Example for Configuring the MUX VLAN on the Aggregation Device
Networking Requirements
Figure 5-29 shows a data center network where office servers ServerA, ServerB, ServerC, and ServerD are deployed. All servers can connect to the campus office network. The data center administrator requires that ServerA should communicate with ServerB and ServerC should be isolated from ServerD.
In Figure 5-29, Switch1 is located at the aggregation layer, the gateway is connected to downstream terminals, and Switch2 and Switch3 are access devices. You can configure MUX VLAN on Switch1 to Switch3. MUX VLAN meets enterprise requirements, saves VLAN IDs, and facilitates network maintenance.
The CE12800E that has the ED-E/EG-E/EGA-E series cards installed does not support this configuration.
Configuration Roadmap
Create VLAN 2 to VLAN 4 on Switch1 to Switch3, configure VLAN 2 as the principal VLAN, VLAN 3 as the subordinate group VLAN, and VLAN 4 as the subordinate separate VLAN.
Connect the gateway to Switch1 through 10GE1/0/1, create VLANIF 2 on the gateway, configure the IP address 10.10.10.1/24 as the gateway address of downstream servers.
Configure 10GE1/0/1 on Switch2 and Switch3 to allow packets from VLAN 2 to VLAN 4, enable MUX VLAN on the downlink interface, and add the downlink interface to the VLAN that servers belong to.
Procedure
- Configure MUX VLAN.
# Create VLAN 2 to VLAN 4 on Switch1, Switch2, and Switch3, and configure VLAN 2 as the principal VLAN, VLAN 3 as the subordinate group VLAN, and VLAN 4 as the subordinate separate VLAN. Switch1 is used as an example. The configurations of Switch2 and Switch3 are the same as that of Switch1.
<HUAWEI> system-view [~HUAWEI] sysname Switch1 [*HUAWEI] commit [~Switch1] vlan batch 2 3 4 [*Switch1] vlan 2 [*Switch1-vlan2] mux-vlan [*Switch1-vlan2] subordinate group 3 [*Switch1-vlan2] subordinate separate 4 [*Switch1-vlan2] quit [*Switch1] commit
# Add 10GE1/0/1 on Switch1 to VLAN 2 and enable MUX VLAN on it, and configure 10GE1/0/2 and 10GE1/0/3 to allow packets from VLAN 2 to VLAN 4.
[~Switch1] interface 10ge 1/0/1 [~Switch1-10GE1/0/1] port link-type trunk [*Switch1-10GE1/0/1] port trunk allow-pass vlan 2 [*Switch1-10GE1/0/1] port mux-vlan enable vlan 2 [*Switch1-10GE1/0/1] quit [*Switch1] interface 10ge 1/0/2 [*Switch1-10GE1/0/2] port link-type trunk [*Switch1-10GE1/0/2] port trunk allow-pass vlan 2 to 4 [*Switch1-10GE1/0/2] quit [*Switch1] interface 10ge 1/0/3 [*Switch1-10GE1/0/3] port link-type trunk [*Switch1-10GE1/0/3] port trunk allow-pass vlan 2 to 4 [*Switch1-10GE1/0/3] quit [*Switch1] commit
- Create VLANIF 2 on 10GE1/0/1 connecting the gateway to Switch1, and configure the IP address 10.10.10.1/24 as the gateway address of downstream servers.
<HUAWEI> system-view [~HUAWEI] sysname Gateway [*HUAWEI] commit [~Gateway] vlan batch 2 [*Gateway] interface 10ge 1/0/1 [*Gateway-10GE1/0/1] port link-type trunk [*Gateway-10GE1/0/1] port trunk allow-pass vlan 2 [*Gateway-10GE1/0/1] quit [*Gateway] interface vlanif 2 [*Gateway-Vlanif2] ip address 10.10.10.1 24 [*Gateway-Vlanif2] quit [*Gateway] commit
If the MUX VLAN contains multiple group VLANs and devices in group VLANs need to communicate, run the arp proxy intra-vlan enable command on the VLANIF interface of the gateway to configure intra-VLAN proxy ARP.
- Configure 10GE1/0/1 on Switch2 and Switch3 to allow packets from VLAN 2 to VLAN 4, enable MUX VLAN on 10GE1/0/2 and 10GE1/0/3, and add the downlink interfaces to the VLAN that servers belong to. Switch2 is used as an example. The configuration of Switch3 is the same as that of Switch2.
# Configure 10GE1/0/1 as a trunk interface and configure it to allow packets from VLAN 2 to VLAN 4.
[~Switch2] interface 10ge 1/0/1 [~Switch2-10GE1/0/1] port link-type trunk [*Switch2-10GE1/0/1] port trunk allow-pass vlan 2 to 4 [*Switch2-10GE1/0/1] quit [*Switch2] commit
# Enable MUX VLAN on 10GE1/0/2 and 10GE1/0/3, and add them to the VLAN to which servers belong.[~Switch2] interface 10ge 1/0/2 [~Switch2-10GE1/0/2] port default vlan 3 [*Switch2-10GE1/0/2] port mux-vlan enable vlan 3 [*Switch2-10GE1/0/2] quit [*Switch2] commit [~Switch2] interface 10ge 1/0/3 [~Switch2-10GE1/0/3] port default vlan 3 [*Switch2-10GE1/0/3] port mux-vlan enable vlan 3 [*Switch2-10GE1/0/3] quit [*Switch2] commit
- Configure IP addresses for servers.
Configure an IP address for each server to ensure that the IP addresses of servers are on the same network segment as the gateway address.
- Verify the configuration.
After the configuration is complete, each server can access the Internet, SwitchA and SwitchB can ping each other, SwitchC and SwitchD cannot ping each other, and SwitchA and SwitchB cannot ping SwitchC or SwitchD.
Configuration Files
- Gateway configuration file
# sysname Gateway # vlan batch 2 # interface Vlanif2 ip address 10.10.10.1 255.255.255.0 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 # return
- Switch1 configuration file
# sysname Switch1 # vlan batch 2 to 4 # vlan 2 mux-vlan subordinate separate 4 subordinate group 3 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 port mux-vlan enable vlan 2 # interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4 # interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4 # return
- Switch2 configuration file
# sysname Switch2 # vlan batch 2 to 4 # vlan 2 mux-vlan subordinate separate 4 subordinate group 3 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4 # interface 10GE1/0/2 port default vlan 3 port mux-vlan enable vlan 3 # interface 10GE1/0/3 port default vlan 3 port mux-vlan enable vlan 3 # return
- Switch3 configuration file
# sysname Switch3 # vlan batch 2 to 4 # vlan 2 mux-vlan subordinate separate 4 subordinate group 3 # interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4 # interface 10GE1/0/2 port default vlan 4 port mux-vlan enable vlan 4 # interface 10GE1/0/3 port default vlan 4 port mux-vlan enable vlan 4 # return