HP VLAN CONFIGURATION

-

HP 10500 Switch Series - VLAN Configuration Examples

VLAN interface configuration example
Port-based VLAN configuration example
MAC-based VLAN configuration example
Protocol-based VLAN configuration example
IP subnet-based VLAN configuration example

VLAN interface configuration example

Network requirements (as shown int he figure Network diagram for VLAN interface configuration):
As shown in figure Network diagram for VLAN interface configuration, PC A is assigned to VLAN 5. PC B is assigned to VLAN 10. The PCs belong to different IP subnets and cannot communicate with each other. Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs.
Figure 1: Network diagram for VLAN interface configuration
Configuration procedure
  1. Configure Switch A.
    # Create VLAN 5 and assign GigabitEthernet 1/0/1 to it.
    <SwitchA> system-view
    [SwitchA] vlan 5
    [SwitchA-vlan5] port GigabitEthernet 1/0/1
    # Create VLAN 10 and assign GigabitEthernet 1/0/2 to it.
    [SwitchA-vlan5] quit [SwitchA] vlan 10
    [SwitchA-vlan10] port GigabitEthernet 1/0/2
    [SwitchA-vlan10] quit
    # Create VLAN-interface 5 and configure its IP address as 192.168.0.10/24.
    [SwitchA] interface vlan-interface 5
    [SwitchA-Vlan-interface5] ip address 192.168.0.10 24
    [SwitchA-Vlan-interface5] quit
    # Create VLAN-interface 10 and configure its IP address as 192.168.1.20/24.
    [SwitchA] interface vlan-interface 10
    [SwitchA-Vlan-interface10] ip address 192.168.1.20 24
    [SwitchA-Vlan-interface10] return
  2. Configure PC A.
    # Configure the default gateway of the PC as 192.168.0.10.
  3. Configure PC B.
    # Configure the default gateway of the PC as 192.168.1.20.
Verification
  1. The PCs can ping each other.
  2. Display brief information about Layer 3 interfaces on Switch A to verify the configuration.
top

Port-based VLAN configuration example

Network requirements (as shown in the figure Network diagram for port-based VLAN configuration):
Figure 2: Network diagram for port-based VLAN configuration
Configuration procedure
  1. Configure Device A.
    # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100.
    <DeviceA> system-view
    [DeviceA] vlan 100
    [DeviceA-vlan100] port gigabitethernet 1/0/1
    [DeviceA-vlan100] quit
    # Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200.
    [DeviceA] vlan 200
    [DeviceA-vlan200] port gigabitethernet 1/0/2
    [DeviceA-vlan200] quit
    # Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200, to enable GigabitEthernet 1/0/3 to forward traffic of VLANs 100 and 200 to Device B.
    [DeviceA] interface gigabitethernet 1/0/3
    [DeviceA-GigabitEthernet1/0/3] port link-type trunk
    [DeviceA-GigabitEthernet1/0/3] port trunk permit vlan 100 200
    Please wait... Done.
  2. Configure Device B as we configured Device A.
  3. Configure Host A and Host C to be on the same IP subnet, 192.168.100.0/24, for example. Configure Host B and Host D to be on the same IP subnet, 192.168.200.0/24, for example.
top

MAC-based VLAN configuration example

Network requirements (as shown in the figure Network diagram for MAC-based VLAN configuration):
Figure 3: Network diagram for MAC-based VLAN configuration
Configuration procedure
  1. Configure Device A.
    # Create VLANs 100 and 200.
    <DeviceA> system-view
    [DeviceA] vlan 100
    [DeviceA-vlan100] quit
    [DeviceA] vlan 200
    [DeviceA-vlan200] quit
    # Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200.
    [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
    [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200
    # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1. Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable the MAC-based VLAN feature on it.
    [DeviceA] interface gigabitethernet 1/0/1
    [DeviceA-GigabitEthernet1/0/1] port link-type hybrid
    [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
    Please wait... Done.
    [DeviceA-GigabitEthernet1/0/1] mac-vlan enable
    [DeviceA-GigabitEthernet1/0/1] quit
    # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.
    [DeviceA] interface gigabitethernet 1/0/2
    [DeviceA-GigabitEthernet1/0/2] port link-type trunk
    [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
    [DeviceA-GigabitEthernet1/0/2] quit
  2. Configure Device B.
    # Create VLANs 100 and 200. Assign GigabitEthernet 1/0/13 to VLAN 100, and assign GigabitEthernet 1/0/14 to VLAN 200.
    <DeviceB> system-view
    [DeviceB] vlan 100
    [DeviceB-vlan100] port gigabitethernet 1/0/13
    [DeviceB-vlan100] quit
    [DeviceB] vlan 200
    [DeviceB-vlan200] port gigabitethernet 1/0/14
    [DeviceB-vlan200] quit
    # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 as trunk ports, and assign them to VLANs 100 and 200.
    [DeviceB] interface gigabitethernet 1/0/3
    [DeviceB-GigabitEthernet1/0/3] port link-type trunk
    [DeviceB-GigabitEthernet1/0/3] port trunk permit vlan 100 200
    [DeviceB-GigabitEthernet1/0/3] quit
    [DeviceB] interface gigabitethernet 1/0/4
    [DeviceB-GigabitEthernet1/0/4] port link-type trunk
    [DeviceB-GigabitEthernet1/0/4] port trunk permit vlan 100 200
    [DeviceB-GigabitEthernet1/0/4] quit
  3. Configure Device C.
    Configure Device C as we configured Device A.
top

Protocol-based VLAN configuration example

Network requirements (as shown in the figure Network diagram for protocol-based VLAN configuration):
In a lab environment, as shown in figure Network diagram for protocol-based VLAN configuration, most hosts run the IPv4 protocol, and the rest of the hosts run the IPv6 protocol for teaching purposes. To avoid interference, isolate IPv4 traffic and IPv6 traffic at Layer 2.
Figure 4: Network diagram for protocol-based VLAN configuration
Configuration consideration
Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6.
Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2.
Configuration procedure
  1. Configure device.
    # Create VLAN 100, and assign port GigabitEthernet 1/0/11 to VLAN 100.
    <Device> system-view
    [Device] vlan 100
    [Device-vlan100] description protocol VLAN for IPv4
    [Device-vlan100] port gigabitethernet 1/0/11
    [Device-vlan100] quit
    # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200.
    [Device] vlan 200
    [Device-vlan200] description protocol VLAN for IPv6
    [Device-vlan200] port gigabitethernet 1/0/12
    # Create an IPv6 protocol template in the view of VLAN 200, and create an IPv4 protocol template in the view of VLAN 100.
    [Device-vlan200] protocol-vlan 1 ipv6
    [Device-vlan200] quit
    [Device] vlan 100
    [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit
    # Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged.
    [Device] interface gigabitethernet 1/0/1
    [Device-GigabitEthernet1/0/1] port link-type hybrid
    [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
    Please wait... Done.
    # Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.
    [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 1
    [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 1
    [Device-GigabitEthernet1/0/1] quit
    # Configure GigabitEthernet 1/0/2 as a hybrid port that forwards packets of VLANs 100 and 200 untagged, and associate GigabitEthernet 1/0/2 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.
    [Device] interface gigabitethernet 1/0/2
    [Device-GigabitEthernet1/0/2] port link-type hybrid
    [Device-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
    Please wait... Done.
    [Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 1
    [Device-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 1
  2. Keep the default settings of L2 Switch A and L2 Switch B.
  3. Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same IP subnet (192.168.100.0/24, for example), and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be on the same IP subnet (2001::1/64, for example).
Verification
  1. The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts or server in VLAN 100 cannot ping the hosts and server in VLAN 200, and vice versa.
  2. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.
# Display protocol-based VLAN configuration on Device.
Configuration guidelines
Protocol-based VLAN configuration applies only to hybrid ports.
top

IP subnet-based VLAN configuration example

Network requirements (as shown in the figure Network diagram for IP subnet-based VLAN configuration):
As shown in figure Network diagram for IP subnet-based VLAN configuration, the hosts in the office belong to different IP subnets 192.168.5.0/24 and 192.168.50.0/24.
Configure Device C to transmit packets over separate VLANs based on their source IP addresses.
Figure 5: Network diagram for IP subnet-based VLAN configuration
Configuration consideration
  • Create VLANs 100 and 200.
  • Associate IP subnets with the VLANs.
  • Assign ports to the VLANs.
Configuration procedure
Verification
Configuration guidelines
The IP subnet-based VLAN configurations are only effective on hybrid ports.
top

Comments

Post a Comment

Popular posts from this blog

Upgrading the firmware on a standalone Fortigate unit or units in an HA cluster

-
Understanding upgrade paths: Each firmware version has an upgrade path requirement from older versions. Most of the time when you are in a MR (major release) patch level, you can upgrade straight to any patch level within the MR. ex: 1) currently, a fortigate unit is running 4.0 MR3 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You can simply upgrade it directly to 4.0 MR3 patch 11. Most of the time when you are upgrading from a MR to the next MR, you can upgrade straight to any patch level in the next MR as long as you are at the highest patch level in the lower/previous MR. ex: 1) currently, a fortigate unit is running 4.0 MR2 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You must first upgrade it to 4.0 MR2 patch 13 (highest 4.0 MR2 patch). 4) Then you can upgrade to 4.0 MR3 patch 11. You should ALWAYS refer to the release notes of the firmware release you wish to upgrade your unit. Even, for comfort, just open a ticket...
Read more

Traffic Shaping With Fortigate

-
FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di...
Read more