subordinate group

Function

The subordinate group command configures subordinate group VLANs for a principal VLAN.

The undo subordinate group command removes subordinate group VLANs from a principal VLAN.

By default, a principal VLAN does not have any subordinate group VLAN.

Format

subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo subordinate group { vlan-id1 [ to vlan-id2 ] } &<1-10>

Parameters

Parameter	Description	Value
vlan-id1 [ to vlan-id2 ]	Specifies a range of VLAN IDs. vlan-id1 specifies the start VLAN ID. to vlan-id2 specifies the end VLAN ID. If to vlan-id2 is not specified, only one subordinate group VLAN is configured.	The value of vlan-id1 is an integer that ranges from 1 to 4094. The value of vlan-id2 is an integer that ranges from 1 to 4094 and must be greater than or equal to the value of vlan-id1.

Views

VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

All employees and customers of an enterprise can access servers on the enterprise network. The enterprise allows employees to communicate but expects to isolate customers from one another. To meet this requirement, the enterprise can add the servers to a VLAN, add employees to another VLAN, and add each customer to a different VLAN. This wastes VLAN IDs and increases workload on VLAN configuration.

The MUX VLAN function is introduced to solve this problem. The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves the following VLANs:

Principal VLAN: allows member interfaces to communicate with each other and with interfaces in subordinate VLANs.
Subordinate VLAN
- Subordinate separate VLAN: allows member interfaces to communicate with only interfaces in the principal VLAN. An interface in a subordinate separate VLAN cannot communicate with interfaces in the same VLAN or other subordinate VLANs.
- Subordinate group VLAN: allows member interfaces to communicate with interfaces in the same VLAN and interfaces in the principal VLAN. An interface in a subordinate group VLAN cannot communicate with interfaces in other subordinate VLANs.

According to features of the preceding VLANs, the enterprise can add the servers to the principal VLAN, add employees to a subordinate group VLAN, and add customers to a subordinate separate VLAN. Customers are then allowed to access the servers but isolated from one another. This saves VLAN IDs on the enterprise network and facilitates network management.

After interfaces using by employees are added to the subordinate group VLAN, employees can access servers of the enterprise and communicate with one another.

Prerequisites

The specified subordinate group VLANs have been created. The principal VLAN has been created.

The specified subordinate group VLANs are not super-VLANs and do not have any VLANIF interface.

Before configuring a VLAN as a subordinate group VLAN, run the undo subordinate group command to delete all its member interfaces.

Follow-up Procedure

Add interfaces to subordinate group VLANs and enable the MUX VLAN function on the interfaces.

Precautions

Subordinate VLANs must be different from the principal VLAN.

A VLAN cannot be configured as a subordinate group VLAN and a subordinate separate VLAN simultaneously.

If you run the subordinate group command multiple times in the same VLAN view, all the specified VLANs are configured as subordinate group VLANs. A maximum of 128 subordinate group VLANs can be configured in a primary VLAN.

The VLAN ID assigned to a group VLAN cannot be used to configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.

Example

# Configure VLAN 7 as the subordinate group VLAN of VLAN 5.

<HUAWEI> system-view
[HUAWEI] vlan 5
[HUAWEI-vlan5] subordinate group 7