VLAN Configuration Guide
此内容尚不支持你的语言。
Although using devices to interconnect Local Area Networks (LANs) can mitigate collision problems, it still fails to isolate broadcast messages and enhance network quality. In response to these challenges, Virtual Local Area Network (VLAN) technology emerged. VLAN logically divides a physical LAN into multiple broadcast domains, allowing direct communication between hosts within the same VLAN while preventing direct communication between different VLANs. This containment of broadcast messages within their respective VLANs improves network isolation and performance.
Explanation of Principles
Section titled “Explanation of Principles”Interface Type
Section titled “Interface Type”Different types of interfaces on a device handle VLAN tagging differently when forwarding packets. Based on their VLAN tagging behavior, interfaces can be categorized into three types: Access, Trunk, and Hybrid interfaces.
Access Interface
This interface adds the interface’s Port VLAN ID (PVID) to untagged incoming packets.
It only allows tagged packets with VLAN IDs matching the interface’s PVID to pass through.
Outgoing packets from this interface are always untagged, making it suitable for connecting user terminals.
Trunk Interface
It permits multiple VLAN tags to pass through.
Outgoing packets from this interface have no VLAN tag if their VLAN matches the interface’s default VLAN. Other VLANs must have a VLAN tag. Trunk interfaces are often used for interconnecting network transmission equipment.
Hybrid Interface
This interface type is not supported by the current device and is not further described.
Interface Default VLAN
Section titled “Interface Default VLAN”In addition to configuring the VLANs allowed to traverse a port, you can also define a default VLAN for the port, known as the Port VLAN ID (PVID). When an untagged packet is received on the port, it is assumed to belong to the default VLAN.
For Access ports, the default VLAN corresponds to the VLAN the interface has been configured to join in access mode.
Packet Transmission and Reception Rules
Section titled “Packet Transmission and Reception Rules”| Interface Type | Ingress | Egress | |
|---|---|---|---|
| Access | Untag | Tag | |
| Adding Default VLAN ID of the interface | When the VLAN ID of a packet matches the default VLAN ID of the interface, the interface receives the packet. | When the VLAN ID of a packet matches the interface’s default VLAN ID, the interface removes the tag and sends the packet. When the VLAN ID of a packet differs from the interface’s default VLAN ID and the packet’s VLAN ID is one of the VLAN IDs allowed through the interface: the original tag is preserved, and the packet is sent | |
| Trunk | Adding Default VLAN ID of the interface | When the VLAN ID of a packet is in the list of VLAN IDs allowed through the interface, the packet is received. When the VLAN ID of a packet is not in the list of VLAN IDs allowed through the interface, the packet is discarded. | The VLAN tag of the packet remains unchanged. |
Configuring Interface VLAN
Section titled “Configuring Interface VLAN”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Create a VLAN | vlan ID | |
| Enter the interface view | interface ethernet ID | |
| Assign an access VLAN | switchport access vlan ID | |
| Assign a trunk VLAN | switchport trunk vlan ID | |
| Remove a VLAN | no switchport vlan ID |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command | Description |
|---|---|---|
| Display VLAN summary information | show vlan summary | |
| Display detailed information about a specific VLAN | show vlan vid vlan-id | |
| Display information for all VLANs | show vlan all |
Configuration Example
Section titled “Configuration Example”Configuring VLAN Assignment Based on Interfaces for Intra-VLAN Communication
Section titled “Configuring VLAN Assignment Based on Interfaces for Intra-VLAN Communication”Network requirements
Suppose User 1 and User 3 of a company belong to the same department but access the network through different devices, User 2 and User 4 belong to the same department and access the network through different devices but belong to different VLANs, where Department A uses VLAN 100 and Department B uses VLAN 200.
Procedure
1.Configure Device A
# Create VLAN and add the interface to the VLAN
sonic(config)# vlan 100sonic(config)# vlan 200sonic(config)# interface ethernet 1sonic(config-if-1)# switchport access vlan 200sonic(config)# interface ethernet 2sonic(config-if-2)# switchport access vlan 100sonic(config)# interface ethernet 3sonic(config-if-3)# switchport trunk vlan 100sonic(config-if-3)# switchport trunk vlan 2002.Device B and DeviceA configuration is the same
Verify configuration
1.User 1 and User 3 can ping each other, but neither can ping User 2 and User 4, and User 2 and User 4 can ping each other, but not User 1 and User 3.
2.View VLAN configuration information.
sonic# show vlan summary