string: Description character string of current VLAN or VLAN interface. For VLAN, it ranges from 1 to 32 characters. For VLAN interface, it ranges from 1 to 64 characters. The default description character string of current VLAN is VLAN ID of the VLAN, e.g. VLAN 0001. The default description character string of VLAN interface is the interface name, e.g., “Vlan-interface1 interface”.

Description

Use the description command to configure a description for the current VLAN or VLAN interface.

Use the undo description command to restore the default description of current VLAN or VLAN interface.

Related command: display vlan, display interface vlan-interface.

Example

# Specify a description character string “RESEARCH” for the current VLAN.

[H3C-vlan1] description RESEARCH

1.1.2 display trap-to-cpu

Syntax

display trap-to-cpu

View

Any view

Parameter

None

Description

Use the display trap-to-cpu command to view the related information about the CPU port.

Example

# Display related information about the CPU port

<H3C> display trap-to-cpu

trap-to-cpu disable vlan 2 10 14 to 15

1.1.3 display interface Vlan-interface

Syntax

display interface Vlan-interface [ vlan-id ]

View

Any view

Parameter

vlan-id: Specifies VLAN ID.

Description

Use the display interface Vlan-interface command to view the related information about specified or all VLAN interfaces, including physical protocol status and link protocol status of VLAN interface, Ethernet sending frame format, MAC address, IP address and sub-net mask, description character string and MTU, etc.

With vlan-id specified, only the information about the specified VLAN interface will be displayed. If no vlan-id is specified, the information about all the existing VLAN interfaces will be displayed.

Related command: interface vlan-interface.

Example

# Display related information about VLAN-interface 1.

<H3C> display interface Vlan-interface 1

Vlan-interface1 current state : DOWN

Line protocol current state : DOWN

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc07-4101

Internet Address is 10.1.1.1/24 Primary

Description : Vlan-interface1 Interface

The Maximum Transmit Unit is 1500

Table 1-1 Description on the fields of the display interface Vlan-interface command

Field	Description
Vlan-interface1 current state	Current state of the VLAN interface
Line protocol current state	Current state of the Line protocol
IP Sending Frames' Format	Format of the IP sending frames
Hardware address	Corresponding MAC address of the VLAN interface
Internet Address	IP address
Description	Description of the VLAN interface
The Maximum Transmit Unit	Maximum Transmit Unit (MTU)

1.1.4 display vlan

Syntax

display vlan [ vlan-id to vlan-id | all | static | dynamic ]

View

Any view

Parameter

vlan-id: Displays information of the specified VLAN.

all: Displays information of all VLANs.

static: Displays information of VLANs created statically by the system.

dynamic: Displays information of VLANs created dynamically by the system.

Description

Use the display vlan command to view related information about the specified or all VLANs.

If vlan-id or all is specified, information of specified VLAN or all VLANs is displayed. It includes: VLAN ID, VLAN type (dynamic or static), whether the routing function has been enabled on this VLAN (if enabled, the main IP address and mask will be displayed), VLAN description, and the ports VLAN contains.

If parameter is not specified, information of the VLANs that has been created is displayed. If the parameter dynamic or static is selected, information of VLANs created dynamically or statically by the system is displayed.

Related command: vlan.

Example

# Display the information about VLAN2.

[H3C] display vlan 2

VLAN ID: 2

VLAN Type: static

ARP proxy disabled

Route interface: not configured

Description: VLAN 0002

Tagged Ports: none

Untagged Ports:

Ethernet2/1/1 Ethernet2/1/2 Ethernet2/1/3

Table 1-2 Description on the fields of the display vlan 2 command

Field	Description
VLAN ID	VLAN ID
VLAN Type	Configuration type of VLAN: either dynamic or static
Route interface	Whether the route interface exists
ARP proxy disabled	The ARP proxy function of the VLAN is disabled
Description	VLAN description
Tagged Ports	The ports on which VLAN packets need tag
Untagged Ports	The ports on which VLAN packets need not tag

1.1.5 interface vlan-interface

Syntax

interface vlan-interface vlan-id

undo interface vlan-interface vlan-id

View

System view

Parameter

vlan-id: ID of VLAN interface, ranging from 1 to 4094.

Description

Use the interface vlan-interface command to configure VLAN interface or enter VLAN interface view.

Use the undo interface vlan-interface command to cancel one VLAN interface.

Related command: display interface vlan-interface.

Example

# Enter the view of the VLAN-interface 1.

[H3C] interface vlan-interface 1

1.1.6 name

Syntax

name string

undo name

View

VLAN view

Parameter

string: Name of the current VLAN, a string of 1 to 32 characters. The default value is the VLAN ID of the VLAN.

Description

Use the name command to name the current VLAN.

Use the undo name command to restore the default name of the current VLAN.

By default, the name of the current VLAN is the VLAN ID of the VLAN.

Example

# Name the current VLAN 2 “hello”.

[H3C-vlan2] name hello

1.1.7 shutdown

Syntax

shutdown

undo shutdown

View

VLAN interface view

Parameter

None

Description

Use the shutdown command to disable the VLAN interface.

Use the undo shutdown command to enable the VLAN interface.

By default, when all the Ethernet ports in a VLAN are in the Down state, this VLAN interface is also Down. When there are one or more Ethernet ports in the Up state, this VLAN interface is also Up.

This command can be used to start interface after the related parameters and protocols of VLAN interface are set. Or when the VLAN interface fails, the interface can be shut down first and then restarted. In this way, the interface may be restored to normal status.

Shutting down or bringing up a VLAN interface will not affect any Ethernet port of this VLAN.

Example

# Shut down Vlan-interface 2.

[H3C-Vlan-interface1] shutdown

1.1.8 trap-to-cpu disable

Syntax

trap-to-cpu disable

undo trap-to-cpu disable

View

VLAN view

Parameter

None

Description

Use the trap-to-cpu disable command to move the CPU port out of a VLAN.

Use the undo trap-to-cpu disable command to move the CPU port into a VLAN.

By default, a VLAN contains a CPU port.

Example

# Move the CPU port out of VLAN 2.

[H3C-vlan2] trap-to-cpu disable

Warning : CPU port will exit the designated VLAN.

Broadcast & multicast packets cannot forward to CPU!

1.1.9 trap-to-cpu disable vlan

Syntax

trap-to-cpu disable vlan { vlan-list | all }

undo trap-to-cpu disable vlan { vlan-list | all }

View

System view

Parameter

vlan-list: Specifies the list of VLANs that contain a CPU port, expressed in form of vlan-list = { vlan-id [ to vlan-id ] } &<1-10>. The vlan-id before the keyword to must be larger than or equal to the vlan-id after to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

all: All VLANs.

Description

Use the trap-to-cpu disable vlan command to move the CPU port out of the specified VLANs.

Use the undo trap-to-cpu disable vlan command to move the CPU port into the specified VLANs.

Example

# Move the CPU port out of VLAN 5 and VLANs 20 to 30.

[H3C] trap-to-cpu disable vlan 5 20 to 30

1.1.10 vlan

Syntax

vlan vlan-id-list

undo vlan { vlan-id [ to vlan-id ] | all }

View

System view

Parameter

vlan-id-list: vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, specifies the range of VLANs to be created. The value range of vlan-id is 1 to 4094. &<1-10> means that the preceding parameter can be repeated up to 10 times.

all: Deletes all VLANs.

Description

Use the vlan vlan-id-list command to enter VLAN view or to create a range of VLANs.

Use the undo vlan command to delete the specified VLAN.

If only one VLAN is created, the system will automatically enter the view of the VLAN just created.

Related command: display vlan.

Example

# Create VLANs 5, 20, 21, 22, 23, 24, 400, 1002, 1003, 1004, and 2000.

<H3C> system-view

[H3C] vlan 5 20 to 24 400 1002 to 1004 2000

Caution:

l VLAN 1 is the system-default VLAN and cannot be removed.

l VLANs with their ports being VLAN VPN-enabled cannot be removed.

l A Guest VLAN cannot be deleted.

l A protocol-enabled VLAN cannot be deleted.

1.2 Port-Based VLAN Configuration Commands

1.2.1 port

Syntax

port interface-list

undo port interface-list

View

VLAN view

Parameter

interface-list: List of Ethernet ports, expressed as interface-list= { interface-type interface-number [ to { interface-type interface-number ] }&<1-10>. interface-type is interface type, interface-number is interface number. The interface number after the keyword to must be larger than or equal to the interface number before to. &<1-10> represents that the preceding parameter can be repeated up to 10 times.

Description

Use the port command to add one port or one group of ports to VLAN.

Use the undo port command to cancel one port or one group of ports from VLAN.

Note that you can add/delete trunk port and hybrid port to/from VLAN by the port and undo port commands in Ethernet port view, but not in VLAN view.

Related command: display vlan.

Example

# Add Ethernet2/1/1 through Ethernet2/1/3 to VLAN 2.

[H3C-vlan2] port ethernet2/1/1 to ethernet2/1/3

1.3 Protocol-Based VLAN Configuration Commands

1.3.1 display protocol-vlan interface

Syntax

display protocol-vlan interface { interface-list | all }

View

Any view

Parameter

interface-list: Displays the protocol information of a specified interface, in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. interface-type is interface type, interface-number is interface number. The interface number after the keyword to must be larger than or equal to the interface number before to. &<1-10> represents that the preceding parameter can be repeated up to 10 times.

all: Displays the protocol information of all ports.

Description

Use the display protocol-vlan interface command to view the protocol information and protocol index configured on the specific port, to which you can refer when you use the protocol-based VLAN and add/delete a protocol.

Related command: display interface.

Example

# Display the protocol information and protocol index configured on Ethernet2/1/1.

<H3C> display protocol-vlan interface ethernet2/1/1

Interface:Ethernet2/1/1

Vlan-ID Protocol-Index Protocol-Type

100 1 etype ethernetii

1.3.2 display vlan-protocol-vlan vlan

Syntax

display protocol-vlan vlan { vlan-list | all }

View

Any view

Parameter

vlan-list: Specifies a VLAN list. It is expressed in the form of vlan-list = { vlan-id [ to vlan-id ] } &<1-10>, where the vlan-id after the keyword to must be larger than or equal to the vlan-id before to. &<1-10> represents that the preceding parameter can be repeated up to 10 times.

all: Displays the protocol information of all VLANs.

Description

Use the display protocol-vlan vlan command to view the protocol information and protocol index configured for a VLAN, to which you can refer when you use the protocol-based VLAN and add/delete a protocol.

Related command: display vlan.

Example

# Display the protocol information and protocol index configured on the VLAN 522.

<H3C> display protocol-vlan vlan 522

VLAN ID: 522

VLAN Type: Protocol-based VLAN

Protocol-Index Protocol-Type

0 ethernetii etype 0x0600

1 llc dsap 0x12 ssap 0x34

2 snap etype 0x0600

1.3.3 port hybrid protocol-vlan vlan

Syntax

port hybrid protocol-vlan vlan vlan-id { vlan-protocol-list | all }

undo port hybrid protocol-vlan vlan { vlan-id { vlan-protocol-list | all } | all }

View

Ethernet port view

Parameter

vlan-id: ID of the VLAN which a protocol is added to or deleted from.

{ vlan-protocol-list | all }: vlan-protocol represents the VLAN protocol list to be added to or deleted from a certain port, in the form of vlan-protocol-list = { protocol-index [ to protocol-end ] }. protocol-index indicates the initial value of protocol index; protocol-end indicates the end value of protocol index.

all: Adds/deletes all protocols to/from a port.

Description

Use the port hybrid protocol-vlan vlan command to add a protocol VLAN or protocol VLANs to a specified port.

Use the undo port hybrid protocol-vlan vlan command to delete a protocol VLAN or protocol VLANs from the port.

Use the undo port hybrid protocol-vlan vlan all command to delete all the configured protocol VLANs from the port.

& Note:

l Only Hybrid ports support this feature at present.

l The specified port must belong to the VLAN before a protocol VLAN can be added to it.

Related command: display protocol-vlan vlan { vlan-list | all }.

Example

# Add protocol VLANs 4 to 7 to Ethernet1/1/1.

[H3C-Ethernet1/1/1] port hybrid protocol-vlan vlan 3 4 to 7

1.3.4 protocol-vlan

Syntax

protocol-vlan [ protocol-index ] { at | ipx { ethernetii | llc | raw | snap } { ipv4 ip-address [ net-mask ] | mode { ethernetii etype etype-id | llc dsap dsap-id ssap ssap-id | snap etype etype-id } }

undo protocol-vlan { protocol-index [ to protocol-end ] | all }

View

VLAN view

Parameter

ipv4 ip-address [ net-mask ]: IP- based VLAN. ip-address is the IP address, and net-mask is the IP address mask. If no mask is specified, the default mask is 255.255.255.0.

mode: Specifies the VLAN based on other protocols.

ethernetii etype etype-id: EthernetII protocol based VLAN. etype-id is the Ethernet type of incoming packets, ranging from 600 to FFFF.

llc dsap dsap-id ssap ssap-id: Logical link control protocol based VLAN. dsap-id is the destination service access point, ranging from 0 to FF. ssap-id is source service access point, ranging from 0 to FF.

snap etype etype-id: Sub-Network Access Protocol (SNAP) based protocol. etype-id is the Ethernet type of incoming packets, ranging from 600 to FFFF.

protocol-index: Initial value of protocol index, ranging from 0 to 7. It must be smaller than protocol-end.

protocol-end: End value of protocol index, ranging from 0 to 7

at: AppleTalk-based VLAN. Encapsulation format is EthernetII, and the Ethernet type is 0x809B.

ipx: IPX-based protocol VLAN, encapsulated in three formats: Ethernetii, LLC, and SNAP.

ethernetii: Encapsulation format is EthernetII, and the Ethernet type is 0x8137.

llc: Encapsulation format is LLC, DSAP=SSAP=0xE0.

snap: Encapsulation format is SNAP, and the Ethernet type is 0x8137.

raw: LLC-encapsulated IPX packet format of Novell, DSAP=SSAP=0xFF.

protocol-index: Protocol index, ranging from 0 to 7.

all: All protocols.

Description

Use the protocol-vlan command to specify the parameters of VLANs based on AppleTalk, IP, IPX, etc.

Use the undo vlan-type protocol command to cancel this configuration.

Related command: display protocol-vlan vlan.

Example

# Specify VLAN 5 to be based on the network segment 123.34.56.0.

[H3C-vlan5] vlan-type protocol ip 123.34.56.0

# Configure AppleTalk-based protocol VLAN 5

[H3C-vlan5] protocol-vlan at

Chapter 2 GARP/GVRP Configuration Commands

2.1 GARP Configuration Commands

2.1.1 display garp statistics

Syntax

display garp statistics [ interface interface-list ]

View

Any view

Parameter

interface-list: List of Ethernet ports to be displayed, expressed as interface-list = { interface-type interface-number [ to interface-type interface-number] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to. &<1-10> represents that the preceding parameter can be repeated up to 10 times.

Description

Use the display garp statistics command to view the GARP statistics information, including the number of packets received/sent and discarded by GVRP/GMRP.

Example

# Display the GARP statistics information on Ethernet port Ethernet2/1/1.

<H3C> display garp statistics interface ethernet2/1/1

GARP statistics on port Ethernet2/1/1

Number Of GMRP Frames Received : 0

Number Of GVRP Frames Received : 0

Number Of GMRP Frames Transmitted : 0

Number Of GVRP Frames Transmitted : 0

Number Of Frames Discarded : 0

The information above indicates that the number of received/sent packets and the number of packets discarded by GVRP/GMRP on Ethernet2/1/1 are all 0.

2.1.2 display garp timer

Syntax

display garp timer [ interface interface-list ]

View

Any view

Parameter

interface-list: List of Ethernet ports of which the GRRP timer information is to be displayed, expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

Description

Use the display garp timer command to view the value of GARP timer, including Hold timer, Join timer, Leave timer and LeaveAll timer.

Related command: garp timer, garp timer leaveall.

Example

# Display GARP timer on Ethernet2/1/1.

<H3C> display garp timer interface ethernet2/1/1

GARP timers on port Ethernet2/1/1

GARP JoinTime : 20 centiseconds

GARP Leave Time : 60 centiseconds

GARP LeaveAll Time : 1000 centiseconds

GARP Hold Time : 10 centiseconds

2.1.3 garp timer

Syntax

garp timer { hold | join | leave } timer-value

undo garp timer { hold | join | leave }

View

Ethernet port view

Parameter

hold: GARP Hold timer. After receiving certain registration information, the GARP application entity will not send Join Message at once. Instead, it starts the Hold timer. All the registration information received within duration of the Hold timer will be transmitted in the same frame after the Hold timer times out, thereby saving the bandwidth resource.

join: GARP Join timer. GARP application entity will send out Join message after the Join timer goes timeout to make other GARP application entity register its own information.

leave: GARP Leave timer . When a GARP application entity wants to deregister certain attribute information, it sends Leave message. The GARP application entity receiving the message starts Leave timer. If the entity receives no Join message before the timer goes timeout, it will deregister the attribute information.

timer-value: Value of GARP hold timer, join timer and leave timer in centiseconds. The step is five centiseconds. By default, Hold timer is 10 centiseconds, Join timer is 20 centiseconds, Leave timer is 60 centiseconds.

The range conforms to the following rule:

l The value of Join timer should be no less than the doubled value of Hold timer.

l The value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value.

l The minimal value of Join timer is 10 centiseconds.

Description

Use the garp timer command to set the value of GARP timer (including Hold timer, Join timer and Leave timer) of the port.

Use the undo garp timer command to restore the default value of GARP timer.

The value range of a timer varies with the values of other timers. So if the value of a timer you want to set is not within the available value range, you can change the value range by changing the values of other related timers.

l The lower limit of Hold timer is 10 centiseconds. You can change its upper limit by changing the value of Join timer.

l You can change the lower limit and upper limit of Join timer by changing the value of Hold timer and Leave timer respectively.

l You can change the lower limit and upper limit of Leave timer by changing the value of Join timer and LeaveAll timer respectively.

l The upper limit of LeaveAll timer is 32765 centiseconds. You can change its lower limit by changing the value of Leave timer.

Related command: display garp timer.

Example

# Set Join timer of GARP to 300ms.

[H3C-Ethernet2/1/1] garp timer join 30

2.1.4 garp timer leaveall

Syntax

garp timer leaveall timer-value

undo garp timer leaveall

View

System view

Parameter

timer-value: Value of GARP LeaveAll timer in centiseconds, ranging from 65 to 32765. The step is five centiseconds. The value of LeaveAll timer should be greater than the value of Leave timer.

By default, the value of LeaveAll timer is 1000 centiseconds, i.e., 10s.

Description

Use the garp timer leaveall command to configure GARP LeaveAll timer.

Use the undo garp timer leaveall command to restore the default value.

After every GARP application entity is started, the LeaveAll timer will be started simultaneously. The GARP application entity will send LeaveAll message after the timer times out to make other application entities re-register all attribute information on the entities themselves. Then, the LeaveAll timer is started and the new cycle begins.

Related command: display garp timer.

Example

# Set GARP LeaveAll timer to 1s.

[H3C] garp timer leaveall 100

2.1.5 reset garp statistics

Syntax

reset garp statistics [ interface interface-list ]

View

User view

Parameter

interface-list: Specifies a list of Ethernet ports on which the GARP statistics information will be cleared, expressed as interface-list = { interface-type interface-number [ to interface-type interface-num] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

Description

Use the reset garp statistics command to reset the GARP statistics information (such as the packets received/sent and discarded by GVRP/GMRP). If the command has no parameter, it will clear the GARP statistics information of all the ports.

Related command: display garp statistics.

Example

# Clear GARP statistics information.

<H3C> reset garp statistics

2.2 GVRP Configuration Commands

2.2.1 display gvrp statistics

Syntax

display gvrp statistics [ interface interface-list ]

View

Any view

Parameter

Interface-list: List of Ethernet ports on which the GVRP statistics information is to be displayed, expressed as interface-list = { interface-type interface-number } [ to interface-type interface-number] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

Description

Use the display gvrp statistics command to view the GVRP statistics information of all the Trunk ports, including GVRP status information, failed GVRP registration entries and the last GVRP data unit origin.

Example

# Display the GVRP statistics information on Ethernet2/1/1.

<H3C> display gvrp statistics interface ethernet2/1/1

GVRP statistics on port Ethernet2/1/1

GVRP Status : Enabled

GVRP Failed Registrations : 0

GVRP Last Pdu Origin : 0000-0000-0000

GVRP Registration Type : Normal

Table 2-1 Description on the fields of the display gvrp statistics command

Field	Description
GVRP Status	GVRP status, that is, enabled or disabled
GVRP Failed Registrations	Failed GVRP registration entries
GVRP Last Pdu Origin	The source of the last GVRP data unit. If GVRP data unit is not received, the system displays 0000-0000-0000; if received from a device, the GVRP data unit received last time is regarded as coming from this MAC address of this device.
GVRP Registration Type	GVRP registration type, that is, fixed, forbidden or normal

2.2.2 display gvrp status

Syntax

display gvrp status

View

Any view

Parameter

None

Description

Use the display gvrp status command to view the global GVRP status information.

Example

# Display the global status information about GVRP.

<H3C> display gvrp status

GVRP is enabled

The above information means that the global GVRP is enabled.

2.2.3 gvrp

Syntax

gvrp

undo gvrp

View

System view/Ethernet port view

Parameter

None

Description

Use the gvrp command to enable GVRP.

Use the undo gvrp command to disable GVRP.

By default, GVRP is disabled.

This command can be used to enable/disable global GVRP in system view or enable/disable port GVRP in Ethernet port view.

Before enabling port GVRP, you must enable global GVRP first. In addition, port GVRP must be enabled/disabled on Trunk ports.

Related command: display gvrp status.

Example

# Enable global GVRP.

[H3C] gvrp

2.2.4 gvrp registration

Syntax

gvrp registration { fixed | forbidden | normal }

undo gvrp registration

View

Ethernet port view

Parameter

fixed: Enables to create or register VLAN on the port manually and disables to register or deregister VLAN dynamically.

forbidden: Deregisters all VLANs except VLAN 1 and disables to create or register any other VLAN on the port.

normal: Enables to create, register and deregister VLAN on the port manually or dynamically.

Description

Use the gvrp registration command to configure GVRP registration type.

Use the undo gvrp registration command to restore the default type.

By default, the registration type is normal.

This command can be only used on Trunk port.

Related command: display gvrp statistics.

Example

# Set the GVRP registration type of Ethernet2/1/1 as fixed.

[H3C-Ethernet2/1/1] gvrp registration fixed

Chapter 3 Super VLAN Configuration Commands

3.1 Super VLAN Configuration Commands

3.1.1 display supervlan

Syntax

display supervlan [ supervlan-id ]

View

Any view

Parameter

supervlan-id: VLAN ID of a configured super VLAN. This argument ranges from 1 to 4094.

Description

Use the display supervlan command to display mapping relationship between a specified super VLAN and sub VLANs, and the ports that identify the mapping relationship.

Related command: supervlan, subvlan.

Example

# Display the mapping relationship between the super VLAN and the sub VLAN.

[H3C] display supervlan 2

Supervlan ID : 2

Subvlan ID : 3-5

Subvlan in which arp proxy is disabled: None

# Display detailed information about the super VLAN and the sub VLANs displayed above.

[H3C]display vlan 2

VLAN ID: 2

VLAN Type: static

It is a Super VLAN.

Route Interface: configured

IP Address: 10.153.1.41

Subnet Mask: 255.255.255.0

Description: VLAN 0002

Tagged Ports: none

Untagged Ports: none

[H3C]display vlan 3

VLAN ID: 3

VLAN Type: static

It is a Sub VLAN. And the Super VLAN is VLAN 2

ARP proxy enabled.

Route Interface: not configured

Description: VLAN 0003

Tagged Ports: none

Untagged Ports:

Ethernet5/1/1

[H3C]display vlan 4

VLAN ID: 4

VLAN Type: static

It is a Sub VLAN. And the Super VLAN is VLAN 2

ARP proxy enabled.

Route Interface: not configured

Description: VLAN 0004

Tagged Ports: none

Untagged Ports:

Ethernet5/1/2

[H3C]display vlan 5

VLAN ID: 5

VLAN Type: static

It is a Sub VLAN. And the Super VLAN is VLAN 2

ARP proxy enabled.

Route Interface: not configured

Description: VLAN 0005

Tagged Ports: none

Untagged Ports:

Ethernet5/1/3

3.1.2 subvlan

Syntax

subvlan sub-vlan-list

undo subvlan [sub-vlan-list ]

View

VLAN view of super VLAN

Parameter

sub-vlan-list: List of sub VLANs. It is expressed in the form of sub-vlan-list = { vlan-id [ to vlan-id }&<1-10>. The vlan-id after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

Description

Use the subvlan command to associate a specified super VLAN to sub VLANs.

Use the undo subvlan command to cancel the mapping relationship between the super VLAN and sub VLANs.

Note that:

l The VLANs configured to be the sub VLANs of a super VLAN must be existing VLANs.

l You can still add/remove ports to/from a VLAN after the mapping relationship is established.

l The undo subvlan command cancels all mapping relationships between the specified super VLAN and all sub VLANs. If you do not specify the sub-vlan-list argument. Otherwise, this command cancels the mapping relationship between the specified sub VLAN and the specified super VLAN.

Related command: display supervlan.

Example

# Establish mapping relationship between super VLAN 10 and sub VLANs with VLAN IDs of 3, 4, 5 and 9.

[H3C-vlan10] subvlan 3 to 5 9

3.1.3 supervlan

Syntax

supervlan

undo supervlan

View

VLAN view

Parameter

None

Description

Use the supervlan command to set a VLAN to be a super VLAN.

Use the undo supervlan command to cancel the super VLAN type of a VLAN.

By default, no type is configured for a VLAN.

Note that:

l You cannot add ports to a super VLAN.

l The ARP proxy of the interfaces of a VLAN are enabled automatically and cannot be disabled when the VLAN is set to be a super VLAN.

l The default VLANs cannot be super VLANs.

Related command: display supervlan.

Example

# Set VLAN 2 to be a super VLAN.

[H3C-vlan2] supervlan

Chapter 4 Isolate-User-Vlan Configuration Commands

4.1 isolate-user-vlan Configuration Commands

4.1.1 display isolate-user-vlan

Syntax

display isolate-user-vlan [ isolate-user-vlan-num ]

View

Any view

Parameter

isolate-user-vlan-num: VLAN ID of an isolate-user-VLAN.

Description

Use the display isolate-user-vlan command to view the mapping relationships between isolate-user-VLANs and Secondary VLANs and the ports identifying the mapping relationships between isolate-user-vlan and Secondary VLAN.

Related command: isolate-user-vlan enable, isolate-user-vlan.

Example

# Display the mapping relationships between isolate-user-VLANs and Secondary VLANs.

[H3C] display isolate-user-vlan

Isolate-user-VLAN VLAN ID : 5

Secondary VLAN ID : 3-4

VLAN ID: 5

VLAN Type: static

Isolate-user-VLAN type : isolate-user-VLAN

ARP proxy disabled.

Route Interface: not configured

Description: VLAN 0005

Name: VLAN 0005

Tagged Ports: none

Untagged Ports:

Ethernet2/1/3 Ethernet2/1/4

VLAN ID: 3

VLAN Type: static

Isolate-user-VLAN type : secondary

ARP proxy disabled.

Route Interface: not configured

Description: VLAN 0003

Name: VLAN 0003

Tagged Ports: none

Untagged Ports:

Ethernet2/1/3

VLAN ID: 4

VLAN Type: static

Isolate-user-VLAN type : secondary

ARP proxy disabled.

Route Interface: not configured

Description: VLAN 0004

Name: VLAN 0004

Tagged Ports: none

Untagged Ports:

Ethernet2/1/4

Table 4-1 Description on the fields of the display isolate-user-vlan command

Field	Description
Isolate-user-VLAN Vlan ID	VLAN ID of Isolate-user-VLAN
Secondary Vlan ID	VLAN ID of Secondary VLAN
Vlan ID	VLAN ID
Vlan Type	VLAN configuration type (static or dynamic configuration)
Isolate-user-VLAN type	VLAN type is Isolate-user-VLAN or Secondary VLAN.
ARP proxy disabled	ARP proxy is disabled.
Route Interface	Whether VLAN has route function
Description	VLAN description
Tagged Ports	Identifies the ports on which the VLAN packets are to be tagged
Untagged Ports	Identifies the ports on which the VLAN packets are not to be tagged

4.1.2 isolate-user-vlan

Syntax

isolate-user-vlan isolate-user-vlan-num secondary secondary-vlan-numlist

undo isolate-user-vlan isolate-user-vlan-num [ secondary secondary-vlan-numlist ]

View

System view

Parameter

isolate-user-vlan-num: VLAN ID of isolate-user-VLAN.

Secondary-vlan-numlist: VLAN ID of Secondary vlan. secondary-vlan-numlist = { secondary-vlan-num [ to secondary-vlan-num ] }&<1-10>. The secondary-vlan-num parameter after the keyword to cannot be smaller than that before the keyword. &<1-10> indicates you can repeatedly input the preceding parameter up to 10 times.

Description

Use the isolate-user-vlan command to establish the mapping relationship between isolate-user-vlan and Secondary VLAN.

Use the undo isolate-user-vlan command to cancel the mapping relationship.

By default, there is no mapping relationship between isolate-user-vlan and Secondary VLAN.

Before you execute the isolate-user-vlan command, the VLAN can include hybrid ports, access ports, or no ports. After this command is executed, the mapping relationship between isolate-user-vlan and Secondary VLAN is established.

The actual operation include: for access ports or hybrid ports whose PVIDs are the same as isolate-user-VLAN IDs and join to isolate-user-vlans in the untagged mode, add the ports of isolate-user-VLAN to every Secondary VLAN and add the ports of all Secondary VLANs to isolate-user-VLAN.

After undo isolate-user-vlan command is executed, the mapping relationship between isolate-user-vlan and Secondary VLAN will be canceled. The actual operation include: delete the ports included in isolate-user-vlan from Secondary VLAN and delete the ports included in Secondary VLAN from isolate-user-vlan.

Related command: display isolate-user-vlan.

Example

# Map isolate-user-VLAN 10 to Secondary VLAN 2, 3, 4, 5, and 9.

[H3C] isolate-user-vlan 10 secondary 2 to 5 9

4.1.3 isolate-user-vlan enable

Syntax

isolate-user-vlan enable

undo isolate-user-vlan enable

View

VLAN view

Parameter

None

Description

Use the isolate-user-vlan enable command to set a VLAN as an isolate-user-VLAN.

Use the undo isolate-user-vlan enable command to cancel the configuration.

An isolate-user-VLAN is allowed to contain multiple ports, including upstream ports connecting to other switches. However, the VLAN can only contain access or hybrid ports, not trunk ports.

Related command: display isolate-user-vlan.

& Note:

l You cannot configure VLAN 1 as an isolate-user-VLAN or Secondary VLAN.

l You cannot directly configure isolate-user-VLAN as other types of VLAN than common VLAN, such as Secondary VLAN, multicast VLAN, Super VLAN/Sub VLAN, Guest VLAN and VLAN running L2VPN services. You cannot directly configure Secondary VLAN as other type of VLAN than common VLAN, such as isolate-user-VLAN, multicast VLAN, super VLAN/sub VLAN, guest VLAN and VLAN running L2VPN services.

l When you configure common VLAN as isolate-user-VLAN or Secondary VLAN, the VLAN cannot contain trunk ports. Otherwise, the configuration will fail.

& Note:

l One isolate-user-vlan can be mapped to up to 64 Secondary VLANs.

l You can configure up to 32 isolate-user-VLANs for the system.

l You can configure up to 1024 Secondary VLANs for the system.

l You cannot configure the same MAC address in the Secondary VLAN corresponding to an isolate-user-VLAN.

Example

# Configure VLAN 5 as isolate-user-VLAN.

[H3C-vlan5] isolate-user-vlan enable

Chapter 5 Q-in-Q Configuration Commands

5.1 Q-in-Q Configuration Commands

5.1.1 display port vlan-vpn

Syntax

display port vlan-vpn

View

Any view

Parameter

None

Description

Use the display port vlan-vpn command to display VLAN VPN-related information of the current system by port number, including current TPID, the information about VLAN-VPN ports, and the information about VLAN-VPN uplink ports.

Example

# Display the VLAN VPN-related configuration of the current system.

[H3C] display port vlan-vpn

VLAN-VPN TPID: 0x9100

GigabitEthernet1/1/1

VLAN-VPN status: enabled

VLAN-VPN VLAN: 1

GigabitEthernet1/1/2

VLAN-VPN uplink status: enabled

5.1.2 traffic-redirect { nested-vlan | modified-vlan }

Syntax

I. Use the following command to deliver Layer 3 traffic classification rules.

traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { nested-vlan nested-vlanid | modified-vlan modified-vlanid }

undo traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ]

II. Use the following command to deliver Layer 2 and Layer 3 traffic classification rules simultaneously.

traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] { nested-vlan nested-vlanid | modified-vlan modified-vlanid }

undo traffic-redirect inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } rule rule }

undo traffic-redirect inbound link-group { acl-number | acl-name } { rule rule ip-group { acl-number | acl-name } | ip-group { acl-number | acl-name } rule rule }

III. Use the following command to deliver Layer 2 traffic classification rules.

traffic-redirect inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { nested-vlan nested-vlanid | modified-vlan modified-vlanid }

undo traffic-redirect inbound link-group { acl-number | acl-name } [ rule rule ]

View

Ethernet port view, port group view

Parameter

ip-group { acl-number | acl-name }: Specifies a basic or advanced ACL. The acl-number argument is the ACL number, in the range of 2,000 to 3,999. The acl-name argument is the ACL name, a string that is of 1 to 32 characters in length. The string must begin with an English letter (that is, a-z or A-Z]) and cannot contain spaces and quotation marks.

link-group { acl-number | acl-name }: Specifies a Layer 2 ACL. The acl-number argument is the ACL number, in the range of 4,000 to 4,999. The acl-name argument is the ACL name, a string that is of 1 to 32 characters in length. The string must begin with an English letter (that is, a-z or A-Z]) and cannot contain spaces and quotation marks.

rule rule: Specifies a rule of the ACL. The rule argument is in the range of 0 to 127. If you do not specify a rule, the system applies all rules of the ACL.

system-index index: Specifies the system index value of an ACL rule. The system assigns a system index to an ACL rule after delivering the ACL rule for indexing. Although not recommended, you can still specify a system index for an ACL rule manually when executing this command.

nested-vlan nested-vlanid: Specifies to insert VLAN tags in the packets that match the specified ACL rules as the outer VLAN tags. The nested-vlanid argument is the VLAN ID to be inserted.

modified-vlan modified-vlanid: Changes the outer VLAN tags of the packets that match the specified ACL rules. The modified-vlanid argument is the new VLAN ID to be inserted in the packets.

Description

Use the traffic-redirect { nested-vlan | modified-vlan } command to enable ACL-based traffic classification on the ports and set/modify the outer VLAN tags to be inserted in the packets that match the specified ACL rules. (Note that this command only applies to packets that match ACL rules with the permit keyword specified.)

Use the undo traffic-redirect command to remove the configuration.

& Note:

l Make sure the VLAN identified by the nested-vlanid argument exists to prevent otherwise the packets from being discarded due to no outbound port found.

l The traffic-redirect modified-vlan command modifies the outer VLAN tag of a packet.

l At present, only LSB1GP24, LSB1GT24 and LSB1GV48 cards support the traffic-redirect { nested-vlan | modified-vlan } command.

Related commands: traffic-redirect, acl.

Example

# Insert the VLAN tag of VLAN 4 in the packets that match ACL 4,100 as the outer VLAN tag. (With the assumption that ACL 4,100 and its rules already exist.)

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]interface Ethernet2/1/1

[H3C-Ethernet2/1/1]traffic-redirect inbound link-group 4100 nested-vlan 4

5.1.3 vlan-vpn enable

Syntax

vlan-vpn enable

undo vlan-vpn

View

Ethernet port view

Parameter

None

Description

Use the vlan-vpn enable command to enable VLAN VPN feature for the port.

Use the undo vlan-vpn command to disable VLAN VPN feature for the port.

With VLAN VPN enabled, a received packet is tagged with the default VLAN tag of the port no matter whether or not the packet carries a VLAN tag. So, if the packet already carries a VLAN tag, the default VLAN tag becomes a nested VLAN tag in the packet. Otherwise, the packet is transmitted with the default VLAN tag carried.

Caution:

l VLAN VPN cannot be enabled if the port has any of GVRP, STP, and 802.1x protocols enabled.

l VLAN VPN cannot be enabled on a port if the VLAN which the port belongs to has IGMP Snooping enabled or its VLAN interface has IGMP enabled. Similarly, if a port is VLAN VPN-enabled, you cannot enable IGMP Snooping in the VLAN to which the port belongs or enable IGMP on the VLAN interface of the VLAN.

l If you want to add VLAN VPN-enabled ports to a VLAN, make sure the VLAN is not IGMP Snooping-enabled, and the VLAN interface is not IGMP-enabled.

l If you have enabled VLAN VPN feature for the ports in the VLAN, the VLAN cannot be removed.

By default, the VLAN VPN feature is disabled on a port.

Example

# Enable the VLAN VPN feature on the Ethernet2/1/1 port.

[H3C-Ethernet2/1/1] vlan-vpn enable

5.1.4 vlan-vpn tpid

Syntax

vlan-vpn tpid value

undo vlan-vpn tpid

View

System view

Parameter

value: TPID value to be set (in hexadecimal format). This argument ranges from 1 to 0xFFFF.

Description

Use the vlan-vpn tpid command to set the TPID value of the VLAN-VPN uplink ports.

Use the undo vlan-vpn tpid command to restore the default TPID value (0x8100) for VLAN-VPN uplink ports.

Do not set the TPID value to a value that may cause conflicts (such as the known protocol type value 0x0806, which is that of ARP packets). Otherwise, the packets may be discarded.

Table 5-1 Common protocol type values of an Ethernet frame

Protocol type	Value
ARP	0x0806
IP	0x0800
MPLS	0x8847/0x8848
IPX	0x8137
IS-IS	0x8000
LACP	0x8809
802.1x	0x888E

Example

# Set the TPID value to 0x9100.

[H3C] vlan-vpn tpid 9100

# Restore the default TPID value (0x8100).

[H3C] undo vlan-vpn tpid

5.1.5 vlan-vpn uplink enable

Syntax

vlan-vpn uplink enable

undo vlan-vpn uplink

View

Ethernet port view

Parameter

None

Description

Use the vlan-vpn uplink enable command to set a port to be a VLAN-VPN uplink port.

Use the undo vlan-vpn uplink command to remove the configuration.

When sending a packet, a VLAN-VPN uplink port replaces the TPID value in the outer VLAN tag with the configured TPID value. You can use the vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.

Caution:

l At present, LSBM1XP4 and LSBM1TGX1 cards do not support this command.

l The vlan-vpn uplink enable command and the vlan-vpn enable command are mutually exclusive. That is, if you execute the vlan-vpn enable command on a port, you will fail to execute the vlan-vpn uplink enable command on the same port; if you execute the vlan-vpn uplink enable command on a port, you will fail to execute the vlan-vpn enable command on the same port either.

Example

# Set Ethernet3/1/1 port to be a VLAN-VPN uplink port.

[H3C-Ethernet3/1/1] vlan-vpn uplink enable

# Restore Ethernet3/1/1 port to a common port.

[H3C-Ethernet3/1/1] undo vlan-vpn uplink

VLAN-VPN uplink status: enabled

H3C S9500 Series Routing Switches Command Manual-(V1.01)

1.1.6 name

1.3.1 display protocol-vlan interface

1.3.4 protocol-vlan

2.1.3 garp timer

2.2 GVRP Configuration Commands

4.1.1 display isolate-user-vlan

5.1.2 traffic-redirect { nested-vlan | modified-vlan }

I. Use the following command to deliver Layer 3 traffic classification rules.

II. Use the following command to deliver Layer 2 and Layer 3 traffic classification rules simultaneously.

III. Use the following command to deliver Layer 2 traffic classification rules.

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us