HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 337
126
Figure 40 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100.
system-view
[DeviceA] vlan 100
[DeviceA-vlan100] port gigabitethernet 1/0/1
[DeviceA-vlan100] quit
# Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200.
[DeviceA] vlan 200
[DeviceA-vlan200] port gigabitethernet 1/0/2
[DeviceA-vlan200] quit
# Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-336.png "Page 337
126
Figure 40 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100.
system-view
[DeviceA] vlan 100
[DeviceA-vlan100] port gigabitethernet 1/0/1
[DeviceA-vlan100] quit
# Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200.
[DeviceA] vlan 200
[DeviceA-vlan200] port gigabitethernet 1/0/2
[DeviceA-vlan200] quit
# Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and...")
![Page 338
127
[DeviceA-GigabitEthernet1/0/3] display vlan 200
VLAN ID: 200
VLAN Type: static
Route Interface: not configured
Description: VLAN 0200
Name: VLAN 0200
Tagged Ports:
GigabitEthernet1/0/3
Untagged Ports:
GigabitEthernet1/0/2
Configuring MAC-based VLANs
Introduction to MAC-based VLAN
The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is
us u ally use d in c onju nction wi th secu ri t y te chnol o gies such as 802.1 X to provide...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-337.png "Page 338
127
[DeviceA-GigabitEthernet1/0/3] display vlan 200
VLAN ID: 200
VLAN Type: static
Route Interface: not configured
Description: VLAN 0200
Name: VLAN 0200
Tagged Ports:
GigabitEthernet1/0/3
Untagged Ports:
GigabitEthernet1/0/2
Configuring MAC-based VLANs
Introduction to MAC-based VLAN
The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is
us u ally use d in c onju nction wi th secu ri t y te chnol o gies such as 802.1 X to provide...")
![Page 341
130
Step Command Remarks
1. Enter system view.
system-view N/A
2. Associate a specific MAC
address with a VLAN. mac-vlan mac-address
mac-address [ mask
mac-mask ] vlan vlan-id
[ priority priority ] The
mask keyword is available on only the
5500 EI Switch Series.
3. Enter interface view or
port group view.
• Enter Layer 2 Ethernet
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
•...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-340.png "Page 341
130
Step Command Remarks
1. Enter system view.
system-view N/A
2. Associate a specific MAC
address with a VLAN. mac-vlan mac-address
mac-address [ mask
mac-mask ] vlan vlan-id
[ priority priority ] The
mask keyword is available on only the
5500 EI Switch Series.
3. Enter interface view or
port group view.
• Enter Layer 2 Ethernet
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
•...")
![Page 344
133
[DeviceA-vlan100] quit
[DeviceA] vlan 200
[DeviceA-vlan200] quit
# Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of
Laptop 2 with VLAN 200.
[DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
[DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200
# Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1.
Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200
untagged, and enable the...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-343.png "Page 344
133
[DeviceA-vlan100] quit
[DeviceA] vlan 200
[DeviceA-vlan200] quit
# Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of
Laptop 2 with VLAN 200.
[DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
[DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200
# Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1.
Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200
untagged, and enable the...")
![Page 345
134
2.
On Device A and Device C, you can see that VL AN 100 is associated with the MAC address of
Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2.
[DeviceA] display mac-vlan all
The following MAC VLAN addresses exist:
S:Static D:Dynamic
MAC ADDR MASK VLAN ID PRIO STATE
--------------------------------------------------------
000d-88f8-4e71 ffff-ffff-ffff 100 0 S
0014-222c-aa69 ffff-ffff-ffff 200 0 S...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-344.png "Page 345
134
2.
On Device A and Device C, you can see that VL AN 100 is associated with the MAC address of
Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2.
[DeviceA] display mac-vlan all
The following MAC VLAN addresses exist:
S:Static D:Dynamic
MAC ADDR MASK VLAN ID PRIO STATE
--------------------------------------------------------
000d-88f8-4e71 ffff-ffff-ffff 100 0 S
0014-222c-aa69 ffff-ffff-ffff 200 0 S...")
![Page 346
135
Configuration procedure
To configure a protocol-based VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id If the specified VLAN does not exist, this
command creates the VLAN first.
3.
Create a protocol
template for the
VLAN. protocol-vlan
[ protocol-index ] { at
| ipv4 | ipv6 | ipx { ethernetii | llc
| raw | snap } | mode { ethernetii
etype etype-id | llc { dsap dsap-id
[ ssap ssap-id ] | ssap ssap-id } |...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-345.png "Page 346
135
Configuration procedure
To configure a protocol-based VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id If the specified VLAN does not exist, this
command creates the VLAN first.
3.
Create a protocol
template for the
VLAN. protocol-vlan
[ protocol-index ] { at
| ipv4 | ipv6 | ipx { ethernetii | llc
| raw | snap } | mode { ethernetii
etype etype-id | llc { dsap dsap-id
[ ssap ssap-id ] | ssap ssap-id } |...")
130
Step Command Remarks
1. Enter system view.
system-view N/A
2. Associate a specific MAC
address with a VLAN. mac-vlan mac-address
mac-address [ mask
mac-mask ] vlan vlan-id
[ priority priority ] The
mask keyword is available on only the
5500 EI Switch Series.
3. Enter interface view or
port group view.
• Enter Layer 2 Ethernet
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
•
The configuration made in Ethernet
interface view applies only to the port.
• The configuration made in port group
view applies to all ports in the port group.
4. Configure the link type of
the ports as hybrid. port link-type
hybrid By default, all ports are access ports.
5. Configure the hybrid
ports to permit packets
from specific MAC-based
VLANs to pass through. port hybrid
vlan vlan-id-list
{ tagged | untagged } By default, a hybrid port only permits the
packets from VLAN 1 to pass through.
6.
Enable the MAC-based
VLAN feature. mac-vlan enable
Disabled by default.
7. Configure VLAN
matching precedence. vlan precedence {
mac-vlan |
ip-subnet-vlan } Optional.
By default, VLANs are preferably matched
based on MAC addresses.
To configure dynamic MAC-based VLAN assignment:
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Associate MAC
addresses with a VLAN. mac-vlan mac-address
mac-address
vlan vlan-id [ priority priority ] N/A
3.
Enter Ethernet interface
view. interface
interface-type
interface-number N/A
4.
Configure the link type of
the port as hybrid. port link-type
hybrid By default, all ports are access ports.
5. Enable the MAC-based
VLAN feature. mac-vlan enable
Disabled by default.
131
Step Command Remarks
6. Enable dynamic
MAC-based VLAN
assignment. mac-vlan trigger enable By default, dynamic MAC-based
VLAN assignment is disabled.
When you use the
mac-vlan trigger
enable command to enable dynamic
MAC-based VLAN assignment, HP
recommends that you configure the
vlan precedence mac-vlan command,
so that VLANs are assigned based on
single MAC addresses preferentially.
When dynamic MAC-based VLAN
assignment is enabled, HP does not
recommend configuring the vlan
precedence ip-subnet-vlan command,
which will make the system assign
VLANs based on IP subnets, because
the configuration does not take effect.
7. Configure VLAN
matching precedence. vlan precedence mac-vlan
Optional.
By default, VLANs are preferentially
matched based on MAC addresses.
8.
Disable the PVID of the
port from forwarding
packets with unknown
source MAC addresses
that do not match any
MAC address-to-VLAN
entry. port pvid disable
Optional.
By default, when a port receives a
packet with an unknown source MAC
address that does not match to any
MAC address-to-VLAN entry, it
forwards the packet in its PVID.
To configure dynamic MAC-based VLAN:
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter interface view or port
group view.
• Enter Layer 2 Ethernet
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
•
The configuration made in Ethernet
interface view applies only to the port.
• The configuration made in port group
view applies to all ports in the port
group.
3. Configure the link type of the
ports as hybrid. port link-type
hybrid By default, all ports are access ports.
4. Configure the hybrid ports to
permit packets from specific
MAC-based VLANs to pass
through. port hybrid
vlan vlan-id-list
{ tagged | untagged } By default, a hybrid port only permits the
packets of VLAN 1 to pass through.
5.
Enable the MAC-based VLAN
feature. mac-vlan enable
Disabled by default.
6. Configure
802.1X/MAC/portal
authentication or any
combination. For more information, see
Security Command
Reference
. N/A
132 MAC-based VLAN configuration example Network requirements As shown in Figure 42: • G igabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms. • Different departments own Laptop 1 and Laptop 2. The two departments use VLAN 100 and VLAN 200, respectively. Each laptop must be able to access only its own department server, no matter which meeting room it is used in. • The MAC address of Laptop 1 is 000D-88F8-4E71, and that of Laptop 2 is 0014-222C-AA69. Figure 42 Network diagram Configuration consideration • Create VLANs 100 and 200. • Configure the uplink ports of Device A and Device C as trunk ports, and assign them to VLANs 100 and 200. • Configure the downlink ports of Device B as trunk ports, and assign them to VLANs 100 and 200. Assign the uplink ports of Device B to VLANs 100 and 200. • Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. Configuration procedure 1. Configure Device A: # Create VLANs 100 and 200. system-view [DeviceA] vlan 100 Device A Device C Device B Server1 IP: 1.1.1.1/24 Server2 IP: 1.1.2.1/24 GE1/0/1 GE1/0/1 Laptop1 IP: 1.1.1.2/24 MAC: 000d-88f8-4e71 Laptop2 IP: 1.1.2.2/24 MAC: 0014-222c-aa69 VLAN 100 VLAN 200 GE1/0/2 GE1/0/2 GE1/0/3 GE1/0/4GE1/0/14 GE1/0/13 VLAN 100 VLAN 200
133 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1. Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable the MAC-based VLAN feature on it. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-GigabitEthernet1/0/1] quit # To enable the laptops to access Server 1 and Serv er 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200 [DeviceA-GigabitEthernet1/0/2] quit 2. Configure Device B: # Create VLANs 100 and 200. Assign GigabitEthernet 1/0/13 to VLAN 100, and assign GigabitEthernet 1/0/14 to VLAN 200. system-view [DeviceB] vlan 100 [DeviceB-vlan100] port gigabitethernet 1/0/13 [DeviceB-vlan100] quit [DeviceB] vlan 200 [DeviceB-vlan200] port gigabitethernet 1/0/14 [DeviceB-vlan200] quit # Configure GigabitEthernet 1/0/3 and GigabitEth ernet 1/0/4 as trunk ports, and assign them to VLANs 100 and 200. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port link-type trunk [DeviceB-GigabitEthernet1/0/3] port trunk permit vlan 100 200 [DeviceB-GigabitEthernet1/0/3] quit [DeviceB] interface gigabitethernet 1/0/4 [DeviceB-GigabitEthernet1/0/4] port link-type trunk [DeviceB-GigabitEthernet1/0/4] port trunk permit vlan 100 200 [DeviceB-GigabitEthernet1/0/4] quit 3. Configure Device C: Configure Device C as you configure Device A. Verifying the configurations 1. Laptop 1 can access Server 1 only, an d Laptop 2 can access Server 2 only.
134 2. On Device A and Device C, you can see that VL AN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2. [DeviceA] display mac-vlan all The following MAC VLAN addresses exist: S:Static D:Dynamic MAC ADDR MASK VLAN ID PRIO STATE -------------------------------------------------------- 000d-88f8-4e71 ffff-ffff-ffff 100 0 S 0014-222c-aa69 ffff-ffff-ffff 200 0 S Total MAC VLAN address count:2 Configuration guidelines 1. MAC-based VLAN can be configured only on hybrid ports. 2. MAC-based VLAN is usually configured on the down link ports of access layer devices, and cannot be configured together with th e link aggregation function. Configuring protocol-based VLANs Introduction to protocol-based VLAN You use the protocol-based VLAN feature to assign packets to VLANs by their application type. The protocol-based VLAN feature assigns inbound pac kets to different VLANs based on their protocol type and encapsulation format. The protocols available for VLAN assignment include IP, IPX, and AppleTalk (AT), and the encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. A protocol template defines a protocol type and an encapsulation format. A protocol-based VLAN ID and a protocol index, combined, can uniquely identify a protocol template. You can assign multiple protocol templates to a protocol-based VLAN. Protocol-based VLAN assignment is available only on hybrid ports, and a protocol template applies only to untagged packets. When an untagged packet arrives, a protocol-based VLAN assignment enabled hybrid port processes the packet by using the following workflow: • If the protocol type and encapsulation format in the packet matches a protocol template, the packet is tagged with the VLAN tag specific to the protocol template. • If no protocol template is matched, the pac ket is tagged with the PVID of the port. The port processes a tagged packet as it processes tagged packets of a port-based VLAN. • If the port is in the same VLAN as the packet, it forwards the packet. • If not, the port drops the packet. Configuration restrictions and guidelines A protocol-based VLAN processes only untagged inbound packets, whereas the voice VLAN in automatic mode processes only tagged voice traffic. Do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. For more information, see Configuring a voice VLAN.
135
Configuration procedure
To configure a protocol-based VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id If the specified VLAN does not exist, this
command creates the VLAN first.
3.
Create a protocol
template for the
VLAN. protocol-vlan
[ protocol-index ] { at
| ipv4 | ipv6 | ipx { ethernetii | llc
| raw | snap } | mode { ethernetii
etype etype-id | llc { dsap dsap-id
[ ssap ssap-id ] | ssap ssap-id } |
snap etype etype-id } } Not configured by default.
4.
Exit VLAN view.
quit N/A
5. Enter interface
view or port group
view.
• Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
• Enter Layer 2 aggregate
interface view:
interface bridge-aggregation
interface-number
• Enter port group view:
port-group manual
port-group-name Use any command.
•
The configuration made in Ethernet
interface view applies only to the port.
• The configuration made in port group
view applies to all ports in the port group.
• The configuration made in Layer 2
aggregate interface view applies to the
aggregate interface and its aggregation
member ports. If the system fails to apply
the configuration to the aggregate
interface, it stops applying the
configuration to aggregation member
ports. If the system fails to apply the
configuration to an aggregation member
port, it skips the port and moves to the
next member port.
6. Configure the port
link type as hybrid. port link-type
hybrid By default, all ports are access ports.
7. Assign the hybrid
port to the
specified
protocol-based
VLANs. port hybrid
vlan vlan-id-list { tagged
| untagged } By default, a hybrid port is only in VLAN 1.
8.
Assign the protocol
template you have
created to the
hybrid port. port hybrid protocol-vlan
vlan
vlan-id { protocol-index [ to
protocol-end ] | all } N/A
Protocol-based VLAN configuration example
Network requirements
In a lab environment, as shown in
Figure 43, mo st hosts run the IPv4 protocol, and the rest of the hosts
run the IPv6 protocol for teaching purposes. To avoid interference, isolate IPv4 tr affic and IPv6 traffic at
Layer 2.
136 Figure 43 Network diagram Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure 1. Configure Device: # Create VLAN 100, and assign port GigabitEthernet 1/0/11 to VLAN 100. system-view [Device] vlan 100 [Device-vlan100] description protocol VLAN for IPv4 [Device-vlan100] port gigabitethernet 1/0/11 [Device-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200. [Device] vlan 200 [Device-vlan200] description protocol VLAN for IPv6 [Device-vlan200] port gigabitethernet 1/0/12 # Create an IPv6 protocol template in the view of VLAN 200, and create an IPv4 protocol template in the view of VLAN 100. [Device-vlan200] protocol-vlan 1 ipv6 [Device-vlan200] quit [Device] vlan 100 [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit # Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid
137
[Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
Please wait... Done.
# Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the
IPv6 protocol template of VLAN 200.
[Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 1
[Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 1
[Device-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a hybrid port that forwards packets of VLANs 100 and
200 untagged, and associate GigabitEthernet 1/0/2 with the IPv4 protocol template of VLAN
100 and the IPv6 protocol template of VLAN 200.
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] port link-type hybrid
[Device-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
Please wait... Done.
[Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 1
[Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 1
2. Keep the default settings of L2 Switch A and L2 Switch B.
3. Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same IP subnet
(192.168.100.0/24, for example), and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be
on the same IP subnet (2001::1/64, for example).
Verifying the configurations
1. The hosts and the server in VLAN 100 can ping on e another successfully. The hosts and the server
in VLAN 200 can ping one anothe r successfully. The hosts or server in VLAN 100 cannot ping the
hosts and server in VLAN 200, and vice versa.
2. Display protocol-based VLAN information on Device to determine whether the configurations have
become valid.
# Display protocol-based VLAN configuration on Device.
[Device-GigabitEthernet1/0/2] display protocol-vlan vlan all
VLAN ID:100
Protocol Index Protocol Type
======================================================
1 ipv4
VLAN ID:200
Protocol Index Protocol Type
======================================================
1 ipv6
# Display protocol-based VLAN information on the ports of Device.
[Device-GigabitEthernet1/0/2] display protocol-vlan interface all
Interface: GigabitEthernet 1/0/1
VLAN ID Protocol Index Protocol Type
======================================================
100 1 ipv4
200 1 ipv6
Interface: GigabitEthernet 1/0/2
VLAN ID Protocol Index Protocol Type
======================================================
100 1 ipv4
138
200 1 ipv6
Configuration guidelines
Protocol-based VLAN configuration applies only to hybrid ports.
Configuring IP subnet-based VLANs
In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks.
A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on
the source address of the packet.
This feature is used to assign packets from the specified IP subnet or IP address to a specific VLAN.
Configuration procedure
IMPORTANT:
This feature is applicable only on hybrid ports.
To configure an IP subnet-based VLAN:
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Associate an IP subnet
with the VLAN. ip-subnet-vlan
[ ip-subnet-index ] ip
ip-address [ mask ] The IP subnet or IP address to be
associated with a VLAN cannot be a
multicast subnet or a multicast address.
4.
Return to system view.
quit N/A
5. Enter interface view or
port group view.
• Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
• Enter Layer 2 aggregate
interface view:
interface bridge-aggregation
interface-number
• Enter port group view:
port-group manual
port-group-name Use any command.
•
The configuration made in Ethernet
interface view applies only to the port.
• The configuration made in port group
view applies to all ports in the port
group.
• The configuration made in Layer 2
aggregate interface view applies to
the aggregate interface and its
aggregation member ports. If the
system fails to apply the configuration
to the aggregate interface, it stops
applying the configuration to
aggregation member ports. If the
system fails to apply the configuration
to an aggregation member port, it
skips the port and moves to the next
member port.
6. Configure port link
type as hybrid. port link-type
hybrid By default, all ports are access ports.
139
Step Command Remarks
7. Configure the hybrid
ports to permit the
specified IP
subnet-based VLANs
to pass through. port hybrid
vlan vlan-id-list
{ tagged | untagged } By default, a hybrid port allows only
packets from VLAN 1 to pass through
untagged.
8.
Associate the hybrid
ports with the specified
IP subnet-based VLAN. port hybrid ip-subnet-vlan
vlan
vlan-id Not configured by default.
IP subnet-based VLAN configuration example
Network requirements
As shown in
Figure 44, the h osts in the office belong to di fferent IP subnets 192.168.5.0/24 and
192.168.50.0/24.
Configure Device C to transmit packets over separate VLANs based on their source IP addresses.
Figure 44 Network diagram
Configuration consideration
• Create VLANs 100 and 200.
• Associate IP subnets with the VLANs.
• Assign ports to the VLANs.
Configuration procedure
# Associate IP subnet 192.168.5.0/24 with VLAN 100.
system-view