VLAN Configuration

introduction introduction ethernet is a data network communication technology based on csma/cd (carrier sense multiple access/collision detection), which utilizes a shared communication medium when the number of hosts increases, it can lead to severe issues like collisions, broadcast storms, performance degradation, and even network unavailability although using switches to interconnect local area networks (lans) can mitigate collision problems, it still fails to isolate broadcast messages and enhance network quality in response to these challenges, virtual local area network (vlan) technology emerged vlan logically divides a physical lan into multiple broadcast domains, allowing direct communication between hosts within the same vlan while preventing direct communication between different vlans this containment of broadcast messages within their respective vlans improves network isolation and performance explanation of principles explanation of principles interface type interface type different types of interfaces on a device handle vlan tagging differently when forwarding packets based on their vlan tagging behavior, interfaces can be categorized into three types access, trunk, and hybrid interfaces access interface this interface adds the interface's port vlan id (pvid) to untagged incoming packets it only allows tagged packets with vlan ids matching the interface's pvid to pass through outgoing packets from this interface are always untagged, making it suitable for connecting user terminals trunk interface it permits multiple vlan tags to pass through outgoing packets from this interface have no vlan tag if their vlan matches the interface's default vlan other vlans must have a vlan tag trunk interfaces are often used for interconnecting network transmission equipment hybrid interface this interface type is not supported by the current device and is not further described interface default vlan interface default vlan in addition to configuring the vlans allowed to traverse a port, you can also define a default vlan for the port, known as the port vlan id (pvid) when an untagged packet is received on the port, it is assumed to belong to the default vlan for access ports, the default vlan corresponds to the vlan the interface has been configured to join in access mode packet transmission and reception rules packet transmission and reception rules interface type ingress egress untag tag access adding default vlan id of the interface when the vlan id of a packet matches the default vlan id of the interface, the interface receives the packet when the vlan id of a packet matches the interface's default vlan id, the interface removes the tag and sends the packet when the vlan id of a packet differs from the interface's default vlan id and the packet's vlan id is one of the vlan ids allowed through the interface the original tag is preserved, and the packet is sent trunk adding default vlan id of the interface when the vlan id of a packet is in the list of vlan ids allowed through the interface, the packet is received when the vlan id of a packet is not in the list of vlan ids allowed through the interface, the packet is discarded the vlan tag of the packet remains unchanged configuring interface vlan configuring interface vlan operation command description enter the system configuration view configure terminal create a vlan vlan id enter the interface view interface ethernet id assign an access vlan switchport access vlan id assign a trunk vlan switchport trunk vlan id remove a vlan no switchport vlan id voice vlan configuration voice vlan configuration the voice vlan feature enables switch ports to transmit voice traffic from ip phones with an administrator defined priority when multiple devices (such as personal computers and ip phones) are connected to the same port, the port can be configured to use one vlan for voice traffic and another vlan for data traffic ip voice (voip) traffic is inherently time sensitive low latency is crucial for a network to provide acceptable service the switch supports separating voice and data traffic entering the port and can accelerate the forwarding of voice vlan traffic, ensuring that the sound quality of ip phones is not disturbed when data traffic on the port is high operation command description enter the interface view interface ethernet interface id enter the specified ethernet interface view configure the interface to publish med tlv lldp ports med policy voice \[ vlan vid ] \[vlan type {tagged|untagged}] \[priority value ] \[dscp value ] configure the interface to publish the med tlv, which is used to automatically configure information such as the vlan and priority of ip phones connected to the device vid specify the voice vlan id to allow the traffic of ip phones to enter an independent vlan vlan type define the tagging method for voice traffic "tagged" is the most common, allowing the separation of voice (tagged) and data (untagged) traffic on the same port priority specify the 802 1p (cos) priority (0 7), with a higher value indicating a higher forwarding priority dscp specify the dscp (differentiated services code point) (0 63), which identifies the service level of voice traffic at the network layer, with a higher value indicating a higher forwarding priority batch vlan configuration batch vlan configuration batch vlan principle batch vlan principle when a device needs to allow a large number of vlans to pass between interfaces at once, the operations of creating vlans and adding interfaces to vlans must be repeated, which can take time to load and apply the configuration the device offers a more convenient batch method to create vlans that share the same layer 2 attributes by creating a batch vlan group, interfaces can be added to vlans, simplifying the business logic and accelerating the time it takes for configurations to be applied and take effect it is important to note that member vlans within a batch vlan cannot be extracted and used as regular vlans independently batch vlan configuration batch vlan configuration operation command description create a batch vlan group batch vlan group < id > add the vlan id list to be allowed vlan ids < vlan range > specifies the range of vlans to be included in the batch you can separate vlan ranges using and , for example, 10 20,30,40 50 configure the list of interfaces to allow vlan traffic switchport trunk ethernet < port range > specifies the range of interfaces this range defines the ports on which the vlans in the batch vlan group will be allowed display and maintenance display and maintenance operation command description display vlan summary information show vlan summary display detailed information about a specific vlan show vlan vlan id display information for all vlans show vlan all configuration example configuration example configuring vlan assignment based on interfaces for intra vlan communication configuring vlan assignment based on interfaces for intra vlan communication network requirements network requirements suppose user 1 and user 3 of a company belong to the same department but access the network through different devices, user 2 and user 4 belong to the same department and access the network through different devices but belong to different vlans, where department a uses vlan 100 and department b uses vlan 200 procedure procedure configure device a \# create vlan and add the interface to the vlan sonic(config)# vlan 100 sonic(config)# vlan 200 sonic(config)# interface ethernet 1 sonic(config if 1)# switchport access vlan 200 sonic(config)# interface ethernet 2 sonic(config if 2)# switchport access vlan 100 sonic(config)# interface ethernet 3 sonic(config if 3)# switchport trunk vlan 100 sonic(config if 3)# switchport trunk vlan 200 device b and devicea configuration is the same verify configuration verify configuration user 1 and user 3 can ping each other, but neither can ping user 2 and user 4, and user 2 and user 4 can ping each other, but not user 1 and user 3 view vlan configuration information sonic# show vlan brief + + + + + + \| vlan id | ip address | ports | port tagging | dhcp helper address| +==========+============+===========+==============+====================+ \| 100 | | ethernet2 | untagged | | \| | | ethernet3 | tagged | | + + + + + + \| 200 | | ethernet1 | untagged | | \| | | ethernet3 | tagged | | + + + + + + configuring batch vlan configuring batch vlan network requirement network requirement the device is used as an access switch, connected to access points (aps) the aps have multiple vlans configured to differentiate various services or user permissions the access switch must allow these vlans to pass through additionally, vlan 1 is used as the in band management vlan on the access switch procedure procedure create batch vlan group sonic(config)# batch vlan group 1 sonic(config batch vlan group 1)# vlan ids 10 1000 sonic(config batch vlan group 1)# switchport trunk ethernet 1 48 sonic(config batch vlan group 1)# exit ensure vlan 1 is configured for management sonic(config)# vlan 1 sonic(config)# interface ethernet 49 sonic(config if 49)# switchport access vlan 1 sonic(config if 49)# exit sonic(config)# interface vlan 1 sonic(config vlanif 1)# ip address 192 168 100 1/24 verify configuration verify configuration sonic# show vlan summary + + + + + + \| vlan id | ip address | ports | port tagging | dhcp helper address | +===========+==================+===============+================+=======================+ \| 1 | 192 168 100 1/24 | ethernet49 | untagged | | + + + + + + \| 10 1000 | | ethernet1 48 | tagged | | + + + + + +