chapter 20 vlan configuration
Post on 21-Apr-2015
147 Views
Preview:
TRANSCRIPT
Maipu Confidential & Proprietary Information Page 1 of 17
VLAN Configuration
Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com
VLAN Configuration
Maipu Confidential & Proprietary Information Page 2 of 17
All rights reserved. Printed in the People’s Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to: Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 3 of 17
Maipu Feedback Form Your opinion helps us improve the quality of our product documentation
and offer better services. Please fax your comments and suggestions to
(86) 28-85148948, 85148139 or email to overseas@maipu.com.
Document Title
VLAN CONFIGURATION
Product Version
Document Revision Number
1.0
Evaluate this document
Presentation:
(Introductions, procedures, illustrations, completeness, arrangement, appearance)
Good Fair Average Poor
Accessibility:
(Contents, index, headings, numbering)
Good Fair Average Poor
Editorial:
(Language, vocabulary, readability, clarity, technical accuracy, content)
Good Fair Average Poor
Your suggestions to improve the document
Please check suggestions to improve this document:
Improve introduction Make more concise
Improve Contents Add more step-by-step procedures/tutorials
Improve arrangement Add more technical information
Include images Make it less technical
Add more detail Improve index
If you wish to be contacted, complete the following:
Name Company
Postcode Address
Telephone E-mail
VLAN Configuration
Maipu Confidential & Proprietary Information Page 4 of 17
Contents
Configure VLAN ......................................................................................... 5
Introduction to VLAN ............................................................................................... 5
Configure Port-based VLAN ................................................................................................... 6
MAC-Based VLAN ................................................................................................... 7
IP-Subnet-Based VLAN ........................................................................................... 7
Basic Commands .................................................................................................... 7
Application Instances ............................................................................................ 14
Port-based VLAN Instance ................................................................................................... 14
MAC-Based VLAN Instance .................................................................................................. 15
Debugging & Monitoring ........................................................................................ 16
Monitoring Commands ........................................................................................................ 16
Monitoring Command Instance ............................................................................................ 16
VLAN Configuration
Maipu Confidential & Proprietary Information Page 5 of 17
Configure VLAN
This chapter mainly describes the VLAN function and the configuration of
the router switching port.
The contents are as follows:
Introduction to VLAN function
Application instance
Debugging and monitoring
Introduction to VLAN Virtual Local Area Network (VLAN) is to divide physical networks into
logical networks. Dividing VLAN is not restricted by the physical location.
The hosts of different physical locations can belong to one VLAN. VLAN
restricts the broadcast domain. L2 unicast, broadcast and multicast frames
can be forwarded and diffused only in the VLAN and cannot enter into
other VLANs directly. The L2 packets of different VLANs are separated with
each other, that is, the users of different VLANs cannot communicate with
each other directly.
VLAN supports IEEE801.Q standard. The value range of VLAN ID is 1-4094.
VLAN 1 is the default value and cannot be deleted.
1. Different VLAN types support different VLAN division modes. RM1800-
31-AC, RM1800-31W-AC, and RM1800-31W-DC48 support Port-based
VLAN and MAC-address-based VLAN. The other RM1800 models only
support port-based VLAN.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 6 of 17
Configure Port-based VLAN Port-based VLAN is to take a port as a member of the VLAN and add it into
the VLAN. The port can forward packets of the VLAN to which the port
belongs.
Mode Types of Ports Port modes are divided into three types according to different processing
modes for Tag labels of packets when the port transmits packets.
1. Access Type
The port can belong to only one VLAN, and the default VLAN ID of the port
is the same as the VLAN ID to which it belongs. The port usually connects
with user devices. The default type of a port is the Access type.
2. Trunk Type
The port permits multiple VLANs to pass, and it can receive or send
multiple VLAN packets. Only the packets of the default VLAN can be sent
without Tag labels. The port is usually used to inter-connect network
devices.
3. Hybrid Type
The port can be added into multiple VLANs, and it can receive or send
multiple VLAN packets. The packets of multiple VLANs can be sent without
Tag label. The port also can be used to connect user devices or inter-
connect network devices
Defaul t VLAN of Ports According to the default VLAN of the port, assign the packets without Tag
label received by the port to the default VLAN. The default VLAN of the
port is 1. Users can configure the default VLAN of the port as desired.
The default VLAN of the Access port is the one it belongs to, and
cannot be configured.
The Trunk port and the Hybrid port can belong to multiple VLANs, and
their default VLANs can be configured.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 7 of 17
MAC-Based VLAN The MAC-based VLAN is to assign the VLAN ID to packets according to the
source MAC addresses of the packets received by ports. RM1800-31-AC,
RM1800-31W-AC, and RM1800-31W-DC48 support MACVLAN function.
After configuring and enabling the MACVLAN rule, the packets received by
ports are processed as follows.
1. If the source MAC and the MAC address of MAC-based VLAN are
consistent, and the ingress port of the packets is allocated to the VLAN
of the corresponding VLAN ID, the packet is allocated to the VLAN ID
corresponding to the MAC VLAN.
2. If the packet doesn’t match the MAC configured by the MAC VLAN, the
packet is assigned to the default VLAN ID of the port.
IP-Subnet-Based VLAN IP-subnet-based VLAN is to assign VLAN IDs to packets according to the
source IP addresses of the Untagged packets received by ports
The packets received by ports are processed as follows:
1. If the source IP address is in the network segment of IP subnet-based
VLAN, and the In port of the packets is allocated to the VLAN of the
corresponding VLAN ID, the packet is allocated to the VLAN ID
corresponding to the network segment.
2. If the packet doesn’t match the network segment configured by the IP
subnet VLAN, the packet is assigned to the default VLAN ID of the port.
Basic Commands Command Description Config Mode
vlan vlanId Create VLAN config
config-vlanxx
description description Configure description information
of VLAN config-vlanxx
port accept frame-type {all | tag }
Configure the receivable frames of the port
config-port-xxx
config-link-aggregation-
x
VLAN Configuration
Maipu Confidential & Proprietary Information Page 8 of 17
port mode {access | trunk | hybrid}
*Configure port mode
config-port-xxx
config-link-aggregation-
x
port access vlan vlanId *Configure Access port to be added to VLAN
config-port-xxx
config-link-aggregation-
x
port trunk allowed vlan { vlanlist|all }
*Configure Trunk port allow VLAN to pass
config-port-xxx
config-link-aggregation-
x
port hybrid {tagged | untagged} vlan vlanlist
*Configure Hybrid port to be added to VLAN
config-port-xxx
config-link-aggregation-
x
port trunk pvid vlan vlanId *Configure the default VLAN of Trunk port
config-port-xxx
config-link-aggregation-
x
port hybrid pvid vlan vlanId *Configure the default VLAN of Hybrid port
config-port-xxx
config-link-aggregation-
x
vlan dot1q tag pvid *Configure the default VLAN packets of Trunk port are sent with Tag
config-port-xxx
config-link-aggregation-
x
mac-vlan mac-address
mac-address vlan vlanId *Configure MAC VLAN items config
mac-vlan enable *Configure MAC VLAN is enabled on the port
config-port-xxx
config-link-aggregation-
x
Note
The * symbol before the command description means that there is
configuration instance to describe the command.
vlan
This command is used to create the corresponding VLAN of the vlanid. The
no format of the command is used to delete the VLAN.
vlan vlanId
no vlan vlanlist Syntax Description
vlanId The value range of vlanid is 1-4094.
Vlanlist The value range is 2-4094. It can be "x1-x2", "x1,
x2, x3…" or the combination.
Default status: VLAN 1, which is created automatically by the system
Note
1. VLAN 1 is the default value of the system and cannot be deleted.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 9 of 17
2. When other function depends on one VLAN, the VLAN cannot be
deleted and the system provides prompt information, such as Vlan
2 is being used by other module.
Caution
After one VLAN is deleted, the relation between the port and the VLAN in
the port-based VLAN is deleted.
description
This command is sued to add the description information of the VLAN. The
no format of the command is used to delete the description information
and recover it to the default value.
description description
no description
Syntax Description
description The VLAN description information, with a length
of up to 32 bytes printable character string
Default status: The default description information of VLAN 1 is DEFAULT
and the description information of other VLANs is vlanId.
port accept frame-type {all | tag }
This command is used to configure the receivable frames of the port. The
frames that do not meet the requirements are discarded.
Syntax Description
all The port receives all Tag packets and Untag
packets.
tag The port only receives the Tag frames and the
Untag frames are not forwarded and are
discarded.
Default status: By default, the port receives all frames, that is, all Tag
packets and Untag packets.
port mode {access | trunk | hybrid}
This command is used to configure the port type.
Syntax Description
access The port type is Access.
trunk The port type is Trunk.
hybrid The port type is Hybrid.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 10 of 17
Default status: The default type of the port is Access.
Note
1. The port type cannot switch from Hybrid to Trunk directly. It should
first switch to Access and then to Trunk.
2. The port type cannot switch from Trunk to Hybrid directly. It should
first switch to Access and then to Hybrid.
3. After the port type is switched, the original VLAN configuration of the
port is deleted and VLAN configuration of the port recovers to the
default value of the new port type.
port access vlan
This command is used to add Access port to VLAN. The no format of the
command is used to add the port to the default VLAN 1.
port access vlan vlanId
no port access vlan
Syntax Description
vlanId The value range of VLAN ID is 1-4094.
Default status: By default, the port is added to VLAN 1.
Note
1. The configuration command must be consistent with the port type.
Otherwise, the system prompts error information, such as “port 0/1
current mode is not access”.
2. When the Access port is added to VLAN and if the VLAN does not exist,
the VLAN is created automatically.
3. Because of the switch chip limitation, RM1800-21-AC, RM1800-22-AC,
and RM1800-23-AC only support 16 VLANs. Therefore, it is not
permitted to add the ports on the devices to some VLANs and the
system prompts error. If one vlan m already has ports or is permitted
by trunk port, vlan m±16×n (n is an integer) cannot configure adding
ports any more. The limitation is also suitable for the binding of the
VLAN and the virtual interacting interface. Here, if m is 1, only VLAN1
can be used.
Caution
When the VLAN to which the Access port is added is deleted, the port exits
from the deleted VLAN and is added to the default VLAN 1.
port trunk allowed vlan
VLAN Configuration
Maipu Confidential & Proprietary Information Page 11 of 17
This command is used to configure the Trunk port to allow VLAN. The no
format of the command is used to delete the VLAN configuration allowed
by the Trunk port.
port trunk allowed vlan { vlanlist }
no port trunk allowed vlan { vlanlist } Syntax Description
vlanlist Set the allowed VLAN. The format of vlanlist is a
single vlanId, or vlanId1-vlanId2, ,
vlanId1,vlanId2,…vlanIdn, the value range of vlanId
is 1-4094.
Default status: By default, VLAN 1 is allowed to pass.
Note
1. The configuration command must be consistent with the port type.
Otherwise, the system prompts error information, such as port 0/1
current mode is not trunk.
2. The port type cannot switch from Hybrid to Trunk directly. It should
first switch to Access and then to Trunk.
3. Because of the switch chip limitation, RM1800-21-AC, RM1800-22-AC,
and RM1800-23-AC only support 16 VLANs. Therefore, it is not
permitted to add the ports on the devices to some VLANs and the
system prompts error. If one vlan m already has ports or is permitted
by trunk port, vlan m±16×n (n is an integer) cannot configure adding
ports any more. The limitation is also suitable for the binding of the
VLAN and the virtual interacting interface. Here, if m is 1, only VLAN1
can be used.
Caution
When Trunk port is configured to allow VLAN to pass:
1. If VLAN exists, the port is added to the VLAN;
2. If VLAN does not exist, the VLAN is not created automatically and the
port is not added to VLAN; after the allowed VLAN is created, the port
is automatically added to the VLAN.
port hybrid {tagged|untagged} vlan
This command is used to configure Hybrid port to be added to VLAN and
select the mode of being added to the LAN (Tag/Untag). The no format of
the command is used to make the port exit the VLAN and select to mode
of exiting the corresponding VLAN.
port hybrid {tagged|untagged} vlan vlanlist
no port hybrid {tagged|untagged} vlan vlanlist Syntax Description
VLAN Configuration
Maipu Confidential & Proprietary Information Page 12 of 17
Vlanlist The format of vlanlist is a single vlanId, or vlanId1-
vlanId2, vlanId1,vlanId2,…vlanIdn. The value range
of vlanId is 1-4094.
tagged The port is added to VLAN in Tag mode and
becomes the Tag member of the VLAN.
untagged The port is added to VLAN in Untag mode and
becomes the Untag member of the VLAN.
Default status: By default, the port is added to VLAN 1 in Untag mode.
Note
1. The configuration command must be consistent with the port type.
Otherwise, the system prompts error information, such as port 0/1
current mode is not hybrid.
2. The port type cannot switch from Trunk to Hybrid directly. It should
first switch to Access and then to Hybrid.
3. When Hybrid port is added to VLAN and if the VLAN does not exist, the
VLAN is automatically created.
4. Because of the switch chip limitation, RM1800-21-AC, RM1800-22-AC,
and RM1800-23-AC only support 16 VLANs. Therefore, it is not
permitted to add the ports on the devices to some VLANs and the
system prompts error. If one vlan m already has ports or is permitted
by trunk port, vlan m±16×n (n is an integer) cannot configure adding
ports any more. The limitation is also suitable for the binding of the
VLAN and the virtual interacting interface. Here, if m is 1, only VLAN1
can be used.
port trunk pvid vlan
This command is used to configure the default VLAN (pvid) of Trunk port.
The no format of the command is used to delete the configured default
VLAN (pvid) of the port and the default VLAN of the port recovers to 1.
port trunk pvid vlan vlanId
no port trunk pvid vlan
Syntax Description
vlanId The value range of VLAN ID is 1-4094.
Default status: The default VLAN (pvid) of the port is 1.
Note
The configuration mode must be consistent with the port type. Otherwise,
the system prompts error information, such as port 0/1 current mode is
not trunk.
port hybrid pvid vlan vlanId
VLAN Configuration
Maipu Confidential & Proprietary Information Page 13 of 17
This command is used to configure the default VLAN (pvid) of Hybrid port.
The no format of the command is used to delete the configured default
VLAN (pvid) of the port and the default VLAN of the port recovers to 1.
port hybrid pvid vlan vlanId
no port hybrid pvid vlan
Syntax Description
vlanId The value range of VLAN ID is 1-4094.
Default status: The default VLAN (pvid) of the port is 1.
Note
The configuration mode must be consistent with the port type. Otherwise,
the system prompts error information, such as port 0/1 current mode is
not hybrid.
vlan dot1q tag pvid
This command is used to configure the default VLAN packets of the Trunk
port to be sent with Tag. The no format of the command is used to delete
the port configuration and recover the default configuration, that is, the
default VLAN packets of Trunk port are sent without Tag.
vlan dot1q tag pvid
no vlan dot1q tag pvid
Default status: The port does not have vlan dot1q tag pvid configuration.
Note
The configuration command must be consistent with the port type.
Otherwise, the system prompts error information, such as port 0/1 current
mode is not trunk.
mac-vlan mac-address
This command is used to configure MAC VLAN items globally and distribute
the corresponding VLAN ID as per the MAC address. The no format of the
command is used to delete the MAC VLAN items.
mac-vlan mac-address mac-address vlan vlanId [pri priId]
no mac-vlan mac-address mac-address vlan
Syntax Description
mac-address MAC address
vlanId Distribute corresponding VLAN ID as per the MAC
address; the value range of VLAN ID is 1-4094.
Default status: By default, there are no MAC VLAN items.
Note
VLAN Configuration
Maipu Confidential & Proprietary Information Page 14 of 17
1. MAC address cannot be broadcast address or multicast address. If the
illegal MAC address is input, the system prompts error information.
2. MAC VLAN items are valid globally, that is, valid for the whole device.
3. Only RM1800-31-AC, RM1800-31W-AC, and RM1800-31W-DC48
support MACVLAN function.
mac-vlan enable
This command is used to enable MAC VLAN function on the port. The no
format of the command is used to disable the MAC VLAN function of the
port.
mac-vlan enable
no mac-vlan enable
Default status: By default, MAC VLAN function is disabled on the port.
Note
MAC VLAN can take effect only when the MAC VLAN function is enabled on
the port and there are MAC VLAN items.
Application Instances
Port-based VLAN Instance Instance of Configuring VLAN of Access Port
Command Description
router#configure terminal Users enter the global configuration mode from the privilege user mode .
router(config)#port 0/1 Enter port 0/1 configuration status
router(config-port-0/1)#port mode access Configure the type of a port as
Access
(The default type is Access)
router(config-port-0/1)#port access vlan 10 Add the port into VLAN 10.
Instance of Configuring VLAN of a Trunk Port
Command Description
router#configure terminal Users enter the global configuration mode from the
VLAN Configuration
Maipu Confidential & Proprietary Information Page 15 of 17
privilege user mode
router(config)#port 0/1 Enter port 0/1 configuration status
router(config-port-0/1)#port mode trunk Configure the type of the port as Trunk
router(config-port-0/1)#port trunk allowed vlan
10-20
The port permits VLAN 10–20 to pass
router(config-port-0/1)#port trunk pvid vlan 30 Configure the default VLAN of the port
router(config-port-0/1)#vlan dot1q tag pvid Configure the default VLAN packets of a Trunk port to be sent with Tag
Instance of Configuring VLAN of Hyrbid Port
Command Description
router#configure terminal Users enter the global configuration mode from the privilege user mode
router(config)#port 0/1 Enter port 0/1 configuration status
router(config-port-0/1)#port mode hybrid Configure the type of the port as Hybrid.
router(config-port-0/1)# port hybrid untagged vlan 10 The port is added to VLAN 10. The VLAN packets are sent without tag
router(config-port-0/1)#port hybrid tagged vlan 30 The port is added to VLAN30. The
VLAN packets are sent with tag.
MAC-Based VLAN Instance Command Description
router#configure terminal Users enter the global configuration mode from the privilege user mode
router(config)# mac-vlan mac-address 1.1.1 vlan 10 Configure the items in the MAC VLAN table; to assign the Untagged of the corresponding MAC into the VLAN.
router(config)#port 0/1 Enter port 0/1 configuration status
router(config-port-0/1)# mac-vlan enable Configure the port to enable the MAC VLAN function
VLAN Configuration
Maipu Confidential & Proprietary Information Page 16 of 17
Debugging & Monitoring
Monitoring Commands Command Description
show vlan [vlanId] To view port-based VLAN information
show mac-vlan To view the information about the MAC VLAN
items
Monitoring Command Instance router#show vlan
Displayed result:
---- ---- -------------------------------- ------------------------------------------
NO. VID VLAN-Name Owner mode Port-Name
---- ---- -------------------------------- ------------------------------------------
1 1 DEFAULT static Untagged port 0/1 port 0/2 port 0/3
port 0/4 port 0/5 port 0/6
port 0/7 port 0/8 port 0/9
port 0/10 port 0/11 port 0/12
port 0/13 port 0/14 port 0/15
port 0/16 port 0/17 port 0/18
port 0/19 port 0/20 port 0/21
port 0/22 port 0/23
2 3 VLAN0003 static Untagged port 0/0
3 4 VLAN0004 static Tagged port 0/1
Description & analysis:
NO. : display serial number
VID: VLAN ID
VLAN-Name: VLAN description information
Owner: the label of the VLAN creator, static (created manually) or
dynamic (created by GVRP protocol)
Mode: how the port joins the VLAN: tagged or untagged
Port-Name: port name
The displayed result indicates the existing VLAN of the system, VLAN
description information, VLAN member ports and the Tag/Untag attributes.
VLAN Configuration
Maipu Confidential & Proprietary Information Page 17 of 17
router#show mac-vlan
Displayed result:
total 4096, used 1, left 4095
---- --------------- ---------MAC-VLAN--------------------------------------------------------
NO. MAC address dynamicvlan staticvlan currentpri staticpri
---- --------------- -------------------------------------------------------------------------
1 0002.0003.0004 0 3 0
0
Description & analysis:
NO.: display serial number
MAC address: MAC address
Dynamicvlan: The VLAN ID assigned by matched MAC address packets. It
is created by dot1X protocol
staticvlan: The VLAN ID assigned by matched MAC address packets. It is
created by the user
currentpri: The current valid priority
staticpri: The shell configured priority
The displayed result indicates the existing MAC VLAN items of the system
and the included details.
top related