VLAN Configuration

introduction introduction ethernet is a data network communication technology based on csma/cd (carrier sense multiple access/collision detection), which utilizes a shared communication medium when the number of hosts increases, it can lead to severe issues like collisions, broadcast storms, performance degradation, and even network unavailability although using switches to interconnect local area networks (lans) can mitigate collision problems, it still fails to isolate broadcast messages and enhance network quality in response to these challenges, virtual local area network (vlan) technology emerged vlan logically divides a physical lan into multiple broadcast domains, allowing direct communication between hosts within the same vlan while preventing direct communication between different vlans this containment of broadcast messages within their respective vlans improves network isolation and performance explanation of principles explanation of principles interface type interface type different types of interfaces on a device handle vlan tagging differently when forwarding packets based on their vlan tagging behavior, interfaces can be categorized into three types access, trunk, and hybrid interfaces access interface this interface adds the interface's port vlan id (pvid) to untagged incoming packets it only allows tagged packets with vlan ids matching the interface's pvid to pass through outgoing packets from this interface are always untagged, making it suitable for connecting user terminals trunk interface it permits multiple vlan tags to pass through outgoing packets from this interface have no vlan tag if their vlan matches the interface's default vlan other vlans must have a vlan tag trunk interfaces are often used for interconnecting network transmission equipment hybrid interface this interface type is not supported by the current device and is not further described interface default vlan interface default vlan in addition to configuring the vlans allowed to traverse a port, you can also define a default vlan for the port, known as the port vlan id (pvid) when an untagged packet is received on the port, it is assumed to belong to the default vlan for access ports, the default vlan corresponds to the vlan the interface has been configured to join in access mode packet transmission and reception rules packet transmission and reception rules true 133,132,257,440 left #4283c7 unhandled content type left #4283c7 2 1 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type configuring interface vlan configuring interface vlan true 299,256 26390685640365,232 73609314359635 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type batch vlan configuration batch vlan configuration batch vlan principle batch vlan principle when a device needs to allow a large number of vlans to pass between interfaces at once, the operations of creating vlans and adding interfaces to vlans must be repeated, which can take time to load and apply the configuration the device offers a more convenient batch method to create vlans that share the same layer 2 attributes by creating a batch vlan group, interfaces can be added to vlans, simplifying the business logic and accelerating the time it takes for configurations to be applied and take effect it is important to note that member vlans within a batch vlan cannot be extracted and used as regular vlans independently batch vlan configuration batch vlan configuration true 301,323 12658227848107,565 873417721519 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type display and maintenance display and maintenance true 400,217,191 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type configuration example configuration example configuring vlan assignment based on interfaces for intra vlan communication configuring vlan assignment based on interfaces for intra vlan communication network requirements network requirements suppose user 1 and user 3 of a company belong to the same department but access the network through different devices, user 2 and user 4 belong to the same department and access the network through different devices but belong to different vlans, where department a uses vlan 100 and department b uses vlan 200 procedure procedure configure device a \# create vlan and add the interface to the vlan sonic(config)# vlan 100 sonic(config)# vlan 200 sonic(config)# interface ethernet 1 sonic(config if 1)# switchport access vlan 200 sonic(config)# interface ethernet 2 sonic(config if 2)# switchport access vlan 100 sonic(config)# interface ethernet 3 sonic(config if 3)# switchport trunk vlan 100 sonic(config if 3)# switchport trunk vlan 200 device b and devicea configuration is the same verify configuration verify configuration user 1 and user 3 can ping each other, but neither can ping user 2 and user 4, and user 2 and user 4 can ping each other, but not user 1 and user 3 view vlan configuration information sonic# show vlan brief + + + + + + \| vlan id | ip address | ports | port tagging | dhcp helper address| +==========+============+===========+==============+====================+ \| 100 | | ethernet2 | untagged | | \| | | ethernet3 | tagged | | + + + + + + \| 200 | | ethernet1 | untagged | | \| | | ethernet3 | tagged | | + + + + + + configuring batch vlan configuring batch vlan network requirement network requirement the device is used as an access switch, connected to access points (aps) the aps have multiple vlans configured to differentiate various services or user permissions the access switch must allow these vlans to pass through additionally, vlan 1 is used as the in band management vlan on the access switch procedure procedure create batch vlan group sonic(config)# batch vlan group 1 sonic(config batch vlan group 1)# vlan ids 10 1000 sonic(config batch vlan group 1)# switchport trunk ethernet 1 48 sonic(config batch vlan group 1)# exit ensure vlan 1 is configured for management sonic(config)# vlan 1 sonic(config)# interface ethernet 49 sonic(config if 49)# switchport access vlan 1 sonic(config if 49)# exit sonic(config)# interface vlan 1 sonic(config vlanif 1)# ip address 192 168 100 1/24 verify configuration verify configuration sonic# show vlan summary + + + + + + \| vlan id | ip address | ports | port tagging | dhcp helper address | +===========+==================+===============+================+=======================+ \| 1 | 192 168 100 1/24 | ethernet49 | untagged | | + + + + + + \| 10 1000 | | ethernet1 48 | tagged | | + + + + + +