Login
- Table of Contents
-
- 04 Layer 2 - LAN Switching Command Reference
- 00-Preface
- 01-MAC address table commands
- 02-Ethernet link aggregation commands
- 03-DRNI commands
- 04-Port isolation commands
- 05-VLAN commands
- 06-MVRP commands
- 07-QinQ commands
- 08-VLAN mapping commands
- 09-Loop detection commands
- 10-Spanning tree commands
- 11-LLDP commands
- 12-L2PT commands
- 13-Service loopback group commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-VLAN commands | 263.35 KB |
display interface vlan-interface
reset counters interface vlan-interface
display ip-subnet-vlan interface
display protocol-vlan interface
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN interface view)
display voice-vlan mac-address
VLAN commands
Basic VLAN commands
bandwidth
Use bandwidth to set the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.
Examples
# Set the expected bandwidth to 10000 kbps for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] bandwidth 10000
default
Use default to restore the default settings for a VLAN interface.
Syntax
default
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] default
description
Use description to configure the description of a VLAN or VLAN interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.
For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1 Interface.
Views
VLAN view
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
To manage VLANs and VLAN interfaces efficiently, configure descriptions for them based on their functions or connections.
Examples
# Configure the description of VLAN 2 as sales-private.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] description sales-private
# Configure the description of VLAN-interface 2 as linktoPC56.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] description linktoPC56
Related commands
display interface vlan-interface
display vlan
display interface vlan-interface
Use display interface vlan-interface to display VLAN interface information.
Syntax
display interface [ vlan-interface [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-interface interface-number: Specifies a VLAN interface number. If you do not specify the vlan-interface keyword, the command displays information about all interfaces supported by the device. If you specify the vlan-interface keyword without specifying an interface number, the command displays information about all existing VLAN interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
down: Displays VLAN interfaces in down state and their down causes. If you do not specify this keyword, the command displays information about VLAN interfaces in all states.
Examples
# Display information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2
Vlan-interface2
Current state: DOWN
Line protocol state: DOWN
Description: Vlan-interface2 Interface
Bandwidth: 100000 kbps
Maximum transmission unit: 1500
Internet protocol processing : Disabled
IP packet frame type: Ethernet II, hardware address: 000f-e249-8050
IPv6 packet frame type: Ethernet II, hardware address: 000f-e249-8050
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display brief information about VLAN-interface 2.
<Sysname> display interface vlan-interface 2 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vlan2 DOWN DOWN --
Table 1 Command output
|
Field |
Description |
|
Vlan-interface2 |
VLAN interface name. |
|
Current state |
Physical link state of the VLAN interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. The VLAN of this VLAN interface does not contain any physical ports in up state. The ports might not be connected correctly or the links might have failed. · UP—The interface is both administratively and physically up. |
|
Line protocol state |
Data link layer state of the VLAN interface: · DOWN—The link layer protocol state of the interface is down. · UP—The link layer protocol state of the interface is up. |
|
Description |
Description of the VLAN interface. |
|
Bandwidth |
Expected bandwidth of the VLAN interface. |
|
Maximum transmission unit |
MTU of the VLAN interface. |
|
Internet protocol processing : Disabled |
The VLAN interface is not assigned an IP address and cannot process IP packets. |
|
Internet Address |
IP address of the VLAN interface. The primary attribute indicates that the address is the primary IP address. |
|
IP packet frame type |
IPv4 packet framing format. |
|
hardware address |
MAC address of the VLAN interface. |
|
IPv6 packet frame type |
IPv6 packet framing format. |
|
Last clearing of counters |
The most recent time that the reset counters interface vlan-interface command was executed. This field displays Never if you have never executed this command. |
|
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rates of input packets and output packets in the last 300 seconds (in Bps, bps, and pps). |
|
Input: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. |
|
Output: 0 packets, 0 bytes, 0 drops |
Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets. |
|
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol state of the interface is up. · DOWN—The data link layer protocol state of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. |
|
Primary IP |
Primary IP address of the interface. |
Related commands
reset counters interface vlan-interface
display vlan
Use display vlan to display VLAN information.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs except the reserved VLANs.
dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the total number of dynamic VLANs and each dynamic VLAN ID. Dynamic VLANs are generated through MVRP or assigned by a RADIUS server.
reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved according to function implementation. The reserved VLANs provide services for protocol modules. You cannot configure reserved VLANs.
static: Specifies static VLANs. If you specify this keyword, the command displays the total number of static VLANs and each static VLAN ID. Static VLANs are manually created.
Examples
# Display information about VLAN 2.
<Sysname> display vlan 2
VLAN ID: 2
VLAN type: Static
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3
# Display information about VLAN 3.
<Sysname> display vlan 3
VLAN ID: 3
VLAN type: static
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports: None
Table 2 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, static or dynamic. |
|
Route interface |
Whether the VLAN interface is configured for the VLAN. · Not configured. · Configured. |
|
Description |
Description of the VLAN. |
|
Name |
VLAN name. |
|
IP address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
Subnet mask |
Subnet mask of the primary IP address. This field is available only when an IP address is configured for the VLAN interface. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
display vlan brief
Use display vlan brief to display brief VLAN information.
Syntax
display vlan brief
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display brief VLAN information.
<Sysname> display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 GE1/0/1 GE1/0/2 GE1/0/3 GE1/0/4
GE1/0/5 GE1/0/6 GE1/0/7 GE1/0/8
GE1/0/9 GE1/0/10 GE1/0/11
GE1/0/12 GE1/0/13 GE1/0/14
GE1/0/15 GE1/0/16 GE1/0/17
GE1/0/18 GE1/0/19 GE1/0/20
GE1/0/21 GE1/0/22 GE1/0/23
GE1/0/24 GE1/0/25 GE1/0/26
GE1/0/27 GE1/0/28 GE1/0/29
GE1/0/30 GE1/0/31 GE1/0/32
GE1/0/33 GE1/0/34 GE1/0/35
GE1/0/36 GE1/0/37 GE1/0/38
GE1/0/39 GE1/0/40 GE1/0/41
GE1/0/42 GE1/0/43 GE1/0/44
GE1/0/45 GE1/0/46 GE1/0/47
GE1/0/48
2 VLAN 0002
3 VLAN 0003
Table 3 Command output
|
Field |
Description |
|
Default VLAN ID |
System default VLAN ID. |
|
Name |
VLAN name. |
|
Port |
Ports that allow packets from the VLAN to pass through. |
display vlan statistics
Use display vlan statistics to display packet statistics for a VLAN.
Syntax
In standalone mode:
display vlan vlan-id statistics [ slot slot-number ]
In IRF mode:
display vlan vlan-id statistics [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays VLAN packet statistics on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays VLAN packet statistics on all cards. (In IRF mode.)
Examples
# Display packet statistics for VLAN 2 on slot 1.
<Sysname> display vlan 2 statistics slot 1
Slot 1:
Direction Total packets Total bytes
Rate (pps) Rate (bps)
Inbound 5824579 745546112
0 0
Outbound 0 0
0 0
# Display packet statistics for VLAN 2.
<Sysname> display vlan 2 statistics
Slot 1:
Direction Total packets Total bytes
Rate (pps) Rate (bps)
Inbound 5824579 745546112
0 0
Outbound 0 0
0 0
Slot 2:
Direction Total packets Total bytes
Rate (pps) Rate (bps)
Inbound 0 0
0 0
Outbound 0 0
0 0
Total:
Direction Total packets Total bytes
Rate (pps) Rate (bps)
Inbound 5824579 745546112
0 0
Outbound 0 0
0 0
Table 4 Command output
|
Description |
|
|
Direction |
VLAN packet direction: · Inbound. · Outbound. |
|
Total packets |
Total number of packets. |
|
Total bytes |
Total number of bytes. |
Related commands
reset vlan statistics
statistics enable
interface vlan-interface
Use interface vlan-interface to create a VLAN interface and enter its view, or enter the view of an existing VLAN interface.
Use undo interface vlan-interface to delete a VLAN interface.
Syntax
interface vlan-interface interface-number
undo interface vlan-interface interface-number
Default
No VLAN interfaces exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-number: Specifies a VLAN interface number in the range of 1 to 4094.
Usage guidelines
Create the VLAN before you create the VLAN interface for a VLAN.
You cannot create VLAN interfaces for sub-VLANs.
You cannot create VLAN interfaces for secondary VLANs that meet the following requirements:
· Associated with the same primary VLAN.
· Enabled with Layer 3 communication in VLAN interface view of the primary VLAN interface.
Examples
# Create VLAN-interface 2, and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2]
Related commands
display interface vlan-interface
mtu
Use mtu to set the MTU for a VLAN interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of a VLAN interface is 1500 bytes.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Sets the MTU in bytes. To view the value range for this argument, enter a question mark (?).
Usage guidelines
If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the ip mtu command, see Layer 3—IP Services Command Reference.
Examples
# Set the MTU to 1492 bytes for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] mtu 1492
Related commands
display interface vlan-interface
name
Use name to assign a name to a VLAN.
Use undo name to restore the default.
Syntax
name text
undo name
Default
The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For 802.1X or MAC authentication, you can specify authorization VLANs by their names or IDs. If a large number of VLANs are configured, use VLAN names to identify them.
Examples
# Assign the name test vlan to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] name test vlan
Related commands
reset counters interface vlan-interface
Use reset counters interface vlan-interface to clear statistics on a VLAN interface.
Syntax
reset counters [ interface vlan-interface [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-interface interface-number: Specifies a VLAN interface by its number. If you do not specify the vlan-interface keyword, the command clears statistics on all interfaces. If you specify the vlan-interface keyword without specifying an interface number, the command clears statistics on all existing VLAN interfaces.
Usage guidelines
Use this command to clear the history statistics before you collect statistics within a time period.
Examples
# Clear statistics on VLAN-interface 2.
<Sysname> reset counters interface vlan-interface 2
Related commands
display interface vlan-interface
reset vlan statistics
Use reset vlan statistics to clear packet statistics for a VLAN.
Syntax
In standalone mode:
reset vlan vlan-id statistics [ slot slot-number ]
In IRF mode:
reset vlan vlan-id statistics [ chassis chassis-number slot slot-number ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears VLAN packet statistics on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears VLAN packet statistics on all cards. (In IRF mode.)
Examples
# Clear packet statistics for VLAN 2.
<Sysname> reset vlan 2 statistics
Related commands
display vlan statistics
statistics enable
shutdown
Use shutdown to shut down a VLAN interface.
Use undo shutdown to bring up a VLAN interface.
Syntax
shutdown
undo shutdown
Default
A VLAN interface is not manually shut down.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When a VLAN interface is not manually shut down, the following guidelines apply to the interface state:
· The VLAN interface is down if all ports in the VLAN are down.
· The VLAN interface is up if one or more ports in the VLAN are up.
When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports in the VLAN.
Before you configure parameters for a VLAN interface, use this command to shut it down to prevent the configuration from affecting the network. After you complete the VLAN interface configuration, use the undo shutdown command to make the settings take effect.
To troubleshoot a failed VLAN interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers.
In a VLAN, the state of each Ethernet port is independent of the state of the VLAN interface.
Examples
# Shut down VLAN-interface 2, and then bring it up.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] shutdown
[Sysname-Vlan-interface2] undo shutdown
statistics enable
Use statistics enable to enable packet statistics for a VLAN.
Use undo statistics enable to disable packet statistics for a VLAN.
Syntax
statistics enable
undo statistics enable
Default
Packet statistics is disabled for a VLAN.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When you need to examine or troubleshoot the network, you can enable packet statistics for a VLAN to monitor the total number of packets in the VLAN. The VLAN packet statistics include statistics on unicast, multicast, and broadcast packets.
Disable packet statistics for a VLAN to save system resources when you do not need this feature.
After packet statistics is enabled for a VLAN, you can use the display vlan statistics command to display the packet statistics for the VLAN.
The system does not automatically clear the packet statistics for VLANs. To clear the packet statistics for a VLAN, use the reset vlan statistics command.
Examples
# Enable packet statistics for VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] statistics enable
Related commands
display vlan statistics
reset vlan statistics
vlan
Use vlan vlan-id-list to create VLANs in batches, except reserved VLANs.
Use vlan all to create VLANs 1 through 4094.
Use undo vlan to delete the specified VLANs.
Syntax
vlan { vlan-id-list | all }
undo vlan { vlan-id-list | all }
Default
VLAN 1 (system default VLAN) exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
all: Specifies all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.
Usage guidelines
You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs.
Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN.
Examples
# Create VLAN 2 and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2]
# Create VLAN 2 and VLANs 4 through 100.
<Sysname> system-view
[Sysname] vlan 2 4 to 100
Related commands
display vlan
Port-based VLAN commands
display port
Use display port to display information about hybrid or trunk ports.
Syntax
display port { hybrid | trunk }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
hybrid: Specifies hybrid ports.
trunk: Specifies trunk ports.
Examples
# Display information about hybrid ports.
<Sysname> display port hybrid
Interface PVID VLAN Passing
XGE1/0/1 100 Tagged: 1000, 1002, 1500, 1600-1611, 2000,
2555-2558, 3000, 4000
Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,
150-160, 200, 255, 286, 300-302
# Display information about trunk ports.
<Sysname> display port trunk
Interface PVID VLAN Passing
XGE1/0/2 2 1-4, 6-100, 145, 177, 189-200, 244, 289, 400,
555, 600-611, 1000, 2006-2008
Table 5 Command output
|
Field |
Description |
|
Interface |
Interface name. |
|
PVID |
Port VLAN ID. |
|
VLAN Passing |
Existing VLANs allowed on the port. |
|
Tagged |
VLANs from which the port sends packets without removing VLAN tags. |
|
Untagged |
VLANs from which the port sends packets after removing VLAN tags. |
port
Use port to assign the specified access ports to a VLAN.
Use undo port to remove the specified access ports from a VLAN.
Syntax
port interface-list
undo port interface-list
Default
All ports are in VLAN 1.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
Usage guidelines
This command is applicable only to access ports.
By default, all ports are access ports. You can manually configure the port link type. For more information, see "port link-type."
Examples
# Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3
Related commands
display vlan
port access vlan
Use port access vlan to assign an access port to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
All access ports belong to VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
Before assigning an access port to a VLAN, make sure the VLAN has been created.
Examples
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 3
port hybrid pvid
Use port hybrid pvid to set the PVID of a hybrid port.
Use undo port hybrid pvid to set the PVID of a hybrid port to 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local hybrid port and its peer.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, set its PVID to VLAN 100, and assign it to VLAN 100 as an untagged member.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 100
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
Related commands
port hybrid vlan
port link-type
port hybrid vlan
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
port link-type
Use port link-type to set the link type of a port.
Use undo port link-type to restore the default link type of a port.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
Each port is an access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
access: Sets the port link type to access.
hybrid: Sets the port link type to hybrid.
trunk: Sets the port link type to trunk.
Usage guidelines
To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
port trunk permit vlan
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
A trunk port allows packets only from VLAN 1 to pass through.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 32 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.
Usage guidelines
A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.
On a trunk port, packets only from the PVID can pass through untagged.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
port trunk pvid
Use port trunk pvid to set the PVID for a trunk port.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
The PVID of a trunk port is VLAN 1.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
S-channel interface/S-channel aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a local trunk port and its peer.
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk, set its PVID to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
Related commands
port link-type
port trunk permit vlan
MAC-based VLAN commands
display mac-vlan
Use display mac-vlan to display MAC-to-VLAN entries.
Syntax
display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
all: Specifies all MAC-to-VLAN entries.
dynamic: Specifies dynamically configured MAC-to-VLAN entries.
mac-address mac-address: Specifies the MAC address in the MAC-to-VLAN entry. The format of the mac-address argument is H-H-H.
mask mac-mask: Specifies the mask for matching MAC addresses in MAC-to-VLAN entries. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.
static: Specifies statically configured MAC-to-VLAN entries.
vlan vlan-id: Specifies the VLAN in MAC-to-VLAN entries. The value range for the vlan-id argument is 1 to 4094.
Examples
# Display all MAC-to-VLAN entries.
<Sysname> display mac-vlan all
The following MAC VLAN entries exist:
State: S - Static, D - Dynamic
MAC address Mask VLAN ID Dot1q State
0008-0001-0000 ffff-ff00-0000 5 3 S
0002-0001-0000 ffff-ffff-ffff 5 3 S&D
Total MAC VLAN entries count: 2
Table 6 Command output
|
Field |
Description |
|
S - Static |
Statically configured MAC-to-VLAN entries. |
|
D - Dynamic |
Dynamically configured MAC-to-VLAN entries. |
|
MAC address |
MAC address of the MAC-to-VLAN entry. |
|
Mask |
MAC address mask of the MAC-to-VLAN entry. |
|
VLAN ID |
VLAN ID of the MAC-to-VLAN entry. |
|
Dot1q |
802.1p priority of the VLAN in the MAC-to-VLAN entry. |
|
State |
State of a MAC-to-VLAN entry: · S—The MAC-to-VLAN entry is configured statically. · D—The MAC-to-VLAN entry is dynamically issued by the authentication server. · S&D—The MAC-to-VLAN entry is configured both statically and dynamically. |
Related commands
mac-vlan mac-address
display mac-vlan interface
Use display mac-vlan interface to display all ports that are enabled with the MAC-based VLAN feature.
Syntax
display mac-vlan interface
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display all ports that are enabled with the MAC-based VLAN feature.
<Sysname> display mac-vlan interface
MAC VLAN is enabled on following ports:
Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3
mac-vlan enable
mac-vlan enable
Use mac-vlan enable to enable the MAC-based VLAN feature on a port.
Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port.
Syntax
mac-vlan enable
undo mac-vlan enable
Default
The MAC-based VLAN feature is disabled on a port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname–Ten-GigabitEthernet1/0/1] mac-vlan enable
display mac-vlan interface
mac-vlan mac-address
Use mac-vlan mac-address to configure a MAC-to-VLAN entry.
Use undo mac-vlan to delete the specified MAC-to-VLAN entries.
Syntax
mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1p priority ]
undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }
Default
No MAC-to-VLAN entries exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be a multicast MAC address or all 0s. When you configure a MAC address, leading zeros in each H section can be omitted. For example, to configure a MAC address 000f-00e2-0001, you can enter only f-e2-1.
mask mac-mask: Specifies the MAC address mask. For the mac-mask argument, the high-order bits must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default value is ffff-ffff-ffff.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
dot1p priority: Specifies the 802.1p priority of the VLAN specific to the MAC-to-VLAN entry. The value range for the priority argument is 0 to 7, and the default value is 0. The higher the value, the higher the 802.1p priority.
all: Specifies all static MAC-to-VLAN entries.
Usage guidelines
For successful dynamic MAC-based VLAN assignment, use static VLANs when you create MAC-to-VLAN entries.
Different types of MAC-to-VLAN entries are created depending on whether you specify the mask keyword.
· When you specify this keyword, the created MAC-to-VLAN entry describes the relationship among a group of MAC addresses, a VLAN, and the 802.1p priority for the VLAN.
· When you do not specify this keyword, the created MAC-to-VLAN entry describes the relationship among a MAC address, a VLAN, and the 802.1p priority for the VLAN.
These different types of MAC-to-VLAN entries are stored separately in two tables. The system updates the two tables according to the configuration.
Examples
# Associate the MAC address 0000-0001-0001 with VLAN 100, and set the 802.1p priority to 7 for VLAN 100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 0-1-1 vlan 100 dot1p 7
# Associate VLAN 100 with MAC addresses whose six high-order bits are 121122, and set the 802.1p priority to 4 for VLAN 100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 dot1p 4
display mac-vlan
mac-vlan trigger enable
Use mac-vlan trigger enable to enable dynamic MAC-based VLAN assignment on a port.
Use undo mac-vlan trigger enable to disable dynamic MAC-based VLAN assignment on a port.
Syntax
mac-vlan trigger enable
undo mac-vlan trigger enable
Default
Dynamic MAC-based VLAN assignment is disabled on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
VLAN assignment for a port is triggered only when the source MAC address of its received packet exactly matches the MAC address in a MAC-to-VLAN entry.
Examples
# Enable dynamic MAC-based VLAN assignment on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-vlan trigger enable
mac-vlan mac-address
port pvid forbidden
port pvid forbidden
Use port pvid forbidden to disable a port from forwarding packets that fail the exact MAC address match in its PVID.
Use undo port pvid forbidden to restore the default.
Syntax
port pvid forbidden
undo port pvid forbidden
Default
When a port receives packets whose source MAC addresses fail the exact MAC address match, the port forwards them in its PVID.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use this feature only with dynamic MAC-based VLAN assignment.
Examples
# Disable Ten-GigabitEthernet 1/0/1 from forwarding packets that fail the exact MAC address match in its PVID.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port pvid forbidden
mac-vlan trigger enable
vlan precedence
Use vlan precedence to set the VLAN matching order.
Use undo vlan precedence to restore the default.
Syntax
vlan precedence { mac-vlan | ip-subnet-vlan }
undo vlan precedence
Default
A port matches VLANs based on MAC addresses preferentially.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
mac-vlan: Matches VLANs based on MAC addresses preferentially.
ip-subnet-vlan: Matches VLANs based on IP subnets preferentially.
Usage guidelines
This command takes effect only on MAC-based VLANs and IP subnet-based VLANs.
When you enable dynamic MAC-based VLAN assignment, configure the vlan precedence mac-vlan command as a best practice to ensure the priority of MAC-based VLAN matching. If you execute the vlan precedence ip-subnet-vlan command, the command does not take effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to match VLANs based on MAC addresses preferentially.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] vlan precedence mac-vlan
Related commands
mac-vlan trigger enable
IP subnet-based VLAN commands
display ip-subnet-vlan interface
Use display ip-subnet-vlan interface to display IP subnet-based VLANs that are associated with the specified ports.
Syntax
display ip-subnet-vlan interface { interface-type interface-number1 [ to interface-type interface-number2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number1 to interface-type interface-number2: Specifies an interface range. Both the interface-type interface-number1 argument and the interface-type interface-number2 argument represent the interface type and interface number. The value for the interface-number2 argument must be greater than or equal to the value for the interface-number1 argument.
all: Specifies all ports.
Examples
# Display IP subnet-based VLANs on Ten-GigabitEthernet 1/0/1.
<Sysname> display ip-subnet-vlan interface ten-gigabitethernet 1/0/1
Interface: Ten-GigabitEthernet1/0/1
VLAN ID Subnet index IP address Subnet mask Status
3 0 192.168.1.0 255.255.255.0 Active
4 N/A N/A N/A Inactive
4094 65535 172.16.1.1 255.255.0.0 Inactive
Table 7 Command output
|
Field |
Description |
|
VLAN ID |
ID of the IP subnet-based VLAN. |
|
Subnet index |
Index of the IP subnet. This field displays N/A if no IP subnet-based VLAN is configured. |
|
IP address |
IP address of the subnet. It can be an IP address or a subnet address. This field displays N/A if no IP subnet address is configured for the VLAN. |
|
Subnet mask |
Mask of the IP subnet. This field displays N/A if no subnet mask is configured for the VLAN. |
|
Status |
Whether the IP subnet-based VLAN has taken effect on the port: · Active—The IP subnet-based VLAN has taken effect. · Inactive—The IP subnet-based VLAN has not taken effect. For example, this field displays Inactive in one of the following conditions: ¡ The configuration of the IP subnet-based VLAN is not complete. ¡ The port does not allow the IP subnet-based VLAN. |
Related commands
display ip-subnet-vlan vlan
ip-subnet-vlan
port hybrid ip-subnet-vlan
display ip-subnet-vlan vlan
Use display ip-subnet-vlan vlan to display information about IP subnet-based VLANs.
Syntax
display ip-subnet-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-id1: Specifies an IP subnet-based VLAN by its VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies an IP subnet-based VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all IP subnet-based VLANs.
Examples
# Display information about all IP subnet-based VLANs.
<Sysname> display ip-subnet-vlan vlan all
VLAN ID: 3
Subnet index IP address Subnet mask
0 192.168.1.0 255.255.255.0
Table 8 Command output
|
Field |
Description |
|
VLAN ID |
ID of the IP subnet-based VLAN. |
|
Subnet index |
Index of the IP subnet. |
|
IP address |
IP address of the subnet. It can be an IP address or a subnet address. |
|
Subnet mask |
Mask of the IP subnet. |
Related commands
display ip-subnet-vlan interface
ip-subnet-vlan
port hybrid ip-subnet-vlan
ip-subnet-vlan
Use ip-subnet-vlan to associate a VLAN with the specified IP subnet or IP address.
Use undo ip-subnet-vlan to disassociate a VLAN from the specified IP subnet or IP address.
Syntax
ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ]
undo ip-subnet-vlan { ip-subnet-index [ to ip-subnet-end ] | all }
Default
A VLAN is not associated with an IP subnet or IP address.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-subnet-index: Specifies a beginning IP subnet index in the range of 0 to 65535. The value can be configured by users. It can also be automatically numbered by the system based on the order in which the IP subnets or IP addresses are associated with the VLAN.
ip ip-address [ mask ]: Specifies the source IP address or network address that is associated with the VLAN. The ip-address argument specifies the source IP address or network address in dotted decimal notation. The mask argument is the subnet mask of the source IP address or network address, in dotted decimal notation with a default value of 255.255.255.0.
to ip-subnet-end: Specifies an end IP subnet index of an IP subnet index range, in the range of 0 to 65535. The value for the ip-subnet-end argument must be greater than or equal to the beginning IP subnet index.
all: Specifies all IP subnets or IP addresses that are associated with the VLAN.
Usage guidelines
The IP subnet or IP address cannot be a multicast network segment or a multicast address.
Examples
# Configure VLAN 3 as an IP subnet-based VLAN and associate it with the subnet 192.168.1.0/24.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
Related commands
display ip-subnet-vlan interface
display ip-subnet-vlan vlan
port hybrid ip-subnet-vlan
port hybrid ip-subnet-vlan
Use port hybrid ip-subnet-vlan to associate a port with the specified IP subnet-based VLAN.
Use undo port hybrid ip-subnet-vlan to disassociate a port from the specified IP subnet-based VLAN.
Syntax
port hybrid ip-subnet-vlan vlan vlan-id
undo port hybrid ip-subnet-vlan { vlan vlan-id | all }
Default
A port is not associated with an IP subnet-based VLAN.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
all: Specifies all VLANs.
Usage guidelines
For this command to take effect, perform the following tasks:
1. Create a VLAN and associate it with the specified IP subnet or IP address.
2. Set the port link type to hybrid.
3. Configure the port to allow the IP subnet-based VLAN to pass through.
Examples
# Associate Ten-GigabitEthernet 1/0/1 with IP subnet-based VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
[Sysname-vlan3] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 3 untagged
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3
# Associate Layer 2 aggregate interface Bridge-Aggregation 1 with IP subnet-based VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
[Sysname-vlan3] quit
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] port link-type hybrid
[Sysname-Bridge-Aggregation1] port hybrid vlan 3 untagged
[Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3
Related commands
display ip-subnet-vlan interface
display ip-subnet-vlan vlan
ip-subnet-vlan
Protocol-based VLAN commands
display protocol-vlan interface
Use display protocol-vlan interface to display protocol-based VLANs that are associated with the specified ports.
Syntax
display protocol-vlan interface { interface-type interface-number1 [ to interface-type interface-number2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number1 to interface-type interface-number2: Specifies an interface range. Both the interface-type interface-number1 argument and the interface-type interface-number2 argument represent the interface type and interface number. The value for the interface-number2 argument must be greater than or equal to the value for the interface-number1 argument.
all: Specifies all ports.
Examples
# Display protocol-based VLAN information on Ten-GigabitEthernet 1/0/1.
<Sysname> display protocol-vlan interface ten-gigabitethernet 1/0/1
Interface: Ten-GigabitEthernet1/0/1
VLAN ID Protocol index Protocol type Status
2 0 IPv6 Active
2 1 N/A Inactive
4094 65535 IPv4 Inactive
|
Field |
Description |
|
VLAN ID |
ID of the protocol-based VLAN. |
|
Protocol index |
Protocol template index. |
|
Protocol type |
Protocol type specified by the protocol template. This field displays N/A if the protocol type is not specified. |
|
Status |
Whether the protocol-based VLAN has taken effect: · Active—The protocol-based VLAN has taken effect. · Inactive—The protocol-based VLAN has not taken effect. |
Related commands
display protocol-vlan vlan
port hybrid protocol-vlan
protocol-vlan
display protocol-vlan vlan
Use display protocol-vlan vlan to display information about protocol-based VLANs.
Syntax
display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vlan-id1: Specifies a protocol-based VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a protocol-based VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
all: Specifies all protocol-based VLANs.
Examples
# Displays information about all protocol-based VLANs.
<Sysname> display protocol-vlan vlan all
VLAN ID: 2
Protocol index Protocol type
0 IPv4
65535 IPv6
VLAN ID: 3
Protocol index Protocol type
0 IPv4
65535 LLC DSAP 0x11 SSAP 0x22
|
Field |
Description |
|
VLAN ID |
ID of the protocol-based VLAN. |
|
Protocol index |
Protocol template index. |
|
Protocol type |
Protocol type or encapsulation format specified by the protocol template. |
Related commands
display protocol-vlan interface
port hybrid protocol-vlan
protocol-vlan
port hybrid protocol-vlan
Use port hybrid protocol-vlan to associate a port with the specified protocol-based VLAN.
Use undo port hybrid protocol-vlan to disassociate a port from the specified protocol-based VLAN.
Syntax
port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
undo hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all }
Default
A port is not associated with a protocol-based VLAN.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
protocol-index: Specifies a beginning protocol template index in the range of 0 to 65535.
to protocol-end: Specifies an end protocol template index of a protocol template range, in the range of 0 to 65535. The value for this argument must be greater than or equal to the beginning protocol template index.
all: Specifies all protocol templates.
Usage guidelines
For this command to take effect, perform the following tasks:
1. Create a VLAN and associate it with the specified protocol templates.
2. Set the port link type to hybrid.
3. Configure the port to allow the protocol-based VLAN to pass through.
When you execute the undo port hybrid protocol-vlan command on a port, follow these guidelines:
· If you specify both the vlan-id argument and the all keyword, this command disassociates the port from all protocol templates of the specified VLAN.
· If you specify only the all keyword, this command disassociates the port from all protocol templates of all VLANs.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, assign it to VLAN 2 as an untagged member, and associated it with protocol template 1 in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] protocol-vlan 1 ipv4
[Sysname-vlan2] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 untagged
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 1
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a hybrid port, assign it to VLAN 2 as an untagged member, and associated it with protocol template 1 in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] protocol-vlan 1 ipv4
[Sysname-vlan2] quit
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] port link-type hybrid
[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged
[Sysname-Bridge-Aggregation1] port hybrid protocol-vlan vlan 2 1
protocol-vlan
Use protocol-vlan to associate a VLAN with the specified protocol template.
Use undo protocol-vlan to disassociate a VLAN from the specified protocol template.
Syntax
protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }
undo protocol-vlan { protocol-index [ to protocol-end ] | all }
Default
A VLAN is not associated with a protocol template.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
at: Specifies the AppleTalk-based VLAN.
ipv4: Specifies the IPv4-based VLAN.
ipv6: Specifies the IPv6-based VLAN.
ipx: Specifies the IPX-based VLAN. The keywords ethernetii, llc, raw, and snap specify IPX encapsulation formats.
mode: Configures a user-defined protocol template for the VLAN. The keywords ethernetii, llc, and snap specify the available encapsulation formats.
ethernetii etype etype-id: Matches the Ethernet II encapsulation format and the specified protocol type ID. The etype-id argument specifies the protocol type ID of inbound packets, in the range of 600 to ffff in hexadecimal notation, excluding 800, 86dd, 809b, and 8137.
llc: Matches the LLC encapsulation format.
dsap dsap-id: Specifies the destination service access point in hexadecimal notation, in the range of 0 to ff.
ssap ssap-id: Specifies the source service access point in hexadecimal notation, in the range of 0 to ff.
snap etype etype-id: Matches the SNAP encapsulation format and the specified protocol type value. The etype-id argument specifies the Ethernet type of inbound packets, in the range of 600 to ffff in hexadecimal notation, excluding 8137.
protocol-index: Specifies a protocol template index that is associated with the VLAN. The value range for this argument is 0 to 65535. The system will automatically assign an index if you do not specify this argument.
to protocol-end: Specifies an end protocol template index of a protocol template range, in the range of 0 to 65535. The value for the protocol-end argument must be greater than or equal to the value for the protocol-index argument.
all: Specifies all protocols associated with the VLAN.
Usage guidelines
|
|
CAUTION: IP uses ARP for address resolution in Ethernet. To prevent communication failures, configure the IP and ARP templates in the same VLAN and associate them with the same port. |
When you use the mode keyword to configure a protocol template, follow these restrictions and guidelines:
· Do not set the etype-id argument in the ethernetii etype etype-id option to the following hexadecimal values:
¡ 800—Specifies the IPv4 protocol in Ethernet II encapsulation.
¡ 809b—Specifies the AppleTalk protocol in Ethernet II encapsulation.
¡ 8137—Specifies the IPX protocol in Ethernet II encapsulation.
¡ 86dd—Specifies the IPv6 protocol in Ethernet II encapsulation.
· Do not set both the dsap-id and ssap-id arguments to any of the following hexadecimal values:
¡ e0—Specifies the 802.2 LLC encapsulation format for IPX packets.
¡ ff—Specifies the 802.3 raw encapsulation format for IPX packets.
¡ aa—Specifies the 802.2 SNAP encapsulation format.
When either of the dsap-id and ssap-id arguments is configured, the system assigns the hexadecimal value aa to the other argument.
· Do not set the etype-id argument in the snap etype etype-id option to the hexadecimal value 8137. Otherwise, the template format will be the same as that of the IPX protocol. You can set the etype-id argument to the hexadecimal value 800, 809b, or 86dd. The hexadecimal values 800, 809b, and 86dd correspond to IPv4, AppleTalk, and IPv6, respectively.
Examples
# Assign ARP packets in Ethernet II encapsulation and IPv4 packets to VLAN 3 for transmission. (The protocol type ID for ARP is 0806 in hexadecimal notation.)
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] protocol-vlan 1 ipv4
[Sysname-vlan3] protocol-vlan 2 mode ethernetii etype 0806
Related commands
display protocol-vlan interface
display protocol-vlan vlan
port protocol-vlan
VLAN group commands
display vlan-group
Use display vlan-group to display VLAN group information.
Syntax
display vlan-group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character. If you do not specify this argument, the command displays information about all VLAN groups.
Examples
# Display information about VLAN group test001.
<Sysname> display vlan-group test001
VLAN group: test001
VLAN list: 2-4 100 200
# Display information about all VLAN groups.
<Sysname> display vlan-group
VLAN group: test001
VLAN list: 2-4 100 200
VLAN group: rnd
VLAN list: Null
Table 11 Command output
|
Field |
Description |
|
VLAN group |
Name of the VLAN group. |
|
VLAN list |
VLAN list in the VLAN group. |
Related commands
vlan-group
vlan-list
vlan-group
Use vlan-group to create a VLAN group and enter its view, or enter the view of an existing VLAN group.
Use undo vlan-group to delete a VLAN group.
Syntax
vlan-group group-name
undo vlan-group group-name
Default
No VLAN groups exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The first character must be an alphabetical character.
Usage guidelines
A VLAN group includes a set of VLANs. You can add multiple VLAN lists to a VLAN group.
Examples
# Create a VLAN group named test001 and enter VLAN group view.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001]
Related commands
vlan-list
vlan-list
Use vlan-list to add VLANs to a VLAN group.
Use undo vlan-list to remove VLANs from a VLAN group.
Syntax
vlan-list vlan-id-list
undo vlan-list vlan-id-list
Default
No VLANs exist in a VLAN group.
Views
VLAN group view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Examples
# Add VLAN 2 through VLAN 4, VLAN 100, and VLAN 200 to VLAN group test001.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001] vlan-list 2 to 4 100 200
Related commands
vlan-group
Super VLAN commands
display supervlan
Use display supervlan to display information about super VLANs and their associated sub-VLANs.
Syntax
display supervlan [ supervlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN ID, this command displays information about all super VLANs and their associated sub-VLANs.
Examples
# Display information about super VLAN 2 and its associated sub-VLANs.
<Sysname> display supervlan 2
Super VLAN ID: 2
Sub-VLAN ID: 3-5
VLAN ID: 2
VLAN type: Static
It is a super VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports: None
VLAN ID: 3
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/3
VLAN ID: 4
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/4
Table 12 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, dynamic or static. |
|
Route interface |
Whether a VLAN interface is configured for the VLAN. |
|
IPv4 address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
IPv4 subnet mask |
Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. |
|
IPv6 global unicast addresses |
Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. · DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly. |
|
Description |
VLAN description. |
|
Name |
VLAN name. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
subvlan
supervlan
subvlan
Use subvlan to associate a super VLAN with the specified sub-VLANs.
Use undo subvlan to dissociate sub-VLANs from a super VLAN.
Syntax
subvlan vlan-id-list
undo subvlan [ vlan-id-list ]
Default
A super VLAN is not associated with any sub-VLANs.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 sub-VLAN items. Each item specifies a sub-VLAN ID or a range of sub-VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for sub-VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
Make sure sub-VLANs already exist before you associate them with a super VLAN.
You can add ports to and remove ports from a sub-VLAN that is already associated with a super VLAN.
When you use the undo subvlan command, follow these guidelines:
· If you do not specify the vlan-id-list argument, this command dissociates all sub-VLANs from the current super VLAN.
· If you specify the vlan-id-list argument, this command dissociates the specified sub-VLANs from the current super VLAN.
Examples
# Associate super VLAN 10 with sub-VLANs 3, 4, and 5.
<Sysname> system-view
[Sysname] vlan 3 to 5
[Sysname] vlan 10
[Sysname-vlan10] supervlan
[Sysname-vlan10] subvlan 3 to 5
Related commands
display supervlan
supervlan
supervlan
Use supervlan to configure a VLAN as a super VLAN.
Use undo supervlan to restore the default.
Syntax
supervlan
undo supervlan
Default
A VLAN is not a super VLAN.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You cannot configure a VLAN as both a super VLAN and a guest VLAN, Auth-Fail VLAN, or critical VLAN. For more information about guest VLANs, Auth-Fail VLANs, and critical VLANs, see Security Configuration Guide.
As a best practice, do not configure VRRP for a super VLAN interface, because the configuration affects network performance.
Layer 2 multicast configuration for super VLANs does not take effect because they do not have physical ports.
Examples
# Configure VLAN 2 as a super VLAN.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] supervlan
Related commands
display supervlan
subvlan
Private VLAN commands
display private-vlan
Use display private-vlan to display information about primary VLANs and their associated secondary VLANs.
Syntax
display private-vlan [ primary-vlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary VLAN ID, this command displays information about all primary VLANs and their associated secondary VLANs.
Examples
# Display information about primary VLANs and their associated secondary VLANs.
<Sysname> display private-vlan
Primary VLAN ID: 2
Secondary VLAN ID: 3-4
VLAN ID: 2
VLAN type: Static
Private VLAN type: Primary
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
Ten-GigabitEthernet1/0/4
VLAN ID: 3
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
VLAN ID: 4
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/4
Table 13 Command output
|
Field |
Description |
|
VLAN type |
VLAN type, dynamic or static. |
|
Private VLAN type |
Private VLAN type: · Primary—Primary VLAN. · Secondary—Secondary VLAN. · Isolated secondary—Secondary VLAN configured with port isolation at Layer 2. |
|
Route interface |
Whether a VLAN interface is created for the VLAN: · Configured. · Not configured. |
|
IPv4 address |
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. When the VLAN interface is also configured with secondary IPv4 addresses, you can view them by using one of the following commands: · display interface vlan-interface. · display this (VLAN interface view). |
|
IPv4 subnet mask |
Subnet mask for the primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4 address is configured for the VLAN interface. |
|
IPv6 global unicast addresses |
Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. An address in this state cannot be used as the source address or destination address of packets. · DUPLICATE—DAD has been completed for the address. The address is not unique on the link and cannot be used. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but within the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined to the address are processed correctly. |
|
Description |
VLAN description. |
|
Name |
VLAN name. |
|
Tagged ports |
Tagged members of the VLAN. |
|
Untagged ports |
Untagged members of the VLAN. |
Related commands
private-vlan (VLAN view)
private-vlan primary
port private-vlan host
Use port private-vlan host to configure a port as a host port.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan host
undo port private-vlan
Default
A port is not a host port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
If the port has been assigned to a secondary VLAN, the command assigns the port to the primary VLAN associated with the secondary VLAN. Also, the following events occur:
· For an access port, the device performs the following operations:
¡ Changes the port link type to hybrid.
¡ Configures the secondary VLAN as the PVID.
¡ Assigns the port to the primary VLAN as an untagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of the primary VLAN, this member attribute remains in the primary VLAN.
¡ If the hybrid port does not allow the primary VLAN, the device assigns the port to the primary VLAN as an untagged member.
You can assign the port to a secondary VLAN before or after you execute this command.
The undo port private-vlan command does not change the VLAN attributes (allowed VLANs, port link type, and PVID) of the port.
The port private-vlan host command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.
Examples
In this example, VLAN 20 is a secondary VLAN and is associated with primary VLAN 2.
# Configure Ten-GigabitEthernet 1/0/1 as a host port, and then verify the configuration.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port private-vlan host
#
return
The output show that Ten-GigabitEthernet 1/0/1 is operating in bridge mode and is a host port.
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 20, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 20
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port private-vlan host
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 20
#
return
The output shows that:
· Ten-GigabitEthernet 1/0/1 is an untagged member of secondary VLAN 20 and primary VLAN 2.
· The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 20.
Related commands
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
port private-vlan promiscuous
Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified VLAN and assign the port to the VLAN.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan vlan-id promiscuous
undo port private-vlan
Default
A port is not a promiscuous port of any VLANs.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLAN is a primary VLAN that has been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:
· For an access port, the device performs the following operations:
¡ Changes the port link type to hybrid.
¡ Configures the primary VLAN as the PVID.
¡ Assigns the port to the primary VLAN and its associated secondary VLANs as an untagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of the primary VLAN and part of its associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the associated secondary VLANs as an untagged member.
¡ If the hybrid port does not allow any of the primary VLAN and its associated secondary VLANs, the command assigns the port to these VLANs as an untagged member.
If you execute this command on a promiscuous port multiple times, the most recent configuration takes effect.
The undo port private-vlan command does not change the VLAN attributes (allowed secondary VLANs, link type, and PVID) of the port. When you execute the undo port private-vlan command on a promiscuous port of a VLAN, the command removes the port from the VLAN.
You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan promiscuous command.
This command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands.
Examples
In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port private-vlan 2 promiscuous
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 2
#
return
The output shows that:
· Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
· Ten-GigabitEthernet 1/0/1 is an untagged member of primary VLAN 2 and secondary VLAN 20.
· The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 2.
# Execute the undo port private-vlan command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 20 untagged
port hybrid pvid vlan 2
#
return
The output shows that:
· Ten-GigabitEthernet 1/0/1 is removed from primary VLAN 2.
· Ten-GigabitEthernet 1/0/1 is an untagged member of VLAN 20.
· The link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.
Related commands
port private-vlan host
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
port private-vlan trunk promiscuous
Use port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port of the specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk promiscuous to cancel the trunk promiscuous attribute of a port in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk promiscuous
undo port private-vlan vlan-id-list trunk promiscuous
Default
A port is not a trunk promiscuous port of any VLANs.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 primary VLAN items. Each item specifies a primary VLAN ID or a range of primary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for primary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are primary VLANs that have been associated with secondary VLANs, the command assigns the port to the associated secondary VLANs. Also, the following events occur:
· For an access port, the device performs the following operations:
¡ Changes the port link type to hybrid. The PVID of the port does not change.
¡ Assigns the port to the primary VLANs and the associated secondary VLANs as a tagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the hybrid port has been a tagged or untagged member of part of the primary VLANs and their associated secondary VLANs, this member attribute remains in these VLANs. The device assigns the hybrid port to the rest of the primary VLANs and their associated secondary VLANs as a tagged member.
¡ If the hybrid port does not allow any of the primary VLANs and their associated secondary VLANs, the device assigns the port to these VLANs as a tagged member.
The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, port link type, and PVID) of the port.
If you execute the undo form of this command on a trunk promiscuous port, the command removes the port from the VLANs specified by the vlan-id-list argument.
You can configure the specified VLANs as primary VLANs before or after you execute this command.
This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous and port private-vlan trunk secondary commands.
For an uplink port to permit multiple primary VLANs, use the port private-vlan trunk promiscuous command to assign the port to these VLANs. The port can then transmit packets from these primary VLANs with VLAN tags. For an uplink port to permit only one primary VLAN, use the port private-vlan promiscuous command to assign the port to the VLAN. The port can then transmit packets from the primary VLAN without VLAN tags.
Examples
In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 2 and 3, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 3 trunk promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port private-vlan 2 3 trunk promiscuous
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
· Ten-GigabitEthernet 1/0/1 is a trunk promiscuous port of VLANs 2 and 3.
· Ten-GigabitEthernet1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
· The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
# Execute the undo port private-vlan trunk promiscuous command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 2 3 trunk promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 20 30 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
· Ten-GigabitEthernet 1/0/1 is removed from VLANs 2 and 3.
· Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 20 and 30.
· The port link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
port private-vlan trunk secondary
Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk secondary
undo port private-vlan vlan-id-list trunk secondary
Default
A port is not a trunk secondary port of any VLANs.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur:
· For an access port, the device performs the following operations:
¡ Changes the port link type to hybrid. The PVID of the port does not change.
¡ Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged member.
· For a trunk port, the device does not change the port link type or PVID.
· For a hybrid port, the device does not change the port link type or PVID.
¡ If the port has been an untagged or tagged member of part of the secondary VLANs and their associated primary VLANs, this member attribute remains in these VLANs. The device assigns the port to the rest of the secondary VLANs and their associated primary VLANs as a tagged member.
¡ If the hybrid port does not allow any of the secondary VLANs and their associated primary VLANs, the device assigns the port to these VLANs as a tagged member.
A trunk secondary port can join only one secondary VLAN among all secondary VLANs associated with a primary VLAN. However, it can join multiple secondary VLANs that are associated with different primary VLANs.
The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port link type, and PVID) of the port.
When you execute the undo form of this command on a trunk secondary port of the VLANs specified by the vlan-id-list argument, one of the following events occurs:
· If the port is an access port, the device does not change the VLAN configuration of the port.
· If the port is a trunk or hybrid port, the device removes the port from the specified VLANs.
You can associate the specified VLANs with their respective primary VLANs before or after you execute this command.
This command does not take effect on the specified VLAN if any of the following conditions applies:
· The specified VLAN does not exist.
· The specified VLAN is not a secondary VLAN and is used for other purposes.
· The specified VLAN shares the same primary VLAN with other secondary VLANs, and the current port has been configured as a trunk secondary port in one of the other secondary VLANs.
This command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous and port private-vlan trunk promiscuous commands.
For a downlink port to permit multiple secondary VLANs associated with different primary VLANs, use the port private-vlan trunk secondary command to assign the port to these secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN tags. For a downlink port to permit only one secondary VLAN, use the port private-vlan host command to assign the port to the secondary VLAN. The port can then transmit packets from the secondary VLAN without VLAN tags.
Examples
· In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 20 30 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
port private-vlan 20 30 trunk secondary
#
return
The output shows that:
¡ Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLANs 20 and 30.
¡ Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
¡ The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 20 30 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
¡ Ten-GigabitEthernet 1/0/1 is removed from VLANs 20 and 30.
¡ Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2 and 3.
¡ The port link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.
· In this example, VLAN 10 is not a secondary VLAN.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 10 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 1 untagged
port private-vlan 10 trunk secondary
#
return
The output shows that:
¡ Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLAN 10.
¡ Ten-GigabitEthernet 1/0/1 is a tagged member of VLAN 10.
¡ The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 10 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 untagged
#
return
The output shows that:
¡ Ten-GigabitEthernet 1/0/1 is removed from VLAN 10.
¡ The port link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
private-vlan (VLAN view)
private-vlan isolated
private-vlan primary
private-vlan (VLAN interface view)
Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are associated with a primary VLAN.
Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs that are associated with a primary VLAN.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
Secondary VLANs are isolated at Layer 3.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
This command takes effect only when the following conditions exist:
· This command is executed in VLAN interface view of the primary VLAN interface.
· Secondary VLANs are associated with the primary VLAN.
· No VLAN interfaces are created for secondary VLANs.
· An IP address is assigned to the primary VLAN interface.
· Local proxy ARP or ND is enabled on the primary VLAN interface.
You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3 communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN interfaces for them.
When you execute this command in the same primary VLAN interface view multiple times, all the specified secondary VLANs are interoperable at Layer 3.
When you execute the undo private-vlan command, follow these guidelines:
· If you specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration only for the specified secondary VLANs.
· If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration for all secondary VLANs of the primary VLAN.
Examples
This example shows how to meet the following requirements:
· VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
· The uplink port (Ten-GigabitEthernet 1/0/2) is a promiscuous port of VLAN 2.
· Downlink ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 are host ports of VLANs 3 and 4, respectively.
· Secondary VLANs 3 and 4 can communicate at Layer 3.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 3 to 4
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
[Sysname-vlan2] quit
# Configure the uplink port (Ten-GigabitEthernet 1/0/2) as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/2] quit
# Assign downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 3
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/3] quit
# Assign downlink port Ten-GigabitEthernet 1/0/4 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/4
[Sysname-Ten-GigabitEthernet1/0/4] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/4] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/4] quit
# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] private-vlan secondary 3 to 4
# Assign an IP address to VLAN-interface 2.
[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0
# Enable local proxy ARP on VLAN-interface 2.
[Sysname-Vlan-interface2] local-proxy-arp enable
Related commands
private-vlan (VLAN view)
private-vlan primary
private-vlan (VLAN view)
Use private-vlan to associate a primary VLAN with the specified secondary VLANs.
Use undo private-vlan to dissociate a primary VLAN from the specified secondary VLANs.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
A primary VLAN is not associated with any secondary VLANs.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
secondary vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN.
The configuration synchronization is triggered based on the interface configuration when the following conditions exist:
· This command is configured for a primary VLAN.
· Ports on the device are promiscuous, trunk promiscuous, or host ports.
When you execute the undo private-vlan command, follow these guidelines:
· If you specify the secondary vlan-id-list option, this command dissociates the primary VLAN from the specified secondary VLANs.
· If you do not specify the secondary vlan-id-list option, this command dissociates the primary VLAN from all secondary VLANs.
Examples
# Associate primary VLAN 2 with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 3 to 4
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
primary-vlan primary
private-vlan community
Use private-vlan community to enable Layer 2 communication between ports in a secondary VLAN.
Syntax
private-vlan community
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command and the undo private-vlan isolated command have the same function.
When you use the save command to save the configuration, the private-vlan community command is not saved into the configuration file.
Examples
This example shows how to meet the following requirements:
· VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
· Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
· Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports.
· Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 can communicate at Layer 2 in secondary VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
<Sysname> system-view
[Sysname] vlan 4
[Sysname-vlan4] quit
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 4
[Sysname-vlan2] quit
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] quit
# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/2] quit
# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/3] quit
# Enable Layer 2 communication in secondary VLAN 4.
[Sysname] vlan 4
[Sysname-vlan4] private-vlan community
Related commands
private-vlan isolated
private-vlan isolated
Use private-vlan isolated to isolate ports in a secondary VLAN at Layer 2.
Use undo private-vlan isolated to restore the default.
Syntax
private-vlan isolated
undo private-vlan isolated
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command takes effect when the following conditions exist:
· The secondary VLAN is associated with a primary VLAN.
· The ports are configured as host ports or trunk secondary ports of the secondary VLAN.
This command is mutually exclusive with the primary VLAN, super VLAN, and sub-VLAN configuration commands.
Examples
This example shows how to meet the following requirements:
· VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
· Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
· Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports.
· Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are isolated at Layer 2 in secondary VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
<Sysname> system-view
[Sysname] vlan 4
[Sysname-vlan4] quit
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 4
[Sysname-vlan2] quit
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] quit
# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/2] quit
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host
# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
# Configure port isolation at Layer 2 in secondary VLAN 4.
[Sysname] vlan 4
[Sysname-vlan4] private-vlan isolated
Related commands
private-vlan (VLAN view)
private-vlan community
private-vlan primary
private-vlan primary
Use private-vlan primary to configure a VLAN as a primary VLAN.
Use undo private-vlan primary to restore the default.
Syntax
private-vlan primary
undo private-vlan primary
Default
A VLAN is not a primary VLAN.
Views
VLAN view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The configuration synchronization is triggered based on the interface configuration when the following conditions exist:
· This command is configured for a VLAN that has been associated with secondary VLANs.
· Ports on the device are promiscuous, trunk promiscuous, host, or trunk secondary ports.
Examples
# Configure VLAN 5 as a primary VLAN.
<Sysname> system-view
[Sysname] vlan 5
[Sysname-vlan5] private-vlan primary
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan primary
Voice VLAN commands
display voice-vlan mac-address
Use display voice-vlan mac-address to display the OUI addresses supported on the device.
Syntax
display voice-vlan mac-address
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display the OUI addresses supported on the device.
<Sysname> display voice-vlan mac-address
OUI Address Mask Description
0001-e300-0000 ffff-ff00-0000 Siemens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3Com phone
Table 14 Command output
|
Field |
Description |
|
OUI Address |
OUI address allowed on the device. |
|
Mask |
Mask of the OUI address. |
|
Description |
Description of the OUI address. |
Related commands
voice-vlan mac-address
display voice-vlan state
Use display voice-vlan state to display voice VLAN information.
Syntax
display voice-vlan state
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display voice VLAN information.
<Sysname> display voice-vlan state
Current voice VLANs: 1
Voice VLAN security mode: Security
Voice VLAN aging time: 1440 minutes
Voice VLAN enabled ports and their modes:
Port VLAN Mode CoS DSCP
XGE1/0/1 111 Auto 6 46
Table 15 Command output
|
Field |
Description |
|
Current Voice VLANs |
Number of existing voice VLANs. |
|
Voice VLAN security mode |
Voice VLAN mode: · Security. · Normal. |
|
Voice VLAN aging time |
Voice VLAN aging timer. No aging indicates that the voice VLAN does not age out. |
|
Voice VLAN enabled ports and their modes |
Voice VLAN-enabled ports and their voice VLAN assignment modes. |
|
Port |
Name of the voice VLAN-enabled port. |
|
VLAN |
ID of the voice VLAN enabled on the port. |
|
Mode |
Voice VLAN assignment mode of the port: · Manual. · Automatic. |
Related commands
voice-vlan aging
voice-vlan enable
voice-vlan mode auto
voice-vlan security enable
voice-vlan aging
Use voice-vlan aging to set the voice VLAN aging timer.
Use undo voice-vlan aging to restore the default.
Syntax
voice-vlan aging minutes
undo voice-vlan aging
Default
The voice VLAN aging timer is 1440 minutes (24 hours).
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
minutes: Sets the voice VLAN aging timer to 0 minutes or a value in the range of 5 to 43200 minutes. If you set the voice VLAN aging timer to 0 minutes, the voice VLAN does not age out.
Usage guidelines
In automatic voice VLAN assignment mode, after a port is assigned to a voice VLAN, the voice VLAN is controlled by a voice VLAN aging timer. The voice VLAN aging timer starts only when the dynamic MAC address entry of the voice VLAN ages out. If no voice packets are received on the port before the voice VLAN aging timer expires, the device removes the port from the voice VLAN.
The aging period for a voice VLAN equals the sum of the voice VLAN aging timer and the aging timer for its dynamic MAC address entry. For more information about the aging timer for dynamic MAC address entries, see MAC address table configuration in Layer 2—LAN Switching Configuration Guide.
Set the voice VLAN aging timer only when the voice VLAN assignment mode is automatic.
Examples
# Set the voice VLAN aging timer to 100 minutes.
<Sysname> system-view
[Sysname] voice-vlan aging 100
display voice-vlan state
voice-vlan enable
Use voice-vlan enable to enable the voice VLAN feature on a port.
Use undo voice-vlan enable to disable the voice VLAN feature on a port.
Syntax
voice-vlan vlan-id enable
undo voice-vlan [ vlan-id ] enable
Default
The voice VLAN feature is disabled on ports.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies a voice VLAN ID in the range of 2 to 4094.
Usage guidelines
Use this command only on a hybrid or trunk port operating in automatic voice VLAN assignment mode.
Before you execute this command, make sure the specified VLAN already exists.
Examples
# Enable the voice VLAN feature on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan 2 enable
display voice-vlan state
voice-vlan mode auto
voice-vlan mac-address
Use voice-vlan mac-address to configure the OUI address information for voice packet identification.
Use undo voice-vlan mac-address to delete an OUI address.
Syntax
voice-vlan mac-address mac-address mask oui-mask [ description text ]
undo voice-vlan mac-address oui
Default
System default OUI addresses exist.
Table 16 System default OUI addresses
|
Number |
OUI address |
Vendor |
|
|
|
1 |
0001-e300-0000 |
Siemens phone |
||
|
2 |
0003-6b00-0000 |
Cisco phone |
||
|
3 |
0004-0d00-0000 |
Avaya phone |
||
|
4 |
000f-e200-0000 |
H3C Aolynk phone |
||
|
5 |
0060-b900-0000 |
Philips/NEC phone |
||
|
6 |
00d0-1e00-0000 |
Pingtel phone |
||
|
7 |
00e0-7500-0000 |
Polycom phone |
||
|
8 |
00e0-bb00-0000 |
3Com phone |
||
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
mac-address: Specifies a source MAC address of voice traffic, in the format of H-H-H. For example, 1234-1234-1234.
mask oui-mask: Specifies the valid length of the OUI address by using a mask in the format of H-H-H. The mask contains consecutive 1s and 0s. For example, ffff-0000-0000. To match the voice devices of a vendor, set the mask to ffff-ff00-0000.
description text: Specifies the OUI address description, a case-sensitive string of 1 to 30 characters.
oui: Specifies an OUI address to delete, in the format of H-H-H. For example, 1234-1200-0000. An OUI address is the logical AND result of the mac-address and oui-mask arguments. It cannot be a broadcast address, a multicast address, or an all-zero address.
Usage guidelines
You can manually delete or add the system default OUI addresses.
The maximum number of configurable OUI addresses depends on the device model.
Examples
# Add OUI address 1234-1200-0000 by specifying the MAC address as 1234-1234-1234 and the mask as fff-ff00-0000. Configure the OUI address description as PhoneA.
<Sysname> system-view
[Sysname] voice-vlan mac-address 1234-1234-1234 mask ffff-ff00-0000 description PhoneA
display voice-vlan mac-address
voice-vlan mode auto
Use voice-vlan mode auto to configure a port to operate in automatic voice VLAN assignment mode.
Use undo voice-vlan mode auto to configure a port to operate in manual voice VLAN assignment mode.
Syntax
voice-vlan mode auto
undo voice-vlan mode auto
Default
A port operates in automatic voice VLAN assignment mode.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
To make a voice VLAN take effect on a port operating in manual mode, you must manually assign the port to the voice VLAN.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo voice-vlan mode auto
display voice-vlan state
voice-vlan qos
Use voice-vlan qos to configure a port to modify the CoS and DSCP values for incoming voice VLAN packets.
Use undo voice-vlan qos to restore the default.
Syntax
voice-vlan qos cos-value dscp-value
undo voice-vlan qos
Default
A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46, respectively.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
cos-value: Specifies a CoS value in the range of 0 to 7. A bigger CoS value represents a higher priority.
dscp-value: Specifies a DSCP value in the range of 0 to 63. A bigger DSCP value represents a higher priority.
Usage guidelines
You cannot execute this command on a voice VLAN-enabled port. Before you execute this command on a port, you must disable the voice VLAN feature on it.
If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the most recent configuration takes effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to modify the CoS and DSCP values for voice VLAN packets to 5 and 45, respectively.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos 5 45
voice-vlan qos trust
voice-vlan qos trust
Use voice-vlan qos trust to configure a port to trust the priority settings in incoming voice VLAN packets.
Use undo voice-vlan qos to restore the default.
Syntax
voice-vlan qos trust
undo voice-vlan qos
Default
A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46, respectively.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When a port trusts the QoS priority settings in incoming voice VLAN packets, the port does not modify their CoS and DSCP values.
You cannot execute this command on a voice VLAN-enabled port. Before you execute this command on a port, you must disable the voice VLAN feature on it.
If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the most recent configuration takes effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to trust the priority settings in incoming voice VLAN traffic.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos trust
Related commands
voice-vlan qos
voice-vlan security enable
Use voice-vlan security enable to enable the voice VLAN security mode.
Use undo voice-vlan security enable to disable the voice VLAN security mode.
Syntax
voice-vlan security enable
undo voice-vlan security enable
Default
The voice VLAN security mode is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
In security mode, a voice VLAN transmits only voice packets whose source MAC addresses match the OUI addresses of the device.
In normal mode, a voice VLAN transmits voice packets and non-voice packets.
Examples
# Disable the voice VLAN security mode.
<Sysname> system-view
[Sysname] undo voice-vlan security enable
Related commands
display voice-vlan state
voice-vlan track lldp
Use voice-vlan track lldp to enable LLDP for automatic IP phone discovery.
Use undo voice-vlan track lldp to disable LLDP for automatic IP phone discovery.
Syntax
voice-vlan track lldp
undo voice-vlan track lldp
Views
System view
Default
LLDP for automatic IP phone discovery is disabled.
Predefined user roles
network-admin
mdc-admin
Examples
# Enable LLDP for automatic IP phone discovery.
<Sysname> system-view
[Sysname] voice-vlan track lldp
