Example for Dividing a LAN into VLANs Based on Ports
It is easy to divide a LAN into VLANs based on ports. After ports are added to different VLANs, users in the same VLAN can directly communicate with each other, whereas users in different VLANs cannot directly communicate with each other.
Networking Requirements
It is required that on the network shown in Figure 8-16, employees in the same group be able to communicate with each other, whereas employees in different groups not communicate with each other.
Configuration Roadmap
The configuration roadmap is as follows:
- Create VLANs and determine mappings between employees and VLANs.
- Configure port types to determine the device connected to each port.
- Add the port connected to group 1 to VLAN 2 and the port connected to group 2 to VLAN 3 to prevent employees in group 1 from communicating with employees in group 2.
Data Preparation
To complete the configuration, you need the following data:
- Number of each port connecting CE to a PC
- ID of each VLAN
Procedure
- Create VLANs.
<HUAWEI> system-view [~HUAWEI] sysname CE [*HUAWEI] commit [~CE] vlan batch 2 3
- Configure port types.
[*CE] interface gigabitethernet 1/0/1 [*CE-GigabitEthernet1/0/1] portswitch [*CE-GigabitEthernet1/0/1] undo shutdown [*CE-GigabitEthernet1/0/1] port link-type access [*CE-GigabitEthernet1/0/1] quit [*CE] interface gigabitethernet 1/0/2 [*CE-GigabitEthernet1/0/2] portswitch [*CE-GigabitEthernet1/0/2] undo shutdown [*CE-GigabitEthernet1/0/2] port link-type access [*CE-GigabitEthernet1/0/2] quit [*CE] interface GigabitEthernet 1/0/3 [*CE-GigabitEthernet1/0/3] portswitch [*CE-GigabitEthernet1/0/3] undo shutdown [*CE-GigabitEthernet1/0/3] port link-type access [*CE-GigabitEthernet1/0/3] quit [*CE] interface GigabitEthernet 1/0/4 [*CE-GigabitEthernet1/0/4] portswitch [*CE-GigabitEthernet1/0/4] undo shutdown [*CE-GigabitEthernet1/0/4] port link-type access [*CE-GigabitEthernet1/0/4] quit
- Add ports to VLANs.
# Add GE 1/0/1 and GE 1/0/2 to VLAN 2.
[*CE] vlan 2 [*CE-vlan2] port gigabitethernet 1/0/1 to 1/0/2 [*CE-vlan2] quit
# Add GE 1/0/3 and GE 1/0/4 to VLAN 3.
[*CE] vlan 3 [*CE-vlan3] port gigabitethernet 1/0/3 to 1/0/4 [*CE-vlan3]quit [*CE] commit
- Verify the configuration.
After the configurations are complete, run the display vlan command to view the VLAN status.
[~CE] display vlan The total number of vlans is : 2 VID Type Status Property MAC-LRN STAT BC MC UC Description -------------------------------------------------------------------------------- 2 common enable default enable disable FWD FWD FWD VLAN 0002 3 common enable default enable disable FWD FWD FWD VLAN 0003Ping a PC in group 2 from a PC in group 1. The ping fails. PCs in the same group can ping each other successfully.
Configuration Files
# sysname CE # vlan batch 2 3 # interface GigabitEthernet1/0/1 portswitch undo shutdown port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 portswitch undo shutdown port link-type access port default vlan 2 # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type access port default vlan 3 # interface GigabitEthernet1/0/4 portswitch undo shutdown port link-type access port default vlan 3 # return
Previous
