05 VLAN Configuration

Operation Manual – VLAN Quidway S8500 Series Routing Switches Table of Contents

Huawei Technologies Proprietary

i

Table of Contents

Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 VLAN Overview.................................................................................................................. 1-1 1.2 Configuring VLAN .............................................................................................................. 1-1

1.2.1 Creating/Deleting a VLAN....................................................................................... 1-2 1.2.2 Specifying a Description for a VLAN or VLAN interface ......................................... 1-2 1.2.3 Naming the Current VLAN ...................................................................................... 1-3 1.2.4 Shutting down/Bringing up a VLAN Interface.......................................................... 1-3 1.2.5 Configuring Port-Based VLAN ................................................................................ 1-3

1.3 Displaying and Maintaining VLAN ..................................................................................... 1-4 1.4 Overview of Protocol-Based VLAN and IP Subnet-Based VLAN...................................... 1-4

1.4.1 Brief Introduction ..................................................................................................... 1-4 1.5 Configuring Protocol-Based VLAN .................................................................................... 1-5

1.5.1 Configuration Task List ........................................................................................... 1-5 1.5.2 Configuring a Protocol VLAN .................................................................................. 1-5 1.5.3 Applying a Protocol-Based VLAN to a Port............................................................. 1-6

1.6 Displaying Protocol-Based VLAN Configuration................................................................ 1-6 1.7 Configuring an IP Subnet-Based VLAN............................................................................. 1-6

1.7.1 Configuration Task List ........................................................................................... 1-6 1.7.2 Configuring an IP Subnet-Based VLAN .................................................................. 1-7 1.7.3 Applying an IP Subnet-Based VLAN to a Port ........................................................ 1-7

1.8 Displaying and Maintaining IP Subnet-Based VLAN Configuration .................................. 1-8 1.9 VLAN Configuration Examples .......................................................................................... 1-8

1.9.1 VLAN Configuration Example ................................................................................. 1-8 1.9.2 Protocol-Based VLAN and IP Subnet-Based VLAN Configuration Example.......... 1-9

Chapter 2 Super VLAN Configuration ......................................................................................... 2-1 2.1 Super VLAN Overview....................................................................................................... 2-1 2.2 Configuring a Super VLAN ................................................................................................ 2-1 2.3 Super VLAN Configuration Example ................................................................................. 2-3

Chapter 3 Isolate-User-VLAN Configuration .............................................................................. 3-1 3.1 Isolate-User-VLAN Overview............................................................................................. 3-1 3.2 Configuring Isolate-User-VLAN ......................................................................................... 3-2

3.2.1 Configuration Task List ........................................................................................... 3-2 3.2.2 Configuring an Isolate-User-VLAN.......................................................................... 3-2 3.2.3 Configuring a Secondary VLAN .............................................................................. 3-2 3.2.4 Mapping an Isolate-User-VLAN to Secondary VLANs............................................ 3-3

3.3 Displaying and Maintaining Isolate-User-VLANs............................................................... 3-4 3.4 Isolate-User-VLAN Configuration Example ....................................................................... 3-4

Operation Manual – VLAN Quidway S8500 Series Routing Switches Chapter 1 VLAN Configuration


1-1

Chapter 1 VLAN Configuration

When configuring VLAN, go to these sections for information you are interested in:

VLAN Overview Configuring VLAN Displaying and Maintaining VLAN Overview of Protocol-Based VLAN and IP Subnet-Based VLAN Configuring Protocol-Based VLAN Displaying Protocol-Based VLAN Configuration Configuring an IP Subnet-Based VLAN Displaying and Maintaining IP Subnet-Based VLAN Configuration VLAN Configuration Examples

1.1 VLAN Overview

A Virtual Local Area Network (VLAN) groups the devices in a LAN logically, not physically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Q in 1999 to standardize the VLAN implementations.

The VLAN technology allows network administrators to logically divide a physical LAN into different broadcast domains or the so-called virtual LANs. Every VLAN contains a group of workstations with the same demands. The workstations, physically separated, are not necessarily on the same physical LAN segment.

You can establish VLANs of the following types on switches:

Port-based MAC address-based IP multicast-based (A multicast group can be a VLAN.) Network layer-based (A VLAN can be established by the network layer addresses

or protocols of the hosts.)

With the VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs. This is helpful to control network traffic, save device investment, simplify network management and enhance security.

1.2 Configuring VLAN

The following sections describe VLAN configuration tasks:

Creating/Deleting a VLAN Specifying a Description for a VLAN or VLAN interface Naming the Current VLAN Shutting down/Bringing up a VLAN Interface



1-2

Configuring Port-Based VLAN

1.2.1 Creating/Deleting a VLAN

You can use the following commands to create/delete a VLAN. If the VLAN to be created exists, the system will enter the VLAN view directly. Otherwise, the system will create the VLAN first, and then enter the VLAN view.

To do… Use the command… Remarks

Create a VLAN and enter the VLAN view vlan vlan-id Available in system view

Create VLANs in batch vlan vlan-id-list Available in system view

Delete an VLAN or VLANs undo vlan { vlan-id [ to vlan-id ] | all } Available in system view

Caution:

VLAN 1 is the system-default VLAN and cannot be removed. VLANs with their ports being VLAN VPN-enabled cannot be removed. Guest VLANs cannot be deleted. Protocol-enabled VLANs cannot be deleted. Dynamic VLANs cannot be deleted, and the system does not play the prompt when

you attempt to delete dynamic VLAN(s).

1.2.2 Specifying a Description for a VLAN or VLAN interface


Specify a description for a VLAN or VLAN interface description string Available in VLAN view or

VLAN interface view

Restore the default description of the current VLAN or VLAN interface

undo description Available in VLAN view or VLAN interface view

By default, the description of a VLAN is the VLAN ID of the VLAN, such as VLAN 0001. The description of a VLAN interface is the VLAN interface name, such as Vlan-interface1 Interface.



1-3

1.2.3 Naming the Current VLAN


Name the current VLAN name string Available in VLAN view

Restore the default name of the current VLAN undo name Available in VLAN view

By default, the name of the current VLAN is its VLAN ID.

1.2.4 Shutting down/Bringing up a VLAN Interface


Shut down a VLAN interface shutdown Available in VLAN interface

view

Bring up a VLAN interface undo shutdown Available in VLAN interface view

Shutting down or bringing up a VLAN interface has no effect on the status of any Ethernet port in this VLAN.

By default, when all the Ethernet ports in a VLAN are in the Down state, this VLAN interface is also Down. When there are one or more Ethernet ports in the Up state, this VLAN interface is also Up.

1.2.5 Configuring Port-Based VLAN


Add Ethernet ports to a VLAN port interface-list Available in VLAN view

Remove Ethernet ports from a VLAN undo port interface-list Available in VLAN view

By default, the system adds all the ports to a default VLAN whose ID is 1.

Note that you can add/remove the trunk and Hybrid ports to/from a VLAN with the port/undo port command in Ethernet port view, but not in VLAN view.



1-4

1.3 Displaying and Maintaining VLAN


Display information about VLAN interfaces

display interface vlan-interface [ vlan-id ]

Available in any view

Display information about the specified VLAN(s)

display vlan [ vlan-id to vlan-id | all | static | dynamic ]


Display the protocol information and protocol indexes configured on the specified VLANs

display protocol-vlan vlan { vlan-list | all }


Display the protocol information and protocol indexes configured on the specified ports

display protocol-vlan interface { interface-list | all }


1.4 Overview of Protocol-Based VLAN and IP Subnet-Based VLAN

1.4.1 Brief Introduction

Protocol-based VLAN and IP subnet-based VLAN are supplements to port-based VLAN packet forwarding.

Protocol-based VLAN can determine the VLAN to which a received untagged packet belongs according to its type and encapsulation format.

IP subnet-based VLAN can determine the VLAN to which a received untagged IPv4 packet belongs according to its source IP address.

Protocol-based VLAN and IP subnet-based VLAN improve the granularity of sorting untagged packets. A tagged packet is still forwarded through port-based VLAN. An untagged packet is forwarded as follows:

If an IPv4 packet is received and the IP subnet-based VLAN function is enabled on the port, the source IP address of the packet will be matched against all applied IP subnet protocols. If a match is found, the packet will be forwarded in the VLAN configured with the matched IP subnet protocol.

If a non-IPv4 packet is received or the IP subnet-based VLAN function is disabled on the port, the source IP address of the packet will not be matched against IP subnet protocols.

If no matching is made or the matching fails, the following processing will be made:

If the protocol-based VLAN function is enabled on the port, the protocol and encapsulation type of the received packet will be matched to all the protocols



1-5

applied to the port. If the matching is successful, the packet will be forwarded in the VLANs to which the matched protocols belong.

If the protocol-based VLAN function is disabled on the port or the matching fails, the packet will be forwarded in the default VLAN of the port.

1.5 Configuring Protocol-Based VLAN

1.5.1 Configuration Task List

Complete the following tasks to configure a protocol-based VLAN:

Task Remarks

Configuring a Protocol VLAN Required

Applying a Protocol-Based VLAN to a Port Required

1.5.2 Configuring a Protocol VLAN


Enter system view system-view —

Enter VLAN view vlan vlan-id Required

Configure a protocol-based VLAN

protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | snap } | mode { ethernetii [ etype etype-id ] | llc [ dsap dsap-id ] [ ssap ssap-id ] | snap [ etype etype-id ] } }

Required

Display the configuration information



Caution:

You cannot configure the same protocol under a VLAN twice while you can configure the same protocol in different VLANs.

If a protocol is configured in a VLAN, you cannot remove the VLAN. If a protocol has been applied to a port, you cannot remove the protocol.



1-6

1.5.3 Applying a Protocol-Based VLAN to a Port



Enter interface view interface interface-type interface-number Required

Apply a protocol-based VLAN to a port

port hybrid protocol-vlan vlan vlan-id { vlan-protocol-list | all } Required




Caution:

The port must be of Hybrid type and belong to the protocol-based VLAN to be applied.

The same protocol configured in different VLANs cannot be applied to the same port.

If a protocol-based VLAN has been applied to a port, the port cannot exit the VLAN.

1.6 Displaying Protocol-Based VLAN Configuration


Display the configuration information of specified protocol-based VLANs



Display the configuration information of the protocol-based VLANs applied to the specified ports



1.7 Configuring an IP Subnet-Based VLAN


Complete the following tasks to configure an IP subnet-based VLAN:

Task Remarks

Configuring an IP Subnet-Based VLAN Required

Applying an IP Subnet-Based VLAN to a Port Required



1-7

1.7.2 Configuring an IP Subnet-Based VLAN




Assign an IP subnet to the VLAN

ip-subnet-vlan [ index ] ip ip-address { net-mask | net-mask-length }

Required


display ip-subnet-vlan vlan { vlan-list | all }


Caution:

An IP subnet can be assigned only to one VLAN. If an IP subnet is configured in a VLAN, you cannot remove the VLAN. If an IP subnet is applied to a port, you cannot remove the IP subnet.

1.7.3 Applying an IP Subnet-Based VLAN to a Port



Enter interface view interface interface-type interface-number Required

Apply the specified protocol-based VLAN to the port

port hybrid ip-subnet-vlan vlan vlan-id Required


display ip-subnet-vlan interface { interface-list | all }


Caution:

The port must be of Hybrid type and belong to the IP subnet-based VLAN to be applied.

If an IP subnet-based VLAN is applied to a port, the port cannot exit the VLAN.



1-8

1.8 Displaying and Maintaining IP Subnet-Based VLAN Configuration


Display the configuration information of the specified IP subnet-based VLANs

display ip-subnet-vlan vlan { vlan-list | all }


Display the configuration information of the IP subnet-based VLANs applied to specified ports

display ip-subnet-vlan interface { interface-list | all }


1.9 VLAN Configuration Examples

1.9.1 VLAN Configuration Example

I. Network requirements

Create VLAN 2 and VLAN 3. Add Ethernet 3/1/1 and Ethernet 4/1/1 to VLAN 2. Add Ethernet 3/1/2 and Ethernet 4/1/2 to VLAN 3.

II. Network diagram

Switch

VLAN2 VLAN3

Eth3/1/1 Eth4/1/1 Eth3/1/2 Eth4/1/2

Figure 1-1 Network diagram for VLAN configuration

III. Configuration procedure

# Create VLAN 2 and enter its view.

[Quidway] vlan 2

# Add Ethernet 3/1/1 and Ethernet 4/1/1 to VLAN 2.

[Quidway-vlan2] port ethernet3/1/1 ethernet4/1/1

# Create VLAN 3 and enters its view.

[Quidway-vlan2] vlan 3

# Add Ethernet 3/1/2 and Ethernet 4/1/2 to VLAN 3.



1-9


1.9.2 Protocol-Based VLAN and IP Subnet-Based VLAN Configuration Example


All inbound packets from E2/1/48 are untagged packets.

The configurations are made for the purposes below:

The inbound packets of the 10.11.113.0/24 network segment from E2/1/48 are forwarded out E2/1/1.

The inbound packets of other network segments from E2/1/48 are forwarded out E2/1/3.

The inbound non-IP packets from E2/1/48 are forwarded out E2/1/5.

II. Network diagram

E2/1/48

E2/1/1E2/1/3

E2/1/5

Figure 1-2 Network diagram for protocol-based VLAN and IP subnet-based VLAN


# Configure an IP subnet-based VLAN.

<Quidway> system-view

[Quidway] vlan 10

[Quidway-vlan10] ip-subnet-vlan ip 10.11.113.0 24

[Quidway-vlan10] port ethernet 2/1/1

# Configure a protocol-based VLAN.

[Quidway] vlan 20

[Quidway-vlan20] protocol-vlan ip

[Quidway-vlan20] port ethernet 2/1/3

# Configure an egress port.

[Quidway] vlan 30

[Quidway] port ethernet 2/1/5

# Configure an ingress port.



1-10

[Quidway]interface ethernet 2/1/48

[Quidway-Ethernet2/1/48] port link-type hybrid

[Quidway-Ethernet2/1/48] port hybrid vlan 10 20 30 untag

[Quidway-Ethernet2/1/48] port hybrid pvid vlan 30

# Apply the protocol to a port.

[Quidway-Ethernet2/1/48] port hybrid ip-subnet-vlan vlan 10

[Quidway-Ethernet2/1/48] port hybrid protocol-vlan vlan 20 all

Operation Manual – VLAN Quidway S8500 Series Routing Switches Chapter 2 Super VLAN Configuration


2-1

Chapter 2 Super VLAN Configuration

When configuring super VLAN, go to these sections for information you are interested in:

Super VLAN Overview Configuring a Super VLAN Super VLAN Configuration Example

2.1 Super VLAN Overview

Super VLAN, also called VLAN aggregation, is a collection of sub VLANs, each being a distinct broadcast domains isolated at Layer 2. You can create a virtual interface with an IP address for a super VLAN but not for the sub VLANs in it. When users in a sub VLAN need to communicate with each other, they use the IP address of the virtual interface of the super VLAN as the IP address of the gateway. As the IP address is shared by all sub VLANs, IP addresses are saved. For different sub VLANs to communicate with one another at Layer 3, or for a sub VLAN to communicate with other networks, you can enable the proxy ARP (Address Resolution Protocol) function. The super VLAN can use proxy ARP to forward and process ARP requests and responses so that the isolated sub VLANs can communicate with each other at Layer 3. By default, proxy ARP is disabled in a sub VLAN.

2.2 Configuring a Super VLAN

Super VLAN configuration includes:

Configure a VLAN to be a super VLAN Configure sub VLANs Establish mappings between the super VLAN and the sub VLANs Enable proxy ARP for the sub VLANs

Note:

You can configure multiple super VLANs for a switch. Configuring the VLAN interface and IP address for a super VLAN is the same as that for a common VLAN.

Configuring sub VLANs is the same as configuring a common VLAN. This section only provides the configuration steps. For detailed information, refer to VLAN Configuration.



2-2

Follow these steps to configure a super VLAN:




Set the VLAN type to super VLAN supervlan

Required The VLAN-ID is the configured VLAN ID in the range 1 to 4094.

Exit Super VLAN view quit —

Create a sub VLAN and enter sub VLAN view vlan vlan-id Required

Add Ethernet ports to sub a VLAN port interface-list Optional

Exit sub VLAN view quit —

Enter Super VLAN view vlan vlan-id —

Configure the mapping between the super VLAN and the sub VLANs

subvlan sub-vlan-list Required

Enter sub VLAN view vlan vlan-id —

Enable proxy ARP for the sub VLAN arp proxy enable

Optional This command is necessary for multiple sub VLANs to communicate with one another.

Display configuration information

display super vlan [ supervlan-id ]

Optional You can execute the display super vlan command in any view.



2-3

Caution:

A Super VLAN cannot contain ports. After you set the VLAN type to super VLAN, proxy ARP is automatically enabled on

the VLAN interface. The default VLAN cannot be set to a super VLAN. You can add multiple ports (non-uplink ports) to a sub VLAN. You cannot configure a virtual VLAN interface for a sub VLAN. If no VLAN ID is specified in the undo subvlan command, the mappings between

all sub VLANs and the specified super VLAN is removed; if VLAN ID(s) are specified, only the mappings between the specified sub VLANs and the specified super VLAN is removed.

In a super VLAN, do not enable multicast VLAN and IGMP-snooping. Super VLAN does not support VRRP.

2.3 Super VLAN Configuration Example


Create Super VLAN 10.

Create sub VLANs VLAN 2, VLAN 3 and VLAN 5.

VLAN 2 contains ports 1 and 2. VLAN 3 contains ports 3 and 4. VLAN 5 contains ports 5 and 6.

These sub VLANs are isolated at Layer 2. It is required that these sub VLANs communicate with one another at Layer 3.

II. Network diagram

Omitted


<Quidway>system-view

System View: return to User View with Ctrl+Z.

[Quidway] vlan 10

[Quidway-vlan10] supervlan




[Quidway-vlan3] port Ethernet3/1/3 ethernet3/1/4




2-4



[Quidway-vlan10] subvlan 2 3 5

[Quidway-vlan10] interface vlan 10

[Quidway-Vlan-interface10] ip address 10.110.1.1 255.255.255.0

[Quidway-vlan2]arp proxy enable



Operation Manual – VLAN Quidway S8500 Series Routing Switches Chapter 3 Isolate-User-VLAN Configuration


3-1

Chapter 3 Isolate-User-VLAN Configuration

When configuring Isolate-user-VLAN, go to these sections for information you are interested in:

Isolate-User-VLAN Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLANs Isolate-User-VLAN Configuration Example

3.1 Isolate-User-VLAN Overview

An Isolate-user-VLAN can save the VLAN resources in a network. It adopts the two-level VLAN architecture. One level is Isolate-user-VLAN level, and the other is Secondary VLAN level, as shown in Figure 3-1.

An Isolate-user-VLAN corresponds to multiple Secondary VLANs. It contains all the ports and upstream ports of the corresponding Secondary VLANs. In this way, a switch at the upper level only needs to recognize the Isolate-user-VLANs of the downstream switch instead of the Secondary VLANs, thereby streamlining the configuration and saving VLAN resources.

You can use Isolate-user-VLAN to implement the isolation of Layer-2 packets by assigning a Secondary VLAN for each user, with each of the Secondary VLANs containing the ports and the upstream ports connected to the user. You can configure the ports connected to different users to be of the same Secondary VLAN to enable these users to communicate with one another at Layer 2.

(Secondary VLAN)VLAN 4

VLAN 6

VLAN 3

VLAN 2 VLAN 3

VLAN 5

Isolate-user-VLAN Isolate-user-VLAN

(Secondary VLAN)

(Secondary VLAN) (Secondary VLAN)

Figure 3-1 Isolate-user-VLANs and Secondary VLANs



3-2

3.2 Configuring Isolate-User-VLAN


Complete these tasks to configure Isolate-user-VLAN:

Configuration tasks Remarks

Configuring an Isolate-User-VLAN Required

Configuring a Secondary VLAN Required

Mapping an Isolate-User-VLAN to Secondary VLANs Required

3.2.2 Configuring an Isolate-User-VLAN



Create a VLAN vlan vlan-id Required

Configure the VLAN as an Isolate-user-VLAN

isolate-user-vlan enable

Required You cannot configure VLAN 1 as an Isolate-user-VLAN.

Add ports to the Isolate-user-VLAN port interface-list

Optional An Isolate-user-VLAN can contain multiple ports, including upstream ports connecting to other switches. However the contained ports cannot be trunk ports but access or hybrid ports.

3.2.3 Configuring a Secondary VLAN



Create a VLAN as a Secondary VLAN vlan vlan-id

Required You cannot configure VLAN 1 as a Secondary VLAN.

Add ports to the Secondary VLAN port interface-list

Optional You can add multiple ports (not uplink ports) to a Secondary VLAN.



3-3

Note:

An Isolate-user-VLAN can correspond to up to 64 Secondary VLANs. You can configure up to 32 Isolate-user-VLANs for a system. You can configure up to 1,024 Secondary VLANs for a system. You cannot configure the same MAC address for the Secondary VLANs

corresponding to an Isolate-user-VLAN. You cannot configure a VLAN interface for an Isolate-user-VLAN or Secondary

VLAN; neither can you configure a VLAN with a VLAN interface as an Isolate-user-VLAN or Secondary VLAN.

3.2.4 Mapping an Isolate-User-VLAN to Secondary VLANs



Map an Isolate-user-VLAN to secondary VLANs

isolate-user-vlan isolate-user-vlan-num secondary secondary-vlan-numlist

Required

I. Note the following when mapping an Isolate-user-VLAN to Secondary VLANs

1) If the Isolate-user-VLAN contains ports For hybrid ports, if the default port VLAN ID is the same as the Isolate-user-VLAN

ID, and the port joins the Isolate-user-VLAN in the Untagged mode, all the hybrid ports meeting the requirements will join the Secondary VLAN in the Untagged mode simultaneously. For those not meeting the requirements, no other processing will be made.

For an access port, the system will set the port as a hybrid port and set the default port VLAN ID and Isolate-user-VLAN ID to be the same. Moreover, the port joins the Isolate-user-VLAN and Secondary VLAN in the Untagged mode.

2) If the Secondary VLAN contains ports For a hybrid port, if the default port VLAN ID is the same as the Secondary VLAN

ID, and the port joins the Secondary VLAN in the Untagged mode, all the hybrid ports meeting the requirements will join the Isolate-user-VLAN in the Untagged mode simultaneously. For those not meeting the requirements, no other processing will be made.

For an access port, the system will set the port as a hybrid port and set the default port VLAN ID and Secondary VLAN ID to be the same. Moreover, the port joins the Isolate-user-VLAN and Secondary VLAN in the Untagged mode.



3-4

II. Note the following after mapping an Isolate-user-VLAN to a Secondary VLAN

Trunk ports and access ports cannot join an Isolate-user-VLAN or Secondary VLAN.

Hybrid ports can join or exit an Isolate-user-VLAN and Secondary VLAN. However, after joining an Isolate-user-VLAN or a Secondary VLAN, the Hybrid port cannot be synchronized to the configuration of other ports.

Note:

You cannot directly set an Isolate-user-VLAN or Secondary VLAN as other type of VLAN than common VLAN, such as multicast VLAN, Super/Sub VLAN, Guest VLAN or VLAN running L2VPN services.

When you set a common VLAN as an Isolate-user-VLAN or Secondary VLAN, the VLAN cannot contain trunk ports.

3.3 Displaying and Maintaining Isolate-User-VLANs


Display mappings between Isolate-user-VLANs and Secondary VLANs

display isolate-user-vlan [ isolate-user-vlan-num ]


3.4 Isolate-User-VLAN Configuration Example


Switch A is connected to Switch B and Switch C in the downstream.

1) On Switch B

VLAN 5 is an Isolate-user-VLAN, including an upstream port (Ethernet 2/1/1) and two Secondary VLANs, VLAN 2 and VLAN 3. VLAN 2 includes Ethernet 2/1/2 and VLAN 3 includes Ethernet 2/1/3.

2) On Switch C

VLAN 6 is an Isolate-user-VLAN including an upstream port (Ethernet 2/1/1) and two Secondary VLANs: VLAN 3 and VLAN 4. VLAN 3 includes Ethernet 2/1/3 and VLAN 4 includes Ethernet2/1/4.

Seen from Switch A, either Switch B or Switch C carries one VLAN, VLAN 5 and VLAN 6 respectively.



3-5

II. Network diagram

E2/1/4

Switch C

Switch A

E2/1/1

E2/1/3

E2/1/1

Switch B

E2/1/2

VLAN 5VLAN 6

VLAN 3 VLAN 4VLAN 2VLAN 3

Figure 3-2 Network diagram for Isolate-user-VLAN


Only the configurations on Switch B and Switch C are listed below.

1) Configuration on Switch B

# Configure an Isolate-user-VLAN.


[Quidway] vlan 5

[Quidway-vlan5] isolate-user-vlan enable

[Quidway-vlan5] port ethernet2/1/1

# Configure Secondary VLANs.





# Configure the mapping between the Isolate-user-VLAN and the Secondary VLANs.

[Quidway-vlan2] quit

[Quidway] isolate-user-vlan 5 secondary 2 to 3

2) Configuration on Switch C

# Configure an Isolate-user-VLAN.


[Quidway] vlan 6

[Quidway-vlan6] isolate-user-vlan enable


# Configure Secondary VLANs.




3-6




# Configure the mapping relationship between the Isolate-user-VLAN and the Secondary VLANs.

[Quidway-vlan4] quit

[Quidway] isolate-user-vlan 6 secondary 3 to 4

05 VLAN Configuration

Documents

Transcript of 05 VLAN Configuration