Print | Rate this content

HP 5820 Switch Series - VLAN Configuration Examples

Port-based VLAN configuration example

Network requirements:

As shown in Figure 1:

  • Host A and Host C belong to Department A, and access the enterprise network through different devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices.

  • To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to Department A, and VLAN 200 is assigned to Department B.

  • Ensure that hosts within the same VLAN can communicate with each other. Host A can communicate with Host C, and Host B can communicate with Host D.

Figure 1: Network diagram for port-based VLAN configuration

Configuration procedure:

  1. Configuration on Device A

    # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100.

    <DeviceA> system-view
    [DeviceA] vlan 100
    [DeviceA-vlan100] port gigabitethernet 1/0/1
    [DeviceA-vlan100] quit

    # Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200.

    [DeviceA] vlan 200
    [DeviceA-vlan200] port gigabitethernet 1/0/2
    [DeviceA-vlan200] quit

    # Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200, enabling GigabitEthernet 1/0/3 to forward traffic of VLANs 100 and 200 to Device B.

    [DeviceA] interface gigabitethernet 1/0/3
    [DeviceA-GigabitEthernet1/0/3] port link-type trunk
    [DeviceA-GigabitEthernet1/0/3] port trunk permit vlan 100 200
    Please wait... Done.

  2. Configure Device B as you configure Device A.

  3. Configure Host A and Host C to be on the same network segment, 192.168.100.0/24 for example. Configure Host B and Host D to be on the same network segment, 192.168.200.0/24 for example.

Verification:

  1. Host A and Host C and ping each other successfully, but they both fail to ping Host B. Host B and Host D and ping each other successfully, but they both fail to ping Host A.

  2. Check whether the configuration is successful by displaying relevant VLAN information.

    # Display information about VLANs 100 and 200 on Device A:

top

MAC-based VLAN configuration example

Network requirements:

  • As shown in Figure 2- Network diagram for MAC-based VLAN configuration, GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meeting and may be used in any of the two meeting rooms.

  • Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 and VLAN 200, respectively. Each laptop can access only its own department server no matter which meeting room it is used in.

  • The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69.

Figure 2: Network diagram for MAC-based VLAN configuration

Configuration consideration:

  • Create VLANs 100 and 200.

  • Configure the uplink ports of Device A and Device C as trunk ports, and assign them to VLANs 100 and 200.

  • Configure the downlink ports of Device B as trunk ports, and assign them to VLANs 100 and 200. Configure the uplink ports of Device B as access ports connecting to the servers, respectively, and assign them to VLANs 100 and 200, respectively.

  • Associate the MAC address of Laptop 1 with VLAN 100, and the MAC address of Laptop 2 with VLAN 200.

Configuration procedure:

  1. Configuration on Device A

    # Create VLANs 100 and 200.

    <DeviceA> system-view
    [DeviceA] vlan 100
    [DeviceA-vlan100] quit
    [DeviceA] vlan 200
    [DeviceA-vlan200] quit

    # Associate the MAC address of Laptop 1 with VLAN 100, and the MAC address of Laptop 2 with VLAN 200.

    [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
    [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200

    # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1 Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable MAC-based VLAN on it.

    [DeviceA] interface gigabitethernet 1/0/1
    [DeviceA-GigabitEthernet1/0/1] port link-type hybrid
    [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
    Please wait... Done.
    [DeviceA-GigabitEthernet1/0/1] mac-vlan enable
    [DeviceA-GigabitEthernet1/0/1] quit

    # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.

    [DeviceA] interface gigabitethernet 1/0/2
    [DeviceA-GigabitEthernet1/0/2] port link-type trunk
    [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
    [DeviceA-GigabitEthernet1/0/2] quit

  2. Configuration on Device B

    # Create VLANs 100 and 200. Assign GigabitEthernet 1/0/13 to VLAN 100, and GigabitEthernet 1/0/14 to VLAN 200.

    <DeviceB> system-view
    [DeviceB] vlan 100
    [DeviceB-vlan100] port gigabitethernet 1/0/13
    [DeviceB-vlan100] quit
    [DeviceB] vlan 200
    [DeviceB-vlan200] port gigabitethernet 1/0/14
    [DeviceB-vlan200] quit

    # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 as trunk ports, and assign them to VLANs 100 and 200.

    [DeviceB] interface gigabitethernet 1/0/3
    [DeviceB-GigabitEthernet1/0/3] port link-type trunk
    [DeviceB-GigabitEthernet1/0/3] port trunk permit vlan 100 200
    [DeviceB-GigabitEthernet1/0/3] quit
    [DeviceB] interface gigabitethernet 1/0/4
    [DeviceB-GigabitEthernet1/0/4] port link-type trunk
    [DeviceB-GigabitEthernet1/0/4] port trunk permit vlan 100 200
    [DeviceB-GigabitEthernet1/0/4] quit

  3. Configuration on Device C

    Configure Device C as Device A was configured.

Verification:

  1. Laptop 1 can access Server 1 only, and Laptop 2 can access Server 2 only.

  2. On Device A and Device C, the user can see that VLAN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2.

Configuration guidelines:

  1. MAC-based VLAN can be configured only on hybrid ports.

  2. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function.

top

Protocol-based VLAN configuration example

Network requirements (as shown in the figure 3 - Network diagram for protocol-based VLAN configuration):

In a lab environment, as shown in figure Network diagram for protocol-based VLAN configuration, most hosts run the IPv4 protocol, and the rest of the hosts run the IPv6 protocol for teaching purposes. To avoid interference, isolate IPv4 traffic and IPv6 traffic at Layer 2.

Figure 3: Network diagram for protocol-based VLAN configuration

Configuration consideration

Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6.

Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2.

Configuration procedure

  1. Configure device.

    # Create VLAN 100, and assign port GigabitEthernet 1/0/11 to VLAN 100.

    <Device> system-view
    [Device] vlan 100
    [Device-vlan100] description protocol VLAN for IPv4
    [Device-vlan100] port gigabitethernet 1/0/11
    [Device-vlan100] quit

    # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200.

    [Device] vlan 200
    [Device-vlan200] description protocol VLAN for IPv6
    [Device-vlan200] port gigabitethernet 1/0/12

    # Create an IPv6 protocol template in the view of VLAN 200, and create an IPv4 protocol template in the view of VLAN 100.

    [Device-vlan200] protocol-vlan 1 ipv6
    [Device-vlan200] quit
    [Device] vlan 100
    [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit

    # Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged.

    [Device] interface gigabitethernet 1/0/1
    [Device-GigabitEthernet1/0/1] port link-type hybrid
    [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
    Please wait... Done.

    # Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.

    [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 1
    [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 1
    [Device-GigabitEthernet1/0/1] quit

    # Configure GigabitEthernet 1/0/2 as a hybrid port that forwards packets of VLANs 100 and 200 untagged, and associate GigabitEthernet 1/0/2 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.

    [Device] interface gigabitethernet 1/0/2
    [Device-GigabitEthernet1/0/2] port link-type hybrid
    [Device-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
    Please wait... Done.
    [Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 1

    [Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 1

  2. Keep the default settings of L2 Switch A and L2 Switch B.

  3. Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same IP subnet (192.168.100.0/24, for example), and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be on the same IP subnet (2001::1/64, for example).

Verification

  1. The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts or server in VLAN 100 cannot ping the hosts and server in VLAN 200, and vice versa.

  2. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.

# Display protocol-based VLAN configuration on Device.

Configuration guidelines

Protocol-based VLAN configuration applies only to hybrid ports.

top

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!