Super VLAN principle

Jane's going to talk Super VLAN-conserving IP address isolation two layer communication VLAN aggregation in the implementation of the different Sub-vlan to share a subnet segment address, but also brought Sub-vlan between the three-layer forwarding problem. Want to do the DHCP server must do in the Super-vlan up

[Huawei]vlan Batch 2 to 4 100
[Huawei]vlan 100
[Huawei-vlan100]aggregate-vlan//Configure the current VLAN as Super-vlan
[Huawei-vlan100]access-vlan 2 to 4//will VLAN2 to 4 be configured as Sub-vlan

VLAN aggregation (VLAN Aggregation, also known as Super VLAN) refers to the isolation of broadcast domains in a physical network with multiple VLANs (known as Sub-vlan) and the synthesis of these sub-vlan into a logical VLAN (called Super-vlan). These sub-vlan use the same IP subnet and default gateway, thus achieving the goal of conserving IP address resources.

There is a three-layer logical interface and several physical interfaces for each common VLAN, and the Super-vlan and Sub-vlan defined by the VLAN aggregation are very special:

Sub-vlan: Contains only physical interfaces and cannot establish a three-layer vlanif interface for isolating broadcast domains. The host in each Sub-vlan and the external three-layer communication are implemented by Super-vlan's three-layer vlanif interface.

[Huawei]interface G0/0/11
[Huawei-gigabitethernet0/0/11]port link-type Access
[Huawei-gigabitethernet0/0/11]port default VLAN 2//sub-vlan contains only physical interfaces that can contain physical interfaces

[Huawei]interface VLAN 2
Error:the VLAN is already a sub-vlan. This VLAN is already sub-vlan to be a vlanif interface cannot be configured

Super-vlan: Only three layer vlanif interface is established, not physical interface, corresponding to subnet gateway. Unlike a normal VLAN, the up of its vlanif interface is not dependent on the up of its physical interface, but as long as it contains the physical interface of up in the Sub-vlan.

[Huawei-gigabitethernet0/0/10]port default VLAN 100
Error:the VLAN is already a super-vlan. This VLAN is already super-vlan cannot contain physical interfaces

[Huawei]display IP interface Brief//view IP profile of the interface on the current device
*down:administratively down
^down:standby
(l): Loopback
(s): spoofing
The number of interface-is-in-physical is 3
The number of interface-is-physical is 2
The number of interface-is-in-Protocol is 2
The number of interface-is-Protocol is 3

Interface IP Address/mask Physical Protocol
METH0/0/1 Unassigned Down
NULL0 unassigned Up (s)
VLANIF1 Unassigned Up Down
Vlanif100 192.168.10.254/24 up//vlan100 is Super-vlan with up interface in three Sub-vlan Sub-vlan
Vlanif200 192.168.20.254/24 down//not Super-vlan nor contains Sub-vlan

Configure to complete the above steps then Sub-vlan cannot communicate between

How does the communication between Sub-vlan be done?

[Huawei-vlanif100]arp-proxy inter-sub-vlan-proxy Enable//Sub-vlan between Arp-proxy on Super-vlan vlanif interface

Feature dependencies and limitations

? VLAN1 cannot be configured as Super-vlan.

[Huawei-vlan1]aggregate-vlan
Error:a Super-vlan cannot contain any physical ports. Please delete all the PHY
Sical ports of this VLAN first.

After configuring a VLAN for Super-vlan, the VLAN type is changed to super, and no physical interface is allowed to join the VLAN.

[Huawei-gigabitethernet0/0/10]port default VLAN 100
Error:the VLAN is already a super-vlan. This VLAN is already super-vlan cannot contain physical interfaces

? If the VLAN is already a Guest-vlan (Dynamic authorization VLAN), it can no longer be configured as Super-vlan.

The stream policy is configured to take effect only under all Sub-vlan of Super-vlan, and the configuration does not take effect under Super-vlan.

? If you configure a VLAN as a sub-interface of an end VLAN by command dot1q termination vid or qinq termination pe-vid ce-vid, the VLAN can no longer be configured as Super-vlan or Sub-vlan.

? Super-vlan the corresponding vlanif interface configures the IP address after proxy ARP to take effect.

2.3 ARP Proxy

Routed Proxy:na course learned that hosts in different subnets do not have the default gateway configured for two subnet traffic this time it needs to be turned on arpproxy

VLAN Proxy: Two users belong to the same VLAN, but port isolation is configured within the VLAN. In this case, the user needs three layers of interoperability, you can start the VLAN proxy ARP function on the interface of the VLAN.

Inter-VLAN Proxy: If two hosts are in the same network segment but belong to a different VLAN, the user will be three layers of interoperability, can be associated with these VLANs on the interface (such as the Vlanif interface or sub-interface) to enable the VLAN proxy ARP function.

2.4 VLAN Mapping VLAN 2 replaced with VLAN 3

Replace the tag tag in the data frame to use VLAN mapping to enable devices within the two VLANs to communicate with each other, the IP addresses of the devices within the two VLANs must also be in the same network segment. If the IP address of the device within the two VLAN is not in the same network segment, the interoperability between devices needs to rely on the three-tier routing implementation, thus losing the meaning of VLAN mapping.

Operators or large campus network applications can be configured with QINQ technology to implement

1:1 of Vlan-mapping

[Huawei]int G0/0/2
[Huawei-gigabitethernet0/0/2]port Link-type Trunk
[Huawei-gigabitethernet0/0/2]port trunk allow-pass VLAN 100
[Huawei-gigabitethernet0/0/2]qinq vlan-translation Enable//Turn on qinq function
[Huawei-gigabitethernet0/0/2]port vlan-mapping VLAN Map-vlan 100//configuration vlan-mapping Replace internal VLAN10 with external VALN 100

N:1 's vlan-mapping

[Huawei-gigabitethernet0/0/2]port vlan-mapping VLAN ten to one Map-vlan 100

Super VLAN principle