Licensing Requirements and Limitations for VLANs

Involved Network Elements

Other network elements are not required.

Licensing Requirements

VLAN is a basic function of the switch, and as such is controlled by the license for basic software functions. The license for basic software functions has been loaded and activated before delivery. You do not need to manually activate it.

Version Requirements

For details about the mapping between software versions and switch models, see the Hardware Query Tool.

Software version evolution: V100R001C00 -> V100R002C00 -> V100R003C00 -> V100R003C10 -> V100R005C00 -> V100R005C10 -> V100R006C00 -> V200R001C00 -> V200R002C50 -> V200R003C00 -> V200R005C00 -> V200R005C10 -> V200R019C00 -> V200R019C10

Feature Dependencies and Limitations

• Plan service and management VLANs separately so that broadcast storms in service VLANs will not affect the management of switches.
• Specify the VLANs from which packets need to be transparently transmitted by a trunk interface. You are advised not to run the port trunk allow-pass vlan all command to configure a trunk interface to transparently transmit packets of all VLANs.
• VLAN 1 is a built-in VLAN of the system, does not need to be created, and cannot be deleted. Do not configure VLAN 1 as a management VLAN or super-VLAN. To prevent broadcast storms on a backbone device, cancel adding interfaces to VLAN 1.
• MAC address-based VLAN assignment cannot be used with port security or MAC address learning limit.
• On the CE-L48XS-FDA, CE-L48XS-FD, CE-L48XS-FG, CE-L48XS-FD1, CE-L24LQ-FD, CE-L36LQ-FD, CE-L12CQ-FD, CE-L36CQ-FG, CE-L36CQ-FD1, CE-L36CQ-SD, CE-L16CQ-FD, CE-L08CF-FG1, and CE-L36CQ-FD, a few packets will be lost after the mac-vlan enable or undo mac-vlan enable command is executed when MAC address-based VLAN assignment is configured. Exercise caution when performing this operation.

• PVID of an interface must be the same as an IP subnet-based VLAN ID when the IP subnet-based VLAN is used for Layer 3 forwarding.

• When an interface has a PVID configured and the encapsulation untag command is executed to configure a Layer 2 sub-interface to accept untagged packets, untagged packets are forwarded to the VXLAN through the Layer 2 sub-interface if the Layer 2 sub-interface is Up. If the Layer 2 sub-interface is Down, untagged packets are forwarded based on the PVID.

• When a hybrid interface has a PVID and the port hybrid tagged vlan command configured, the BPDUs sent by the interface carry the PVID when the interface is running protocols such as STP, LACP, LLDP, GVRP, HGMP, and 802.3AH. As a result, the interface cannot be interconnected with the peer end. To prevent this problem, configure the interface to work in untagged mode when the interface is running these protocols.

• The outer VLAN ID encapsulated for a QinQ Layer 2 sub-interface cannot be the same as the default VLAN ID and allowed VLAN ID of the corresponding Layer 2 main interface.

• VLANs, VXLANs, carrier VLANs, Eth-Trunk interfaces whose card interoperability mode is enhanced mode, and main interfaces share system resources. If system resources are insufficient, the configurations of these features may fail.

• Multicast resources are shared by multiple services including VLAN, MAC, Eth-Trunk, M-LAG, Layer 2 protocol transparent transmission, Layer 3 physical interface, and multicast. If multicast resources in the system are insufficient for any of these services you are configuring, the system will display a configuration failure message. To solve this problem, you can delete some unnecessary service configuration, for example, delete unused VLANs.

• Reserved VLANs
  • Reserved VLANs conflict with common VLANs, so reserved VLANs cannot be used as common VLANs.
  • Created reserved VLANs take effect only after the switch restarts, so the VLANs that are being used cannot be configured as reserved VLANs.
  • Reserved VLANs for Layer 3 main interfaces on the CE12800E that has FD-X series cards installed:

    • These reserved VLANs take effect without requiring the restart of the switch. You can configure a maximum of eight reserved VLAN ranges for Layer 3 main interfaces. The reserved VLAN ranges of different main interfaces cannot overlap.

    • When you run the undo vlan reserved for main-interface startvlanid to endvlanid command to cancel a specific reserved VLAN range, the entire reserved VLAN range will be canceled. If a main interface has been added to a reserved VLAN in the range, the undo vlan reserved for main-interface command cannot be executed.

    • The reserved VLANs of main interfaces cannot be included in the Layer 2 reserved VLAN range configured using the vlan reserved command.

    • If the dynamic VLAN to be learned through GVRP is within the reserved VLAN range of main interfaces, the dynamic VLAN cannot be learned.
• VLAN aggregation
  • Physical interfaces cannot be added to a VLAN that configured as a super-VLAN.
  • A VLAN can be added to only one super-VLAN.
  • A super-VLAN must be different from its sub-VLANs.
  • An IP address must be assigned to the VLANIF interface for a super-VLAN. Otherwise, proxy ARP does not take effect.
• MUX VLAN

  • The interface that has the MUX VLAN function enabled cannot be added to VLANs in the same MUX VLAN.
  • An access interface can be added to only one MUX VLAN. A trunk or hybrid interface can be added to a maximum of 32 MUX VLANs.
  • Disabling MAC address learning or limiting the number of learned MAC addresses on an interface that has the MUX VLAN function enabled will affect the MUX VLAN function.
  • All member VLANs in a MUX VLAN must belong to the same STP instance; otherwise, traffic forwarding may fail or loops may occur. The VLANs in QinQ and VLAN mapping must also belong to the same STP instance.
  • The VLAN ID assigned to a principal VLAN cannot be used to configure VLAN mapping, VLAN stacking, super-VLAN, or sub-VLAN.
  • The VLAN ID assigned to a group VLAN or separate VLAN cannot be used to configure a VLANIF interface, VLAN mapping, VLAN stacking, super-VLAN, or sub-VLAN.
  • The MUX VLAN function conflicts with port security and VLAN ID-based selective QinQ and cannot be configured together with these features.
  • MUX VLAN cannot be configured together with VBST.
  • In MUX VLAN cascading scenarios, a VLANIF interface can be created for a principal VLAN, but this VLANIF interface cannot forward traffic from sub-VLANs at Layer 3.

• VLAN traffic statistics collection

  On the CE12800 series switches:

  • Traffic statistics collection does not take effect in a MUX VLAN.

  • Traffic statistics collection in a VLAN and traffic statistics collection on a Layer 2 sub-interface are mutually exclusive.

  • Traffic statistics are accumulative and cannot be automatically cleared by the system. To clear traffic statistics in a VLAN, run the reset vlan statistics command in the VLAN.

  • The traffic statistics function occupies system resources. If system resources are insufficient, configurations may fail. Disable this function when traffic statistics do not need to be collected.

  • On all switch models running versions earlier than V100R006C00, the following traffic statistics collection functions are listed in descending order of priority: Traffic statistics collection in a VLAN, MQC-based traffic statistics collection, and traffic statistics collection on a VLANIF interface. When the three functions are all configured, only the traffic statistics collection function with a higher priority takes effect. The following table lists the traffic statistics collection functions in descending order of priority in V100R006C00 and later versions.

    Table 5-9 Priorities of traffic statistics collection functions

    Card	Priorities of Traffic Statistics Collection Functions
    CE12800E equipped with the ED-E, EG-E, or EGA-E series cards	Inbound and outbound directions: Traffic statistics collection in a VLAN > Traffic statistics collection on a VLANIF interface Traffic statistics collection based on 5-tuple information of IP packets and MQC-based traffic statistics collection are compatible with the two statistics collection functions.
    CE12800 series switches	In the inbound direction of the EA, EC, EC1, ED, EF, EG, and BA series cards: Traffic statistics collection based on 5-tuple information of IP packets > Traffic statistics collection in a VLAN > MQC-based traffic statistics collection > Traffic statistics collection on a VLANIF interface In the outbound direction of the EA, EC, EC1, ED, EF, EG, and BA series cards: Traffic statistics collection based on 5-tuple information of IP packets > MQC-based traffic statistics collection > Traffic statistics collection on a VLANIF interface On the FD, FDA, FD1, FG, FG1, and SD series cards: Traffic statistics collection based on 5-tuple information of IP packets > MQC-based traffic statistics collection > Traffic statistics collection on a VLANIF interface
    CE12800E equipped with FD-X series cards	Inbound direction: The four collection methods are compatible with each other. Outbound direction: Traffic statistics collection based on 5-tuple information of IP packets > Traffic statistics collection on a VLANIF interface; Traffic statistics collection based on 5-tuple information of IP packets > MQC-based traffic statistics collection Traffic statistics collection in a VLAN can be used together with traffic statistics collection based on 5-tuple information of IP packets, based on MQC, and on a VLANIF interface.

  • On the EA, EC, EC1, ED, EF, EG, and BA series cards of the CE12800, statistics on outgoing traffic do not include statistics on packets forwarded at Layer 3, except in the following situations:

    • Traffic statistics collection on a VLANIF interface is configured.
    • A traffic policy is bound to a traffic classifier defining IPv6 rules.
    • A traffic policy is bound to a traffic behavior defining traffic statistics collection.
    • A traffic policy is bound to a traffic behavior defining traffic policing.
  • On CE12800 switches equipped with the SD, FD (only the CE-L16CQ-FD), FD1, FG, and FG1 series cards, statistics on outgoing traffic do not include statistics on packets forwarded at Layer 3. In an inter-card scenario, when traffic enters a switch through the EA, EC, EC1, ED, EF, EG, or a BA series card and leaves the switch through the FD (except the CE-L16CQ-FD) and FDA series card, statistics on outgoing traffic do not include statistics on packets forwarded at Layer 3.

  • In versions earlier than V100R005C10, there is a slight difference in outgoing traffic statistics in a VLAN. The maximum difference of each packet is 16 bytes. This problem does not exist in V100R005C10 and later versions.

  • The outgoing traffic statistics in a VLAN bound to an EVN instance are inaccurate.

  • Since V200R001C00, if port mirroring is configured on an interface and the interface is added to a VLAN, traffic statistics on the interface will be twice the actual statistics during outgoing VLAN traffic statistics collection.

• VLANIF interface traffic statistics collection

  • After you run the undo statistics enable command to disable traffic statistics collection on a VLANIF interface, traffic statistics on the VLANIF interface will not be collected and the collected traffic statistics on the interface will be cleared. Statistics on IPv4 packets and IPv6 packets can be collected separately. You can run the undo statistics enable command to clear statistics of a specific packet type. For details, see the statistics enable (VLANIF interface view) command.
  • Enabling traffic statistics collection on a VLANIF interface may affect the forwarding performance. For example, some interfaces may fail to forward packets at line rate when all interfaces are configured to forward packets at line rate. Therefore, use this statistics collection function if required.
  • On the CE12800 series switches:

  • For the CE12800: The following services are in descending order of priority: M-LAG unidirectional isolation > MQC (traffic policing, traffic statistics collection, and packet filtering) > querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address > local VLAN mirroring > sFlow > NetStream > statistics collection on VLANIF interfaces or Layer 3 sub-interfaces. When the services are configured on an interface in the outbound direction, only the service with the highest priority takes effect. For example, when both packet filtering and statistics collection on VLANIF interfaces are configured on a VLANIF interface, only packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply to all interfaces in V100R005C10 and earlier versions and only to Layer 2 sub-interfaces and Layer 3 sub-interfaces in V100R006C00 and later versions. For details about the priorities between MQC-based traffic statistics collection and traffic statistics collection on a VLANIF interface or a Layer 3 sub-interface, see Licensing Requirements and Limitations for Traffic Statistics Collection.

  • The following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics collection, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and VLANIF interface statistics collection. When the services are configured on an interface in the outbound direction, only the service with the highest priority takes effect. For example, when both packet filtering and VLANIF interface statistics collection are configured on a VLANIF interface, packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply only to Layer 2 sub-interfaces and Layer 3 sub-interfaces. For details about the priorities between MQC-based traffic statistics collection and traffic statistics collection on a VLANIF interface, see Licensing Requirements and Limitations for Traffic Statistics Collection.