Configuring communication between interfaces in different VLANs

24

A Fat AP can connect to a switch or router.
If interfaces of a device are added to two VLANs, the interfaces can communicate with each other by default.
If interfaces are added to two VLANs on different devices, routes need to be configured to enable communication between the interfaces.

Other related questions:
Differences between GVRP VLAN and VCMP VLAN
VLAN Central Management Protocol (VCMP) is located at the Layer 2 of OSI model. It propagates VLAN information within a Layer 2 network and ensures VLAN information consistency on the Layer 2 network. The GARP VLAN Registration Protocol (GVRP) is used to register and deregister VLAN attributes. The Generic Attribute Registration Protocol (GARP) provides a mechanism to propagate attributes so that a protocol entity can register and deregister attributes. GARP transmits attributes. The VLANs on S series switches, except S1700 and S9300 are as follows: 1. GVRP creates dynamic VLANs, whereas VCMP creates static VLANs. When you run the display vlan summary command, the VLAN of GVRP displays Dynamic vlan and the VLAN of VCMP displays Static vlan. 2. VCMP can only help network administrators synchronize VLAN configurations, but cannot dynamically add interfaces to VLANs. GVRP can simplify VLAN configuration and is able to dynamically add interfaces to VLANs.

How do I configure an Ethernet sub-interface to implement inter-VLAN communication
Generally, only one primary IP address can be configured for a physical interface. When a Layer 3 device connects to a Layer 2 network device through a Layer 3 Ethernet interface and interfaces on the Layer 2 network device are assigned to different VLANs, one primary IP address of the Layer 3 physical interface cannot implement inter-VLAN communication. You can configure secondary IP addresses or sub-interfaces for the Layer 3 Ethernet interface to solve this problem. The secondary IP addresses depend on the primary IP address. When the primary IP address becomes invalid, the secondary IP addresses also become invalid. The sub-interfaces and main interface are independent. Sub-interfaces share physical layer parameters of their main interface, and are configured with their respective link layer parameters and network layer parameters. The IP address of the main interface and IP addresses of sub-interfaces are independent. You can create sub-interfaces on the Ethernet interface connecting the Layer 3 device to the Layer 2 device so that users in different VLANs can communicate.

Add an interface to different VLANs
An access interface cannot be added to different VLANs. Run the port default vlan command to configure a default VLAN. A trunk interface can be added to multiple VLANs by running the port trunk allow-pass vlan command. A hybrid interface can be added to multiple VLANs in untagged or tagged mode by running the port hybrid untagged vlan or port hybrid tagged vlan command.

Configure ACLs on S series switches to restrict communications between VLANs
For details about the configuration on S series switches (except S1700 switches), click Typical Configuration Examples and choose Typical Security Configuration > Typical ACL Configuration > Example for Using ACLs to Restrict Mutual Access Between Network Segments.

How to implement communication between some sub-VLANs in a super-VLAN
When VLAN aggregation is configured, hosts in a super-VLAN use IP addresses on the same network segment and share the same gateway address. Hosts in different sub-VLANs belong to the same subnet, so the switch forwards packets between the hosts by searching for ARP entries but not through the gateway. Proxy ARP allows the switch to establish ARP entries for all sub-VLANs for interworking. To implement interworking between some sub-VLANs, configure static ARP entries to bind destination MAC addresses to the gateway IP address on hosts in the sub-VLANs. For example, when host A with the gateway IP address of 192.168.1.1/24 wants to access host B with the MAC address of 00-aa-00-62-c6-09, perform the following operations: Choose Start > Run, enter cmd, and press Enter. Enter arp -s 192.168.1.1 00-aa-00-62-c6-09. After the preceding configuration is complete, host A can access host B. If host B needs to access host A, configure a static ARP entry to bind host A's MAC address to the gateway IP address on host B.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top