Contents

Introduction· 1

Prerequisites· 1

Example: Configuring port-based VLANs· 1

Network configuration· 1

Applicable hardware and software versions· 1

Procedures· 2

Verifying the configuration· 2

Configuration files· 3

Introduction

This document provides examples of configuring the port-based VLAN.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of VLANs.

Example: Configuring port-based VLANs

Network configuration

As shown in Figure 1:

·     Host A and Host C belong to Department A. VLAN 100 is assigned to Department A.

·     Host B and Host D belong to Department B. VLAN 200 is assigned to Department B.

Configure port-based VLANs so that hosts only in the same department can communicate with each other.

Figure 1 Network diagram

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

Procedures

1.     Configure Device A:

# Configure the ports Twenty-fivegige 1/0/1 through Twenty-fivegige 1/0/3 to operate in bridge mode.

<DeviceA> system-view

[DeviceA] interface range twenty-fivegige 1/0/1 to twenty-fivegige 1/0/3

[DeviceA-if-range] port link-mode bridge

[DeviceA-if-range] quit

# Create VLAN 100, and assign Twenty-fivegige 1/0/1 to VLAN 100.

[DeviceA] vlan 100

[DeviceA-vlan100] port twenty-fivegige 1/0/1

[DeviceA-vlan100] quit

# Create VLAN 200, and assign Twenty-fivegige 1/0/2 to VLAN 200.

[DeviceA] vlan 200

[DeviceA-vlan200] port twenty-fivegige 1/0/2

[DeviceA-vlan200] quit

# Configure Twenty-fivegige 1/0/3 as a trunk port, and assign it to VLANs 100 and 200.

[DeviceA] interface twenty-fivegige 1/0/3

[DeviceA-Twenty-FiveGigE1/0/3] port link-type trunk

[DeviceA-Twenty-FiveGigE1/0/3] port trunk permit vlan 100 200

2.     Configure Device B in the same way Device A is configured. (Details not shown.)

3.     Configure hosts:

a.     Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.

b.     Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.

Verifying the configuration

# Verify that Host A and Host C can ping each other, but they both fail to ping Host B or Host D. (Details not shown.)

# Verify that Host B and Host D can ping each other, but they both fail to ping Host A or Host C. (Details not shown.)

# Display information about VLANs 100 and 200 on Device A.

[DeviceA-Twenty-FiveGigE1/0/3] display vlan 100

 VLAN ID: 100

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0100

 Name: VLAN 0100

 Tagged ports:

    Twenty-FiveGigE1/0/3

 Untagged ports:

    Twenty-FiveGigE1/0/1

[DeviceA-Twenty-FiveGigE1/0/3] display vlan 200

 VLAN ID: 200

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0200

 Name: VLAN 0200

 Tagged ports:

    Twenty-FiveGigE1/0/3

 Untagged ports:

    Twenty-FiveGigE1/0/2

The output shows that:

·     Twenty-fivegige 1/0/3 and Twenty-fivegige 1/0/1 permit packets from 100 to pass through.

·     Twenty-fivegige 1/0/3 and Twenty-fivegige 1/0/2 permit packets from 200 to pass through.

Configuration files

Configuration files on both Device B and Device A are the same. The following configuration files use Device A as an example.

#

vlan 100

#

vlan 200

#

interface Twenty-FiveGigE1/0/1

 port link-mode bridge

 port access vlan 100

#

interface Twenty-FiveGigE1/0/2

 port link-mode bridge

 port access vlan 200

#

interface Twenty-FiveGigE1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 100 200

#