Example for Configuring Transparent Transmission of Protocol Packets in a VLAN
Networking Requirements
In Figure 5-30, a data center network has office servers ServerA and ServerB. ServerA and ServerB belong to VLAN 10 and obtain IP addresses through DHCP. SwitchB is a Layer 2 switching device and has DHCP snooping enabled to defend against DHCP-oriented attacks. In this case, protocol packets in all VLANs are sent to the CPU for processing, and the CPU needs to forward the packets to other devices. This affects the forwarding speed and efficiency of protocol packets. To address this issue, enable transparent transmission of protocol packets in VLAN 10 on SwitchB. After protocol packets from VLAN 10 reach SwitchB, SwitchB directly forwards the protocol packets without sending them to the CPU. This accelerates forwarding of protocol packets.
Configuration Roadmap
Allocate the downlink interfaces of SwitchA connected to office servers to VLAN 10.
Enable transparent transmission of protocol packets in a VLAN on SwitchB. When protocol packets from a specified VLAN reach SwitchB, SwitchB directly forwards the protocol packets without sending them to the CPU.
Procedure
- Add the downlink interfaces on SwitchA to VLAN 10 and configure the uplink interfaces to allow VLAN 10.
<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] vlan 10 [*SwitchA-vlan10] quit [*SwitchA] interface 10ge 1/0/1 [*SwitchA-10GE1/0/1] port default vlan 10 [*SwitchA-10GE1/0/1] quit [*SwitchA] interface 10ge 1/0/2 [*SwitchA-10GE1/0/2] port default vlan 10 [*SwitchA-10GE1/0/2] quit [*SwitchA] interface 10ge 1/0/3 [*SwitchA-10GE1/0/3] port link-type trunk [*SwitchA-10GE1/0/3] port trunk allow-pass vlan 10 [*SwitchA-10GE1/0/3] quit [*SwitchA] commit
- Enable transparent transmission of protocol packets in a VLAN on SwitchB.
<HUAWEI> system-view [~HUAWEI] sysname SwitchB [*HUAWEI] commit [~SwitchB] vlan 10 [*SwitchB-vlan10] quit [*SwitchB] interface 10ge 1/0/1 [*SwitchB-10GE1/0/1] port link-type trunk [*SwitchB-10GE1/0/1] port trunk allow-pass vlan 10 [*SwitchB-10GE1/0/1] quit [*SwitchB] interface 10ge 1/0/2 [*SwitchB-10GE1/0/2] port link-type trunk [*SwitchB-10GE1/0/2] port trunk allow-pass vlan 10 [*SwitchB-10GE1/0/2] quit [*SwitchB] vlan 10 [*SwitchB-vlan10] protocol-transparent [*SwitchB-vlan10] quit [*SwitchB] commit
- Verify the configuration.
Run the display this command in the view of VLAN 10 on SwitchB. You can see that transparent transmission of protocol packets is enabled in VLAN 10.
[~SwitchB] vlan 10 [~SwitchB-vlan10] display this # vlan 10 protocol-transparent # return
Configuration Files
Configuration file of SwitchA
# sysname SwitchA # vlan batch 10 # interface 10GE1/0/1 port default vlan 10 # interface 10GE1/0/2 port default vlan 10 # interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 10 # return
Configuration file of SwitchB
# sysname SwitchB # vlan batch 10 # vlan 10 protocol-transparent # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 10 # return