Licensing Requirements and Limitations for VLANs

Involved Network Elements

Other network elements are not required.

Licensing Requirements

VLAN is a basic feature of a switch and is not under license control.

Feature Support in V200R019C10

All models of S2720, S5700, and S6700 series switches support VLAN.

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

Table 1 describes the VLAN specifications of different switch models.

**Table 1** VLAN specifications of different switch models
Item	Specification
Maximum number of VLANs in the system	4096 (VLAN 0 and VLAN 4095 are reserved)
Maximum number of VLANIF interfaces in the system	S2710-SI/S5710-C-LI: 1 S2700-SI/S2700-EI/S5710-X-LI: 8 S2720-EI (V200R006C10, V200R009C00, V200R010C00): 8 S2720-EI (V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10): 1024 S3700-SI/S3700-EI/S3700-HI/S5700-SI/S5700-EI: 256 S5700-HI/S5730-SI/S5730S-EI/S5720-EI/S5731-S/S5731S-S/S5710-HI/S5720I-SI/S5720-SI/S5720S-SI/S5720-LI/S5720S-LI/S6730-S/S6730S-S/S6720-LI/S6720S-LI/S6720-SI/S6720S-SI/S6720-EI/S6720S-EI: 1024 S5720-HI/S5730-HI/S5731-H/S5731S-H/S5732-H/S6720-HI/S6730-H/S6730S-H: 1024 in versions earlier than V200R019C10 and 4096 in V200R019C10 and later versions S5735-L/S5735S-L/S5735S-L-M/S5735-S/S5735-S-I/S5735S-S: 1019 S2750-EI/S5700-LI/S5700S-LI: 1 in versions earlier than V200R005 and 8 in V200R005 and later versions S5710-EI/S6700-EI: 256 in versions earlier than V200R005 and 1024 in V200R005

If LNP is used to dynamically negotiate the link type (LNP is enabled by default), it is recommended that each interface be added to a maximum of 1000 VLANs and a maximum of 200 interfaces be configured on a switch. If 4094 VLANs are configured globally, it is recommended that a maximum of 50 interfaces be enabled with LNP. Otherwise, the alarm about a high CPU usage is generated for a short time.
Plan service and management VLANs so that any broadcast storms in service VLANs do not affect switch management.
Create VLANs before configuring VLAN-related services.
In practice, specify VLANs from which packets need to be transparently transmitted by a trunk interface. Avoid using the port trunk allow-pass vlan all command if possible.
In versions earlier than V200R005, before changing the interface type, restore the default VLAN of the interface.
In versions earlier than V200R005, before deleting a VLAN where a VLANIF interface has been configured, run the undo interface vlanif vlan-id command to delete the VLANIF interface.
All interfaces join VLAN 1 by default. When unknown unicast, multicast, or broadcast packets of VLAN 1 exist on the network, broadcast storms may occur. Note the following guidelines and limitations when using VLAN 1:
- Do not use VLAN 1 as the management VLAN or service VLAN.
- To prevent loops, remove unnecessary interfaces from VLAN 1. Configure a trunk interface to permit packets from VLAN 1. If a trunk interface rejects packets from VLAN 1, some protocol packets transmitted in VLAN 1 may be incorrectly discarded. To prevent such faults, take measures to prevent potential risks when packets of VLAN 1 are allowed to pass through.
- If a spanning tree protocol is used and a trunk interface on the switch rejects packets from VLAN 1, run the stp bpdu vlan command to enable the switch to encapsulate the specified VLAN ID in outgoing STP BPDUs so that the spanning tree protocol runs properly.
- You are advised to remove interfaces from VLAN 1 in Eth-Trunk or ring networking.
- When the switch connects to an access device, do not configure the uplink interface of the access device to transparently transmit packets from VLAN 1. This prevents broadcast storms in VLAN 1.
- When an interface is bound to a VLANIF interface for Layer 3 forwarding, remove the interface from VLAN 1 to prevent Layer 2 loops in VLAN 1.
To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. To isolate broadcast packets in the same VLAN but allow users connecting to different interfaces to communicate at Layer 3, you can set the port isolation mode to Layer 2 isolation and Layer 3 interworking. To prevent interfaces in the same VLAN from communicating at both Layer 2 and Layer 3, you can set the port isolation mode to Layer 2 and Layer 3 isolation. The S2720-EI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S6720-LI and S6720S-LI switches support only Layer 2 isolation and Layer 3 interworking. Interfaces on subcards of the S5730-68C-SI-AC, S5730-68C-PWR-SI-AC, S5730-68C-PWR-SI, S5730S-68C-EI-AC, and S5730S-68C-PWR-EI do not support port isolation.