Contents

VLAN configuration commands· 1

Basic VLAN configuration commands· 1

default 1

description· 1

display interface vlan-interface· 2

display vlan· 5

interface vlan-interface· 7

ip address· 8

mtu· 9

name· 9

reset counters interface vlan-interface· 10

shutdown· 11

vlan· 11

Port-based VLAN configuration commands· 12

display port 12

port 13

port access vlan· 14

port hybrid pvid· 15

port hybrid vlan· 16

port link-type· 18

port trunk permit vlan· 19

port trunk pvid· 20

MAC-based VLAN configuration commands· 21

display mac-vlan· 21

display mac-vlan interface· 22

mac-vlan enable· 23

mac-vlan mac-address· 24

 

VLAN configuration commands

Basic VLAN configuration commands

default

Use default to restore the default settings for a VLAN interface.

Syntax

default

Views

VLAN interface view

Default command level

2: System level

Usage guidelines

	CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network.

 

This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] default

This command will restore the default settings. Continue? [Y/N]:y

description

Use description to change the description of the VLAN or VLAN interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description for a VLAN is VLAN vlan-id, which is the ID of the VLAN. For example, the default description of VLAN 100 is VLAN 0100. The default description for a VLAN interface is the name of the interface. For example, the default description of VLAN-interface 1 is Vlan-interface1 Interface.

Views

VLAN view, VLAN interface view

Default command level

2: System level

Parameters

text: Specifies a description for a VLAN or VLAN interface. The string can include case-sensitive letters, digits, special characters such as tilde (~), exclamation point (!), at sign (@), pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&), asterisk (*), left brace({), right brace (}), left parenthesis ((), right parenthesis ()), left bracket ([), right bracket (]), left angle bracket (<), right angle bracket (>), hyphen (-), underscore(_), plus sign (+), equal sign (=), vertical bar (|), backslash (\), colon (:), semicolon (;) quotation marks ("), apostrophe ('), comma (,), dot (.), and slash (/), spaces, and other Unicode characters and symbols.

·     For a VLAN, this is a string of 1 to 32 characters.

·     For a VLAN interface, this is a string of 1 to 80 characters.

When you specify a description, follow these guidelines:

·     Each Unicode character takes the space of two regular characters.

·     To use Unicode characters or symbols in an interface description, install the specific input method editor and log in to the device through remote login software that supports the character type.

·     When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two and creating garbled characters at the end of a line.

Usage guidelines

Configure a description to describe the function or connection of a VLAN or VLAN interface for easy management.

Examples

# Change the description of VLAN 2 to sales-private.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] description sales-private

# Change the description of VLAN-interface 2 to linktoPC56.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description linktoPC56

Related commands

·     display interface vlan-interface

·     display vlan

display interface vlan-interface

Use display interface vlan-interface to display information about a specified or all VLAN interfaces.

Syntax

display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]

display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

vlan-interface-id: Specifies a VLAN interface number.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

If you do not provide the vlan-interface keyword, this command displays information about all interfaces.

If you provide the vlan-interface keyword but do not specify the VLAN interface number, this command displays information about all VLAN interfaces.

Examples

# Display information for VLAN-interface 10.

<Sysname> display interface vlan-interface 10

Vlan-interface10 current state: UP

Line protocol current state: UP

Description: Vlan-interface10 Interface

The Maximum Transmit Unit is 1500

Internet Address is 192.168.1.54/24 Primary

Internet Address is 6.4.4.4/24 Sub

IP Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 0023-89b6-d613

IPv6 Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 0023-89b6-d613

Last clearing of counters:  Never

# Display brief information for VLAN-interface 2.

<Sysname> display interface vlan-interface 2 brief

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Main IP         Description

Vlan2                DOWN DOWN     --

# Display brief information for VLAN interfaces in DOWN state.

<Sysname> display interface vlan-interface brief down

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Interface            Link Cause

Vlan2                DOWN Not connected

Table 1 Command output

Field	Description
Vlan-interface10 current state	Physical state of a VLAN interface: ·     DOWN (Administratively)—The administrative state of the VLAN interface is down, because it has been shut down with the shutdown command. ·     DOWN—The administrative state of the VLAN interface is up, but its physical state is down. The VLAN corresponding to this interface does not contain any physical port in the UP state (possibly because the ports are not well connected or the lines have failed). ·     UP—Both the administrative state and the physical state of the VLAN interface are up.
Line protocol current state	Link layer protocol state of a VLAN interface: ·     DOWN—The protocol state of the VLAN interface is down. ·     UP—The protocol state of the VLAN interface is up.
Description	Description string of a VLAN interface.
The Maximum Transmit Unit	MTU of a VLAN interface.
Internet protocol processing : disabled	The interface is not capable of processing IP packets. This information is displayed when the interface is not configured with an IP address.
Internet Address is 192.168.1.54/24 Primary	The primary IP address of the interface is 192.168.1.54/24. This information is displayed only if the primary IP address is configured for the interface.
Internet Address is 6.4.4.4/24 Sub	The secondary IP address of the interface is 6.4.4.4/24. This information is displayed only if a secondary IP address is configured for the interface.
IP Packet Frame Type	IPv4 outgoing frame format.
Hardware address	MAC address corresponding to a VLAN interface.
IPv6 Packet Frame Type	IPv6 outgoing frame format.
Last clearing of counters	Time when the reset counters interface vlan-interface command was last used to clear the interface statistics. Never indicates the reset counters interface vlan-interface command has never been used on the interface after the device's startup.
The brief information of interface(s) under route mode	Brief information about Layer 3 interfaces.
Link: ADM - administratively down; Stby - standby	Link layer state of an interface: ·     ADM—The interface has been administratively shut down. To recover its physical state, perform the undo shutdown command. ·     Stby—The interface is operating as a standby interface. To see the main interface, use the display standby state command.
Protocol: (s) - spoofing	If the network layer protocol state of an interface is shown as UP, but its link is an on-demand link or not present at all, its protocol attribute includes the spoofing flag (an s in parentheses).
Interface	Abbreviated interface name.
Link	Physical link state of the interface: ·     UP—The link is up. ·     ADM—The link has been administratively shut down. To recover its physical state, perform the undo shutdown command.
Protocol	Protocol connection state of the interface: ·     UP. ·     DOWN. ·     UP(s).
Main IP	Main IP address of the interface.
Description	Description of the interface.
Cause	Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To restore the physical state of the interface, use the undo shutdown command.

 

Related commands

reset counters interface vlan-interface

display vlan

Use display vlan to display VLAN information.

Syntax

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

vlan-id1: Displays information about a VLAN specified by VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Displays information about VLANs specified by a VLAN ID range. The value of the vlan-id2 argument cannot be smaller than the value of the vlan-id1 argument.

all: Displays all VLAN information but the reserved VLANs.

dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are assigned by RADIUS servers.

reserved: Displays information about the reserved VLANs. Protocol modules determine which VLANs are reserved VLANs, according to function implementation, and reserved VLANs serve protocol modules. You cannot configure reserved VLANs.

static: Displays the number of static VLANs and the ID for each static VLAN. The static VLANs are manually created.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display VLAN 2 information.

<Sysname> display vlan 2

VLAN ID: 2

 VLAN Type: static

 Route interface: not configured

 Description: VLAN 0002

 Name: VLAN 0002

Tagged   Ports: none

 Untagged Ports: 

    GigabitEthernet1/0/1  GigabitEthernet1/0/2  GigabitEthernet1/0/3

# Display VLAN 3 information.

<Sysname> display vlan 3

 VLAN ID: 3

 VLAN Type: static

 Route Interface: configured

 IPv4 address: 1.1.1.1

 IPv4 subnet mask: 255.255.255.0

 IPv6 global unicast address(es):                  

    2001::1, subnet is 2001::/64 [TENTATIVE]   

    2002::1, subnet is 2002::/64 [TENTATIVE]

    2003::1, subnet is 2003::/32 [TENTATIVE]

 IPv6 joined group address(es):

    FF02::1:FF00:0

    FF02::1:FF00:1

    FF02::1:FFFF:1

    FF02::2

    FF02::1

 Description: VLAN 0003

 Name: VLAN 0003

 Tagged   Ports: none

 Untagged Ports: none

Table 2 Command output

Field	Description
VLAN Type	VLAN type, static or dynamic.
Route interface	Indicates whether the VLAN interface is configured or not.
Description	Description of the VLAN.
Name	Name configured for the VLAN.
IPv4 address	Primary IPv4 address of the VLAN interface. This field is not displayed when no IPv4 address is configured for the VLAN interface. To display secondary IP addresses, use the display interface vlan-interface command in any view or the display this command in VLAN interface view.
IPv4 subnet mask	Subnet mask of the primary IPv4 address of the VLAN interface. This field is not displayed when no IPv4 address is configured for the VLAN interface.
IPv6 global unicast address(es)	IPv6 global unicast addresses of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface.
IPv6 joined group address(es)	IPv6 addresses of the multicast groups that the VLAN interface joins. This field is not displayed when no IPv6 address is configured for the VLAN interface.
Tagged Ports	Ports through which VLAN packets are sent tagged.
Untagged Ports	Ports through which VLAN packets are sent untagged.

 

Related commands

vlan

interface vlan-interface

Use interface vlan-interface to create a VLAN interface and enter its view or enter the view of an existing VLAN interface.

Use undo interface vlan-interface to remove the specified VLAN interface.

Syntax

interface vlan-interface vlan-interface-id

undo interface vlan-interface vlan-interface-id

Views

System view

Default command level

2: System level

Parameters

vlan-interface-id: Specifies a VLAN interface number in the range of 1 to 4094.

Usage guidelines

Create the VLAN before you create the VLAN interface.

To configure an IP address for a VLAN interface that will perform IP routing, use the ip address command in VLAN interface view.

Examples

# Create VLAN-interface 2, and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

Related commands

display interface vlan-interface

ip address

Use ip address to assign an IP address and subnet mask to a VLAN interface.

Use undo ip address to remove the IP address and subnet mask for a VLAN interface.

Syntax

ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]

Default

No IP address is assigned to any VLAN interface.

Views

VLAN interface view

Default command level

2: System level

Parameters

ip-address: Specifies an IP address in dotted decimal notation.

mask: Specifies a subnet mask in dotted decimal notation.

mask-length: Sets the number of consecutive 1s in the subnet mask, in the range of 0 to 32.

sub: Indicates the address is a secondary IP address.

Usage guidelines

To connect a VLAN to multiple subnets, assign one primary IP address and one secondary IP addresses to a VLAN interface.

When you configure IP addresses for a VLAN interface, follow these rules:

·     The primary IP address you assign to a VLAN interface overwrites the previous one, if any.

·     Remove all secondary IP addresses before you remove the primary IP address.

·     To remove all IP addresses, use the undo ip address command without any parameter.

·     To remove the primary IP address, use the undo ip address ip-address { mask | mask-length } command.

·     To remove a secondary IP address, use the undo ip address ip-address { mask | mask-length } sub command.

Examples

# Specify the IP address as 1.1.0.1 and the subnet mask as 255.255.255.0 for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ip address 1.1.0.1 255.255.255.0

Related commands

display ip interface (Layer 3—IP Services Command Reference)

mtu

Use mtu to set the MTU for a VLAN interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of a VLAN interface is 1500 bytes.

Views

VLAN interface view

Default command level

2: System level

Parameters

size: Sets the MTU in bytes. The value range for this argument is 46 to 1748.

Examples

# Set the MTU to 1492 bytes for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] mtu 1492

Related commands

display interface vlan-interface

name

Use name to configure a name for the VLAN.

Use undo name to restore the default name of the VLAN.

Syntax

name text

undo name

Default

The name of a VLAN is VLAN vlan-id, which is its VLAN ID. For example, the default name of VLAN 100 is VLAN 0100.

Views

VLAN view

Default command level

2: System level

Parameters

text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive letters, digits, special characters such as tilde (~), exclamation point (!), at sign (@), pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&), asterisk (*), left brace({), right brace (}), left parenthesis ((), right parenthesis ()), left bracket ([), right bracket (]), left angle bracket (<), right angle bracket (>), hyphen (-), underscore(_), plus sign (+), equal sign (=), vertical bar (|), backslash (\), colon (:), semicolon (;) quotation marks ("), apostrophe ('), comma (,), dot (.), and slash (/), spaces, and other Unicode characters and symbols.

Usage guidelines

When 802.1X or MAC address authentication is configured on a device, you can use a RADIUS server to issue VLAN configuration to ports that have passed authentication. Some servers can send IDs or names of the issued VLANs to the device.

Use VLAN names, rather than VLAN IDs, to distinguish a large number of VLANs.

Examples

# Configure the name of VLAN 2 as Test VLAN.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] name Test VLAN

Related commands

display vlan

reset counters interface vlan-interface

Use reset counters interface vlan-interface to clear the statistics on a VLAN interface.

Syntax

reset counters interface vlan-interface [ vlan-interface-id ]

Views

User view

Default command level

2: System level

Parameters

vlan-interface-id: Specifies a VLAN interface number.

Usage guidelines

Before collecting the traffic statistics within a specific period of time on an interface, clear the existing statistics first.

If the vlan-interface-id argument is not specified, this command clears the statistics of all VLAN interfaces.

If the vlan-interface-id argument is specified, this command clears the statistics of the specified VLAN interface.

Examples

# Clear the statistics on VLAN-interface 2.

<Sysname> reset counters interface vlan-interface 2

Related commands

display interface vlan-interface

shutdown

Use shutdown to manually shut down a VLAN interface.

Use undo shutdown to cancel the action of shutting down a VLAN interface.

Syntax

shutdown

undo shutdown

Default

A VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and goes down if all ports in the VLAN go down.

Views

VLAN interface view

Default command level

2: System level

Usage guidelines

A VLAN interface shut down with the shutdown command is in DOWN (Administratively) state until you bring it up, regardless of how the state of the ports in the VLAN changes.

Before configuring parameters for a VLAN interface, shut down the VLAN interface with the shutdown command to prevent the configurations from affecting the network. Use the undo shutdown command to bring up a VLAN interface after you have configured related parameters and protocols for the VLAN interface.

You can shut down a failed interface with the shutdown command and then bring it up with the undo shutdown command to see if it recovers.

In a VLAN, the state of any Ethernet port is independent of the state of the VLAN interface.

Examples

# Shut down VLAN-interface 2, and then cancel the action of shutting it down.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

vlan

Use vlan vlan-id to create a VLAN and enter its view or enter the view of an existing VLAN.

Use vlan vlan-id1 to vlan-id2 to create VLANs ranging from vlan-id1 to vlan-id2, except reserved VLANs.

Use vlan all to create VLANs 1 through 4094.

Use undo vlan to remove the specified VLANs.

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

Default

Only the default VLAN (VLAN 1) exists in the system.

Views

System view

Default command level

2: System level

Parameters

vlan-id1, vlan-id2: Specifies a VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN range. The value of the vlan-id2 argument cannot be smaller than the value of the vlan-id1 argument.

all: Creates or removes all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.

Usage guidelines

You cannot create or remove the default VLAN (VLAN 1).

You cannot create or remove VLANs reserved for specific functions.

To remove the following VLANs, remove the related configurations first, because you cannot use the undo vlan command to directly remove them:

·     Protocol reserved VLANs.

·     Management VLANs.

·     Dynamic VLANs.

·     VLANs configured with QoS policies.

Examples

# Create VLAN 2, and enter VLAN 2 view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2]

# Create VLAN 4 through VLAN 100.

<Sysname> system-view

[Sysname] vlan 4 to 100

Please wait............. Done.

Related commands

display vlan

Port-based VLAN configuration commands

display port

Use display port to display information about the hybrid or trunk ports on the device, including the port names, PVIDs, and allowed VLAN IDs.

Syntax

display port { hybrid | trunk } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

hybrid: Displays hybrid ports.

trunk: Displays trunk ports.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display information about the hybrid ports in the system.

<Sysname> display port hybrid

Interface            PVID  VLAN passing

GE1/0/2               100   Tagged:  1000, 1002, 1500, 1600-1611, 2000,

                                    2555-2558, 3000, 4000

                           Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,

                                    150-160, 200, 255, 286, 300-302

# Display information about the trunk ports in the system.

<Sysname> display port trunk

Interface            PVID  VLAN passing

GE1/0/3               2     1-4, 6-100, 145, 177, 189-200, 244, 289, 400,

                           555, 600-611, 1000, 2006-2008

Table 3 Command output

Field	Description
Interface	Port name.
PVID	Port VLAN ID.
VLAN passing	VLANs for which the port allows packets to pass through.
Tagged	VLANs for which the port sends packets without removing VLAN tags.
Untagged	VLANs for which the port sends packets after removing VLAN tags.

 

port

Use port to assign the specified access ports to the VLAN.

Use undo port to remove the specified access ports from the VLAN.

Syntax

port interface-list

undo port interface-list

Default

All ports are in VLAN 1. All ports are access ports. However, you can manually configure the port type. For more information, see "port link-type."

Views

VLAN view

Default command level

2: System level

Parameters

interface-list: Specifies an interface list, in the format of interface-list = { interface-type interface-number1 [ to interface-type interface-number2 ] }&<1-10>, where interface-type interface-number specifies an interface by its type and number and &<1-10> indicates that you can specify up to 10 ports or port ranges.

Usage guidelines

This command is only applicable on access ports.

You cannot assign Layer 2 aggregate interfaces to a VLAN.

Examples

# Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/3

Related commands

display vlan

port access vlan

Use port access vlan to assign the access ports to the specified VLAN.

Use undo port access vlan to restore the default.

Syntax

port access vlan vlan-id

undo port access vlan

Default

All access ports belong to VLAN 1.

Views

WLAN-ESS interface view, Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Make sure the VLAN specified by the VLAN ID already exists.

Usage guidelines

The configuration made in Ethernet interface view or WLAN-ESS interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign GigabitEthernet 1/0/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port access vlan 3

# Assign Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port access vlan 3

port hybrid pvid

Use port hybrid pvid to configure the PVID of the hybrid port.

Use undo port hybrid pvid to restore the default.

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

Default

The PVID of a hybrid port is VLAN 1.

Views

WLAN-ESS interface view, Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a hybrid port. If you use the undo vlan command to remove the PVID of a hybrid port, it does not affect the setting of the PVID on the port.

H3C recommends setting the same PVID for the local and remote hybrid ports.

You must use the port hybrid vlan command to configure the hybrid port to permit the packets from the PVID to pass through.

The configuration made in Ethernet or WLAN-ESS interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure VLAN 100 as the PVID of the hybrid port GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 100

# Configure VLAN 100 as the PVID of the hybrid Layer 2 aggregate interface Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid pvid vlan 100

Related commands

·     port hybrid vlan

·     port link-type

port hybrid vlan

Use port hybrid vlan to assign the hybrid ports to the specified VLANs.

Use undo port hybrid vlan to remove the hybrid ports from the specified VLANs.

Syntax

port hybrid vlan vlan-list { tagged | untagged }

undo port hybrid vlan vlan-list

Default

A hybrid port only allows packets from VLAN 1 to pass through untagged.

Views

WLAN-ESS interface view, Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-list: Specifies a list of VLANs that the hybrid ports will be assigned to in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094, the value vlan-id2 cannot be smaller than the value of vlan-id1, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Make sure the specified VLANs already exist.

tagged: Configures the ports to send the tagged packets of the specified VLANs.

untagged: Configures the ports to send the untagged packets of the specified VLANs.

Usage guidelines

A hybrid port can carry multiple VLANs. If you execute the port hybrid vlan command multiple times, the VLANs the hybrid port carries are the set of VLANs specified by vlan-list in each execution.

The configuration made in Ethernet or WLAN-ESS interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign the hybrid port GigabitEthernet 1/0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags kept.

<Sysname> system-view

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged

# Assign hybrid ports in port group 2 to VLAN 2, and configure these hybrid ports to send packets of VLAN 2 with VLAN tags removed.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] port-group manual 2

[Sysname-port-group-manual-2] group-member GigabitEthernet1/0/1 to GigabitEthernet1/0/2

[Sysname-port-group-manual-2] port link-type hybrid

[Sysname-port-group-manual-2] port hybrid vlan 2 untagged

 Configuring GigabitEthernet1/0/1... Done.

 Configuring GigabitEthernet1/0/2... Done.

# Assign the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports to VLAN 2, and configure them to send packets of VLAN 2 with tags removed.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged

 Please wait... Done.

 Configuring GigabitEthernet1/0/1... Done.

 Configuring GigabitEthernet1/0/2... Done.

 Configuring GigabitEthernet1/0/3... Done.

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

port link-type

port link-type

Use port link-type to configure the link type of a port.

Use undo port link-type to restore the default link type of a port.

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

Default

Any port is an access port.

Views

WLAN-ESS interface view, Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

access: Configures the link type of a port as access.

hybrid: Configures the link type of a port as hybrid.

trunk: Configures the link type of a port as trunk. This keyword is not supported in WLAN-ESS interface view.

Usage guidelines

To change the link type of a port from trunk to hybrid or vice versa, you must first set the link type to access.

The configuration made in Ethernet or WLAN-ESS interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure GigabitEthernet 1/0/1 as a trunk port.

<Sysname> system-view

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

# Configure all the ports in the manual port group group1 as hybrid ports.

<Sysname> system-view

[Sysname] port-group manual group1

[Sysname-port-group manual group1] group-member GigabitEthernet1/0/1

[Sysname-port-group manual group1] group-member GigabitEthernet1/0/2

[Sysname-port-group manual group1] port link-type hybrid

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports as hybrid ports.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

port trunk permit vlan

Use port trunk permit vlan to assign the trunk ports to the specified VLANs.

Use undo port trunk permit vlan to remove the trunk ports from the specified VLANs.

Syntax

port trunk permit vlan { vlan-list | all }

undo port trunk permit vlan { vlan-list | all }

Default

A trunk port allows only packets from VLAN 1 to pass through.

Views

Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-list: Specifies a list of VLANs that the trunk ports will be assigned to in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094, the value vlan-id2 cannot be smaller than the value of vlan-id1, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Make sure the specified VLANs already exist.

all: Permits all VLANs to pass through the trunk ports.

Usage guidelines

A trunk port can carry multiple VLANs. If you execute the port trunk permit vlan command multiple times, the trunk port carries the set of VLANs specified by vlan-list in each execution.

On a trunk port, only traffic of the PVID can pass through untagged.

To prevent unauthorized VLAN users from accessing restricted resources, use the port trunk permit vlan all command with caution.

The configuration made in Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign the trunk port GigabitEthernet 1/0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.

<Sysname> system-view

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100

Please wait........... Done.

# Assign the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 2.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type trunk

[Sysname-Bridge-Aggregation1] port trunk permit vlan 2

 Please wait... Done.

 Configuring GigabitEthernet1/0/1... Done.

 Configuring GigabitEthernet1/0/2... Done.

 Configuring GigabitEthernet1/0/3... Done.

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

port link-type

port trunk pvid

Use port trunk pvid to configure the PVID for the trunk port.

Use undo port trunk pvid to restore the default.

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

Default

The PVID of a trunk port is VLAN 1.

Views

Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a trunk port. If you use the undo vlan command to remove the PVID of a trunk port, it does not affect the setting of the PVID on the port.

The local and remote trunk ports must use the same PVID for the traffic of the PVID to be transmitted properly.

You must use the port trunk permit vlan command to configure the trunk port to allow and forward packets from the PVID.

The configuration made in Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

·     If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

·     If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure VLAN 100 as the PVID of the trunk port GigabitEthernet 1/0/1, and assign GigabitEthernet 1/0/1 to VLAN 100.

<Sysname> system-view

[Sysname] interface GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 100

# Configure VLAN 100 as the PVID of the trunk Layer 2 aggregate interface Bridge-Aggregation 1, and assign Bridge-Aggregation 1 to VLAN 100.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type trunk

[Sysname-Bridge-Aggregation1] port trunk pvid vlan 100

[Sysname-Bridge-Aggregation1] port trunk permit vlan 100

Related commands

·     port link-type

·     port trunk permit vlan

MAC-based VLAN configuration commands

display mac-vlan

Use display mac-vlan to display the specified MAC address-to-VLAN entries.

Syntax

display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

all: Displays all the MAC address-to-VLAN entries.

dynamic: Displays dynamically configured MAC address-to-VLAN entries.

mac-address mac-address: Displays the MAC address-to-VLAN entry containing the specified MAC address.

mask mac-mask: Displays the MAC address-to-VLAN entries with their MAC addresses in the specified range.

static: Displays the statically configured MAC address-to-VLAN entries.

vlan vlan-id: Displays the MAC address-to-VLAN entries associated with the specified VLAN.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

If mac-address mac-address is specified, but mask is not specified, only the MAC address-to-VLAN entry containing the specified MAC address is displayed.

Examples

# Display all the MAC address-to-VLAN entries.

<Sysname> display mac-vlan all

The following MAC-VLAN address exist:

S: Static   D: Dynamic

MAC ADDR           MASK                    VLAN ID   PRIO    STATE

-------------------------------------------------------------------

0008-0001-0000     FFFF-FF00-0000          5         3       S

0002-0001-0000     FFFF-FFFF-FFFF          5         3       S&D

 

Total MAC VLAN address count:2

Table 4 Command output

Field	Description
S: Static	S stands for the MAC address-to-VLAN entries that are configured statically.
D: Dynamic	D stands for the MAC address-to-VLAN entries that are configured dynamically.
MAC ADDR	MAC address of a MAC address-to-VLAN entry.
MASK	Mask of the MAC address of a MAC address-to-VLAN entry.
VLAN ID	VLAN ID of a MAC address-to-VLAN entry.
PRIO	802.1p priority corresponding to the MAC address of a MAC address-to-VLAN entry.
STATE	State of a MAC address-to-VLAN entry: ·     S—The MAC address-to-VLAN entry is configured statically. ·     D—The MAC address-to-VLAN entry is configured automatically through the authentication server. ·     S&D—The MAC address-to-VLAN entry is configured both statically and dynamically.

 

display mac-vlan interface

Use display mac-vlan interface to display all the ports with MAC-based VLAN enabled.

Syntax

display mac-vlan interface [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display all the interfaces with MAC-based VLAN enabled.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

---------------------------------------

 GigabitEthernet1/0/1 GigabitEthernet1/0/2  GigabitEthernet1/0/3

Related commands

mac-vlan enable

mac-vlan enable

Use mac-vlan enable to enable the MAC-based VLAN feature on a port.

Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port.

Syntax

mac-vlan enable

undo mac-vlan enable

Default

The MAC-based VLAN feature is disabled on a port.

Views

WLAN-ESS interface view, Layer 2 Ethernet port view

Default command level

2: System level

Usage guidelines

This command is available on only hybrid ports.

Examples

# Enable the MAC-based VLAN feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface GigabitEthernet1/0/1

[Sysname–GigabitEthernet1/0/1] mac-vlan enable

mac-vlan mac-address

Use mac-vlan mac-address to associate the specified VLAN and priority value with the specified MAC addresses.

Use undo mac-vlan to remove the association.

Syntax

mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ priority pri ]

undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }

Default

The hexadecimal digits of this argument are all Fs.

Views

System view

Default command level

2: System level

Parameters

mac-address mac-address: Specifies a MAC address.

mask mac-mask: Specifies a mask for the MAC address in the format of H-H-H. The mac-mask argument is comprised of the high-order part (all the binary bits of which are 1s) and the low-order part (all the binary bits of which are 0s).

vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. The pri argument is in the range of 0 to 7.

all: Removes all the static MAC address-to-VLAN entries.

Usage guidelines

Two MAC address-to-VLAN entry tables exist in a device. One table contains the MAC address-to-VLAN entries configured with the mask keyword specified. A MAC address-to-VLAN entry of this type describes the relationship between a group of MAC addresses and a VLAN, and a priority value. Another table contains the MAC address-to-VLAN entries configured without the mask keyword specified. A MAC address-to-VLAN entry of this type describes the relationship between a single MAC address and a VLAN, and a priority value. The system adds or removes MAC address-to-VLAN entries to or from the two tables according to the configuration.

Examples

# Associate a single MAC address 0-1-1 with VLAN 100 and 802.1p priority 7.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100 priority 7

# Associate the MAC addresses with the high-order six hexadecimal digits being 121122 with VLAN 100 and 802.1p priority 4.

<Sysname> system-view

[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 priority 4