port, the hybrid port discards the frame.
  • If both the port default vlan and port trunk allow-pass commands are run on a hybrid port, the hybrid port receives the frame and adds the VLAN tag with the default VLAN ID specified in the port default vlan command to the frame.
  • If only the port default vlan command is run on a hybrid port:
    • The hybrid port accepts the frame if the frame's VLAN ID is the same as the default VLAN ID of the port.
    • The hybrid port discards the frame if the frame's VLAN ID is different from the default VLAN ID of the port.
  • If only the port trunk allow-pass command is run on a hybrid port:
    • The hybrid port accepts the frame if the frame's VLAN ID is in the permitted range of VLAN IDs.
    • The hybrid port discards the frame if the frame's VLAN ID is not in the permitted range of VLAN IDs.
  • If both the port default vlan and port trunk allow-pass commands are run on a hybrid port:
    • The hybrid port accepts the frame if the frame's VLAN ID is in the permitted range of VLAN IDs or is the same as the default VLAN ID specified in the port default vlan command.
    • The hybrid port discards the frame if the frame's VLAN ID is not in the permitted range of VLAN IDs or is different from the default VLAN ID specified in the port default vlan command.
  • If only the port default vlan command is run on a hybrid port and the frame's VLAN ID is the same as the default VLAN ID, the hybrid port removes the VLAN tag and forwards the frame; otherwise, the hybrid port discards the frame.

  • If only the port trunk allow-pass command is run on a hybrid port:
    • The hybrid port forwards the frame if the frame's VLAN ID is in the permitted range of VLAN IDs.
    • The hybrid port discards the frame if the frame's VLAN ID is not in the permitted range of VLAN IDs.
  • If both the port default vlan and port trunk allow-pass commands are run on a hybrid port:
    • The hybrid port removes the VLAN tag and forwards the frame if the frame's VLAN ID is the same as the default VLAN ID of the port.
    • The hybrid port forwards the frame if the frame's VLAN ID is different from the default VLAN ID of the port but in the permitted range of VLAN IDs specified in the port trunk allow-pass; otherwise, the hybrid port discards the frame.
    NOTE:

    The hybrid port removes the VLAN tag and forwards the frame if the frame's VLAN ID is the same as the default VLAN ID configured using the port default vlan and the default VLAN ID is in the permitted range of VLAN IDs specified in the port trunk allow-pass command.

A hybrid port can be added to multiple VLANs to send and receive frames for these VLANs. A hybrid port can connect a switch to a PC or connect a network device to another network device.

QinQ port

QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds a tag to a single-tagged frame, and thus the number of VLANs can meet the requirement of a Metropolitan Area Network.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The view of a Layer 3 Ethernet interface to be added to a VLAN is displayed.

  3. Run portswitch

    The Layer 3 interface is switched to the Layer 2 mode.

    • If an interface is borrowing the IP address of an Ethernet, a GE, or an Eth-Trunk, the portswitch command cannot be run on the Ethernet, GE, or Eth-Trunk.
    • If the Ethernet, GE, or Eth-Trunk has any Layer 3 configuration, the portswitch command cannot be run on the interface. Before running the portswitch command on the interface, clear all Layer 3 configurations on the interface.
    NOTE:

    If many Layer 3 Ethernet interfaces need to be added to the VLAN, run the portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch the working mode of these Ethernet interfaces in batches.

  4. Run port link-type { access | dot1q-tunnel | hybrid | trunk }

    The port type is configured.

    NOTE:

    If you have specified a Dot1q-tunnel interface, run the port dot1q-tunneldiscard untag-frame command to enable this Dot1q-tunnel interface to discard incoming untagged packets to ensure network security.

  5. Run commit

    The configuration is committed.

Adding a Port to a VLAN

Adding a port to a VLAN associates the port with the VLAN.

Context

  • A port connecting a switch to a PC must be configured as an access or a hybrid port.

    The port trunk allow-pass vlan command is invalid on access ports.

  • A port connecting one switch to another must be configured as a trunk or hybrid port.

    The port default vlan command cannot be used on trunk ports.

Procedure

  • For access or QinQ ports:

    1. Run the port default vlan vlan-id command to add a port to a specified VLAN.

      To add ports to a VLAN in batches, run the port interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the VLAN view.

      NOTE:

      The input port format must be correct. The port number following to must be greater than the port number before to. If a group of ports are specified, ensure that these ports are of the same type and all specified ports exist.

      In one port command, a maximum of 10 groups of ports can be specified by using to.

    2. Run commit

      The configuration is committed.

  • For trunk ports:

    1. Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add the port to specified VLANs.

    2. Run commit

      The configuration is committed.

Verifying the Configuration of a Layer 2 Interface-based VLAN

After configuring a Layer 2 interface-based VLAN, verify the configuration.

Prerequisites

All functions of a Layer 2 interface-based VLAN have been configured.

Procedure

  • Run the display vlan command to check VLAN information.
  • Run the display port vlan command to check information about all interfaces belonging to the configured VLANs.
  • Run the display port vlan interface-type interface-number active command to check information about interfaces with specified types and numbers within the configured VLANs.

Example

Run the display vlan command. The command output shows how many VLANs have been configured successfully on the device and their specific types.

<HUAWEI> display vlan
The total number of vlans is : 7
VID  Type     Status  Property  MAC-LRN STAT    BC  MC  UC  Description
--------------------------------------------------------------------------------
1    common   enable  default   enable  disable FWD FWD FWD VLAN 0001
2    common   enable  default   enable  disable FWD FWD FWD VLAN 0002
3    common   enable  default   enable  disable FWD FWD FWD VLAN 0003
4    common   enable  default   enable  disable FWD FWD FWD VLAN 0004
5    common   enable  default   enable  disable FWD FWD FWD VLAN 0005
6    common   enable  default   enable  disable FWD FWD FWD VLAN 0006
7    common   enable  default   enable  disable FWD FWD FWD VLAN 0007
Run the display port vlan command. The command output shows information about all interfaces belonging to the configured VLANs.
<HUAWEI> display port vlan
Port                    Link Type    PVID  Trunk VLAN List
-------------------------------------------------------------------------------
Eth-Trunk1              hybrid       1     1-11                                 
Eth-Trunk2              hybrid       1     2-3                                  
GigabitEthernet0/3/1    hybrid       0     -                                    
Run the display port vlan interface-type interface-number active command. The command output shows information about interfaces with specified types and numbers within the configured VLANs.
<HUAWEI> display port vlan GigabitEthernet0/1/1 active
T=TAG U=UNTAG
Port                    Link Type    PVID        VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/1/1    hybrid       1           U:25                                 
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16523

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next