Huawei switch port application

Generally, the simplest and most common way to achieve isolation between switch ports is to divide VLAN (Virtual LAN ). However, in specific applications, it is often hoped that some valns can communicate with each other flexibly after port isolation. Generally, L2 switches need to be isolated, and then VLAN mutual access is achieved on the uplinked L3 switches or routers.

In fact, only layer-2 switches can be used to achieve isolation and mutual access. This is the application of layer-2 switch Hybrid (Hybrid) Port mode.

1. Switch link port Mode

Huawei L2 switches generally have four link port modes: Access, Trunk, Hybrid, and Fabric.

1.1 Access Port Mode

An Access port can belong to only one VLAN. Therefore, its default VLAN is the VLAN where it is located. Generally used as the port connecting to the computer.

1.2 Trunk port Mode

A Trunk port can belong to multiple VLANs and can receive and send packets from multiple VLANs. It is generally used as a port connecting switches.

1.3 Hybrid port Mode

A Hybrid port can belong to multiple VLANs. It can receive and send packets from multiple VLANs. It can be used to connect switches or to users' computers. Hybrid port mode has the following features:

The Hybrid attribute is a Hybrid mode that allows a packet to be sent to a vswitch in the form of tagged on an untagged (untagged) port. At the same time, the Hybrid attribute can be used to define mutual Access between different VLAN ports, which is not implemented by Access and Trunk ports.

The Hybrid port can also set which VLANs are tagged and which are not tagged, laying the foundation for implementing different processing processes for different VLAN packets.

If the default vlan id is set for the port, when the port receives a packet without a VLAN Tag, the packet is forwarded to the port of the default VLAN; when a port sends a packet with a VLAN Tag, if the vlan id of the packet is the same as the default vlan id of the port, the system removes the VLAN Tag of the packet and then sends the packet.

The difference between the Hybrid and Trunk port modes is that the Hybrid port allows untagged packets from multiple VLANs to be sent ), however, the Trunk port only allows packets sent by default VLAN without tags.

1.4 Fabric port Mode

The Fabric port is the port between units in IRF. It is only used for interconnection between units and cannot connect users.

2 Application of Hybrid port Mode

By introducing the various link port modes of the L2 Switch, We can flexibly complete various applications based on its characteristics.

Taking Huawei Quidway S2116-EI switch as an example, the Hybrid mode of Layer 2 switch port is used to flexibly implement isolation and mutual access between ports.

2.1 networking requirements

The S2116-EI switch ports 1 to 4 and 5 to 8 are connected to four departments, that is, each department connects two ports, 15 ports connected to a WEB server, 16 ports connected to an uplink Internet egress line.

Networking requirements:

The four departments are isolated from each other but can access the WEB server at the same time. They can flexibly control the access to the Internet by the four departments.

2.2 Solution

First, each port is divided into different VLANs, that is, 16 VLANs are divided, and each VLAN has one port. Each port is configured in the hybrid status. Set the PVID of the port to be the same as the VLAN to which the port belongs. Set the pvid vlan of the port to untagged, so that the broadcast frame sent from the port can reach the port. According to this idea, VLAN1 to VLAN4 can only access VLAN15 (WEB Server), VLAN5 to VLAN8 can access VLAN15 and VLAN16 (Internet), that is, VLAN15 can access all VLANs, VLAN16 allows access from VLAN5 to VLAN 8 and VLAN15. In this way, the four departments are connected to ports 1 to 4 and ports 5 to 8 respectively. When the four departments need to access the Internet, the ports 5 to 8 are enabled through the WEB management interface of the switch, when you need to disable the Internet, directly close ports 5 to 8.

2.3 Main configuration commands

Taking port 16 as an example, the main configuration command of the S2116-EI is as follows:

#

[Quidway] vlan 16

[Quidway] port Ethernet0/16

[Quidway] interface Ethernet0/16

[Quidway-Ethernet0/16] port link-type hybrid

[Quidway-Ethernet0/16] port hybrid pvid vlan 16 [Quidway-Ethernet0/16] port hybrid vlan 5 to 8 15 untagged in fact, this configuration uniquely represents a port through the PVID of the hybrid port, the receiving port sets the VLAN as the untagged VLAN to control whether the receiving port is interconnected with the port where the pvid vlan is the VLAN. The following configuration is used to manage the WEB interface. First, view the files in flash. (Ensure that the WEB interface management file is already in the flash of the switch )#

<Quidway> dir/all

-Rwxrwx 1 noone nogroup 442797 Apr 02 2000 13:09:50 wnm-xxx.zip

<Quidway> system

[Quidway] local-user admin

[Quidway-luser-admin] service-type telnet level 3 [Quidway-luser-admin] password simple admin [Quidway-luser-admin] interface vlan 1 [Quidway-Vlan-interface1] ip address 192.168.0.2 255.255.255.0 enter http: // 192.16.0.2 to enter the WEB management interface.

3 conclusion

Note that in this example, because of the existence of a loop, you must enable the Spanning Tree Protocol on the S2116-EI switch to avoid broadcast storms. In actual control, it is best to ensure that it is always a single link, that is, when Port 1 to port 4 is enabled, Port 5 to port 8 is disabled; when Port 5 to port 8 is enabled, Port 1 to port 4 is disabled, this reduces the number of times the switch calculates the Spanning Tree, and facilitates network stability. Now we have met all the networking requirements. It can be seen that the Hybrid port mode of the L2 Switch can be used to flexibly and conveniently implement the isolation and mutual access between ports.