Example for Configuring IP Subnet-based VLAN Assignment
Overview of IP Subnet-based VLAN Assignment
IP subnet-based VLAN assignment applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.
VLAN Assignment Mode
|
Implementation | Advantage | Disadvantage | Usage Scenario |
|---|---|---|---|---|
Interface-based VLAN assignment |
VLANs are assigned based on interfaces. A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID. |
It is simple to define VLAN members. |
The network administrator needs to reconfigure VLANs when VLAN members change. |
Applies to networks of any scale and with devices at fixed locations. |
MAC address-based VLAN assignment |
VLANs are assigned based on source MAC addresses of frames. A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN. |
When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network. |
The network administrator must predefine VLANs for all members on a network. |
Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers. |
IP subnet-based VLAN assignment |
VLANs are assigned based on source IP addresses and subnet masks. A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN. |
|
Users are evenly spread and multiple users are on the same network segment. |
Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes. |
Protocol-based VLAN assignment |
VLANs are assigned based on protocol (suite) types and encapsulation formats of frames. A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN. |
This mode binds service types to VLANs, facilitating management and maintenance. |
|
Applies to networks using multiple protocols. |
Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces) |
VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses. A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN. |
|
Each policy needs to be manually configured. |
Applies to complex networks. |
Networking Requirements
In Figure 1, an enterprise has multiple services, including IPTV, VoIP, and Internet access. Each service uses a different IP subnet. To facilitate management, the company requires that packets of the same service be transmitted in the same VLAN and packets of different services in different VLANs. The switch receives packets of multiple services such as data, IPTV, and voice services, and user devices of these services use IP addresses on different IP subnets. The switch needs to assign VLANs to packets of different services so that the router can transmit packets with different VLAN IDs to different servers.
Configuration Roadmap
The configuration roadmap is as follows:
- Create VLANs and add interfaces to VLANs so that the interfaces allow the IP subnet-based VLANs.
Enable IP subnet-based VLAN assignment and associate IP subnets with VLANs so that the switch determines VLANs based on source IP addresses or network segments of packets.
Procedure
- Create VLANs.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 200 300 //Create VLAN100, VLAN 200, and VLAN 300 in a batch.
- Configure interfaces.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid //IP subnet-based VLAN assignment can only be enabled on hybrid interfaces. In V200R005C00 and later versions, the default link type of an interface is not hybrid, so you need to manually configure the hybrid interface. [Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 200 300 //Add the interface to VLANs 100, 200, and 300 in untagged mode. [Switch-GigabitEthernet1/0/1] ip-subnet-vlan enable //Enable IP subnet-based VLAN assignment. [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type trunk //Configure the link type of the interface as trunk. [Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 300 [Switch-GigabitEthernet1/0/2] quit
- Configure IP subnet-based VLAN assignment.
[Switch] vlan 100 [Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2 //Configure the device to forward packets with the IP address of 192.168.1.2/24 and priority of 2 in VLAN 100. [Switch-vlan100] quit [Switch] vlan 200 [Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3 //Configure the device to forward packets with the IP address of 192.168.2.2/24 and priority of 3 in VLAN 200. [Switch-vlan200] quit [Switch] vlan 300 [Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4 //Configure the device to forward packets with the IP address of 192.168.3.2/24 and priority of 4 in VLAN 300. [Switch-vlan300] quit
- Verify the configuration.
# Run the display ip-subnet-vlan vlan all command on the switch. The following information is displayed:
[Switch] display ip-subnet-vlan vlan all ---------------------------------------------------------------- Vlan Index IpAddress SubnetMask Priority ---------------------------------------------------------------- 100 1 192.168.1.2 255.255.255.0 2 200 1 192.168.2.2 255.255.255.0 3 300 1 192.168.3.2 255.255.255.0 4 ---------------------------------------------------------------- ip-subnet-vlan count: 3 total count: 3
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 100 200 300 # vlan 100 ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2 vlan 200 ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3 vlan 300 ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 100 200 300 ip-subnet-vlan enable # interface GigabitEthernet1/0/2 port link-type trunk port trunk allow-pass vlan 100 200 300 # return