Experiment: Huawei mux vlan configuration and management

Experiment: Huawei mux vlan configuration and management

The following experiment is an experimental video teaching course designed by the author for "Huawei switch Learning Guide". Click here to view details: http://edu.51cto.com/course/course_id-2091.html

The mux vlan function of Huawei enables layer-2 communication between different VLANs located in the same IP network segment (between all slave VLANs and the master VLAN, in addition, L2 isolation can be implemented between different slave VLANs and between users in the same VLAN on the same switch. users in the same VLAN on different switches are not isolated. This technology can be used to isolate different user hosts in the same VLAN while sharing user servers in multiple VLANs.

The following is a specific experiment solution.

Lab environment: PC1 ~ 6. The Server and the Server are both in the same IP segment and are divided into the corresponding master or corresponding types of VLAN as shown in the figure.

Lab requirements: each slave VLAN host can directly access the Server, but each slave VLAN cannot directly access each other, and PC2 and PC3 in VLAN20 cannot communicate with each other, however, both of them can communicate with the PC4 of the same VLAN20.

Experiment Configuration:

? Configurations on SW1

<Huawei> sys

[Huawei] sysname SW1

[SW1] vlanbatch 10 2030 40

[SW1] vlan40

[SW1-VLAN40] mux-vlan

[SW1-VLAN40] subordinategroup10 30

[SW1-VLAN40] subordinateseparate20

[SW1-VLAN40] quit

[SW1] interface GigabitEthernet0/0/1

[SW1-GigabitEthernet0/0/1] port link-typetrunk

[SW1-GigabitEthernet0/0/1] porttrunk allow-pass vlan 10 2030 40

[SW1-GigabitEthernet0/0/1] quit

[SW1] interface GigabitEthernet0/0/2

[SW1-GigabitEthernet0/0/2] port link-typetrunk

[SW1-GigabitEthernet0/0/2] port trunkallow-pass vlan 10 2030 40

[SW1-GigabitEthernet0/0/2] quit

[SW1] interface GigabitEthernet0/0/3

[SW1-GigabitEthernet0/0/3] port link-typeaccess

[SW1-GigabitEthernet0/0/3] portdefault vlan 40

[SW1-GigabitEthernet0/0/3] port mux-vlanenable

[SW1-GigabitEthernet0/0/3] quit

? Configurations on SW2

<Huawei> sys

[Huawei] sysname SW2

[SW2] vlanbatch 10 20 30 40

[SW2] vlan 40

[SW2-VLAN40] mux-vlan

[SW2-VLAN40] subordinate group 10 30

[SW2-VLAN40] subordinate separate20

[SW2-VLAN40] quit

[SW2] interface Ethernet0/0/1

[SW2-Ethernet0/0/1] port link-type trunk

[SW2-Ethernet0/0/1] port trunk allow-pass vlan 10 20 30 40

[SW2-Ethernet0/0/1] quit

[SW2] interface Ethernet0/0/2

[SW2-Ethernet0/0/2] port link-type access

[SW2-Ethernet0/0/2] port default vlan 10

[SW2-Ethernet0/0/2] port mux-vlanenable

[SW2-Ethernet0/0/2] quit

[SW2] interface Ethernet0/0/3

? Configurations on SW3

<Huawei> sys

[Huawei] sysname SW3

[SW3] vlanbatch 10 20 40

[SW3] vlan 40

[SW3-VLAN40] mux-vlan

[SW3-VLAN40] subordinate group 10

[SW3-VLAN40] subordinate separate20

[SW3-VLAN40] quit

[SW3] interface Ethernet0/0/1

[SW3-Ethernet0/0/1] port link-type trunk

[SW3-Ethernet0/0/1] port trunk allow-pass vlan10 20 40

[SW3-Ethernet0/0/1] quit

[SW3] interface Ethernet0/0/2

[SW3-Ethernet0/0/2] port link-type access

[SW3-Ethernet0/0/2] port default vlan 10

[SW3-Ethernet0/0/2] port mux-vlanenable

[SW3-Ethernet0/0/2] quit

[SW3] interface Ethernet0/0/3

[SW3-Ethernet0/0/3] port link-type access

[SW3-Ethernet0/0/3] port defaultvlan20

[SW3-Ethernet0/0/3] port mux-vlanenable

[SW3-GigabitEthernet0/0/3] quit

Verify the experiment results:

UseDisplay mux-Vlan command to view mux vlan configuration information

Each PC in the VLAN can ping the Server in the active VLAN.

Different from VLAN cannot be pinged

Hosts in the same isolated VLAN on the same vswitch cannot be pinged.

Hosts in the same isolated VLAN on different vswitches can still be pinged.