Scribd
Upload
732 views

02-VLAN Configuration Guide HP Comware

This document provides configuration instructions for port-based and protocol-based VLANs. It includes a network diagram showing switches and hosts on different VLANs. The document then provides step-by-step configuration procedures to configure port-based VLANs on the switches to isolate subnets at layer 2. It also describes how to configure protocol-based VLANs to automatically assign traffic to VLANs based on protocol type.

Uploaded by

Elvis de León
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
732 views

02-VLAN Configuration Guide HP Comware

This document provides configuration instructions for port-based and protocol-based VLANs. It includes a network diagram showing switches and hosts on different VLANs. The document then provides step-by-step configuration procedures to configure port-based VLANs on the switches to isolate subnets at layer 2. It also describes how to configure protocol-based VLANs to automatically assign traffic to VLANs based on protocol type.

Uploaded by

Elvis de León
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Table of Contents

1 VLAN Configuration Guide 1-1


Configuring Port-Based VLAN 1-1
Network Diagram1-1
Networking and Configuration Requirements1-1
Applicable Product Matrix1-2
Configuration Procedure1-2
Complete Configuration1-3
Precautions1-4
Configuring Protocol-Based VLAN1-4
Network Diagram1-5
Networking and Configuration Requirements1-5
Applicable Product Matrix1-5
Configuration Procedure1-5
Complete Configuration1-6
Precautions1-7

VLAN Configuration Guide

Configuring Port-Based VLAN


The VLAN technology allows you to divide a broadcast LAN into multiple distinct broadcast domains,
each as a virtual workgroup. Port-based VLAN is the simplest approach to VLAN implementation. The
idea is to assign the ports on a switch to different VLANs, confining the propagation of the packets
received on a port within the particular VLAN. Thus, separation of broadcast domains and division of
virtual groups are achieved.

Network Diagram
Figure 1-1 Network diagram for port-based VLAN configuration
VLAN10
192.168.10.0/24

Server
Eth1/0/1

SwitchA

VLAN100
192.168.100.0/24

Eth1/0/2
Eth1/0/3

HostA

Eth1/0/10

SwitchB
Eth1/0/12

HostC
VLAN102
192.168.102.0/24

Eth1/0/11

HostB
VLAN101
192.168.101.0/24

Networking and Configuration Requirements


In the sample intranet network shown in Figure 1-1, Switch A is connected to the subnet of a department
and the subnet for the public servers, and Switch B is connected to the subnet of the other two
departments.
To guarantee data security for each department, use VLANs to isolate the four subnets at Layer 2 but
configure Layer-3 interfaces on Switch A to enable the hosts of the three departments and the public
servers to communicate with each other at Layer 3.

1-1

Applicable Product Matrix


Product series

Software version

Hardware version

S5600 series

Release 1510, Release1602

All versions

S5100-SI/EI series

Release 2200, Release2201

All versions

S3600-SI/EI series

Release 1510, Release1602

All versions

S3100-EI series

Release 2104, Release 2107

All versions

Release 0011, Release 2102, Release 2107

All versions

Release 1500, Release 1602

S3100-52P

S3100-C-SI series
S3100-T-SI series
S3100-52P

The S3600-SI/EI series and S5600 series switches can operate as Switch A in Figure 1-1 for forwarding
packets at Layer 3 for VLANs. The other models in the table above do not support configuring multiple
VLAN interfaces for Layer-3 forwarding, and therefore, they can operate as only Switch B for Layer-2
isolation with VLANs, as shown in Figure 1-1.

Configuration Procedure
z

Configure Switch A

# Create VLAN 10 on Switch A and assign Ethernet 1/0/1 to VLAN 10.


[SwitchA] vlan 10
[SwitchA-vlan10] port Ethernet 1/0/1
[SwitchA-vlan10] quit

# Create VLAN 100 on Switch A and assign Ethernet 1/0/2 to VLAN 100.
[SwitchA] vlan 100
[SwitchA-vlan100] port Ethernet 1/0/2
[SwitchA-vlan100] quit

# Create VLAN 101 and VLAN 102 on Switch A.


[SwitchA] vlan 101 to 102

# Create VLAN-interface 10, VLAN-interface 100, VLAN-interface 101, and VLAN-interface 102, and
configure an IP address for each of these VLAN-interfaces.
[SwitchA] interface Vlan-interface 10
[SwitchA-Vlan-interface10] ip address 192.168.10.1 24
[SwitchA-Vlan-interface10] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 192.168.100.1 24
[SwitchA-Vlan-interface100] quit
[SwitchA] interface Vlan-interface 101
[SwitchA-Vlan-interface101] ip address 192.168.101.1 24

1-2

[SwitchA-Vlan-interface101] quit
[SwitchA] interface Vlan-interface 102
[SwitchA-Vlan-interface102] ip address 192.168.102.1 24
[SwitchA-Vlan-interface102] quit

# Configure Ethernet 1/0/3 of Switch A to be a trunk port and to permit the packets carrying the tag of
VLAN 101 or VLAN 102 to pass through.
[SwitchA] interface Ethernet 1/0/3
[SwitchA-Ethernet1/0/3] port link-type trunk
[SwitchA-Ethernet1/0/3] port trunk permit vlan 101 102

Configure Switch B

# Create VLAN 101 on Switch B, and assign Ethernet 1/0/11 to VLAN 101.
[SwitchB] vlan 101
[SwitchB-vlan101] port Ethernet 1/0/11
[SwitchB-vlan101] quit

# Create VLAN 102 on Switch B, and assign Ethernet 1/0/12 to VLAN 102.
[SwitchB] vlan 102
[SwitchB-vlan102] port Ethernet 1/0/12
[SwitchB-vlan102] quit

# Configure Ethernet 1/0/10 of Switch B to be a trunk port and to permit the packets carrying the tag of
VLAN 101 or VLAN 102 to pass through.
[SwitchB] interface Ethernet 1/0/10
[SwitchB-Ethernet1/0/10] port link-type trunk
[SwitchB-Ethernet1/0/10] port trunk permit vlan 101 102

Complete Configuration
Configuration on Switch A

#
vlan 10
#
vlan 100
#
vlan 101
#
vlan 102
#
interface Vlan-interface 10
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface 100
ip address 192.168.100.1 255.255.255.0
#
interface Vlan-interface 101
ip address 192.168.101.1 255.255.255.0
#
interface Vlan-interface 102

1-3

ip address 192.168.102.1 255.255.255.0


#
interface Ethernet1/0/1
port access vlan 10
#
interface Ethernet1/0/2
port access vlan 100
#
interface Ethernet1/0/3
port link-type trunk
port trunk permit vlan 1 101 102

Configuration on Switch B

#
vlan 101
#
vlan 102
#
interface Ethernet1/0/10
port link-type trunk
port trunk permit vlan 1 101 102
#
interface Ethernet1/0/11
port access vlan 101
#
interface Ethernet1/0/12
port access vlan 201

Precautions
z

After you assign the servers and the workstations to different VLANs, they cannot communicate
with each other. For them to communicate, you need to configure a Layer 3 VLAN interface for
each of them on the switches.

After you telnet to an Ethernet port on a switch to make configuration, do not remove the port from
its current VLAN. Otherwise, your Telnet connection will be disconnected.

Configuring Protocol-Based VLAN


Protocol-based VLAN, or protocol VLAN, is another approach to VLAN implementation other than
port-based VLAN. With protocol VLAN, the switch compares each packet received without a VLAN tag
against the protocol templates based on the encapsulation format and the specified field. If a match is
found, the switch tags the packet with the corresponding VLAN ID. Thus, the switch can assign packets
to a VLAN by protocol.

1-4

Network Diagram
Figure 1-2 Network diagram for protocol-based VLAN configuration
IP Server

AppleTalk Server

Eth1/0/11

Eth1/0/12

Eth1/0/10

IP Host

AppleTalk Host
Workroom

Networking and Configuration Requirements


Configure the switch to automatically assign IP packets and Appletalk packets of the workroom to
different VLANs, ensuring that the workstations can communicate with their respective servers properly.

Applicable Product Matrix


Product series

Software version

Hardware version

S5600 series

Release 1510, Release1602

All versions

S5100-SI/EI series

Release 2200, Release2201

All versions

S3600-SI/EI series

Release 1510, Release1602

All versions

S3100-EI series

Release 2104, Release 2107

All versions

S3100-52P

Release 1500, Release 1602

S3100-52P

Configuration Procedure
# Create VLAN 100 and assign Ethernet1/0/11 to VLAN 100.
[H3C] vlan 100
[H3C-vlan100] port Ethernet 1/0/11

# Create VLAN 200 and assign Ethernet 1/0/12 to VLAN 200.


[H3C-vlan100] quit
[H3C] vlan 200
[H3C-vlan200] port Ethernet 1/0/12

# Configure protocol templates and bind them to ports.


Create a protocol template for VLAN 200 to carry Appletalk and a protocol template for VLAN 100 to
carry IP.
[H3C-vlan200] protocol-vlan at

1-5

[H3C-vlan200] quit
[H3C] vlan 100
[H3C-vlan100] protocol-vlan ip

Create a user-defined protocol template for VLAN 100 to carry ARP for IP communication, assuming
that Ethernet_II encapsulation is used.
[H3C-vlan100] protocol-vlan mode ethernetii etype 0806

Configure Ethernet 1/0/10 to be a hybrid port and to remove the outer VLAN tag when forwarding
packets of VLAN 100 and VLAN 200.
[H3C-vlan100] quit
[H3C] interface Ethernet 1/0/10
[H3C-Ethernet1/0/10] port link-type hybrid
[H3C-Ethernet1/0/10] port hybrid vlan 100 200 untagged

Bind Ethernet 1/0/10 to protocol template 0 and protocol template 1 of VLAN 100, and protocol template
0 of VLAN 200.

When configuring a protocol template, you can assign a number to the template. If you fail to do that, the
system automatically assigns the lowest available number to the template. Thus, in this configuration
example, the two protocol templates for VLAN 100 are automatically numbered 0 and 1, and the
protocol template for VLAN 200 is numbered 0.

[H3C-Ethernet1/0/10] port hybrid protocol-vlan vlan 100 0 to 1


[H3C-Ethernet1/0/10] port hybrid protocol-vlan vlan 200 0

Complete Configuration
#
vlan 100
protocol-vlan 0 ip
protocol-vlan 1 mode ethernetii etype 0806
#
vlan 200
protocol-vlan 0 at
#
interface Ethernet1/0/10
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid protocol-vlan vlan 100 0
port hybrid protocol-vlan vlan 100 1
port hybrid protocol-vlan vlan 200 0
#
interface Ethernet1/0/11
port access vlan 100
#
interface Ethernet1/0/12

1-6

port access vlan 200

Precautions
z

At present, the S3100 series support only the standard templates of AppleTalk and IP, the standard
template of IPX encapsulated in Ethernet II format, and the user-defined templates matching the
Ethernet II encapsulation format. Protocol templates matching 802.2/802.3 encapsulation formats
and their extended encapsulation formats are not supported on the S3100 series currently.

Because IP depends on ARP for address resolution in Ethernet, you are recommended to
configure the IP and ARP templates in the same VLAN and associate them with the same port to
prevent communication failure.

1-7

You might also like