Page is loading ...
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Table of Contents
i
Table of Contents
Chapter 1 VLAN Overview............................................................................................................1-1
1.1 VLAN Overview..................................................................................................................1-1
1.1.1 Introduction to VLAN...............................................................................................1-1
1.1.2 VLAN Principles......................................................................................................1-2
1.2 Port-Based VLAN...............................................................................................................1-3
Chapter 2 VLAN Configuration ....................................................................................................2-1
2.1 VLAN Configuration...........................................................................................................2-1
2.1.1 Basic VLAN Configuration.......................................................................................2-1
2.1.2 Basic VLAN Interface Configuration .......................................................................2-1
2.1.3 Displaying VLAN Configuration...............................................................................2-2
2.2 Configuring a Port-Based VLAN........................................................................................2-3
2.2.1 Configuring a Port-Based VLAN .............................................................................2-3
2.2.2 Protocol-Based VLAN Configuration Example........................................................2-3
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 1
VLAN Overview
1-1
Chapter 1 VLAN Overview
1.1 VLAN Overview
1.1.1 Introduction to VLAN
The traditional Ethernet is a flat network, where all hosts are in the same broadcast
domain and connected with each other through hubs or switches. The hub is a physical
layer device without the switching function, so it forwards the received packet to all
ports. The switch is a link layer device which can forward the packet according to the
MAC address of the packet. However, when the switch receives a broadcast packet or
an unknown unicast packet whose MAC address is not included in the MAC address
table of the switch, it will forward the packet to all the ports except the inbound port of
the packet. In this case, a host in the network receives a lot of packets whose
destination is not the host itself. Thus, plenty of bandwidth resources are wasted,
causing potential serious security problems.
The traditional way to isolate broadcast domains is to use routers. However, routers are
expensive and provide few ports, so they cannot subnet the network particularly.
The virtual local area network (VLAN) technology is developed for switches to control
broadcast in LANs.
By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs,
each of which has a broadcast domain of its own. Hosts in the same VLAN
communicate with each other as if they are in a LAN. However, hosts in different VLANs
cannot communicate with each other directly.
Figure 1-1 illustrates a VLAN
implementation.
VLAN A
VLAN B
VLAN A
VLAN B
VLAN A
VLAN B
LAN Switch
LAN Switch
Router
VLAN A
VLAN B
VLAN A
VLAN B
VLAN A
VLAN B
LAN Switch
LAN Switch
Router
Figure 1-1 A VLAN implementation
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 1
VLAN Overview
1-2
A VLAN can span across multiple switches, or even routers. This enables hosts in a
VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different
physical network segment.
Compared with the traditional Ethernet, VLAN enjoys the following advantages.
z Broadcasts are confined to VLANs. This decreases bandwidth utilization and
improves network performance.
z Network security is improved. VLANs cannot communicate with each other
directly. That is, a host in a VLAN cannot access resources in another VLAN
directly, unless routers or Layer 3 switches are used.
z Network configuration workload for the host is reduced. VLAN can be used to
group specific hosts. When the physical position of a host changes within the
range of the VLAN, you need not change its network configuration.
1.1.2 VLAN Principles
VLAN tags in the packets are necessary for the switch to identify packets of different
VLANs. The switch works at Layer 2 (Layer 3 switches are not discussed in this chapter)
and it can identify the data link layer encapsulation of the packet only, so you can add
the VLAN tag field into only the data link layer encapsulation if necessary.
In 1999, IEEE issues the IEEE 802.1Q protocol to standardize VLAN implementation,
defining the structure of VLAN-tagged packets.
In traditional Ethernet data frames, the type field of the upper layer protocol is
encapsulated after the destination MAC address and source MAC address, as shown
in
Figure 1-2
Type(2)DA&SA(12) DATA
Type
DA&SA(12) DATA
DA&SA DATA
Type(2)DA&SA(12) DATADA&SA(12) DATA
Type
DA&SA(12) DATA
DA&SA
DATA
Type(2)DA&SA(12) DATADA&SA(12) DATA
Type
DA&SA(12) DATA
DA&SA DATA
Type(2)DA&SA(12) DATADA&SA(12) DATA
Type
DA&SA(12) DATA
DA&SA
DATA
Figure 1-2 Encapsulation format of traditional Ethernet frames
In
Figure 1-2 DA refers to the destination MAC address, SA refers to the source MAC
address, and Type refers to the protocol type of the packet. IEEE 802.1Q protocol
defines that a 4-byte VLAN tag is encapsulated after the destination MAC address and
source MAC address to show the information about VLAN.
TPID Prioity CFI VLAN ID
VLAN Tag
DA&SA
TPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN ID
VLAN Tag
TPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
VLAN Tag
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Priority CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN ID
VLAN Tag
TPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
VLAN Tag
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
VLAN Tag
TPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
VLAN Tag
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN ID
DA&SA
TypeTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Prioity CFI VLAN IDTPID Priority CFI VLAN ID
DA&SA
TypeType
g
Figure 1-3 Format of VLAN ta
As shown in
Figure 1-3, a VLAN tag contains four fields, including TPID, priority, CFI,
and VLAN ID.
z TPID is a 16-bit field, indicating that this data frame is VLAN-tagged. By default, it
is 0x8100 in H3C series Ethernet switches.
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 1
VLAN Overview
1-3
z Priority is a 3-bit field, referring to 802.1p priority. Refer to section “QoS & QoS
profile” for details.
z CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the
standard format in different transmission media. This field is not described in detail
in this chapter.
z VLAN ID is a 12-bit field, indicating the ID of the VLAN to which this packet
belongs. It is in the range of 0 to 4,095. Generally, 0 and 4,095 is not used, so the
field is in the range of 1 to 4,094.
VLAN ID identifies the VLAN to which a packet belongs. When the switch receives a
packet carrying no VLAN tag, it will encapsulate a VLAN tag with the default VLAN ID of
the inbound port for the packet, and the packet will be assigned to the default VLAN of
the inbound port for transmission. For the details about setting the default VLAN of a
port, refer to section “Port Basic Configuration” in H3C S3100-52P Ethernet Switch
Operation Manual.
1.2 Port-Based VLAN
Port-based VLAN technology introduces the simplest way to classify VLANs. You can
isolate the hosts and divide them into different virtual workgroups through assigning the
ports on the device connecting to hosts to different VLANs.
This way is easy to implement and manage and it is applicable to hosts with relatively
fixed positions.
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 2
VLAN Configuration
2-1
Chapter 2 VLAN Configuration
2.1 VLAN Configuration
2.1.1 Basic VLAN Configuration
Table 2-1 Basic VLAN configuration
Operation Command Description
Enter system view
system-view
—
Create multiple
VLANs in batch
vlan { vlan-id1 to vlan-id2 |
all }
Optional
Create a VLAN and
enter VLAN view
vlan vlan-id
Required
The vlan-id argument ranges
from 1 to 4,094.
Assign a name for
the current VLAN
name text
Optional
By default, the name of a VLAN
is its VLAN ID.
Specify the
description string of
the current VLAN
description text
Optional
By default, the description string
of a VLAN is its VLAN ID.
Caution:
When you use the vlan command to create VLANs, if the destination VLAN is an
existing dynamic VLAN, it will be transformed into a static VLAN and the switch will
output the prompt information.
2.1.2 Basic VLAN Interface Configuration
I. Configuration prerequisites
Create a VLAN before configuring a VLAN interface.
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 2
VLAN Configuration
2-2
II. Configuration procedure
Table 2-2 Basic VLAN interface configuration
Operation Command Description
Enter system view
system-view
—
Create a VLAN
interface and enter
VLAN interface
view
interface
Vlan-interface vlan-id
Required
The vlan-id argument ranges from 1
to 4,094.
Specify the
description string
for the current
VLAN interface
description text
Optional
By default, the description string of
a VLAN interface is the name of this
VLAN interface
Disable the VLAN
interface
shutdown
Optional
Enable the VLAN
Interface
undo shutdown
Optional
Note that the operation of enabling/disabling a VLAN interface does not influence the
enabling/disabling states of the Ethernet ports belonging to this VLAN.
By default, the VLAN interface’s management state is enabled. In this case, the
physical state of the VLAN interface is affected by the ports state in the VLAN. When all
the Ethernet ports of a VLAN are down, the VLAN interface of the VLAN is down, that is,
the VLAN interface is disabled; when one or more Ethernet ports of a VLAN are up, the
VLAN interface of the VLAN is up, that is, the VLAN interface is enabled.
If you disable the VLAN interface’s management state, the VLAN interface will always
be down, regardless of the states of the ports in the VLAN.
Caution:
H3C S3100-52P Ethernet switch supports only one VLAN interface. And the VLAN
where the VLAN interface resides must be the management VLAN of the switch.
For detail, refer to the section "Management VLAN Configuration – Operation" in H3C
S3100-52P Ethernet Switch Operation Manual.
2.1.3 Displaying VLAN Configuration
After the configuration above, you can execute the display command in any view to
display the running status after the configuration, so as to verify the configuration.
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 2
VLAN Configuration
2-3
Table 2-3 Display VLAN configuration
Operation Command Description
Display the VLAN
interface information
display interface Vlan-interface
[ vlan-id ]
Display the VLAN
information
display vlan [ vlan-id [ to vlan-id ]
| all | dynamic | static ]
You can execute the
display command in
any view.
2.2 Configuring a Port-Based VLAN
2.2.1 Configuring a Port-Based VLAN
I. Configuration prerequisites
Create a VLAN before configuring a port-based VLAN.
II. Configuration procedure
Table 2-4 Configure a port-based VLAN
Operation Command Description
Enter system view
system-view
—
Enter VLAN view
vlan vlan-id
—
Add Ethernet ports
to the specific
VLAN
port interface-list
Required
By default, all the ports belong
to the default VLAN
Caution:
The commands above are effective for access ports only. If you want to add trunk ports
or hybrid ports to a VLAN, you can use the port trunk permit vlan command or the
port hybrid vlan command in Ethernet port view. For the configuration procedure,
refer to the section "Port Basic Configuration – Operation" in H3C S3100-52P Ethernet
Switch Operation Manual.
2.2.2 Protocol-Based VLAN Configuration Example
I. Network requirements
z Create VLAN 2 and VLAN 3 and specify the description string of VLAN 2 as home;
Operation Manual – VLAN
H3C S3100-52P Ethernet Switch Chapter 2
VLAN Configuration
2-4
VLAN3
z Add Ethernet1/0/1 and Ethernet1/0/2 to VLAN 2 and add Ethernet1/0/3 and
Ethernet1/0/4 to VLAN 3.
II. Network diagram
Switch
VLAN3
E1/0/4
VLAN2
VLAN3
VLAN2
E1/0/1
VLAN3
VLAN3
VLAN2
VLAN3
VLAN3
E1/0/3
VLAN3
E1/0/2
VLAN2
VLAN3
Switch
VLAN3
E1/0/4
VLAN2
VLAN3
VLAN2
E1/0/1
VLAN3
VLAN3
VLAN2
VLAN3
VLAN3
E1/0/3
VLAN3
E1/0/2
VLAN2
Figure 2-1 Network diagram for VLAN configuration
III. Configuration procedure
# Create VLAN 2 and enter its view.
<H3C> system-view
[H3C] vlan 2
# Specify the description string of VLAN 2 as home.
[H3C-vlan2] description home
# Add Ethernet1/0/1 and Ethernet1/0/2 ports to VLAN 2.
[H3C-vlan2] port Ethernet 1/0/1 Ethernet 1/0/2
# Create VLAN 3 and enter its view.
[H3C-vlan2] vlan 3
# Add Ethernet1/0/3 and Ethernet1/0/4 ports to VLAN 3.
[H3C-vlan3] port Ethernet 1/0/3 Ethernet 1/0/4
/