Scribd
Upload
1 views

08+VLAN+Principles+and+Configuration

The document provides an overview of VLAN technology, addressing issues in traditional Ethernet networks and detailing VLAN principles, applications, and configuration methods. It covers VLAN identification, assignment methods, and the differences between access, trunk, and hybrid interfaces. The course aims to equip learners with the knowledge to understand VLANs and implement basic configurations effectively.

Uploaded by

JeanPaul Fernández León
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1 views

08+VLAN+Principles+and+Configuration

The document provides an overview of VLAN technology, addressing issues in traditional Ethernet networks and detailing VLAN principles, applications, and configuration methods. It covers VLAN identification, assignment methods, and the differences between access, trunk, and hybrid interfaces. The course aims to equip learners with the knowledge to understand VLANs and implement basic configurations effectively.

Uploaded by

JeanPaul Fernández León
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 46

VLAN Principles and Configuration

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Foreword
⚫ Ethernet technology implements data communication over shared media based on
carrier sense multiple access with collision detection (CSMA/CD). If there are a large
number of PCs on the Ethernet, security risks and broadcast storms may occur,
deteriorating network performance and even causing network breakdowns.
⚫ The virtual local area network (VLAN) technology is therefore introduced to solve
the preceding problem.
⚫ This course describes basic VLAN principles, working principles of different Layer 2
interfaces, VLAN applications, data forwarding principles, and basic VLAN
configuration methods.

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
⚫ On completion of this course, you will be able to:
▫ Understand the background of the VLAN technology.

▫ Identify the VLAN to which data belongs.

▫ Master different VLAN assignment modes.

▫ Describe how data communication is implemented through VLANs.

▫ Master basic VLAN configuration methods.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Issues Facing a Traditional Ethernet
⚫ On a typical switching
Layer 2 broadcast domain
network,broadcast frames
or unknown unicast frames
SW4 SW5
sent by a PC are flooded in
the entire broadcast
Unicast
frame PC2 domain.
⚫ The larger the broadcast
PC1 SW1 SW2 SW3
domain is, the more serious
network security and junk
SW6 SW7
traffic problems are.

Valid traffic

Junk traffic
(Note: This example assumes that the MAC address entry of PC2 exists in
the MAC address tables of SW1, SW3, and SW7 rather than SW2 and SW5.)

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN

VLAN
(multiple broadcast domains) • The VLAN technology
isolates broadcast
SW4 SW5
domains.
Broadcast
frame PC2 • Characteristics:
▫ Geographically
PC1 SW1 SW2 SW3
independent.

▫ Only devices in the


SW6 SW7
same VLAN can
directly communicate
at Layer 2.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

VLAN Implementation
Switch1 Frame Switch2

1 2 3 4 5 5 4 3 2 1

Frame

PC1 PC2 PC3 PC4


VLAN 10 VLAN 20 VLAN 20 VLAN 10

⚫ Switch1 and Switch2 belong to the network of the same enterprise. VLANs are planned for the network, with VLAN 10 for
department A and VLAN 20 for department B. Employees in departments A and B are connected to both Switch1 and Switch2.

⚫ Assume that a frame sent from PC1 reaches Switch2 through the link between Switch1 and Switch2. If no processing is implemented,
Switch2 can neither identify the VLAN to which the frame belongs nor determine the local VLAN to which the frame should be sent.

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

VLAN Tag
⚫ How does a switch identify the VLAN to which a received frame belongs?
Which VLAN does
the received frame
belong to? VLAN Tag
20
IEEE 802.1Q defines a 4-byte
VLAN tag for Ethernet frames,
enabling switches to identify
the VLANs to which received
frames belong.

VLAN 20 VLAN 10

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

VLAN Frame
Original Ethernet frame Destination MAC Source MAC Length/
Data FCS
(untagged frame) address address Type

802.1Q tag inserted


between the two fields

TPID (0x8100) PRI CFI VLAN ID


16 bits 3 bits 1 bit 12 bits
802.1Q tag • Tag protocol identifier (TPID): identifies the type of a frame. The value 0x8100
indicates an IEEE 802.1Q frame.
• PRI: identifies the priority of a frame, which is mainly used for QoS.
• Canonical format indicator (CFI): indicates whether a MAC address is in the
canonical format. For Ethernet frames, the value of this field is 0.
• VLAN ID: identifies the VLAN to which a frame belongs.

802.1Q frame Destination MAC Source MAC Length/


Tag Data FCS
(tagged frame) address address Type

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

VLAN Implementation
Tagged frame
Switch1 Switch2
Tagged frame
1 2 3 4 5 5 4 3 2 1

Original frame 2 Original frame 1

Original frame 1 Original frame 2

PC1 PC2 PC3 PC4


VLAN 10 VLAN 20 VLAN 20 VLAN 10

⚫ The link between Switch1 and Switch2 carries data of multiple VLANs. In this situation, a VLAN-based
data tagging method is required to distinguish the frames of different VLANs.
⚫ IEEE 802.1Q, often referred to as Dot1q, defines a system of VLAN tagging for Ethernet frames by
inserting an 802.1Q tag into the frame header to carry VLAN information.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

VLAN Assignment Methods


⚫ How are VLANs assigned on a network?
SW1
VLAN Assignment
VLAN 10 VLAN 20
Method
Interface-based
GE 0/0/1 and GE 0/0/3 GE 0/0/2 and GE 0/0/4
assignment
MAC address-based
MAC 1 and MAC 3 MAC 2 and MAC 4
assignment
IP subnet-based
10.0.1.* 10.0.2.*
assignment
Protocol-based
IP IPv6
assignment
PC1 PC2 PC3 PC4
10.0.1.1 10.0.2.1 10.0.1.2 10.0.2.2 Policy-based 10.0.1.* + GE 0/0/1 + 10.0.2.* + GE 0/0/2 +
MAC 1 MAC 2 MAC 3 MAC 4 assignment MAC 1 MAC 2

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Interface-based VLAN Assignment


Interface-based VLAN Assignment
• Principles
10 SW1 SW2
▫ VLANs are assigned based on interfaces.
PVID 1 PVID 1
▫ A network administrator preconfigures a
PVID 10 PVID 10 PVID 20 PVID 20
PVID for each switch interface and assigns
each interface to a VLAN corresponding to
the PVID.
▫ After an interface receives an untagged
frame, the switch adds a tag carrying the
PVID of the interface to the frame. The
frame is then transmitted in the specified
PC1 PC2 PC3 PC4 VLAN.
VLAN 10 VLAN 20
• Port Default VLAN ID: PVID

The VLAN needs to be ▫ Default VLAN ID for an interface


reconfigured if PCs move. ▫ Value range: 1–4094

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

MAC Address-based VLAN Assignment


Mapping Between MAC Addresses
and VLAN IDs on SW1 MAC Address-based VLAN Assignment
MAC Address VLAN ID • Principles
MAC 1 10
▫ VLANs are assigned based on the source MAC
MAC 2 10
addresses of frames.
... ...
▫ A network administrator preconfigures the
SW1 SW2 mapping between MAC addresses and VLAN IDs.
10
▫ After receiving an untagged frame, a switch adds
the VLAN tag mapping the source MAC address
GE 0/0/1 GE 0/0/2
of the frame to the frame. The frame is then
transmitted in the specified VLAN.
• Mapping table
▫ Records the mapping between MAC addresses
and VLAN IDs.
PC1 PC2 PC3 PC4
MAC 1 VLAN 10 MAC 2 MAC 3 VLAN 20 MAC 4

The VLAN does not need to be


reconfigured even if PCs move.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Layer 2 Ethernet Interface Types


Interface Types
• Access interface
An access interface is used to connect a switch to a terminal,
such as a PC or server. In general, the NICs on such a terminal
receive and send only untagged frames. An access interface can
be added to only one VLAN.

• Trunk interface
A trunk interface allows frames that belong to multiple VLANs to
pass through and differentiates the frames using the 802.1Q tag.
This type of interface is used to connect a switch to another
switch or a sub-interface on a device, such as a router or firewall.

• Hybrid interface
VLAN10 VLAN20 VLAN10 VLAN20 Similar to a trunk interface, a hybrid interface also allows frames
that belong to multiple VLANs to pass through and differentiates
the frames using the 802.1Q tag. You can determine whether to
Access interface Trunk interface allow a hybrid interface to carry VLAN tags when sending the
frames of one or more VLANs.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Access Interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1


Access (VLAN 10) Access (VLAN 10) Access (VLAN 10) Access (VLAN 10)

Untagged frame 10 Untagged frame

After receiving an After receiving a tagged frame: If the VLAN ID of the frame is If the VLAN ID of the frame is
untagged frame: If the VLAN ID of the frame is the the same as the PVID of the different from the PVID of the
interface: interface:
The interface permits the same as the PVID of the interface,
frame and adds a VLAN tag the interface permits the frame. The interface removes the VLAN The interface discards the frame.
carrying the PVID of the tag from the frame and then
If the VLAN ID of the frame is
interface. sends the frame.
different from the PVID of the Untagged Tagged
interface, the interface discards 10
frame frame
the frame.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Trunk interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1


Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 20
Trunk (PVID = 10) Trunk (PVID = 1) Trunk (PVID = 10) Trunk (PVID = 10)

Untagged frame 10 Untagged frame 20

After receiving an untagged After receiving a tagged frame: If the VLAN ID of the frame is If the VLAN ID of the frame is
frame: the same as the PVID of the different from the PVID of the
If the VLAN ID of the frame is in
interface: interface:
The interface adds a VLAN tag the list of VLAN IDs permitted by
with the VID being the PVID of the interface, the interface If the VLAN ID of the frame is in If the VLAN ID of the frame is in
the interface to the frame and permits the frame. Otherwise, the the list of VLAN IDs permitted by the list of VLAN IDs permitted by
permits the frame only when the interface discards the frame. the interface, the interface the interface, the interface sends
VID is in the list of VLAN IDs removes the tag from the frame the frame out without removing
permitted by the interface. If the Untagged Tagged and sends the frame out. the tag of the frame. Otherwise,
VID is not in the list, the interface 10 Otherwise, the interface discards the interface discards the frame.
frame frame
discards the frame. the frame.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Example for Frame Processing on Access and


Trunk Interfaces
⚫ Describe how inter-PC access is implemented in this example.
10
SW1 SW2 Trunk Interfaces on SW1 and SW2
20
List of Permitted VLAN IDs
PVID 1 PVID 1
PVID 10 PVID 20 PVID 10 PVID 20 1
VLAN ID 10
20

PC1 PC2 PC3 PC4


VLAN 10 VLAN 20 VLAN 10 VLAN 20

Trunk interface Access interface

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Hybrid Interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1


Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 20
Hybrid (PVID = 10) Hybrid (PVID = 1) Hybrid (PVID = 10) Hybrid (PVID = 10)

Untagged frame 10 Untagged frame 20

After receiving an untagged After receiving a tagged frame: If the VLAN ID of the frame is If the VLAN ID of the frame is
frame: in the list of VLAN IDs in the list of VLAN IDs
If the VLAN ID of the frame is in
permitted by the interface: permitted by the interface:
The interface adds a VLAN tag the list of VLAN IDs permitted by
with the VID being the PVID of the interface, the interface If the interface has been If the interface has been
the interface to the frame and permits the frame. Otherwise, the configured not to carry VLAN tags configured to carry VLAN tags
permits the frame only when the interface discards the frame. when sending frames, it removes when sending frames, it sends the
VID is in the list of VLAN IDs the tag from the frame and then frame out without removing the
permitted by the interface. If the Untagged Tagged sends the frame out. tag of the frame.
VID is not in the list, the interface 10
frame frame
discards the frame.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Example for Frame Processing on Hybrid Interfaces


⚫ Describe how PCs access the server in this example.
List of VLAN IDs Permitted by Interfaces on SW1
10
Interface 1 Interface 2 Interface 3
SW1 20 Interface 3 SW2
Interface 3
PVID 1 PVID 1 Untagged Untagged Tagged

Interface 1 Interface 2 1 1 10
PVID 10 PVID 20 Interface 1 VLAN VLAN VLAN
PVID 100 10 20 20
ID ID ID
100 100 100

List of VLAN IDs Permitted by Interfaces on SW2


Interface 1 Interface 3

PC1 PC2 Server


Untagged Tagged
VLAN 10 VLAN 20 VLAN 100 1 10
VLAN
VLAN 10 20
ID
ID 20 100
Hybrid Interface
100

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN VLAN VLAN Frame
Identification Assignment Processing

Summary
Access Interface Trunk Interface Hybrid Interface
Frame receiving Frame receiving Frame receiving
▫ Untagged frame: adds a tag with the VID ▫ Untagged frame: adds a tag with the VID ▫ Untagged frame: adds a tag with the VID
being the PVID of the interface and permits being the PVID of the interface and checks being the PVID of the interface and checks
the frame. whether the VID is in the list of permitted whether the VID is in the list of permitted
▫ Tagged frame: checks whether the VID in the VLAN IDs. If yes, permits the frame. If not, VLAN IDs. If yes, permits the frame. If not,
discards it. discards it.
tag of the frame is the same as the PVID of
the interface. If they are the same, permits ▫ Tagged frame: checks whether the VID is in ▫ Tagged frame: checks whether the VID is in
the frame; otherwise, discards the frame. the list of permitted VLAN IDs. If yes, permits the list of permitted VLAN IDs. If yes, permits
the frame. If not, discards it. the frame. If not, discards it.

Frame sending Frame sending Frame sending


▫ Checks whether the VID in the tag of the ▫ If the VID is in the list of permitted VLAN IDs ▫ If the VID is not in the list of permitted VLAN
frame is the same as the PVID of the and the same as the PVID of the interface, IDs, discards the frame.
interface. If they are the same, removes the removes the tag and sends the frame out. ▫ If the VID is in the untagged VLAN ID list,
tag and sends the frame out; otherwise, ▫ If the VID is in the list of permitted VLAN IDs removes the tag and sends the frame out.
discards the frame. but different from the PVID of the interface, ▫ If the VID is in the tagged VLAN ID list, sends
sends the frame out without removing the the frame out without removing the tag.
tag.
▫ If the VID is not in the list of permitted VLAN
IDs, discards the frame.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
VLAN Planning
• VLAN assignment rules • Tips for VLAN assignment
▫ By service: voice, video, and data VLANs VLAN IDs can be randomly assigned within the
supported range. To improve VLAN ID continuity, you
▫ By department: e.g. VLANs for engineering, marketing, and can associate VLAN IDs with subnets during VLAN
assignment.
financing departments

▫ By application: e.g. VLANs for servers, offices, and classrooms

• Example for VLAN planning


 Assume that there are three buildings: administrative building with offices, classrooms, and financing sections, teaching
building with offices and classrooms, and office building with offices and financing sections. Each building has one
access switch, and the core switch is deployed in the administrative building.
 The following table describes the VLAN plan.
VLAN ID IP Address Segment Description
1 X.16.10.0/24 VLAN to which office users belong
2 X.16.20.0/24 VLAN to which the users of the financing department belong
3 X.16.30.0/24 VLAN to which classroom users belong
100 Y.16.100.0/24 VLAN to which the device management function belongs

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN Assignment
⚫ Applicable scenario:
Internet
▫ There are multiple enterprises in a building. These
enterprises share network resources to reduce costs.
Networks of the enterprises connect to different interfaces
of the same Layer 2 switch and access the Internet
L3 switch
through the same egress device.

⚫ VLAN assignment:
L2 switch
▫ To isolate the services of different enterprises and ensure
service security, assign interfaces connected to the
enterprises' networks to different VLANs. In this way, each
enterprise has an independent network, and each VLAN
Enterprise 1 Enterprise 2 Enterprise 3
works as a virtual work group.
VLAN 2 VLAN 3 VLAN 4

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
MAC Address-based VLAN Assignment
⚫ Applicable scenario:
Enterprise
▫ The network administrator of an enterprise assigns network
PCs in the same department to the same VLAN. To
GE 0/0/1
improve information security, the enterprise SW1
requires that only employees in the specified

GE 0/0/3
department be allowed to access specific network
resources.

⚫ VLAN assignment:
▫ To meet the preceding requirement, configure MAC
PC1 PC2 PC3 PC4
address-based VLAN assignment on SW1, 001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03 001e-10dd-dd04

preventing new PCs connected to the network from VLAN 10

accessing the network resources.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Basic VLAN Configuration Commands


1. Create one or more VLANs.

[Huawei] vlan vlan-id

This command creates a VLAN and displays the VLAN view. If the VLAN to be created already exists, this
command directly displays the VLAN view.
• The value of vlan-id is an integer ranging from 1 to 4094.

[Huawei] vlan batch { vlan-id1 [ to vlan-id2 ] }

This command creates VLANs in a batch. In this command:


• batch: creates VLANs in a batch.
• vlan-id1: specifies a start VLAN ID.
• vlan-id2: specifies an end VLAN ID.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Basic Access Interface Configuration Commands


1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type access

In the interface view, set the link type of the interface to access.

2. Configure a default VLAN for the access interface.

[Huawei-GigabitEthernet0/0/1] port default vlan vlan-id

In the interface view, configure a default VLAN for the interface and add the interface to the VLAN.
• vlan-id: specifies an ID for the default VLAN. The value is an integer ranging from 1 to 4094.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Basic Trunk Interface Configuration Commands


1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type trunk

In the interface view, set the link type of the interface to trunk.

2. Add the trunk interface to specified VLANs.

[Huawei-GigabitEthernet0/0/1] port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the trunk interface to specified VLANs.

3. (Optional) Configure a default VLAN for the trunk interface.

[Huawei-GigabitEthernet0/0/1] port trunk pvid vlan vlan-id

In the interface view, configure a default VLAN for the trunk interface.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Basic Hybrid Interface Configuration Commands


1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type hybrid

In the interface view, set the link type of the interface to hybrid.

2. Add the hybrid interface to specified VLANs.

[Huawei-GigabitEthernet0/0/1] port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the hybrid interface to specified VLANs in untagged mode.

[Huawei-GigabitEthernet0/0/1] port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the hybrid interface to specified VLANs in tagged mode.

3. (Optional) Configure a default VLAN for the hybrid interface.

[Huawei-GigabitEthernet0/0/1] port hybrid pvid vlan vlan-id

In the interface view, configure a default VLAN for the hybrid interface.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Case1:Configuring Interface-based VLAN


Assignment
⚫ Networking requirements:
▫ On the network shown in the left figure, the switches
SW1 SW2
GE 0/0/3 GE 0/0/3 (SW1 and SW2) of an enterprise are connected to multiple
PVID 1 PVID 1
PCs, and PCs with the same services access the network
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 using different devices. To ensure communication security,
PVID 10 PVID 20 PVID 10 PVID 20
the enterprise requires that only PCs with the same service
can directly communicate.

▫ To meet this requirement, configure interface-based VLAN


assignment on the switches and add interfaces connected
to PCs with the same service to the same VLAN. In this
PC1 PC2 PC3 PC4
way, PCs in different VLANs cannot directly communicate
VLAN 10 VLAN 20 VLAN 10 VLAN 20
at Layer 2, but PCs in the same VLAN can directly
communicate.
Access interface

Trunk interface

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Creating VLANs

SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 Create VLANs.

GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 [SW1] vlan 10


PVID 10 PVID 20 PVID 10 PVID 20 [SW1-vlan10] quit
[SW1] vlan 20
[SW1-vlan20] quit

[SW2] vlan batch 10 20


PC1 PC2 PC3 PC4
VLAN 10 VLAN 20 VLAN 10 VLAN 20

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Configuring Access and Trunk Interfaces


Configure access interfaces and add the interfaces to
corresponding VLANs.

SW2 [SW1] interface GigabitEthernet 0/0/1


SW1
GE 0/0/3 GE 0/0/3 [SW1-GigabitEthernet0/0/1] port link-type access
PVID 1 PVID 1
[SW1-GigabitEthernet0/0/1] port default vlan 10
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 PVID 10 PVID 20 [SW1] interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type access
[SW1] vlan 20
[SW1-vlan20] port GigabitEthernet0/0/2
[SW1-vlan20] quit

Configure a trunk interface and specify a list of VLAN


PC1 PC2 PC3 PC4
IDs permitted by the interface.
VLAN 10 VLAN 20 VLAN 10 VLAN 20
[SW1] interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type trunk
[SW1-GigabitEthernet0/0/3] port trunk pvid vlan 1
[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
Note: The configuration on SW2 is similar to that on SW1.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Verifying the Configuration

[SW1]display vlan
SW1 SW2 The total number of vlans is : 3
GE 0/0/3 GE 0/0/3 -------------------------------------------------------------------------------
PVID 1 PVID 1 U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 #: ProtocolTransparent-vlan; *: Management-vlan;
PVID 10 PVID 20 PVID 10 PVID 20
-------------------------------------------------------------------------------
VID Type Ports
-------------------------------------------------------------------------------
1 common UT:GE0/0/3(U) ……
10 common UT:GE0/0/1(U)
TG:GE0/0/3(U)
PC1 PC2 PC3 PC4 20 common UT:GE0/0/2(U)
TG:GE0/0/3(U)
VLAN 10 VLAN 20 VLAN 10 VLAN 20
……

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Case2:Configuring Interface-based VLAN


Assignment
⚫ Networking requirements:
SW1 SW2
GE 0/0/3 GE 0/0/3 ▫ On the network shown in the left figure, the
PVID 1 PVID 1
switches (SW1 and SW2) of an enterprise are
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 connected to multiple PCs, and PCs in different
PVID 100
departments need to access the server of the
enterprise. To ensure communication security,
the enterprise requires that PCs in different
departments cannot directly communicate.
PC1 PC2 Server
VLAN 10 VLAN 20 VLAN 100 ▫ To meet this requirement, configure interface-
based VLAN assignment and hybrid interfaces on
the switches to enable PCs in different
Hybrid interface
departments to access the server but disable
them from directly communicating at Layer 2.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Configuring Hybrid Interfaces (1)

SW1 configuration:
SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 [SW1] vlan batch 10 20 100
[SW1] interface GigabitEthernet 0/0/1
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 [SW1-GigabitEthernet0/0/1] port link-type hybrid
PVID 100
[SW1-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SW1-GigabitEthernet0/0/1] port hybrid untagged vlan 10 100
[SW1-GigabitEthernet0/0/1] interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type hybrid
[SW1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
PC1 PC2 Server
[SW1-GigabitEthernet0/0/2] port hybrid untagged vlan 20 100
VLAN 10 VLAN 20 VLAN 100 [SW1-GigabitEthernet0/0/2] interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type hybrid
[SW1-GigabitEthernet0/0/3] port hybrid tagged vlan 10 20 100

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Configuring Hybrid Interfaces (2)

SW2 configuration:
SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 [SW2] vlan batch 10 20 100
[SW2] interface GigabitEthernet 0/0/1
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 [SW2-GigabitEthernet0/0/1] port link-type hybrid
PVID 100
[SW2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SW2-GigabitEthernet0/0/1] port hybrid untagged vlan 10 20 100
[SW2-GigabitEthernet0/0/1] interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3] port link-type hybrid
[SW2-GigabitEthernet0/0/3] port hybrid tagged vlan 10 20 100
PC1 PC2 Server
VLAN 10 VLAN 20 VLAN 100

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Verifying the Configuration

[SW1]display vlan
The total number of vlans is : 4
SW1 SW2 -----------------------------------------------------------------------------------------
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 #: ProtocolTransparent-vlan; *: Management-vlan;
PVID 100 -----------------------------------------------------------------------------------------
VID Type Ports
-----------------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) ……
10 common UT:GE0/0/1(U)
TG:GE0/0/3(U)
20 common UT:GE0/0/2(U)
PC1 PC2 Server
TG:GE0/0/3(U)
VLAN 10 VLAN 20 VLAN 100
100 common UT:GE0/0/1(U) GE0/0/2(U)
TG:GE0/0/3(U)
……

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Basic VLAN Configuration Commands


1. Associate a MAC address with a VLAN.

[Huawei-vlan10] mac-vlan mac-address mac-address [ mac-address-mask | mac-address-mask-length ]

This command associates a MAC address with a VLAN.


• mac-address: specifies the MAC address to be associated with a VLAN. The value is a hexadecimal number
in the format of H-H-H. Each H contains one to four digits, such as 00e0 or fc01. If an H contains less than
four digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The MAC
address cannot be 0000-0000-0000, FFFF-FFFF-FFFF, or any multicast address.
• mac-address-mask: specifies the mask of a MAC address. The value is a hexadecimal number in the format
of H-H-H. Each H contains one to four digits.
• mac-address-mask-length: specifies the mask length of a MAC address. The value is an integer ranging
from 1 to 48.
2. Enable MAC address-based VLAN assignment on an interface.

[Huawei-GigabitEthernet0/0/1] mac-vlan enable

This command enables MAC address-based VLAN assignment on an interface.


Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Example for Configuring MAC Address-based


VLAN Assignment
⚫ Networking requirements:
Enterprise
network ▫ The network administrator of an enterprise assigns PCs in
GE 0/0/1 the same department to the same VLAN. To improve
information security, the enterprise requires that only
SW1
employees in the department be allowed to access the
network resources of the enterprise.
GE 0/0/3

▫ PCs 1 through 3 belong to the same department.


According to the enterprise' requirement, only the three
PCs can access the enterprise network through SW1.

PC1 PC2 PC3 PC4


▫ To meet this requirement, configure MAC address-based
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03 001e-10dd-dd04 VLAN assignment and associate the MAC addresses of the
VLAN 10 three PCs with the specified VLAN.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Creating a VLAN and Associating MAC


Addresses with the VLAN
Enterprise Create a VLAN.
Network
[SW1] vlan 10
GE0/0/1
[SW1-vlan10] quit
GE0/0/3 SW1

Associate MAC addresses with the VLAN.

[SW1] vlan 10
[SW1-vlan10] mac-vlan mac-address 001e-10dd-dd01
[SW1-vlan10] mac-vlan mac-address 001e-10dd-dd02
[SW1-vlan10] mac-vlan mac-address 001e-10dd-dd03
PC1 PC2 PC3
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03
[SW1-vlan10] quit

VLAN 10

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Adding Interfaces to the VLAN and Enabling


MAC Address-based VLAN Assignment
Add interfaces to the VLAN.
Enterprise
[SW1] interface gigabitethernet 0/0/1
Network
[SW1-GigabitEthernet0/0/1] port link-type hybrid
GE0/0/1 [SW1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
SW1
[SW1] interface gigabitethernet 0/0/2
GE0/0/3

[SW1-GigabitEthernet0/0/2] port link-type hybrid


[SW1-GigabitEthernet0/0/2] port hybrid untagged vlan 10

Enable MAC address-based VLAN assignment


on the specified interface.
PC1 PC2 PC3 [SW1] interface gigabitethernet 0/0/2
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03
[SW1-GigabitEthernet0/0/2] mac-vlan enable
VLAN 10 [SW1-GigabitEthernet0/0/2] quit

Note: The configuration of GE 0/0/3 and GE 0/0/4 is similar to that of GE 0/0/2.

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Interface-based VLAN MAC Address-based VLAN
Assignment Assignment

Verifying the Configuration

[SW1]display vlan [SW1]display mac-vlan mac-address all


The total number of vlans is : 2 ----------------------------------------------------------------------
----------------------------------------------------------------------------------------------- MAC Address MASK VLAN Priority
U: Up; D: Down; TG: Tagged; UT: Untagged; ----------------------------------------------------------------------
MP: Vlan-mapping; ST: Vlan-stacking; 001e-10dd-dd01 ffff-ffff-ffff 10 0
001e-10dd-dd02 ffff-ffff-ffff 10 0
#: ProtocolTransparent-vlan; *: Management-vlan;
001e-10dd-dd03 ffff-ffff-ffff 10 0
-----------------------------------------------------------------------------------------------
VID Type Ports
Total MAC VLAN address count: 3
-----------------------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) ……
10 common UT:GE0/0/2(U) GE0/0/3(U) GE0/0/4(U)
TG:GE0/0/1(U)
……

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Quiz
1. (Multiple) Which of the following statements about the VLAN technology are incorrect?
( )
A. The VLAN technology can isolate a large collision domain into several small collision domains.

B. The VLAN technology can isolate a large Layer 2 broadcast domain into several small Layer 2
broadcast domains.

C. PCs in different VLANs cannot communicate.

D. PCs in the same VLAN can communicate at Layer 2.

2. If the PVID of a trunk interface is 5 and the port trunk allow-pass vlan 2 3 command is run
on the interface, which VLANs' frames can be transmitted through the trunk interface?

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Summary
⚫ This course describes the VLAN technology, including the functions, identification,
assignment, data exchange, planning, application, and basic configuration of VLANs.

⚫ The VLAN technology can divide a physical LAN into multiple broadcast domains so
that network devices in the same VLAN can directly communicate at Layer 2, while
devices in different VLANs cannot.

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

You might also like