VLAN Configuration Guide

introduction introduction ethernet is a data network communication technology based on csma/cd (carrier sense multiple access/collision detection) shared communication medium when the number of hosts is high, it can lead to serious conflicts, broadcast flooding, significant performance degradation and even network unavailability although lan interconnection through switches can solve the problem of serious conflicts, it still cannot isolate broadcast packets and improve the quality of the network vlan (virtual local area network) is a communication technology that logically divides a physical lan into multiple broadcast domains, allowing direct communication between hosts within a vlan, but not between vlans, thus limiting broadcast packets to a single vlan basic concepts basic concepts users between different vlans cannot interoperate, but layer 3 interworking between vlans can be achieved by configuring vlan interfaces on the switch vlan interface is a layer 3 virtual interface that does not exist as a physical entity on the switch each vlan corresponds to a vlan interface, and once ip address is configured for the vlan interface, the ip address can be used as a gateway address for network devices within the vlan, and ip address based layer 3 forwarding is performed for packets that need to cross network segments vlan tag vlan tag vlan tag is a unique identifier for a vlan, also known as 802 1q tag interface type interface type whether an interface can be assigned to more than one vlan is related to the link type and the interface type depending on the identification of vlan frames, interfaces can be divided into three types access, trunk and hybrid table 1 access, trunk and hybrid table 1 access, trunk and hybrid true 118,183 86031746031745,304 13968253968255 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type notes hosts can only forward untagged packets tagged packets are transmitted both within and between switches the interface type of this series of switches is similar to hybrid port, which can be added to one vlan or multiple vlans; currently there is no command to specify the interface type for the interface, only the number of vlans in which the interface is located to distinguish the type of port when the interface is added to only one vlan, it is considered as access interface; when the interface is added to multiple vlans, it is considered as trunk interface classification classification we use the simplest and most intuitive way to divide vlans based on interfaces this way, vlan members are defined according to the interfaces of the switches after the specified interface is added to the specified vlan, the interface can forward packets from that vlan, thus enabling hosts within the vlan to interoperate directly (i e layer 2 interworking), while hosts between vlans cannot interoperate directly, limiting broadcast packets to one vlan vid and pvid vid and pvid vid refers to the vlan id e g if you add a vlan100, then the member ports that are classified to that vlan all have a vid of 100 and they can receive packets with tag100 pvid refers to port base vlan id, which is an interface based vlan id an interface can join multiple vlans, but can only have one pvid when an interface receives a packet without a tag, it is tagged with the vlan tag of the pvid and processed as packets for that vlan a physical port can only have one pvid, and when a physical port has a pvid, it must have a vid equal to the pvid, and on that vid, the physical port must be untagged port e g , if a port is added to vlan100 in untagged mode and to vlan200, the pvid of the port will be 100 notes the pvid is only used for tagging when the switch is receiving untagged data frames from the outside, it does not play any role when the switch is forwarding data internally when two devices are connected, it is recommended to configure the pvid of the local port to be the same as the pvid of the opposite port rules for sending and receiving packets rules for sending and receiving packets for different interface types, the switch handles the packets differently, as shown in the table below table 2 rules for sending and receiving packets table 2 rules for sending and receiving packets true 88,115 90769230769229,199 72348178137648,202 36882591093124 left #4283c7 unhandled content type left #4283c7 2 1 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type vlan configuration vlan configuration vlan default setting vlan default setting the default setting of vlan interface is shown in the table below table 3 vlan default setting table 3 vlan default setting true 426,180 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type configure vlan configure vlan table 4 configure vlan table 4 configure vlan true 160,167 49777777777777,278 50222222222226 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type notes this machine supports 4096 vlans, of which vlan0 and vlan4095 are reserved vlans, vlan1 is the default vlan and vlan4094 is the vlan dedicated to high availability routing policy scenarios, so the range of vlan id that users can create is 2 4093 under standard circumstances, users cannot manually create and delete vlan 1 although there are currently no restrictions on this series, it is recommended that vlan 1 not be used as a management vlan or service vlan configure vlan member port configure vlan member port table 5 configure vlan member port table 5 configure vlan member port true 160,220,226 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type note a port can only be joined in one vlan in untagged mode, but can be joined in multiple vlans in tagged mode configure the ip of vlan configure the ip of vlan table 6 configure the ip of vlan table 6 configure the ip of vlan true 131,107 5,367 5 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type configure the mtu of vlan configure the mtu of vlan table 7 configure the mtu of vlan table 7 configure the mtu of vlan true 304,181,121 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type configure the mac address of vlan configure the mac address of vlan by default, the mac address of the interface is dynamically assigned by the system or is the same as the mac address of the switch this series supports users to reconfigure the mac of physical interfaces, vlan interfaces and link aggregation interfaces table 8 configure the mac address of vlan table 8 configure the mac address of vlan true 187,209 5,209 5 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type shutdown vlan shutdown vlan table 9 shutdown vlan table 9 shutdown vlan true 266,198,142 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type disable mac learning for vlan disable mac learning for vlan table 10 disable mac learning for vlan table 10 disable mac learning for vlan true 294,197 16763005780348,114 83236994219652 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type display and maintenance display and maintenance table 11 vlan display and maintenance table 11 vlan display and maintenance true 284,194 68615384615387,127 31384615384613 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type typical configuration example typical configuration example communication between vlans of the same device communication between vlans of the same device networking requirements assume that user 1 and user 2 belong to the same department in a company, but belong to different vlans and are located in different network segments the requirement is to implement user 1 and user 2 interoperability topology procedure \#create vlan sonic# configure terminal sonic(config)# vlan 100 sonic(config vlan 100)# ex sonic(config)# vlan 200 sonic(config vlan 200)# ex \#add interfaces to vlans sonic(config)# interface ethernet 0/0 sonic(config if 0/0)# switchport trunk vlan 100 sonic(config if 0/0)# ex sonic(config)# interface ethernet 0/1 sonic(config if 0/1)# switchport trunk vlan 200 sonic(config if 0/1)# ex \#set the ip for vlan interfaces sonic(config)# interface vlan 100 sonic(config vlanif 100)# ip address 100 0 0 1/24 sonic(config vlanif 100)# ex sonic(config)# interface vlan 200 sonic(config vlanif 200)# ip address 200 0 0 1/24 sonic(config vlanif 200)# ex verify configuration sonic# show vlan summary + + + + + + \| vlan id | ip address | ports | port tagging | dhcp helper address | +===========+==============+===========+================+=======================+ \| 100 | 100 0 0 1/24 | ethernet0 | untagged | | + + + + + + \| 200 | 200 0 0 1/24 | ethernet1 | untagged | | + + + + + + user 1 and user 2 can ping each other vlans communication across devices vlans communication across devices networking requirements suppose a company network has device a connected to servers server1 and server2, belonging to department 1 and department 2 respectively, and device b connected to users user 1 and user 2, belonging to department 1 and department 2 respectively to ensure network communication security, the company requires that employees in each department can only access the servers in their own department according to the communication principle of vlan same vlans can interoperate directly, layer 2 isolated layer 3 interoperability between different vlans therefore, user1 and server1 are divided into the same vlan, and user2 and server2 are divided into the same vlan to realize that the employees of this department can only access the servers of this department topology procedure configure device a \#create vlan sonic# configure terminal sonic(config)# vlan 100 sonic(config vlan 100)# ex sonic(config)# vlan 200 sonic(config vlan 200)# ex \#add interfaces to vlans sonic# configure terminal sonic(config)# interface ethernet 0/1 sonic(config if 0/1)# switchport access vlan 100 sonic(config if 0/1)# ex sonic(config)# interface ethernet 0/2 sonic(config if 0/2)# switchport access vlan 200 sonic(config if 0/2)# ex configure device b as above, without further ado configure the ip set user1 and server1 to the same network segment, e g 192 168 100 0/24, and set user2 and server2 to the same network segment, e g 192 168 200 0/24 verify configuration \#check vlan configuration sonic# show vlan summary + + + + + + + + \| vlan id | ip address | ports | port tagging | proxy arp | description | dhcp helper address | + + + + + + + + \| 100 | | 0/0 | tagged | disable | n/a | | \| | | 0/1 | tagged | | | | + + + + + + + + \| 200 | | 0/0 | tagged | disable | n/a | | \| | | 0/2 | tagged | | | | + + + + + + + + \#on user1, ping server1 is ok, ping server2 is not ok admin\@user1 $ ping 192 168 100 1 ping 192 168 100 1 (192 168 100 1) 56(84) bytes of data 64 bytes from 192 168 100 1 icmp seq=1 ttl=64 time=2 49 ms 64 bytes from 192 168 100 1 icmp seq=2 ttl=64 time=0 464 ms 64 bytes from 192 168 100 1 icmp seq=3 ttl=64 time=0 518 ms 64 bytes from 192 168 100 1 icmp seq=4 ttl=64 time=0 531 ms 64 bytes from 192 168 100 1 icmp seq=5 ttl=64 time=0 413 ms 64 bytes from 192 168 100 1 icmp seq=6 ttl=64 time=3 82 ms ^c \ 192 168 100 1 ping statistics 6 packets transmitted, 6 received, 0% packet loss, time 5110ms rtt min/avg/max/mdev = 0 413/1 371/3 819/1 317 ms admin\@user1 $ ping 192 168 200 1 ping 192 168 200 1 (192 168 200 1) 56(84) bytes of data ^c \ 192 168 200 1 ping statistics 4 packets transmitted, 0 received, 100% packet loss, time 3065ms \#on user2, ping server1 is not ok, ping server2 is ok admin\@user2 $ ping 192 168 200 1 ping 192 168 200 1 (192 168 200 1) 56(84) bytes of data 64 bytes from 192 168 200 1 icmp seq=1 ttl=64 time=2 61 ms 64 bytes from 192 168 200 1 icmp seq=2 ttl=64 time=1 29 ms 64 bytes from 192 168 200 1 icmp seq=3 ttl=64 time=4 33 ms ^c \ 192 168 200 1 ping statistics 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1 286/2 742/4 334/1 248 ms admin\@user2 $ ping 192 168 100 1 ping 192 168 100 1 (192 168 100 1) 56(84) bytes of data ^c \ 192 168 100 1 ping statistics 4 packets transmitted, 0 received, 100% packet loss, time 3065ms