< Home

subordinate separate

Function

The subordinate separate command configures a subordinate separate VLAN for a principal VLAN.

The undo subordinate separate command removes the subordinate separate VLAN from a principal VLAN.

By default, a principal VLAN does not have any subordinate separate VLAN.

Format

subordinate separate vlan-id

undo subordinate separate

Parameters

Parameter

Description

Value

vlan-id

Specifies the ID of an existing VLAN.

The value is an integer that ranges from 1 to 4094.

Views

VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

All employees and customers of an enterprise can access servers on the enterprise network. The enterprise allows employees to communicate but expects to isolate customers from one another. To meet this requirement, the enterprise can add the servers to a VLAN, add employees to another VLAN, and add each customer to a different VLAN. This wastes VLAN IDs and increases workload on VLAN configuration.

The MUX VLAN function is introduced to solve this problem. The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves the following VLANs:

  • Principal VLAN: allows member interfaces to communicate with each other and with interfaces in subordinate VLANs.
  • Subordinate VLAN
    • Subordinate separate VLAN: allows member interfaces to communicate with only interfaces in the principal VLAN. An interface in a subordinate separate VLAN cannot communicate with interfaces in the same VLAN or other subordinate VLANs.
    • Subordinate group VLAN: allows member interfaces to communicate with interfaces in the same VLAN and interfaces in the principal VLAN. An interface in a subordinate group VLAN cannot communicate with interfaces in other subordinate VLANs.

According to features of the preceding VLANs, the enterprise can add the servers to the principal VLAN, add employees to a subordinate group VLAN, and add customers to a subordinate separate VLAN. Customers are then allowed to access the servers but isolated from one another. This saves VLAN IDs on the enterprise network and facilitates network management.

After interfaces using by customers are added to the subordinate separate VLAN, customers can neither communicate with each other nor access servers of the enterprise.

Prerequisites

The specified subordinate separate VLAN has been created. The principal VLAN has been created.

The specified subordinate separate VLANs are not super-VLANs and do not have any VLANIF interface.

Before configuring a VLAN as a subordinate separate VLAN, run the undo subordinate separate command to delete all its member interfaces.

Follow-up Procedure

Add interfaces to the subordinate separate VLAN and enable the MUX VLAN function on the interfaces.

Precautions

Subordinate VLANs must be different from the principal VLAN.

A VLAN cannot be configured as a subordinate group VLAN and a subordinate separate VLAN simultaneously.

A principal VLAN can be configured with only one subordinate separate VLAN. Before configuring another VLAN as the subordinate separate VLAN, run the undo subordinate separate command to delete the previous one.

The VLAN ID assigned to a separate VLAN cannot be used to configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not recommended that this VLAN ID be used to configure VLAN mapping and VLAN stacking.

Example

# Configure VLAN 6 as the subordinate separate VLAN of VLAN 5.

<HUAWEI> system-view
[HUAWEI] vlan 5
[HUAWEI-vlan5] subordinate separate 6
Parent Topic: MUX VLAN Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic