Example for Configuring IP Subnet-based VLAN Assignment

Created Feb 28, 2019 16:32:30 4 0 0 0

Overview of IP Subnet-based VLAN Assignment

IP subnet-based VLAN assignment applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Table 6-6 compares different VLAN assignment modes.
Table 6-6  Comparisons among VLAN assignment modes

VLAN Assignment Mode

Implementation

Advantage

Disadvantage

Usage Scenario

Interface-based VLAN assignment

VLANs are assigned based on interfaces.

A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID.

It is simple to define VLAN members.

The network administrator needs to reconfigure VLANs when VLAN members change.

Applies to networks of any scale and with devices at fixed locations.

MAC address-based VLAN assignment

VLANs are assigned based on source MAC addresses of frames.

A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN.

When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network.

The network administrator must predefine VLANs for all members on a network.

Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.

IP subnet-based VLAN assignment

VLANs are assigned based on source IP addresses and subnet masks.

A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN.

  • When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users.
  • This mode reduces communication traffic and allows a broadcast domain to span multiple switches.

Users are evenly spread and multiple users are on the same network segment.

Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.

Protocol-based VLAN assignment

VLANs are assigned based on protocol (suite) types and encapsulation formats of frames.

A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN.

This mode binds service types to VLANs, facilitating management and maintenance.

  • The network administrator must preconfigure mappings between all protocol types and VLAN IDs.
  • The switch needs to analyze protocol address formats and convert the formats, which consumes excessive resources. Therefore, this mode slows down switch response time.

Applies to networks using multiple protocols.

Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces)

VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses.

A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN.

  • This mode provides high security. MAC addresses or IP addresses of users who have been bound to VLANs cannot be changed.
  • The network administrator can flexibly select which policies to use according to the management mode and requirements.

Each policy needs to be manually configured.

Applies to complex networks.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 6-14, an enterprise has multiple services, including IPTV, VoIP, and Internet access. Each service uses a different IP subnet. To facilitate management, the company requires that packets of the same service be transmitted in the same VLAN and packets of different services in different VLANs. The switch receives packets of multiple services such as data, IPTV, and voice services, and user devices of these services use IP addresses on different IP subnets. The switch needs to assign VLANs to packets of different services so that the router can transmit packets with different VLAN IDs to different servers.

Figure 6-14  Networking of IP subnet-based VLAN assignment 
imgDownload?uuid=b7e5a1c8112845fd8fb8273

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs and add interfaces to VLANs so that the interfaces allow the IP subnet-based VLANs.
  2. Enable IP subnet-based VLAN assignment and associate IP subnets with VLANs so that the switch determines VLANs based on source IP addresses or network segments of packets.

Procedure

  1. Create VLANs.

    <HUAWEI> system-view[HUAWEI] sysname Switch[Switch] vlan batch 100 200 300   //Create VLAN100, VLAN 200, and VLAN 300 in a batch.

  2. Configure interfaces.

    [Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] port link-type hybrid   //IP subnet-based VLAN assignment can only be enabled on hybrid interfaces. In V200R005C00 and later versions, the default link type of an interface is not hybrid, so you need to manually configure the hybrid interface.[Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 200 300   //Add the interface to VLANs 100, 200, and 300 in untagged mode.[Switch-GigabitEthernet1/0/1] ip-subnet-vlan enable   //Enable IP subnet-based VLAN assignment.[Switch-GigabitEthernet1/0/1] quit[Switch] interface gigabitethernet 1/0/2[Switch-GigabitEthernet1/0/2] port link-type trunk  //Configure the link type of the interface as trunk.[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 300[Switch-GigabitEthernet1/0/2] quit

  3. Configure IP subnet-based VLAN assignment.

    [Switch] vlan 100[Switch-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2   //Configure the device to forward packets with the IP address of 192.168.1.2/24 and priority of 2 in VLAN 100.[Switch-vlan100] quit[Switch] vlan 200[Switch-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3   //Configure the device to forward packets with the IP address of 192.168.2.2/24 and priority of 3 in VLAN 200.[Switch-vlan200] quit[Switch] vlan 300[Switch-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4   //Configure the device to forward packets with the IP address of 192.168.3.2/24 and priority of 4 in VLAN 300.[Switch-vlan300] quit

  4. Verify the configuration.

    # Run the display ip-subnet-vlan vlan all command on the switch. The following information is displayed:

    [Switch] display ip-subnet-vlan vlan all----------------------------------------------------------------
     Vlan    Index   IpAddress           SubnetMask          Priority
     ----------------------------------------------------------------
     100     1       192.168.1.2         255.255.255.0       2
     200     1       192.168.2.2         255.255.255.0       3
     300     1       192.168.3.2         255.255.255.0       4
     ----------------------------------------------------------------
     ip-subnet-vlan count: 3                  total count: 3 

Configuration Files

Switch configuration file

#
sysname Switch#
vlan batch 100 200 300
#
vlan 100
 ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
 ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
 ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface GigabitEthernet1/0/1 port link-type hybrid port hybrid untagged vlan 100 200 300
 ip-subnet-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200 300
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top