The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network.

This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] default

This command will restore the default settings. Continue? [Y/N]:y

description

Use description to change the description of the VLAN or VLAN interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description for a VLAN is VLAN vlan-id, which is the ID of the VLAN. For example, the default description of VLAN 100 is VLAN 0100. The default description for a VLAN interface is the name of the interface. For example, the default description of VLAN-interface 1 is Vlan-interface1 Interface.

Views

VLAN view, VLAN interface view

Default command level

2: System level

Parameters

text: Description for a VLAN or VLAN interface. The string can include case-sensitive letters, digits, special characters such as tilde (~), exclamation point (!), at sign (@), pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&), asterisk (*), left brace({), right brace (}), left parenthesis ((), right parenthesis ()), left bracket ([), right bracket (]), left angle bracket (<), right angle bracket (>), hyphen (-), underscore(_), plus sign (+), equal sign (=), vertical bar (|), back slash (\), colon (:), semi-colon (;) quotation marks ("), apostrophe ('), comma (,), dot (.), and slash (/), spaces, and other Unicode characters and symbols.

· For a VLAN, this is a string of 1 to 32 characters.

· For a VLAN interface, this is a string of 1 to 80 characters.

When you configure a description, follow these guidelines:

· Each Unicode character takes the space of two regular characters.

· To use Unicode characters or symbols in an interface description, install the specific input method editor and log in to the device through remote login software that supports the character type.

· When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two and creating garbled characters at the end of a line.

Usage guidelines

Configure a description to describe the function or connection of a VLAN or VLAN interface for easy management.

Examples

# Change the description of VLAN 2 to sales-private.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] description sales-private

# Change the description of VLAN-interface 2 to linktoPC56.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] description linktoPC56

Related commands

· display interface vlan-interface

· display vlan

display interface vlan-interface

Use display interface vlan-interface to display information about a specified or all VLAN interfaces.

Syntax

display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]

display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

vlan-interface-id: Specifies a VLAN interface number.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

If you do not provide the vlan-interface keyword, this command displays information about all interfaces.

If you provide the vlan-interface keyword but do not specify the VLAN interface number, this command displays information about all VLAN interfaces.

Examples

# Display information for VLAN-interface 2.

<Sysname> display interface vlan-interface 2

Vlan-interface2 current state: DOWN

Line protocol current state: DOWN

Description: Vlan-interface2 Interface

The Maximum Transmit Unit is 1500

Internet protocol processing : disabled

IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e249-8050

Last clearing of counters: Never

Last 300 seconds input: 0 bytes/sec 0 packets/sec

Last 300 seconds output: 0 bytes/sec 0 packets/sec

0 packets input, 0 bytes, 0 drops

0 packets output, 0 bytes, 0 drops

# Display brief information for VLAN-interface 2.

<Sysname> display interface vlan-interface 2 brief

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Main IP Description

Vlan2 DOWN DOWN --

# Display brief information for VLAN interfaces in DOWN state.

<Sysname> display interface vlan-interface brief down

The brief information of interface(s) under route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

Vlan2 DOWN Not connected

Table 1 Command output

Field	Description
Vlan-interface2 current state	Physical state of a VLAN interface: · DOWN (Administratively)—The administrative state of the VLAN interface is down, because it has been shut down with the shutdown command. · DOWN—The administrative sate of the VLAN interface is up, but its physical sate is down. The VLAN corresponding to this interface does not contain any physical port in the UP state (possibly because the ports are not well connected or the lines have failed). · UP—Both the administrative state and the physical state of the VLAN interface are up.
Line protocol current state	Link layer protocol state of a VLAN interface: · DOWN—The protocol state of the VLAN interface is down. · UP—The protocol state of the VLAN interface is up.
Description	Description string of a VLAN interface.
The Maximum Transmit Unit	MTU of a VLAN interface.
Internet protocol processing : disabled	The interface is not capable of processing IP packets. This information is displayed when the interface is not configured with an IP address.
Internet Address is 192.168.1.54/24 Primary	The primary IP address of the interface is 192.168.1.54/24. This information is displayed only if the primary IP address is configured for the interface.
Internet Address is 6.4.4.4/24 Sub	The secondary IP address of the interface is 6.4.4.4/24. This information is displayed only if a secondary IP address is configured for the interface.
IP Packet Frame Type	IPv4 outgoing frame format.
Hardware address	MAC address corresponding to a VLAN interface.
Last clearing of counters	Time when the reset counters interface vlan-interface command was last used to clear the interface statistics. Never indicates the reset counters interface vlan-interface command has never been used on the interface after the device’s startup.
Last 300 seconds input: 0 bytes/sec 0 packets/sec	Average rate of input packets in the last 300 seconds (in bps and pps).
Last 300 seconds output: 0 bytes/sec 0 packets/sec	Average rate of output packets in the last 300 seconds (in bps and pps).
0 packets input, 0 bytes, 0 drops	Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets.
0 packets output, 0 bytes, 0 drops	Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets.
The brief information of interface(s) under route mode	Brief information about Layer 3 interfaces.
Link: ADM - administratively down; Stby - standby	State of the interface: · ADM—The interface has been administratively shut down. To recover its physical state, use the undo shutdown command. · Stby—The interface is operating as a standby interface.
Protocol: (s) - spoofing	If the network layer protocol state of an interface is shown as UP, but its link is an on-demand link or not present at all, its protocol attribute includes the spoofing flag (an s in parentheses).
Interface	Abbreviated interface name.
Link	Physical link state of the interface: · UP—The link is up. · ADM—The link has been administratively shut down. To recover its physical state, use the undo shutdown command.
Protocol	Protocol connection state of the interface: · UP. · DOWN. · UP(s).
Main IP	Main IP address of the interface.
Description	Description of the interface.
Cause	Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To restore the physical state of the interface, use the undo shutdown command.

Related commands

reset counters interface vlan-interface

display vlan

Use display vlan to display VLAN information.

Syntax

display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

vlan-id1: Displays information about a VLAN specified by VLAN ID, ranging from 1 to 4094.

vlan-id1 to vlan-id2: Displays information about VLANs specified by a VLAN ID range. vlan-id2 must be no smaller than vlan-id1.

all: Displays all VLAN information but the reserved VLANs.

dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are generated through MVRP or GVRP or those distributed by a RADIUS server.

reserved: Displays information about the reserved VLANs. Protocol modules determine which VLANs are reserved VLANs, according to function implementation, and reserved VLANs serve protocol modules. You cannot configure reserved VLANs.

static: Displays the number of static VLANs and the ID for each static VLAN. The static VLANs are manually created.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display VLAN 2 information.

<Sysname> display vlan 2

VLAN ID: 2

VLAN Type: static

Route interface: not configured

Description: VLAN 0002

Name: VLAN 0002

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3

# Display VLAN 3 information.

<Sysname> display vlan 3

VLAN ID: 3

VLAN Type: static

Route Interface: configured

IP Address: 1.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0003

Name: VLAN 0003

Tagged Ports: none

Untagged Ports: none

Table 2 Command output

Field	Description
VLAN Type	VLAN type, static or dynamic.
Route interface	Indicates whether the VLAN interface is configured.
Description	Description of the VLAN.
Name	Name configured for the VLAN.
IP Address	Primary IP address of the VLAN interface. This is available only when an IP address is configured for the VLAN interface. To display secondary IP addresses, use the display interface vlan-interface command in any view or the display this command in VLAN interface view.
Subnet Mask	Subnet mask of the primary IP address. This is available only when an IP address is configured for the VLAN interface.
Tagged Ports	Ports through which VLAN packets are sent tagged.
Untagged Ports	Ports through which VLAN packets are sent untagged.

Related commands

vlan

interface vlan-interface

Use interface vlan-interface to create a VLAN interface and enter its view or enter the view of an existing VLAN interface.

Use undo interface vlan-interface to remove the specified VLAN interface.

Syntax

interface vlan-interface vlan-interface-id

undo interface vlan-interface vlan-interface-id

Views

System view

Default command level

2: System level

Parameters

vlan-interface-id: Specifies a VLAN interface number, ranging from 1 to 4094.

Usage guidelines

Create the VLAN before you create the VLAN interface.

To configure an IP address for a VLAN interface that will perform IP routing, use the ip address command in VLAN interface view.

Examples

# Create VLAN-interface 2, and enter its view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2]

Related commands

display interface vlan-interface

ip address

Use ip address to assign an IP address and subnet mask to a VLAN interface.

Use undo ip address to remove the IP address and subnet mask for a VLAN interface.

Syntax

ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]

Default

No IP address is assigned to any VLAN interface.

Views

VLAN interface view

Default command level

2: System level

Parameters

ip-address: Specifies an IP address in dotted decimal notation.

mask: Specifies a subnet mask in dotted decimal notation.

mask-length: Sets the number of consecutive 1s in the subnet mask, ranging from 0 to 32.

sub: Indicates the address is a secondary IP address.

Usage guidelines

To connect a VLAN to multiple subnets, assign one primary IP address and multiple secondary IP addresses to a VLAN interface.

When you configure IP addresses for a VLAN interface, follow these guidelines:

· The primary IP address you assign to a VLAN interface overwrites the previous one, if any.

· Remove all secondary IP addresses before you remove the primary IP address.

· To remove all IP addresses, use the undo ip address command without any parameter.

· To remove the primary IP address, use the undo ip address ip-address { mask | mask-length } command.

· To remove a secondary IP address, use the undo ip address ip-address { mask | mask-length } sub command.

Examples

# Specify the IP address as 1.1.0.1, the subnet mask as 255.255.255.0 for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ip address 1.1.0.1 255.255.255.0

Related commands

display ip interface (Layer 3—IP Services Command Reference)

mtu

Use mtu to set the MTU for a VLAN interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of a VLAN interface is 1500 bytes.

Views

VLAN interface view

Default command level

2: System level

Parameters

size: Sets the MTU in bytes, in the range of 46 to 1500.

Examples

# Set the MTU to 1492 bytes for VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] mtu 1492

Related commands

display interface vlan-interface

name

Use name to configure a name for the VLAN.

Use undo name to restore the default name of the VLAN.

Syntax

name text

undo name

Default

The name of a VLAN is VLAN vlan-id, which is its VLAN ID. For example, the default name of VLAN 100 is VLAN 0100.

Views

VLAN view

Default command level

2: System level

Parameters

text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive letters, digits, special characters such as tilde (~), exclamation point (!), at sign (@), pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&), asterisk (*), left brace({), right brace (}), left parenthesis ((), right parenthesis ()), left bracket ([), right bracket (]), left angle bracket (<), right angle bracket (>), hyphen (-), underscore(_), plus sign (+), equal sign (=), vertical bar (|), back slash (\), colon (:), semi-colon (;) quotation marks ("), apostrophe ('), comma (,), dot (.), and slash (/), spaces, and other Unicode characters and symbols.

When you configure a description, follow these guidelines:

· Each Unicode character takes the space of two regular characters.

· To use Unicode characters or symbols in an interface description, install the specific input method editor and log in to the device through remote login software that supports the character type.

Usage guidelines

When 802.1X or MAC address authentication is configured on the WX5540E switching engine, you can use a RADIUS server to issue VLAN configuration to ports that have passed the authentication. Some servers can send IDs or names of the issued VLANs to the switching engine.

Use VLAN names, rather than VLAN IDs, to distinguish a large number of VLANs.

Examples

# Configure the name of VLAN 2 as Test VLAN.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] name Test VLAN

Related commands

display vlan

reset counters interface vlan-interface

Use reset counters interface vlan-interface to clear the statistics on a VLAN interface.

Syntax

reset counters interface vlan-interface [ vlan-interface-id ]

Views

User view

Default command level

2: System level

Parameters

vlan-interface-id: Specifies a VLAN interface number.

Usage guidelines

Before collecting the traffic statistics within a specific period of time on an interface, clear the existing statistics first.

If the vlan-interface-id argument is not specified, this command clears the statistics of all VLAN interfaces.

If the vlan-interface-id argument is specified, this command clears the statistics of the specified VLAN interface.

Examples

# Clear the statistics on VLAN-interface 2.

<Sysname> reset counters interface vlan-interface 2

Related commands

display interface vlan-interface

shutdown

Use shutdown to manually shut down a VLAN interface.

Use undo shutdown to cancel the action of shutting down a VLAN interface.

Syntax

shutdown

undo shutdown

Default

A VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and goes down if all ports in the VLAN go down.

Views

VLAN interface view

Default command level

2: System level

Usage guidelines

A VLAN interface shut down with the shutdown command is in DOWN (Administratively) state until you bring it up, regardless of how the state of the ports in the VLAN changes.

Before configuring parameters for a VLAN interface, shut down the VLAN interface with the shutdown command to prevent the configurations from affecting the network. Use the undo shutdown command to bring up a VLAN interface after you have configured related parameters and protocols for the VLAN interface.

You can shut down a failed interface with the shutdown command and then bring it up with the undo shutdown command to see if it recovers.

In a VLAN, the state of any Ethernet port is independent of the state of the VLAN interface.

Examples

# Shut down VLAN-interface 2 and then bring it up.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] shutdown

[Sysname-Vlan-interface2] undo shutdown

vlan

Use vlan vlan-id to create a VLAN and enter its view or enter the view of an existing VLAN.

Use vlan vlan-id1 to vlan-id2 to create VLANs ranging from vlan-id1 to vlan-id2, except reserved VLANs.

Use vlan all to create VLANs 1 through 4094.

Use undo vlan to remove the specified VLANs.

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

Default

Only the default VLAN (VLAN 1) exists in the system.

Views

System view

Default command level

2: System level

Parameters

vlan-id1, vlan-id2: Specifies a VLAN ID, ranging from 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN range. vlan-id2 must be no smaller than vlan-id1.

all: Creates or removes all VLANs except reserved VLANs.

Usage guidelines

You cannot create or remove the default VLAN (VLAN 1).

You cannot create or remove VLANs reserved for specific functions.

For the following VLANs, you must remove the related configurations first, because you cannot use the undo vlan command to directly remove them:

· Protocol reserved VLANs

· Voice VLANs

· Management VLANs

· Dynamic VLANs

· VLANs configured with QoS policies

· Control VLANs configured for smart link groups or RRPP domains

· Remote probe VLANs for remote port mirroring

Examples

# Create VLAN 2, and enter VLAN 2 view.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2]

# Create VLAN 4 through VLAN 100.

<Sysname> system-view

[Sysname] vlan 4 to 100

Please wait............. Done.

Related commands

display vlan

Port-based VLAN configuration commands

display port

Use display port to display information about the hybrid or trunk ports on the device, including the port names, PVIDs, and allowed VLAN IDs.

Syntax

display port { hybrid | trunk } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

hybrid: Displays hybrid ports.

trunk: Displays trunk ports.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display information about the hybrid ports in the system.

<Sysname> display port hybrid

Interface PVID VLAN passing

GE1/0/4 100 Tagged: 1000, 1002, 1500, 1600-1611, 2000,

2555-2558, 3000, 4000

Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,

150-160, 200, 255, 286, 300-302

# Display information about the trunk ports in the system.

<Sysname> display port trunk

Interface PVID VLAN passing

GE1/0/8 2 1-4, 6-100, 145, 177, 189-200, 244, 289, 400,

555, 600-611, 1000, 2006-2008

Table 3 Command output

Field	Description
Interface	Port name.
PVID	Port VLAN ID.
VLAN passing	VLANs for which the port allows packets to pass through.
Tagged	VLANs for which the port sends packets without removing VLAN tags.
Untagged	VLANs for which the port sends packets after removing VLAN tags.

port

Use port to assign the specified access ports to the VLAN.

Use undo port to remove the specified access ports from the VLAN.

Syntax

port interface-list

undo port interface-list

Default

All ports are in VLAN 1. All ports are access ports. However, you can manually configure the port type. For more information, see "port link-type."

Views

VLAN view

Default command level

2: System level

Parameters

interface-list: Specifies an interface list, in the format of interface-list = { interface-type interface-number1 [ to interface-type interface-number2 ] }&<1-10>, where interface-type interface-number specifies an interface by its type and number, and &<1-10> indicates that you can specify up to 10 ports or port ranges.

Usage guidelines

This command is only applicable on access ports.

You cannot assign Layer 2 aggregate interfaces to a VLAN.

Examples

# Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3

Related commands

display vlan

port access vlan

Use port access vlan to assign the access ports to the specified VLAN.

Use undo port access vlan to restore the default.

Syntax

port access vlan vlan-id

undo port access vlan

Default

All access ports belong to VLAN 1.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Make sure that the VLAN specified by the VLAN ID already exists.

Usage guidelines

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign GigabitEthernet 1/0/1 to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port access vlan 3

# Assign Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports to VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port access vlan 3

port hybrid pvid

Use port hybrid pvid to configure the PVID of the hybrid port.

Use undo port hybrid pvid to restore the default.

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

Default

The PVID of a hybrid port is VLAN 1.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a hybrid port. If you use the undo vlan command to remove the PVID of a hybrid port, it does not affect the setting of the PVID on the port.

H3C recommends that you set the same PVID for the local and remote hybrid ports.

You must use the port hybrid vlan command to configure the hybrid port to pass and forward packets from the PVID.

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure VLAN 100 as the PVID of the hybrid port GigabitEthernet 1/0/1, and assign GigabitEthernet 1/0/1 to VLAN 100 as an untagged member.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 100

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 untagged

# Configure VLAN 100 as the PVID of the hybrid Layer 2 aggregate interface Bridge-Aggregation 1, and assign Bridge-Aggregation 1 to VLAN 100 as an untagged member.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid pvid vlan 100

[Sysname-Bridge-Aggregation1] port hybrid vlan 100 untagged

Related commands

· port link-type

· port hybrid vlan

port hybrid vlan

Use port hybrid vlan to assign the hybrid ports to the specified VLANs.

Use undo port hybrid vlan to remove the hybrid ports from the specified VLANs.

Syntax

port hybrid vlan vlan-list { tagged | untagged }

undo port hybrid vlan vlan-list

Default

A hybrid port only allows packets from VLAN 1 to pass through untagged.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-list: Specifies a list of VLANs that the hybrid ports will be assigned to in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094, vlan-id2 must be no smaller than vlan-id1, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Make sure that the specified VLANs already exist.

tagged: Configures the ports to send the tagged packets of the specified VLANs.

untagged: Configures the ports to send the untagged packets of the specified VLANs.

Usage guidelines

A hybrid port can carry multiple VLANs. If you use the port hybrid vlan command multiple times, the VLANs the hybrid port carries are the set of VLANs specified by vlan-list in each execution.

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign the hybrid port GigabitEthernet 1/0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags kept.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged

# Assign hybrid ports in port group 2 to VLAN 2, and configure these hybrid ports to send packets of VLAN 2 with VLAN tags removed.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] port-group manual 2

[Sysname-port-group-manual-2] group-member gigabitethernet 1/0/1 to gigabitethernet 1/0/6

[Sysname-port-group-manual-2] port link-type hybrid

[Sysname-port-group-manual-2] port hybrid vlan 2 untagged

Configuring GigabitEthernet1/0/1... Done.

Configuring GigabitEthernet1/0/2... Done.

Configuring GigabitEthernet1/0/3... Done.

Configuring GigabitEthernet1/0/4... Done.

Configuring GigabitEthernet1/0/5... Done.

Configuring GigabitEthernet1/0/6... Done.

# Assign the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports to VLAN 2, and configure them to send packets of VLAN 2 with tags removed.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged

Please wait... Done.

Configuring GigabitEthernet1/0/1... Done.

Configuring GigabitEthernet1/0/2... Done.

Configuring GigabitEthernet1/0/3... Done.

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

port link-type

Use port link-type to configure the link type of a port.

Use undo port link-type to restore the default link type of a port.

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

Default

Any port is an access port.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

access: Configures the link type of a port as access.

hybrid: Configures the link type of a port as hybrid.

trunk: Configures the link type of a port as trunk.

Usage guidelines

To change the link type of a port from trunk to hybrid or vice versa, you must first set the link type to access.

After you change the link type of an interface with the port link-type command, the loopback detection action configured on the interface with the loopback-detection action command automatically restores the default. For more information about the loopback-detection action command, see "Ethernet interface configuration commands."

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure GigabitEthernet 1/0/1 as a trunk port.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

# Configure all ports in the manual port group group1 as hybrid ports.

<Sysname> system-view

[Sysname] port-group manual group1

[Sysname-port-group manual group1] group-member gigabitethernet 1/0/1

[Sysname-port-group manual group1] group-member gigabitethernet 1/0/2

[Sysname-port-group manual group1] port link-type hybrid

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports as hybrid ports.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

port trunk permit vlan

Use port trunk permit vlan to assign the trunk ports to the specified VLANs.

Use undo port trunk permit vlan to remove the trunk ports from the specified VLANs.

Syntax

port trunk permit vlan { vlan-list | all }

undo port trunk permit vlan { vlan-list | all }

Default

A trunk port allows only packets from VLAN 1 to pass through.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-list: Specifies a list of VLANs that the trunk ports will be assigned to in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094, vlan-id2 must be no smaller than vlan-id1, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Make sure that the specified VLANs already exist.

all: Permits all VLANs to pass through the trunk ports.

Usage guidelines

A trunk port can carry multiple VLANs. If you use the port trunk permit vlan command multiple times, the trunk port carries the set of VLANs specified by vlan-list in each execution.

The port trunk permit vlan all command can be ineffective on super VLANs or voice VLANs. If you are prompted with a configuration error message when using this command, use the display this command to view the execution result.

On a trunk port, only traffic of the PVID can pass through untagged.

To prevent unauthorized VLAN users from accessing restricted resources, use the port trunk permit vlan all command with caution.

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Assign the trunk port GigabitEthernet 1/0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100

Please wait........... Done.

# Assign the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 2.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type trunk

[Sysname-Bridge-Aggregation1] port trunk permit vlan 2

Please wait... Done.

Configuring GigabitEthernet1/0/1... Done.

Configuring GigabitEthernet1/0/2... Done.

Configuring GigabitEthernet1/0/3... Done.

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

port link-type

port trunk pvid

Use port trunk pvid to configure the PVID for the trunk port.

Use undo port trunk pvid to restore the default.

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

Default

The PVID of a trunk port is VLAN 1.

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a trunk port. If you use the undo vlan command to remove the PVID of a trunk port, it does not affect the setting of the PVID on the port.

The local and remote trunk ports must use the same PVID for the traffic of the PVID to be transmitted properly.

You must use the port trunk permit vlan command to configure the trunk port to allow and forward packets from the PVID.

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Examples

# Configure VLAN 100 as the PVID of the trunk port GigabitEthernet 1/0/1, and assign GigabitEthernet 1/0/1 to VLAN 100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 100

# Configure VLAN 100 as the PVID of the trunk Layer 2 aggregate interface Bridge-Aggregation 1, and assign Bridge-Aggregation 1 to VLAN 100.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type trunk

[Sysname-Bridge-Aggregation1] port trunk pvid vlan 100

[Sysname-Bridge-Aggregation1] port trunk permit vlan 100

Related commands

· port link-type

· port trunk permit vlan

MAC-based VLAN configuration commands

display mac-vlan

Use display mac-vlan to display the specified MAC address-to-VLAN entries.

Syntax

display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

all: Displays all MAC address-to-VLAN entries.

dynamic: Displays dynamically configured MAC address-to-VLAN entries.

mac-address mac-address: Displays the MAC address-to-VLAN entry containing the specified MAC address.

mask mac-mask: Displays the MAC address-to-VLAN entries with their MAC addresses in the specified range.

static: Displays the statically configured MAC address-to-VLAN entries.

vlan vlan-id: Displays the MAC address-to-VLAN entries associated with the specified VLAN.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

If mac-address mac-address is specified, but mask is not specified, only the MAC address-to-VLAN entry containing the specified MAC address is displayed.

Examples

# Display all MAC address-to-VLAN entries.

<Sysname> display mac-vlan all

The following MAC-VLAN address exist:

S: Static D: Dynamic

MAC ADDR MASK VLAN ID PRIO STATE

-------------------------------------------------------------------

0008-0001-0000 FFFF-FF00-0000 5 3 S

0002-0001-0000 FFFF-FFFF-FFFF 5 3 S&D

Total MAC VLAN address count:2

Table 4 Command output

Field	Description
S: Static	S stands for the MAC address-to-VLAN entries that are configured statically.
D: Dynamic	D stands for the MAC address-to-VLAN entries that are configured dynamically.
MAC ADDR	MAC address of a MAC address-to-VLAN entry.
MASK	Mask of the MAC address of a MAC address-to-VLAN entry.
VLAN ID	VLAN ID of a MAC address-to-VLAN entry.
PRIO	802.1p priority corresponding to the MAC address of a MAC address-to-VLAN entry.
STATE	State of a MAC address-to-VLAN entry: · S—The MAC address-to-VLAN entry is configured statically. · D—The MAC address-to-VLAN entry is configured automatically through the authentication server. · S&D—The MAC address-to-VLAN entry is configured both statically and dynamically.

display mac-vlan interface

Use display mac-vlan interface to display all ports with MAC-based VLAN enabled.

Syntax

display mac-vlan interface [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display all interfaces with MAC-based VLAN enabled.

<Sysname> display mac-vlan interface

MAC VLAN is enabled on following ports:

---------------------------------------

GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3

Related commands

mac-vlan enable

Use mac-vlan enable to enable the MAC-based VLAN feature on a port.

Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port.

Syntax

mac-vlan enable

undo mac-vlan enable

Default

The MAC-based VLAN feature is disabled on a port.

Views

Layer 2 Ethernet port view

Default command level

2: System level

Usage guidelines

This command is available on only hybrid ports.

Examples

# Enable the MAC-based VLAN feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname] port link-type hybrid

[Sysname–GigabitEthernet1/0/1] mac-vlan enable

mac-vlan mac-address

Use mac-vlan mac-address to associate the specified VLAN and priority value with the specified MAC addresses.

Use undo mac-vlan to remove the association.

Syntax

mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ priority pri ]

undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }

Default

The hexadecimal digits of this argument are all Fs.

Views

System view

Default command level

2: System level

Parameters

mac-address mac-address: Specifies a MAC address.

mask mac-mask: Specifies a mask for the MAC address in the format of H-H-H. The mac-mask argument is comprised of the high-order part (all binary bits of which are 1s) and the low-order part (all binary bits of which are 0s).

vlan vlan-id: Specifies a VLAN ID, ranging from of 1 to 4094.

priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. The pri argument ranges from 0 to 7.

all: Removes all static MAC address-to-VLAN entries.

Usage guidelines

Two MAC address-to-VLAN entry tables exist in a device. One table contains the MAC address-to-VLAN entries configured with the mask keyword specified. A MAC address-to-VLAN entry of this type describes the relationship between a group of MAC addresses and a VLAN, and a priority value. Another table contains the MAC address-to-VLAN entries configured without the mask keyword specified. A MAC address-to-VLAN entry of this type describes the relationship between a single MAC address and a VLAN, and a priority value. The system adds or removes MAC address-to-VLAN entries to or from the two tables according to the configuration.

Examples

# Associate a single MAC address 0-1-1 with VLAN 100 and 802.1p priority 7.

<Sysname> system-view

[Sysname] mac-vlan mac-address 0-1-1 vlan 100 priority 7

# Associate the MAC addresses with the high-order six hexadecimal digits being 121122 with VLAN 100 and 802.1p priority 4.

<Sysname> system-view

[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 priority 4

mac-vlan trigger enable

Use mac-vlan trigger enable to enable dynamic MAC-based VLAN assignment. The port configured with this command is dynamically assigned to VLANs based on the source MAC addresses of the received packets.

Use undo mac-vlan trigger enable to restore the default.

Syntax

mac-vlan trigger enable

undo mac-vlan trigger enable

Default

Dynamic MAC-based VLAN assignment is not enabled.

Views

Layer 2 Ethernet port view

Default command level

2: System level

Usage guidelines

After receiving a packet with an unknown source MAC address, a port submits the packet to the CPU.

If the source MAC address matches a MAC address-to-VLAN entry (whose mask is all Fs) maintained by the device, the device dynamically learns the source MAC address and assigns the receiving port to the corresponding VLAN. Then, subsequent packets with this source MAC address can be directly forwarded through the port.

If the MAC address does not match any MAC address-to-VLAN entry or matches only a MAC address-to-VLAN entry whose mask is not all Fs, the device does not dynamically learn the MAC address and assign the receiving port to the corresponding VLAN.

Examples

# Enable dynamic MAC-based VLAN assignment on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mac-vlan trigger enable

port pvid disable

Use port pvid disable to disable the PVID of the port from forwarding packets whose source MAC addresses do not match any MAC address-to-VLAN entry.

Use undo port pvid disable to restore the default.

Syntax

port pvid disable

undo port pvid disable

Default

When a port receives a packet with an unknown source MAC address that does not match any MAC address-to-VLAN entry, it forwards the packet in its PVID.

Views

Layer 2 Ethernet port view

Default command level

2: System level

Examples

# Disable the PVID of GigabitEthernet 1/0/1 from forwarding packets whose source MAC addresses do not match any MAC address-to-VLAN entry.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port pvid disable

vlan precedence

Use vlan precedence to set the order of VLAN matching.

Use undo vlan precedence to restore the default.

Syntax

vlan precedence { mac-vlan | ip-subnet-vlan }

undo vlan precedence

Default

VLANs are matched based on single MAC addresses preferentially.

Views

Layer 2 Ethernet port view, port group view

Default command level

2: System level

Parameters

mac-vlan: Matches VLANs based on single MAC addresses preferentially.

ip-subnet-vlan: Matches VLANs based on IP subnets preferentially.

Usage guidelines

This command only applies to VLANs based on a single MAC address and IP subnet-based VLANs.

If both the MAC-based VLAN function and the IP subnet-based VLAN function are created on a port, MAC address-to-VLAN entries are matched preferentially, and the remaining VLAN entries (VLAN entries based on a single MAC address and IP subnet-based VLANs) are matched as configured by the vlan precedence command.

Examples

# Configure matching VLANs based on single MAC addresses preferentially on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] vlan precedence mac-vlan

Protocol-based VLAN configuration commands

display protocol-vlan interface

Use display protocol-vlan interface to display information about protocol-based VLANs for the specified ports.

Syntax

display protocol-vlan interface { interface-type interface-number1 [ to interface-type interface-number2 ] | all } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

2: System level

Parameters

interface-type interface-number1: Specifies an interface by its type and number.

interface-type interface-number1 to interface-type interface-number2: Specifies an interface range.

all: Displays information about protocol-based VLANs on all ports.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display protocol-based VLAN information on GigabitEthernet 1/0/1.

[Sysname] display protocol-vlan interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

VLAN ID Protocol Index Protocol Type

======================================================

3 0 ipv4

Table 5 Command output

Field	Description
VLAN ID	ID of the protocol-based VLAN bound to the port.
Protocol Index	Protocol template index.
Protocol Type	Protocol type specified by the protocol template.

display protocol-vlan vlan

Use display protocol-vlan vlan to display the protocols and protocol indexes configured on the specified VLANs.

Syntax

display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

2: System level

Parameters

vlan-id1: Specifies a protocol-based VLAN ID, ranging from 1 to 4094.

vlan-id1 to vlan-id2: Displays protocol-based VLAN information of a VLAN range from vlan-id1 to vlan-id2. vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094. vlan-id2 must be no smaller than vlan-id1.

all: Displays information about all protocol-based VLANs.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the protocols and protocol indexes configured on all protocol-based-VLANs.

<Sysname> display protocol-vlan vlan all

VLAN ID:2

Protocol Index Protocol Type

======================================================

0 ipv4

VLAN ID:3

Protocol Index Protocol Type

======================================================

0 ipv4

Table 6 Command output

Field	Description
VLAN ID	ID of the protocol-based VLAN bound to the port.
Protocol Index	Protocol template index.
Protocol Type	Protocol type specified by the protocol template.

Related commands

display vlan

port hybrid protocol-vlan

Use port hybrid protocol-vlan to associate the hybrid ports with a protocol-based VLAN.

Use undo port hybrid protocol-vlan to remove the association.

Syntax

port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }

undo port hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all }

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

protocol-index: Specifies a protocol index, ranging from 0 to 15. The value can be specified by the users or assigned by the system automatically when the protocol-based VLAN is created. You can use the display protocol-vlan vlan all command to display the protocol indexes.

to protocol-end: Specifies the end protocol index. The protocol-end argument ranges from 0 to 15, and must be greater than or equal to the beginning protocol index.

all: Specifies all protocols bound to vlan-id.

Usage guidelines

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Before you use this command, make the following configurations:

· Create a VLAN and associate it with specified protocols.

· Configure the link type as hybrid.

· Configure the port to allow the protocol-based VLAN to pass through.

Examples

# Associate the hybrid port GigabitEthernet 1/0/1 with protocol 0 (IPv4) in VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] protocol-vlan ipv4

[Sysname-vlan2] quit

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged

Please wait... Done

[Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 0

# Associate the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 with protocol 0 in VLAN 2.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] protocol-vlan ipv4

[Sysname-vlan2] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged

Please wait... Done

Configuring GigabitEthernet1/0/1... Done.

Configuring GigabitEthernet1/0/2... Done.

Configuring GigabitEthernet1/0/3... Done.

[Sysname-Bridge-Aggregation1] port hybrid protocol-vlan vlan 2 0

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

display protocol-vlan interface

protocol-vlan

Use protocol-vlan to configure the VLAN as a protocol based VLAN and to configure the protocol template for the VLAN.

Use undo protocol-vlan to remove the configured protocol template.

Syntax

protocol-vlan [ protocol-index ] { at | ipv4 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }

undo protocol-vlan { protocol-index [ to protocol-end ] | all }

Default

No VLAN is bound to any protocol template.

Views

VLAN view

Default command level

2: System level

Parameters

at: Specifies the AppleTalk based VLAN.

ipv4: Specifies the IPv4 based VLAN.

ipx: Specifies the IPX based VLAN. The keywords ethernetii, llc, raw, and snap are encapsulation formats for IPX.

mode: Configures a user-defined protocol template for the VLAN, which could also have the following encapsulation formats: ethernetii, llc, and snap.

ethernetii etype etype-id: Matches Ethernet II encapsulation format and the corresponding protocol type values. The etype-id argument is the protocol type ID of inbound packets, ranging from 0x0600 to 0xFFFF (excluding 0x0800, 0x809B, 0x8137, and 0x86DD).

llc: Matches the llc encapsulation format.

dsap dsap-id: Specifies the destination service access point, ranging from of 0x00 to 0xFF.

ssap ssap-id: Specifies the source service access point, ranging from of 0x00 to 0xFF.

snap etype etype-id: Matches SNAP encapsulation format and the corresponding protocol type values. The etype-id argument is the Ethernet type of inbound packets, ranging from 0x0600 to 0xFFFF (excluding 0x8137).

protocol-index: Specifies a protocol template index, ranging from 0 to 15. The system automatically assigns an index if this parameter is not specified.

to protocol-end: Specifies the end protocol index. The protocol-end argument ranges from 0 to 15, and must be greater than or equal to the protocol-index argument.

all: Removes all protocols bound to the VLAN.

Usage guidelines

When you use the mode keyword to configure a protocol template, follow these restrictions and guidelines:

· Do not configure the following values for the etype-id argument in the ethernetii etype etype-id option:

¡ 0x0800—Specifies the IPv4 protocol in Ethernet II encapsulation.

¡ 0x809B—Specifies the AppleTalk protocol in Ethernet II encapsulation.

¡ 0x8137—Specifies the IPX protocol in Ethernet II encapsulation.

· Do not configure any of the following values for both the dsap-id and ssap-id arguments when the llc keyword is specified:

¡ 0xE0—Specifies the 802.2 LLC encapsulation format for IPX packets.

¡ 0xFF—Specifies the 802.3 raw encapsulation format for IPX packets.

¡ 0xAA—Specifies the 802.2 SNAP encapsulation format.

When either of the dsap-id and ssap-id arguments is configured, the system assigns 0xAA to the other argument.

· Do not set the etype-id argument in the snap etype etype-id option to 0x8137. Otherwise, the template format is the same as that of the IPX protocol. You can set etype-id to 0x0800 or 0x809B, corresponding to IPv4 and AppleTalk respectively.

Examples

CAUTION:

IP uses ARP for address resolution in Ethernet. To prevent communication failure, configure the IP and ARP templates in the same VLAN and associate them with the same port.

# Configure VLAN 3 as an IPv4 based VLAN.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] protocol-vlan ipv4

# Create an ARP protocol template for VLAN 3 (ARP code is 0x0806) to make VLAN 3 transmit ARP packets.

· To use Ethernet encapsulation, use this command:

[Sysname-vlan3] protocol-vlan mode ethernetii etype 0806

· To use 802.3 encapsulation, use this command:

[Sysname-vlan3] protocol-vlan mode snap etype 0806

Related commands

display protocol-vlan vlan

IP subnet-based VLAN configuration commands

display ip-subnet-vlan interface

Use display ip-subnet-vlan interface to display IP subnet-based VLANs and IP subnet indexes on the specified ports.

Syntax

display ip-subnet-vlan interface { interface-list | all } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

2: System level

Parameters

interface-list: Specifies an Ethernet port list in the format of interface-list = { interface-type interface-number1 [ to interface-type interface-number2 ] }&<1-10>, where interface-type interface-number specifies a port by its type and number and &<1-10> indicates that you can specify up to 10 ports or port ranges.

all: Displays IP subnet information about all ports with IP subnet-based VLAN configured.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display IP subnet-based VLANs and IP subnet indexes on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] display ip-subnet-vlan interface gigabitethernet1/0/1

Interface: GigabitEthernet1/0/1

VLAN ID Subnet-Index IP ADDRESS NET MASK

=======================================================

3 0 192.168.1.0 255.255.255.0

Table 7 Command output

Field	Description
Subnet-Index	Index of the IP subnet.
IP ADDRESS	IP address of the subnet (either an IP address or a network address).
NET MASK	Mask of the IP subnet.

display ip-subnet-vlan vlan

Use display ip-subnet-vlan vlan to display the IP subnet-based VLAN information and IP subnet indexes on the specified VLANs.

Syntax

display ip-subnet-vlan vlan { vlan-id1 [ to vlan-id2 ] | all } [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

2: System level

Parameters

vlan-id1: Specifies a VLAN ID, ranging from 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN ID range. vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094. vlan-id2 must be no smaller than vlan-id1.

all: Specifies all VLANs.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the IP subnet-based VLAN information and IP subnet indexes for all VLANs.

<Sysname> display ip-subnet-vlan vlan all

VLAN ID: 3

Subnet Index IP Address Subnet Mask

====================================================

0 192.168.1.0 255.255.255.0

Table 8 Command output

Field	Description
Subnet Index	IP subnet index.
IP Address	IP address of the subnet (either an IP address or a network address).
Subnet Mask	Mask of the IP subnet.

Related commands

display vlan

ip-subnet-vlan

Use ip-subnet-vlan to associate the VLAN with a specified IP subnet or IP address.

Use undo ip-subnet-vlan to remove the association.

Syntax

ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ]

undo ip-subnet-vlan { ip-subnet-index [ to ip-subnet-end ] | all }

Views

VLAN view

Default command level

2: System level

Parameters

ip-subnet-index: Specifies a beginning IP subnet index, ranging from 0 to 11. The value can be configured by users, or automatically numbered by the system, based on the order in which the IP subnets or IP addresses are associated with the VLAN.

ip ip-address [ mask ]: Specifies the source IP address or network address based on which the subnet-based VLANs are classified, in dotted decimal notation. The mask argument is the subnet mask of the source IP address or network address, in dotted decimal notation with a default value of 255.255.255.0.

to: Specifies an IP subnet index range.

ip-subnet-end: Specifies an end IP subnet index, ranging from 0 to 11. The value must be greater than or equal to the beginning IP subnet index.

all: Removes all associations between VLANs and IP subnets or IP addresses.

Usage guidelines

The IP subnet or IP address cannot be a multicast network segment or a multicast address.

Examples

# Configure VLAN 3 as an IP subnet-based VLAN and associate it with the 192.168.1.0/24 network segment.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

Related commands

display ip-subnet-vlan vlan

port hybrid ip-subnet-vlan

Use port hybrid ip-subnet-vlan to associate the Ethernet port with the specified IP subnet-based VLAN.

Use undo port hybrid ip-subnet-vlan to remove the association.

Syntax

port hybrid ip-subnet-vlan vlan vlan-id

undo port hybrid ip-subnet-vlan { vlan vlan-id | all }

Views

Layer 2 Ethernet interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan vlan-id: Specifies a VLAN ID, ranging from 1 to 4094.

all: Specifies all VLANs.

Usage guidelines

On an Ethernet port associated with an IP subnet-based VLAN, if the source IP address of a received untagged packet belongs to the corresponding IP subnet, the port tags the packet with the corresponding VLAN tag.

The configuration made in Layer 2 Ethernet interface view applies only to the port.

The configuration made in port group view applies to all ports in the port group.

The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.

· If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.

· If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port.

Only hybrid ports support this feature. Before you use this command, assign the port to the IP subnet-based VLAN with which you want to associate.

Examples

# Associate GigabitEthernet 1/0/1 with the IP subnet-based VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

[Sysname-vlan3] quit

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 3 untagged

Please wait... Done.

[Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3

# Associate the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 with the IP subnet-based VLAN 3.

<Sysname> system-view

[Sysname] vlan 3

[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0

[Sysname-vlan3] quit

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port link-type hybrid

[Sysname-Bridge-Aggregation1] port hybrid vlan 3 untagged

Please wait... Done

Configuring GigabitEthernet1/0/1... Done.

Configuring GigabitEthernet1/0/2... Done.

Configuring GigabitEthernet1/0/3... Done.

[Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3

The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.

Related commands

display ip-subnet-vlan interface

Super VLAN configuration commands

display supervlan

Use display supervlan to display the mapping between a super VLAN and sub-VLANs and to display information about these VLANs.

Syntax

display supervlan [ supervlan-id ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

supervlan-id: Specifies a super VLAN ID, ranging from 1 to 4094.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the mapping between a super VLAN and sub-VLANs.

<Sysname> display supervlan 2

Supervlan ID : 2

Subvlan ID : 3-5

VLAN ID: 2

VLAN Type: static

It is a Super VLAN.

Route Interface: configured

IP Address: 10.153.17.41

Subnet Mask: 255.255.252.0

Description: VLAN 0002

Name: VLAN 0002

Tagged Ports: none

Untagged Ports: none

VLAN ID: 3

VLAN Type: static

It is a Sub VLAN.

Route Interface: not configured

Description: VLAN 0003

Name: VLAN 0003

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/3

VLAN ID: 4

VLAN Type: static

It is a Sub VLAN.

Route Interface: not configured

Description: VLAN 0004

Name: VLAN 0004

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/4

VLAN ID: 5

VLAN Type: static

It is a Sub VLAN.

Route Interface: not configured

Description: VLAN 0005

Name: VLAN 0005

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/5

Table 9 Command output

Field	Description
Supervlan ID	Super VLAN ID.
Subvlan ID	Sub-VLAN ID.
VLAN Type	VLAN type (static or dynamic).
Route Interface	Indicates whether a VLAN interface is configured for the sub-VLAN or super VLAN.
IP Address	IP address of the VLAN interface configured for the sub-VLAN or super VLAN.
Subnet Mask	Subnet mask of the VLAN interface configured for the sub-VLAN or super VLAN.
Description	VLAN description.
Name	VLAN name.
Tagged Ports	Ports through which VLAN packets are sent tagged.
Untagged Ports	Ports through which VLAN packets are sent untagged.

Related commands

· supervlan

· subvlan

subvlan

Use subvlan to associate the super VLAN with sub-VLANs specified by vlan-list.

Use undo subvlan to remove the association.

Syntax

subvlan vlan-list

undo subvlan [ vlan-list ]

Views

VLAN view

Default command level

2: System level

Parameters

vlan-list: Specifies a sub-VLAN list, in the format of vlan-list = { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id represents the sub-VLAN ID ranging from 1 to 4094 and &<1-10> indicates that you can specify up to 10 sub-VLAN IDs or sub-VLAN ID ranges.

Usage guidelines

Verify that the sub-VLANs already exist before associating them with a super VLAN.

You can add/remove a port to/from a sub-VLAN already associated with a super VLAN.

If you use the undo subvlan command without vlan-list specified, you will remove the association between the specified super VLAN and all its sub-VLANs.

If you use the undo subvlan command with vlan-list specified, you will remove only the association between the super VLAN and the sub-VLANs specified by vlan-list.

Examples

# Associate VLAN 10 (the super VLAN) with VLAN 3, VLAN 4, VLAN 5, and VLAN 9 (the sub-VLANs).

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] subvlan 3 to 5 9

Related commands

display supervlan

supervlan

Use supervlan to configure the VLAN as a super VLAN.

Use undo supervlan to remove the super VLAN configuration for the VLAN.

Syntax

supervlan

undo supervlan

Views

VLAN view

Default command level

2: System level

Examples

# Configure VLAN 2 as a super VLAN.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] supervlan

Related commands

display supervlan

Isolate-user-VLAN configuration commands

display isolate-user-vlan

Use display isolate-user-vlan to display the mapping between an isolate-user-VLAN and secondary VLANs.

Syntax

display isolate-user-vlan [ isolate-user-vlan-id ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

isolate-user-vlan-id: Specifies an isolate-user-VLAN ID, ranging from 1 to 4094.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the mapping between an isolate-user-VLAN and secondary VLANs.

<Sysname> display isolate-user-vlan

Isolate-user-VLAN VLAN ID : 2

Secondary VLAN ID : 3 4

VLAN ID: 2

VLAN Type: static

Isolate-user-VLAN type : isolate-user-VLAN

Route Interface: configured

IP Address: 1.1.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0002

Name: VLAN 0002

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthernet1/0/4

VLAN ID: 3

VLAN Type: static

Isolate-user-VLAN type : secondary

Route Interface: not configured

Description: VLAN 0003

Name: VLAN 0003

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/2 GigabitEthernet1/0/3

VLAN ID: 4

VLAN Type: static

Isolate-user-VLAN type : secondary

Route Interface: not configured

Description: VLAN 0004

Name: VLAN 0004

Tagged Ports: none

Untagged Ports:

GigabitEthernet1/0/2 GigabitEthernet1/0/4

Table 10 Command output

Field	Description
VLAN Type	VLAN type (static or dynamic).
Isolate-user-VLAN type	VLAN type (isolate-user-VLAN or secondary VLAN).
Route Interface	Indicates whether a VLAN interface is configured for the VLAN.
IP Address	IP address of the VLAN interface, if configured. This field is not displayed if no IP address is configured for the VLAN interface.
Subnet Mask	Subnet mask of the VLAN interface, if configured. This field is not displayed if no mask is configured for the VLAN interface.
Description	VLAN description.
Name	VLAN name.
Tagged Ports	Ports through which packets of the VLAN are sent tagged.
Untagged Ports	Ports through which packets of the VLAN are sent untagged.

Related commands

· isolate-user-vlan

· isolate-user-vlan enable

isolate-user-vlan

Use isolate-user-vlan to associate an isolate-user-VLAN with the specified secondary VLANs.

Use undo isolate-user-vlan to remove the association.

Syntax

isolate-user-vlan isolate-user-vlan-id secondary secondary-vlan-id [ to secondary-vlan-id ]

undo isolate-user-vlan isolate-user-vlan-id [ secondary secondary-vlan-id [ to secondary-vlan-id ] ]

Default

An isolate-user-VLAN is not associated with any secondary VLAN.

Views

System view

Default command level

2: System level

Parameters

isolate-user-vlan-id: Specifies an isolate-user-VLAN ID, ranging from 1 to 4094. Do not specify VLAN 1 for this argument.

secondary secondary-vlan-id [ to secondary-vlan-id ]: Specifies a secondary VLAN ID or a secondary VLAN ID range. The secondary-vlan-id argument is a secondary VLAN ID, ranging from 1 to 4094. Do not specify VLAN 1 for this argument.

Usage guidelines

The undo isolate-user-vlan command without the secondary secondary-vlan-id parameter specified removes the association between the specified isolate-user-VLAN and all its secondary VLANs.

The undo isolate-user-vlan command with the secondary secondary-vlan-id parameter specified only removes the association between the specified isolate-user-VLAN and the specified secondary VLANs.

Examples

# Associate isolate-user-VLAN 2 with secondary VLAN 3 and secondary VLAN 4.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] isolate-user-vlan enable

[Sysname-vlan2] port gigabitethernet 1/0/2

[Sysname-vlan2] vlan 3

[Sysname-vlan3] port gigabitethernet 1/0/3

[Sysname-vlan3] vlan 4

[Sysname-vlan4] port gigabitethernet 1/0/4

[Sysname-vlan4] quit

[Sysname] isolate-user-vlan 2 secondary 3 to 4

Related commands

display isolate-user-vlan

isolate-user-vlan enable

Use isolate-user-vlan enable to configure a VLAN as an isolate-user-VLAN.

Use undo isolate-user-vlan enable to remove the isolate-user-VLAN configuration for the VLAN.

Syntax

isolate-user-vlan enable

undo isolate-user-vlan enable

Default

No VLAN is an isolate-user-VLAN.

Views

VLAN view

Default command level

2: System level

Usage guidelines

An isolate-user-VLAN may include multiple ports, including the one connected to the upstream device.

Examples

# Configure VLAN 5 as an isolate-user-VLAN.

<Sysname> system-view

[Sysname] vlan 5

[Sysname-vlan5] isolate-user-vlan enable

Related commands

display isolate-user-vlan

isolated-vlan enable

Use isolated-vlan enable to configure Layer 2 isolation between ports in the same secondary VLAN.

Use undo isolated-vlan enable to restore the default.

Syntax

isolated-vlan enable

undo isolated-vlan enable

Default

Ports in the same secondary VLAN can communicate at Layer 2.

Views

VLAN view

Default command level

2: System level

Usage guidelines

After you configure the isolated-vlan enable command in VLAN view, you cannot assign any port in the VLAN to an isolation group.

Layer 2 isolation configured with the isolated-vlan enable command takes effect only when the isolate-user-VLAN type of each port in the secondary VLAN is configured as host and the secondary VLAN is associated with an isolate-user-VLAN.

Examples

# Configure Layer 2 isolation between ports in secondary VLAN 4, where GigabitEthernet 1/0/1 is the uplink port, and GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 are the downlink ports.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] isolate-user-vlan enable

[Sysname-vlan2] quit

[Sysname] vlan 4

[Sysname-vlan4] quit

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan 2 promiscuous

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] interface gigabitethernet 1/0/2

[Sysname-GigabitEthernet1/0/2] port access vlan 4

[Sysname-GigabitEthernet1/0/2] port isolate-user-vlan host

[Sysname-GigabitEthernet1/0/2] quit

[Sysname] interface gigabitethernet 1/0/3

[Sysname-GigabitEthernet1/0/3] port access vlan 4

[Sysname-GigabitEthernet1/0/3] port isolate-user-vlan host

[Sysname-GigabitEthernet1/0/3] quit

[Sysname] isolate-user-vlan 2 secondary 4

[Sysname] vlan 4

[Sysname-vlan4] isolated-vlan enable

Related commands

isolate-user-vlan

port isolate-user-vlan promiscuous

Use port isolate-user-vlan promiscuous to configure a port to operate in promiscuous mode in a VLAN.

Use undo port isolate-user-vlan to restore the default.

Syntax

port isolate-user-vlan vlan-id promiscuous

undo port isolate-user-vlan

Default

A port does not operate in promiscuous mode or host mode.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID ranging from 2 to 4094.

Usage guidelines

You cannot configure both the port isolate-user-vlan vlan-id promiscuous command and the port isolate-user-vlan vlan-list trunk promiscuous command on the same port.

When you use the port isolate-user-vlan vlan-id promiscuous command on a port that is operating in promiscuous mode, the device automatically executes the undo port isolate-user-vlan command to cancel the promiscuous mode of the port first.

If you specify an isolate-user-VLAN in the command, the switch automatically assigns the target port to both the specified VLAN and all secondary VLANs associated with it. If you specify a non-isolate-user-VLAN in the command, the switch assigns the target port only to the specified VLAN. However, when the isolate-user-VLAN setting is configured for that VLAN, the switch immediately assigns the port to all secondary VLANs associated with the isolate-user-VLAN.

In automatic assignment to the isolate-user-VLAN and secondary VLANs for an access port, the switch also changes the link type of the port to hybrid, and sets the isolate-user-VLAN as the PVID of the port. If the isolate-user-VLAN setting is configured later than the execution of the port isolate-user-vlan vlan-id promiscuous command, the link type and PVID do not change until the isolate-user-VLAN setting is configured on the VLAN specified in the command.

The link type and PVID never change on a trunk port or hybrid port in the automatic VLAN assignment process.

After the port link type changes, the switch keeps the member attribute of the hybrid port unchanged in the VLANs where it is already a tagged member, and automatically assigns the port to the remaining VLANs as an untagged member.

When you execute the undo port isolate-user-vlan command, follow these guidelines:

· The command cancels the promiscuous mode of a port. It does not remove an access port from the specific VLAN, but removes a trunk or hybrid port from the specific VLAN.

· If the specific VLAN has been configured as an isolate-user-VLAN and associated with secondary VLANs, the command does not remove the port from the secondary VLANs.

Examples

# Configure access port GigabitEthernet 1/0/1 to operate in promiscuous mode in isolate-user-VLAN 2, which is associated with secondary VLAN 20, and then cancel the configuration.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

return

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan 2 promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan 2 promiscuous

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 2 20 untagged

port hybrid pvid vlan 2

return

[Sysname-GigabitEthernet1/0/1] undo port isolate-user-vlan

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 20 untagged

port hybrid pvid vlan 2

return

# Assign access port GigabitEthernet 1/0/1 to VLAN 10, which is not an isolate-user-VLAN, configure the port to operate in promiscuous mode in VLAN 10, and then cancel the configuration.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

return

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan 10 promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan 10 promiscuous

port access vlan 10

return

[Sysname-GigabitEthernet1/0/1] undo port isolate-user-vlan

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 10

return

port isolate-user-vlan trunk promiscuous

Use port isolate-user-vlan vlan-list trunk promiscuous to configure a port to operate in promiscuous mode in the specified VLANs.

Use undo port isolate-user-vlan vlan-list trunk promiscuous to restore the operating mode for a port in the specified VLANs.

Syntax

port isolate-user-vlan vlan-list trunk promiscuous

undo port isolate-user-vlan vlan-list trunk promiscuous

Default

A port does not operate in promiscuous mode or host mode.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

vlan-list: Specifies multiple isolate-user-VLANs in the format of vlan-list = { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 each range from 2 to 4094, vlan-id1 cannot be greater than vlan-id2, and &<1-10> indicates that you can specify up to ten vlan-id1 [ to vlan-id2 ] parameters.

Usage guidelines

If you specify isolate-user-VLANs in the command, the switch automatically assigns the target port to both the specified VLANs and all secondary VLANs associated with the isolate-user-VLANs. If you specify non-isolate-user-VLANs in the command, the switch assigns the target port only to the specified VLANs. However, when the isolate-user-VLAN setting is configured for these VLANs, the switch immediately assigns the port to all secondary VLANs associated with the isolate-user-VLANs.

In automatic assignment to the isolate-user-VLANs and secondary VLANs for an access port, the switch also changes the link type of the port to hybrid, and does not change the PVID of the port.

The link type and PVID never change on a trunk port or hybrid port in the automatic VLAN assignment process.

After the port link type changes, the switch keeps the member attribute of the hybrid port unchanged in the VLANs where it is already an untagged member, and automatically assigns the port to the remaining VLANs as a tagged member.

When you execute the undo port isolate-user-vlan vlan-list trunk promiscuous command, follow these guidelines:

· The command cancels the promiscuous mode of a port, and removes the port from the specified VLANs.

· If the specified VLANs have been configured as isolate-user-VLANs and associated with secondary VLANs, the command does not remove the port from the secondary VLANs.

The port isolate-user-vlan vlan-list trunk promiscuous command is mutually exclusive with the port isolate-user-vlan vlan-id promiscuous command and the port isolate-user-vlan host command.

Examples

# Configure the access port GigabitEthernet 1/0/1 to operate in promiscuous mode in isolate-user-VLANs 2 and 3, which are associated with VLANs 20 and 30, respectively. Then, cancel the configuration for GigabitEthernet 1/0/1 in isolate-user-VLANs 2 and 3.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

return

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan 2 3 trunk promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan 2 3 trunk promiscuous

port link-type hybrid

port hybrid vlan 2 3 20 30 tagged

port hybrid vlan 1 untagged

return

[Sysname-GigabitEthernet1/0/1] undo port isolate-user-vlan 2 3 trunk promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type hybrid

port hybrid vlan 20 30 tagged

port hybrid vlan 1 untagged

return

# VLAN 10 is not an isolate-user-VLAN. Configure the access port GigabitEthernet 1/0/1 to operate in promiscuous mode in VLAN 10. Then, cancel the configuration for GigabitEthernet 1/0/1 in VLAN 10.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

return

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan 10 trunk promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan 10 trunk promiscuous

port link-type hybrid

port hybrid vlan 10 tagged

port hybrid vlan 1 untagged

return

[Sysname-GigabitEthernet1/0/1] undo port isolate-user-vlan 10 trunk promiscuous

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type hybrid

port hybrid vlan 1 untagged

Return

port isolate-user-vlan host

Use port isolate-user-vlan host to configure a port to operate in host mode.

Use undo port isolate-user-vlan to restore the default.

Syntax

port isolate-user-vlan host

undo port isolate-user-vlan

Default

A port does not operate in promiscuous mode or host mode.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default command level

2: System level

Usage guidelines

You cannot configure both the port isolate-user-vlan host command and the port isolate-user-vlan vlan-list trunk promiscuous command on the same port.

If the port has been assigned to a secondary VLAN, the switch automatically assigns the target port to the isolate-user-VLAN associated with the secondary VLAN. If the port has not been assigned to a secondary VLAN, the switch immediately assigns the target port to the isolate-user-VLAN associated with the secondary VLAN after the port is assigned to a secondary VLAN.

In automatic assignment to the isolate-user-VLAN associated with the secondary VLAN for an access port, the switch also changes the link type of the port to hybrid, and sets the secondary VLAN as the PVID of the port.

The link type and PVID never change on a trunk port or hybrid port in the automatic VLAN assignment process.

After the port link type changes, the switch keeps the member attribute of the hybrid port unchanged when it is already a tagged member of the isolate-user-VLAN, and otherwise automatically assigns the port to the isolate-user-VLAN as an untagged member.

When you execute the undo port isolate-user-vlan command, the command cancels the host mode of a port. It does not remove the port from the isolate-user-VLAN.

Examples

# Configure access port GigabitEthernet 1/0/1 to operate in host mode and assign the port to secondary VLAN 20, which is associated with isolate-user-VLAN 2.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan host

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan host

return

[Sysname-GigabitEthernet1/0/1] port access vlan 20

[Sysname-GigabitEthernet1/0/1] display this

interface GigabitEthernet1/0/1

port link-mode bridge

port isolate-user-vlan host

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 2 20 untagged

port hybrid pvid vlan 20

return

Voice VLAN configuration commands

display voice vlan oui

Use display voice vlan oui to display the supported organizationally unique identifier (OUI) addresses, the OUI address masks, and the description strings.

Syntax

display voice vlan oui [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

OUI addresses in this document are used to determine whether a received packet is a voice packet. They are the results of the AND operation of the two arguments mac-address and oui-mask in the voice vlan mac-address command.

Examples

# Display the supported OUI addresses, and their masks and descriptions.

<Sysname> display voice vlan oui

Oui Address Mask Description

0001-e300-0000 ffff-ff00-0000 Siemens phone

0003-6b00-0000 ffff-ff00-0000 Cisco phone

0004-0d00-0000 ffff-ff00-0000 Avaya phone

00d0-1e00-0000 ffff-ff00-0000 Pingtel phone

0060-b900-0000 ffff-ff00-0000 Philips/NEC phone

00e0-7500-0000 ffff-ff00-0000 Polycom phone

00e0-bb00-0000 ffff-ff00-0000 3com phone

Table 11 Command output

Field	Description
Oui Address	OUI addresses supported.
Mask	Masks of the OUI addresses supported.
Description	Description strings of the OUI addresses supported.

Related commands

voice vlan mac-address

display voice vlan state

Use display voice vlan state to display voice VLAN configuration.

Syntax

display voice vlan state [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display voice VLAN configurations.

<Sysname> display voice vlan state

Maximum of Voice VLANs: 128

Current Voice VLANs: 2

Voice VLAN security mode: Security

Voice VLAN aging time: 1440 minutes

Voice VLAN enabled port and its mode:

PORT VLAN MODE COS DSCP ----------------------------------------------------------------------

GigabitEthernet1/0/1 2 AUTO 6 46

GigabitEthernet1/0/2 3 AUTO 6 46

Table 12 Command output

Field	Description
Maximum of Voice VLANs	Maximum number of voice VLANs supported by the system.
Current Voice VLANs	Number of existing voice VLANs.
Voice VLAN security mode	Security mode of the voice VLAN: Security for security mode; Normal for normal mode.
Voice VLAN aging time	Aging time of the voice VLAN.
Voice VLAN enabled port and its mode	Voice VLAN-enabled port and its voice VLAN assignment mode.
PORT	Voice VLAN-enabled port name.
VLAN	ID of the voice VLAN enabled on the port.
MODE	Voice VLAN assignment mode of the port, manual or automatic.
COS	Class of Service.
DSCP	Differentiated Services Codepoint Priority.

Related commands

· voice vlan enable

· voice vlan qos

· voice vlan qos trust

voice vlan aging

Use voice vlan aging to configure the voice VLAN aging time.

Use undo voice vlan aging to restore the default.

Syntax

voice vlan aging minutes

undo voice vlan aging

Default

The voice VLAN aging time is 1440 minutes.

Views

System view

Default command level

2: System level

Parameters

minutes: Sets the voice VLAN aging time, ranging from 5 to 43200 minutes.

Usage guidelines

When a port in automatic voice VLAN assignment mode receives a voice packet, the system decides whether to assign the port to the voice VLAN based on the source MAC address of the voice packet. Upon assigning the port to the voice VLAN, the system starts the aging timer. If no voice packets are received on the port until the aging time expires, the system automatically removes the port from the voice VLAN. This aging time applies only to the ports in automatic voice VLAN assignment mode.

Examples

# Configure the voice VLAN aging time as 100 minutes.

<Sysname> system-view

[Sysname] voice vlan aging 100

Related commands

display voice vlan state

voice vlan enable

Use voice vlan enable to enable the voice VLAN feature and to configure a VLAN as the voice VLAN for the Layer 2 Ethernet port.

Use undo voice vlan enable to disable the voice VLAN feature on the Layer 2 Ethernet port.

Syntax

voice vlan vlan-id enable

undo voice vlan [ vlan-id ] enable

Default

The voice VLAN feature is disabled on ports.

Views

Layer 2 Ethernet interface view

Default command level

2: System level

Parameters

vlan-id: Specifies a VLAN ID, ranging from 2 to 4094.

Usage guidelines

Enable the voice VLAN feature on a hybrid or trunk port operating in automatic voice VLAN assignment mode, but not on an access port operating in automatic voice VLAN assignment mode.

Examples

# Enable the voice VLAN feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] voice vlan 2 enable

voice vlan mac-address

Use voice vlan mac-address to allow packets carrying the specified OUI address to pass through.

Use undo voice vlan mac-address to prohibit packets carrying the specified OUI address from passing through.

Syntax

voice vlan mac-address mac-address mask oui-mask [ description text ]

undo voice vlan mac-address oui

Default

The system is configured with the default OUI addresses. You can remove the default OUI addresses and then add recognizable OUI addresses manually.

Table 13 Default OUI addresses

Number	OUI address	Vendor
1	0001-E300-0000	Siemens phone
2	0003-6B00-0000	Cisco phone
3	0004-0D00-0000	Avaya phone
4	00D0-1E00-0000	Pingtel phone
5	0060-B900-0000	Philips/NEC phone
6	00E0-7500-0000	Polycom phone
7	00E0-BB00-0000	3Com phone

Views

System view

Default command level

2: System level

Parameters

mac-address: Specifies a source MAC address of voice traffic in the format of H-H-H. For example, 1234-1234-1234.

mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H, formed by consecutive 1s and 0s. For example, FFFF-0000-0000. To filter the voice device of a specific vendor, set the mask to FFFF-FF00-0000.

description text: Specifies a string of 1 to 30 case-sensitive characters that describes the OUI address.

oui: Specifies the OUI address you want to remove in the format of H-H-H. For example, 1234-1200-0000. An OUI address is the logic AND result of mac-address and oui-mask. An OUI address cannot be a broadcast address, a multicast address, or an all-zero address.

Usage guidelines

The system supports up to 128 OUI addresses.

Examples

# Add a recognizable OUI address 1234-1200-0000 by specifying MAC address as 1234-1234-1234 and mask as fff-ff00-0000, and configure its description string as PhoneA.

<Sysname> system-view

[Sysname] voice vlan mac-address 1234-1234-1234 mask ffff-ff00-0000 description PhoneA

Related commands

display voice vlan oui

voice vlan mode auto

Use voice vlan mode auto to configure the port to operate in automatic voice VLAN assignment mode.

Use undo voice vlan mode auto to configure the port to operate in manual voice VLAN assignment mode.

Syntax

voice vlan mode auto

undo voice vlan mode auto

Default

A port operates in automatic voice VLAN assignment mode.

Views

Layer 2 Ethernet interface view

Default command level

2: System level

Usage guidelines

The voice VLAN modes of different ports are independent of one another.

To make voice VLAN take effect on a port which is enabled with voice VLAN and operates in manual voice VLAN assignment mode, manually assign the port to the voice VLAN.

Examples

# Configure GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo voice vlan mode auto

voice vlan qos

Use voice vlan qos to configure the interface to modify the CoS and DSCP values marked for incoming traffic of the voice VLAN into specified values.

Use undo voice vlan qos to restore the default.

Syntax

voice vlan qos cos-value dscp-value

undo voice vlan qos

Default

An interface modifies the CoS value and the DSCP value marked for voice VLAN traffic into 6 and 46, respectively.

Views

Layer 2 Ethernet interface view

Default command level

2: System level

Parameters

cos-value: Sets the CoS precedence value for voice VLAN traffic, in the range of 0 to 7. The default value is 6.

dscp-value: Sets the DSCP value for voice VLAN traffic, in the range of 0 to 63. The default value is 46.

Usage guidelines

Configure the QoS priority settings for voice VLAN traffic on an interface before you enable voice VLAN on the interface. If the configuration order is reversed, the priority settings fail.

The voice vlan qos command and the voice vlan qos trust command can overwrite each other. When you use the two commands on a port multiple times, the most recent one takes effect.

Examples

# Configure Layer 2 Ethernet interface GigabitEthernet 1/0/1 to modify the CoS value and the DSCP value marked for voice VLAN packets into 5 and 45, respectively.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] voice vlan qos 5 45

Related commands

voice vlan qos trust

Use voice vlan qos trust to configure the interface to trust the priority settings carried in incoming voice traffic. With this command configured, an interface keeps the CoS and DSCP values marked for incoming voice traffic unchanged.

Syntax

voice vlan qos trust

undo voice vlan qos

Default

An interface modifies the CoS value and the DSCP value marked for voice VLAN traffic into 6 and 46, respectively.

Views

Layer 2 Ethernet interface view

Default command level

2: System level

Usage guidelines

Configure the QoS priority trust mode for voice VLAN traffic on an interface before enabling voice VLAN on the interface. If the configuration order is reversed, your priority trust settings fail.

The voice vlan qos command and the voice vlan qos trust command can overwrite each other. After you use the two commands on a port multiple times, the one that was last used takes effect.

Examples

# Configure Layer 2 Ethernet interface GigabitEthernet 1/0/1 to trust the priority settings carried in incoming voice VLAN traffic.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] voice vlan qos trust

Related commands

voice vlan qos

voice vlan security enable

Use voice vlan security enable to enable the voice VLAN security mode.

Use undo voice vlan security enable to disable the voice VLAN security mode.

Syntax

voice vlan security enable

undo voice vlan security enable

Default

The voice VLAN security mode is enabled.

Views

System view

Default command level

2: System level

Usage guidelines

When you enable the security mode for a voice VLAN, only voice traffic can be transmitted in the voice VLAN.

The device matches the source MAC addresses of the packets against the supported OUI addresses to determine whether they are voice traffic and filters all non-voice traffic, guaranteeing high priority and high quality for voice traffic.

When a voice VLAN operates in common mode, other data traffic is also transmitted in the voice VLAN.

Examples

# Disable voice VLAN security mode.

<Sysname> system-view

[Sysname] undo voice vlan security enable

02-Layer 2-LAN Switching Command Reference

VLAN configuration commands

default

reset counters interface vlan-interface

port

port hybrid pvid

port trunk permit vlan

display protocol-vlan vlan

display ip-subnet-vlan vlan

subvlan

display isolate-user-vlan

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us