VLAN, trunk, VLANIF (SVI) on Huawei switch

advertisement
VLAN, trunk, VLANIF (SVI) on
Huawei switch
Today I want to show you:
•
•
•
•
How to configure VLANs
How to add interface to a VLAN
How to establish 802.1q trunk between two Ethernet switches and filter VLANs
How to configure VLANIF (VLAN interface or simply SVI).
Look at the following topology.
Let’s assume that we want to configure two switches, which are connected via Ethernet link.
Both switches have PCs connected to them. We want to allow PC101 to be able to reach
PC102 and PC201 to be able to reach PC202.To do so, we need to add two different VLANs,
configure Ethernet trunk between switches and add PCs to the correct VLAN.
Let’s start with SW1 switch configuration.
First I have to add two VLANs 100 and 200, and describe these VLANs labnario100 and
labnario200 respectively (description is optional). Both switches should be configured at
exactly the same way, so SW2 configuration is omitted.
<labnariosw1>system-view
[labnariosw1]vlan 100
[labnariosw1-vlan100]description labnario100
[labnariosw1-vlan100]vlan 200
[labnariosw1-vlan200]description labnario200
Let’s verify VLAN configuration:
[labnariosw1]display vlan
The total number of vlans is : 3
------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
UT: Untagged;
MP: Vlan-mapping;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
------------------------------------------------------------------------------VID Type
Ports
------------------------------------------------------------------------------1
common UT:GE0/0/1(U)
GE0/0/2(U)
GE0/0/3(D)
GE0/0/4(D)
GE0/0/5(D)
GE0/0/6(D)
GE0/0/7(D)
GE0/0/8(D)
GE0/0/9(D)
GE0/0/10(U)
GE0/0/11(D)
GE0/0/12(D)
GE0/0/13(D)
GE0/0/14(D)
GE0/0/15(D)
GE0/0/16(D)
GE0/0/17(D)
GE0/0/18(D)
GE0/0/19(D)
GE0/0/20(D)
GE0/0/21(D)
GE0/0/22(D)
GE0/0/23(D)
GE0/0/24(D)
100 common
200 common
VID Status Property
MAC-LRN Statistics Description
------------------------------------------------------------------------------1
enable default
enable disable
VLAN 0001
100 enable default
enable disable
labnario100
200 enable default
enable disable
labnario200
As the second step, I want to configure 802.1q trunk between SW1 and SW2 and filter
VLANs, which can pass through this trunk (VLAN filtering is optional):
[labnariosw1-GigabitEthernet0/0/10]port link-type trunk
[labnariosw1-GigabitEthernet0/0/10]port trunk allow-pass vlan 100 200
Let’s verify, if our trunk interface is configured correctly:
[labnariosw1]display port vlan
Port
Link Type
PVID Trunk VLAN List
-----------------------------------------------------------------------------GigabitEthernet0/0/1
hybrid
1
GigabitEthernet0/0/2
hybrid
1
GigabitEthernet0/0/3
hybrid
1
GigabitEthernet0/0/4
hybrid
1
GigabitEthernet0/0/5
hybrid
1
GigabitEthernet0/0/6
hybrid
1
GigabitEthernet0/0/7
hybrid
1
GigabitEthernet0/0/8
hybrid
1
GigabitEthernet0/0/9
hybrid
1
GigabitEthernet0/0/10
trunk
1
1 100 200
GigabitEthernet0/0/11
hybrid
1
GigabitEthernet0/0/12
hybrid
1
GigabitEthernet0/0/13
hybrid
1
GigabitEthernet0/0/14
hybrid
1
GigabitEthernet0/0/15
hybrid
1
-
GigabitEthernet0/0/16
GigabitEthernet0/0/17
GigabitEthernet0/0/18
GigabitEthernet0/0/19
GigabitEthernet0/0/20
GigabitEthernet0/0/21
GigabitEthernet0/0/22
GigabitEthernet0/0/23
GigabitEthernet0/0/24
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
1
1
1
1
1
1
1
1
1
-
There is also more specific command:
[labnariosw1]display port vlan GigabitEthernet 0/0/10
Port
Link Type
PVID Trunk VLAN List
-----------------------------------------------------------------------------GigabitEthernet0/0/10
trunk
1
1 100 200
You can also block VLANs to be passed through the trunk:
[labnariosw1-GigabitEthernet0/0/10]undo port trunk allow-pass vlan 1
[labnariosw1]display port vlan GigabitEthernet 0/0/10
Port
Link Type
PVID Trunk VLAN List
-----------------------------------------------------------------------------GigabitEthernet0/0/10
trunk
1
100 200
As you see, Ge0/0/10 interface is working as a 802.1q trunk. Only VLANs 100 and 200 can
pass through this trunk link.
Now we can configure access ports which are connected to PCs:
[labnariosw1]interface GigabitEthernet 0/0/1
[labnariosw1-GigabitEthernet0/0/1]port link-type access
[labnariosw1-GigabitEthernet0/0/1]port default vlan 100
[labnariosw1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[labnariosw1-GigabitEthernet0/0/2]port link-type access
[labnariosw1-GigabitEthernet0/0/2]port default vlan 200
Let’s verify our VLANs and ports configuration again:
[labnariosw1]display port vlan
Port
Link Type
PVID Trunk VLAN List
-----------------------------------------------------------------------------GigabitEthernet0/0/1
access
100
GigabitEthernet0/0/2
access
200
GigabitEthernet0/0/3
hybrid
1
GigabitEthernet0/0/4
hybrid
1
GigabitEthernet0/0/5
hybrid
1
GigabitEthernet0/0/6
hybrid
1
GigabitEthernet0/0/7
hybrid
1
GigabitEthernet0/0/8
hybrid
1
GigabitEthernet0/0/9
hybrid
1
GigabitEthernet0/0/10
trunk
1
100 200
GigabitEthernet0/0/11
hybrid
1
GigabitEthernet0/0/12
hybrid
1
GigabitEthernet0/0/13
hybrid
1
-
GigabitEthernet0/0/14
GigabitEthernet0/0/15
GigabitEthernet0/0/16
GigabitEthernet0/0/17
GigabitEthernet0/0/18
GigabitEthernet0/0/19
GigabitEthernet0/0/20
GigabitEthernet0/0/21
GigabitEthernet0/0/22
GigabitEthernet0/0/23
GigabitEthernet0/0/24
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
hybrid
1
1
1
1
1
1
1
1
1
1
1
-
[labnariosw1]display vlan
The total number of vlans is : 3
------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
UT: Untagged;
MP: Vlan-mapping;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
------------------------------------------------------------------------------VID Type
Ports
------------------------------------------------------------------------------1
common UT:GE0/0/3(D)
GE0/0/4(D)
GE0/0/5(D)
GE0/0/6(D)
GE0/0/7(D)
GE0/0/8(D)
GE0/0/9(D)
GE0/0/10(U)
GE0/0/11(D)
GE0/0/12(D)
GE0/0/13(D)
GE0/0/14(D)
GE0/0/15(D)
GE0/0/16(D)
GE0/0/17(D)
GE0/0/18(D)
GE0/0/19(D)
GE0/0/20(D)
GE0/0/21(D)
GE0/0/22(D)
GE0/0/23(D)
GE0/0/24(D)
100 common UT:GE0/0/1(U)
TG:GE0/0/10(U)
200 common UT:GE0/0/2(U)
TG:GE0/0/10(U)
VID Status Property
MAC-LRN Statistics Description
------------------------------------------------------------------------------1
enable default
enable disable
VLAN 0001
100 enable default
enable disable
labnario100
200 enable default
enable disable
labnario200
When both switches are configured, we can check if our PCs can ping each other. Remember
that PC101 and PC102 are both in a VLAN 100 and PC201 with PC202 are both in a VLAN
200. So let’s start with PC101:
PC101>ping 192.168.100.2
Ping
From
From
From
From
From
192.168.100.2:
192.168.100.2:
192.168.100.2:
192.168.100.2:
192.168.100.2:
192.168.100.2:
32 data bytes,
bytes=32 seq=1
bytes=32 seq=2
bytes=32 seq=3
bytes=32 seq=4
bytes=32 seq=5
Press Ctrl_C to
ttl=128 time=15
ttl=128 time=32
ttl=128 time=47
ttl=128 time=46
ttl=128 time=16
--- 192.168.100.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
break
ms
ms
ms
ms
ms
0.00% packet loss
round-trip min/avg/max = 15/31/47 ms
PC101>ping 192.168.200.1
Ping
From
From
From
From
From
192.168.200.1:
192.168.100.1:
192.168.100.1:
192.168.100.1:
192.168.100.1:
192.168.100.1:
32 data bytes, Press Ctrl_C to break
Destination host unreachable
Destination host unreachable
Destination host unreachable
Destination host unreachable
Destination host unreachable
PC101>ping 192.168.200.2
Ping
From
From
From
From
From
192.168.200.2:
192.168.100.1:
192.168.100.1:
192.168.100.1:
192.168.100.1:
192.168.100.1:
32 data bytes, Press Ctrl_C to break
Destination host unreachable
Destination host unreachable
Destination host unreachable
Destination host unreachable
Destination host unreachable
PC101 can successfully ping PC102 as both are in a VLAN 100. It can not ping PCs 201 and
202 which are configured in VLAN 200. Let’s check connectivity in VLAN 200:
PC201>ping 192.168.200.2
Ping
From
From
From
From
From
192.168.200.2:
192.168.200.2:
192.168.200.2:
192.168.200.2:
192.168.200.2:
192.168.200.2:
32 data bytes,
bytes=32 seq=1
bytes=32 seq=2
bytes=32 seq=3
bytes=32 seq=4
bytes=32 seq=5
Press Ctrl_C to
ttl=128 time=46
ttl=128 time=16
ttl=128 time=63
ttl=128 time=46
ttl=128 time=47
break
ms
ms
ms
ms
ms
--- 192.168.200.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/43/63 ms
PC201 can successfully ping PC202. It means that our VLANs, trunk and access ports are
configured correctly.
As the last step I want to show you, how to configure VLAN interface.
VLAN interface is a Layer3 virtual interface configured on a switch, which belongs to a
specific VLAN. It is sometimes called a “SVI” (Switched Virtual Interface). If there is no
VLANIF configured, it is not possible to ping any device connected to that VLAN. This is
because IP packets must have source IP address to be able to reach remote device and come
back to our switch.
I will configure VLANIF 100 on both SW1 and SW2:
[labnariosw1]interface Vlanif 100
[labnariosw1-Vlanif100]ip add 192.168.100.101 255.255.255.0
[labnariosw2]interface Vlanif 100
[labnariosw2-Vlanif100]ip add 192.168.100.102 255.255.255.0
Now I should have full IP connectivity between all my devices configured in VLAN 100.
This means that PC101, PC102, SW1 and SW2 can ping each other:
[labnariosw1]ping 192.168.100.1
PING 192.168.100.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=128 time=50 ms
Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=128 time=1 ms
Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=128 time=20 ms
Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=128 time=20 ms
Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=128 time=1 ms
--- 192.168.100.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/18/50 ms
[labnariosw1]ping 192.168.100.2
PING 192.168.100.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.100.2: bytes=56 Sequence=1 ttl=128 time=60
Reply from 192.168.100.2: bytes=56 Sequence=2 ttl=128 time=10
Reply from 192.168.100.2: bytes=56 Sequence=3 ttl=128 time=40
Reply from 192.168.100.2: bytes=56 Sequence=4 ttl=128 time=40
Reply from 192.168.100.2: bytes=56 Sequence=5 ttl=128 time=30
ms
ms
ms
ms
ms
--- 192.168.100.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/36/60 ms
[labnariosw1]ping 192.168.100.102
PING 192.168.100.102: 56 data bytes, press CTRL_C to break
Reply from 192.168.100.102: bytes=56 Sequence=1 ttl=255 time=30
Reply from 192.168.100.102: bytes=56 Sequence=2 ttl=255 time=50
Reply from 192.168.100.102: bytes=56 Sequence=3 ttl=255 time=40
Reply from 192.168.100.102: bytes=56 Sequence=4 ttl=255 time=50
Reply from 192.168.100.102: bytes=56 Sequence=5 ttl=255 time=40
--- 192.168.100.102 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/42/50 ms
ms
ms
ms
ms
ms
Download