< Home

Configuring IP Subnet-based VLAN Assignment

Context

IP subnet-based and protocol-based VLAN assignments are types of network layer-based VLAN assignment. They reduce manual VLAN configuration workload and allow users to easily join a VLAN, transfer from one VLAN to another, and exit from a VLAN. IP subnet-based VLAN assignment applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, when a PC configured with multiple IP addresses needs to access servers on different network segments or when a switch adds PCs to other VLANs when the PCs' IP addresses change.

A switch that has IP subnet-based VLAN assignment enabled processes only untagged frames, and treats tagged frames in the same manner as interface-based VLAN assignment.

After receiving untagged frames from an interface, the switch determines the VLANs that the frames belong to using the source IP addresses or network segments, and then transmits the frames to the specified VLANs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vlan vlan-id

    A VLAN is created and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.

    The VLAN ID is in the range from 1 to 4094. If VLANs need to be created in a batch, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command. Then run the vlan vlan-id command to enter the view of a specified VLAN.

    The vlan configuration command completes the VLAN configurations before the VLAN is created. The vlan configuration command only enters the VLAN configuration view. Neither the corresponding VLAN nor configurations in the VLAN take effect. To make configurations in the VLAN take effect, create the VLAN using the vlan command.

  3. Run ip-subnet-vlan [ ip-subnet-index ] ip ip-address { mask | mask-length } [ priority priority ]

    An IP subnet is associated with a VLAN.

    After the 802.1p priority of a VLAN associated with an IP address or a network segment is specified, the switch forwards high-priority frames first during network congestion.

  4. Run quit

    Return to the system view.

  5. Configure attributes for the Ethernet interface.

    1. Run interface interface-type interface-number

      The view of the Ethernet interface to be added to the VLAN is displayed.

    2. Run port link-type hybrid

      The interface is configured as a hybrid interface.

      On access and trunk interfaces, IP subnet-based VLAN assignment can be used only when the IP subnet-based VLAN is the same as the PVID. It is recommended that IP subnet-based VLAN assignment be configured on hybrid interfaces.

    3. port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

      The hybrid interface is configured to allow an IP subnet-based VLAN.

  6. (Optional) Run vlan precedence ip-subnet-vlan

    The device is configured to preferentially use IP subnet-based VLAN assignment.

    By default, the device preferentially uses MAC address-based VLAN assignment.

    Only the S5720-EI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-EI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, and S6720-SI support the vlan precedence command.

    S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI supports the vlan precedence command only in the system view. Other switches support the vlan precedence command only in the interface view.

    On the S5720-EI, S6720-EI, and S6720S-EI, if both a subnet VLAN and MAC VLAN with a mask are configured, the MAC VLAN with a mask is matched first regardless of whether the vlan precedence command is used.

  7. Run ip-subnet-vlan enable

    IP subnet-based VLAN assignment is enabled.

    By default, IP subnet-based VLAN assignment is disabled.

    On the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, and S5720-SI, when the ip error-packet-check disable command is used to disable IP packet check, IP subnet-based VLAN assignment and policy-based VLAN assignment do not take effect.

    IP subnet-based VLAN assignment is invalid for packets with the VLAN ID of 0 on the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S.

Configuration Example

In Figure 1, PC1, PC2, and PC3 are located on different network segments and are added to VLAN 100, VLAN 200, and VLAN 300, respectively.

Figure 1 Networking of IP subnet-based VLAN assignment
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200 300
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100 200 300
[Switch-GigabitEthernet0/0/1] ip-subnet-vlan enable
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200 300
[Switch-GigabitEthernet0/0/2] quit
[Switch] vlan 100
[Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2
[Switch-vlan100] quit
[Switch] vlan 200
[Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3
[Switch-vlan200] quit
[Switch] vlan 300
[Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4
[Switch-vlan300] quit

Verifying the Configuration

  • Run the display ip-subnet-vlan vlan { all | vlan-id1 [ to vlan-id2 ] } command in any view to check information about IP subnets associated with VLANs.
  • Run the display vlan command in any view to check information about VLANs.
Parent Topic: Assigning VLANs
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >