Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch

54 0 0 0

Overview

After VLANs are assigned, broadcast packets are only forwarded within the same VLAN. That is, hosts in different VLANs cannot communicate at Layer 2 because VLAN technology isolates broadcast domains. In real-world applications, hosts in different VLANs often need to communicate, so inter-VLAN communication needs to be implemented to resolve this. Layer 3 routing or VLAN technology is required to implement inter-VLAN communication.

Huawei provides a variety of technologies to implement inter-VLAN communication. The following two technologies are commonly used:
  • VLANIF interface

    A VLANIF interface is a Layer 3 logical interface. You can configure an IP address for a VLANIF interface to implement inter-VLAN Layer 3 communication.

  • Dot1q termination sub-interface

    Similar to a VLANIF interface, a sub-interface is also a Layer 3 logical interface. You can configure dot1q termination and an IP address for a sub-interface to implement inter-VLAN Layer 3 communication.

Inter-VLAN communication through a dot1q termination sub-interface is used in scenarios where an Ethernet interface connects to many VLANs. Because data flows from different VLANs preempt the bandwidth of the primary Ethernet interface, communication bottlenecks may occur when the network is busy.

The VLANIF interface and Dot1q termination sub-interface can only allow hosts on different network segments in different VLANs to communicate, whereas super-VLAN (VLAN aggregation) and the VLAN Switch function allow hosts on the same network segment in different VLANs to communicate.

Configuration Notes

  • Only E series cards, X series cards, F series cards, SC cards among S series of the S7700&S9700 support the termination sub-interface. For details, see the card classification in Hardware Description.

    X1E cards among X series support the termination sub-interface in V200R007C00 and later versions.
  • For Layer 2 interfaces, only hybrid and trunk interfaces support termination sub-interfaces.
  • The VLAN IDs terminated by a sub-interface cannot be created in the system view or be displayed.
  • When IP packets need to be sent out from the termination sub-interface and there is no corresponding ARP entry on the device. If ARP broadcast is not enabled on the termination sub-interface through the command arp broadcast enable, the system does not send or forward broadcast ARP packets to learn ARP entries. In this case, the IP packets are discarded directly.
  • This example applies to all versions of the modular switches.

Networking Requirements

In Figure 6-16, Host A and Host B belong to the R&D department, and Host C and Host D belong to the quality department. The two departments are connected through a Layer 2 switch, and require Layer 2 isolation and Layer 3 connectivity.

Figure 6-16  Networking for connecting a terminal to a Layer 3 gateway through a Layer 2 switch 
imgDownload?uuid=3bfd6d9534534728805eb47

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure interface-based assignment on the Layer 2 switch to implement Layer 2 isolation.

  2. Configure sub-interface termination on the Layer 3 switch to implement Layer 3 connectivity.

Procedure

  1. Configure Layer 2 switch SwitchA.

    # Create VLANs.

    <HUAWEI> system-view[HUAWEI] sysname SwitchA  //Change the device name to SwitchA for easy identification.[SwitchA] vlan batch 2 to 3  //Create VLAN 2 and VLAN 3 in a batch.

    # Add the interface connected to the host to VLANs.

    [SwitchA] interface gigabitethernet 1/0/1[SwitchA-GigabitEthernet1/0/1] port link-type access  //Configure the interface connected to the PC as the access interface.[SwitchA-GigabitEthernet1/0/1] port default vlan 2  //Add Host A to VLAN 2.[SwitchA-GigabitEthernet1/0/1] quit[SwitchA] interface gigabitethernet 1/0/2[SwitchA-GigabitEthernet1/0/2] port link-type access[SwitchA-GigabitEthernet1/0/2] port default vlan 2  //Add Host B to VLAN 2.[SwitchA-GigabitEthernet1/0/2] quit[SwitchA] interface gigabitethernet 1/0/3[SwitchA-GigabitEthernet1/0/3] port link-type access  //Configure the interface connected to the PC as the access interface.[SwitchA-GigabitEthernet1/0/3] port default vlan 3  //Add Host C to VLAN 3.[SwitchA-GigabitEthernet1/0/3] quit[SwitchA] interface gigabitethernet 1/0/4[SwitchA-GigabitEthernet1/0/4] port link-type access[SwitchA-GigabitEthernet1/0/4] port default vlan 3  //Add Host D to VLAN 3.[SwitchA-GigabitEthernet1/0/4] quit

    # Enable the interface connected to the Layer 3 switch to transparently transmit packets from a specified VLAN.

    [SwitchA] interface gigabitethernet 1/0/5[SwitchA-GigabitEthernet1/0/5] port link-type trunk  //Configure the interface connected to the switch as the trunk interface.[SwitchA-GigabitEthernet1/0/5] port trunk allow-pass vlan 2 to 3  //Add the interface to VLAN 2 and VLAN 3.[SwitchA-GigabitEthernet1/0/5] quit

  2. Configure Layer 3 switch SwitchB.

    <HUAWEI> system-view[HUAWEI] sysname SwitchB  //Change the device name to SwitchB.[SwitchB] interface gigabitethernet 1/0/1[SwitchB-GigabitEthernet1/0/1] port link-type hybrid   //In V200R005 earlier versions, you do not need to manually configure the link type of the interface to hybrid.[SwitchB-GigabitEthernet1/0/1] quit[SwitchB] interface gigabitethernet 1/0/1.1   //Create a sub-interface and enter the sub-interface view.[SwitchB-GigabitEthernet1/0/1.1] dot1q termination vid 2   //Set the VLAN ID for dot1q termination on GE1/0/1.1 to VLAN 2.[SwitchB-GigabitEthernet1/0/1.1] ip address 1.1.1.1 24[SwitchB-GigabitEthernet1/0/1.1] arp broadcast enable   //A termination sub-interface directly discards broadcast packets, so the sub-interface needs to be configured to forward ARP broadcast packets.[SwitchB-GigabitEthernet1/0/1.1] quit[SwitchB] interface gigabitethernet 1/0/1.2   //Create a sub-interface and enter the sub-interface view.[SwitchB-GigabitEthernet1/0/1.2] dot1q termination vid 3   //Set the VLAN ID for dot1q termination on GE1/0/1.2 to VLAN 3.[SwitchB-GigabitEthernet1/0/1.2] ip address 2.2.2.1 24 [SwitchB-GigabitEthernet1/0/1.2] arp broadcast enable[SwitchB-GigabitEthernet1/0/1.2] quit

  3. Verify the configuration.

    Configure the IP address 1.1.1.2/24 for Host A and the default gateway address as the IP address 1.1.1.1.1/24 of GE1/0/1.1.

    Configure the IP address 1.1.1.3/24 for Host B and the default gateway address as the IP address 1.1.1.1.1/24 of GE1/0/1.1.

    Configure the IP address 2.2.2.2/24 for Host C and the default gateway address as the IP address 2.2.2.1/24 of GE1/0/1.2.

    Configure the IP address 2.2.2.3/24 for Host D and the default gateway address as the IP address 2.2.2.1/24 of GE1/0/1.2.

    After the configuration is complete, Host A, Host B, Host C, and Host D can ping each other and communicate at Layer 3.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/4
 port link-type access
 port default vlan 3
#
interface GigabitEthernet1/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

SwitchB configuration file

#
sysname SwitchB
#interface GigabitEthernet1/0/1
 port link-type hybrid
#interface GigabitEthernet1/0/1.1
 dot1q termination vid 2
 ip address 1.1.1.1 255.255.255.0
 arp broadcast enable
#
interface GigabitEthernet1/0/1.2
 dot1q termination vid 3
 ip address 2.2.2.1 255.255.255.0
 arp broadcast enable
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login