Do you know how to use VLAN division using network layer protocol?

Do you know how to use VLAN division using network layer protocol?

VLAN (Virtual Local Area Network) is a data exchange technology that divides LAN devices into segments logically to achieve virtual workgroups. This technology logically divides the physical network by defining extended fields on LAN data frames, thereby limiting the forwarding range of LAN data frames and reducing the broadcast domain.

[[262324]]

VLAN implementation methods can be roughly divided into six categories:

  • Port-based VLAN
  • VLAN division based on MAC address
  • VLAN division based on network layer protocol
  • Divide VLANs based on IP multicast
  • Divide VLAN by policy
  • Divide VLAN by user definition and non-user authorization

I believe that many people use port-based partitioning, and it is also commonly used and common in production environments. So how do we partition based on network layer protocols?

Experimental topology

Configuration Roadmap

  • Create VLANs and determine the VLAN to which each service belongs.
  • Associate IP subnets and VLANs to determine VLANs based on the source IP address or specified network segment in the message.
  • Configure the interface to join the VLAN so that the VLAN based on the IP subnet can pass through the current interface.
  • Enable IP subnet-based VLAN division.

Procedure

Create a VLAN:

# Create VLAN 10, VLAN 20, and VLAN 30 on the Switch.

  1.  < HUAWEI > system-view
  2.  [Huawei]sysname Switch
  3.  [Switch]vlan batch 10 20 30

Configure the interface:

# On the Switch, configure GE0/0/1, GE0/0/2, and GE0/0/3 as hybrid interfaces, and add them to VLAN 10, VLAN 20, and VLAN 30 in untagged mode. Enable IP subnet-based VLAN division.

  1.  [Switch] interface gigabitethernet 0/0/1
  2.  [Switch-GigabitEthernet0/0/1] port link-type hybrid
  3.  [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
  4.  [Switch-GigabitEthernet0/0/1] ip-subnet-vlan enable
  5.  [Switch-GigabitEthernet0/0/1] quit
  6.  [Switch] interface gigabitethernet 0/0/2
  7.  [Switch-GigabitEthernet0/0/2] port link-type hybrid
  8.  [Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 20
  9.  [Switch-GigabitEthernet0/0/2] ip-subnet-vlan enable
  10.  [Switch-GigabitEthernet0/0/2] quit
  11.  [Switch] interface gigabitethernet 0/0/3
  12.  [Switch-GigabitEthernet0/0/3] port link-type hybrid
  13.  [Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 30
  14.  [Switch-GigabitEthernet0/0/3] ip-subnet-vlan enable
  15.  [Switch-GigabitEthernet0/0/3] quit

Configure VLAN division based on IP subnet:

On the Switch, associate VLAN 10 with IP address 192.168.1.2/24 and set the priority to 2.

  1.  [Switch] vlan 10
  2.  [Switch-vlan10] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2
  3.  [Switch-vlan10] quit

On the Switch, associate VLAN 00 with IP address 192.168.2.2/24 and set the priority to 3.

  1.  [Switch] vlan 20
  2.  [Switch-vlan20] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3
  3.  [Switch-vlan20] quit

On the Switch, associate VLAN 30 with IP address 192.168.3.2/24 and set the priority to 4.

  1.  [Switch] vlan 30
  2.  [Switch-vlan30] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4
  3.  [Switch-vlan30] quit

Verify the configuration

  1.  [Switch]display ip-subnet-vlan vlan all
  2.  ------------------------------------------------------------------------
  3.  Vlan Index IpAddress SubnetMask Priority
  4.  ------------------------------------------------------------------------
  5.  10 1 192.168.1.2 255.255.255.0 2
  6.  20 1 192.168.2.2 255.255.255.0 3
  7.  30 1 192.168.3.2 255.255.255.0 4
  8.  ------------------------------------------------------------------------
  9.  ip-subnet-vlan count: 3 total count: 3

<<:  IPv6 Security Thinking: Risk Analysis of Recursive DNS in IPv6 Networks

>>:  When you "ping", do you know the logic behind it?

Blog    

Recommend

Behind Gu Ailing's victory at the Winter Olympics: Communications people are silently persevering

7×24 hours uninterrupted protection Communication...

DogYun celebrates the 25th anniversary of Hong Kong's return to China. Hong Kong server is available for 2 months at 450 yuan, dual E5/32G/1TB SSD/20M bandwidth

DogYun has launched a special promotion for the 2...

Huawei Cloud China Tour in Xi'an invites you to join us and discuss how to collaborate and innovate in the cloud era

[51CTO.com original article] On October 26, 2017,...

IPv6 neighbor discovery, address duplication detection, and router discovery mechanisms, learn about them in one minute

1. IPv6 Basics IPv6 (Internet Protocol Version 6)...

Ctrip Optical Network's Practice of Resisting Cable Disruption

About the Author Lightworker, a network technolog...

“Transparent” Ruijie gives people a sense of security

This is a very "pure" partner conferenc...

The pain of 5G mobile phone "weight loss": What is the difficulty in lightweight design?

"The return of thin and light design is part...

[Black Friday] Launchvps 40% off, 1G memory KVM monthly payment starts from $2.57

Launchvps released a Black Friday discount plan, ...

Interesting explanation of TCP three-way handshake and four-way wave

Students who have studied computer networks know ...

10 bad habits network administrators should avoid at all costs

Every enterprise network consists of devices that...

When you "ping", do you know the logic behind it?

[[262430]] When we encounter a network outage, we...

Ping is often used in the network. Teach you how to detect the three-layer network at one time

Internet Control Message Protocol: ICMP is a cont...

[11.11] LOCVPS top up 1000 yuan and get 100 yuan, Hong Kong VPS 30% off, 20% off for all

LOCVPS (Global Cloud) released a promotional plan...

Outlook for Nine Technology Trends in the Digital Economy from 2021 to 2025

[[361322]] The digital economy is divided into th...

How much does data center downtime cost?

Data center downtime is unbearable for any enterp...