Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 351 to Favourites
    image text
    Enable zoom 
    							 140 
[DeviceC] vlan 100 
[DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 
[DeviceC-vlan100] quit 
# Associate IP subnet 192.168.50.0/24 with VLAN 200. 
[DeviceC] vlan 200 
[DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0 
[DeviceC-vlan200] quit 
# Configure interface GigabitEthernet 1/0/11 to permit packets of VLAN 100 to pass through. 
[DeviceC] interface GigabitEthernet 1/0/11 
[DeviceC-GigabitEthernet1/0/11] port link-type hybrid 
[DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged 
 Please wait... Done. 
[DeviceC-GigabitEthernet1/0/11] quit 
# Configure interface GigabitEthernet 1/0/12 to permit packets of VLAN 200 to pass through. 
[DeviceC] interface GigabitEthernet 1/0/12 
[DeviceC-GigabitEthernet1/0/12] port link-type hybrid 
[DeviceC-GigabitEthernet1/0/12] port hybrid vlan 200 tagged 
 Please wait... Done. 
[DeviceC-GigabitEthernet1/0/12] quit 
# Associate interface GigabitEthernet 1/0/1 with IP subnet-based VLANs 100 and 200. 
[DeviceC] interface GigabitEthernet 1/0/1 
[DeviceC-GigabitEthernet1/0/1] port link-type hybrid 
[DeviceC-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged 
 Please wait... Done. 
[DeviceC-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100 
[DeviceC-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200 
[DeviceC-GigabitEthernet1/0/1] return 
Verifying the configurations 
# Display the IP subnet information for all VLANs. 
 display ip-subnet-vlan vlan all 
VLAN ID:  100 
 Subnet Index      IP Address      Subnet Mask 
 ==================================================== 
       0          192.168.5.0    255.255.255.0 
VLAN ID:  200 
 Subnet Index      IP Address      Subnet Mask 
 ==================================================== 
       0         192.168.50.0    255.255.255.0 
# Display the IP subnet-based VLAN information on GigabitEthernet 1/0/1. 
 display ip-subnet-vlan interface GigabitEthernet 1/0/1 
Interface: GigabitEthernet1/0/1 
  VLAN ID   Subnet-Index    IP ADDRESS        NET MASK 
  ======================================================= 
   100           0         192.168.5.0    255.255.255.0 
   200           0        192.168.50.0    255.255.255.0
    Add page 352 to Favourites
    image text
    Enable zoom 
    							 141 
Configuration guidelines 
The IP subnet-based VLAN configurations are only effective on hybrid ports. 
Displaying and maintaining VLAN 
 
Task Command Remarks 
Display VLAN information. display
 vlan  [ vlan-id1  [ to vlan-id2  ] | all | dynamic 
|  reserved  | static  ] [ | { begin  | exclude  | include  } 
regular-expression  ]   Available in any 
view 
Display VLAN interface 
information.  display interface
 [ vlan-interface ] [ brief  [ down ] ] [ | 
{  begin |  exclude | include  } regular-expression  ] 
display interface vlan-interface  vlan-interface-id  
[ brief  ] [ | { begin  | exclude  | include  } 
regular-expression  ]  Available in any 
view 
Display hybrid ports or trunk ports 
on the device. 
display port {
 hybrid | trunk  } [ | { begin | exclude  | 
include  } regular-expression ]  Available in any 
view 
Display MAC address-to-VLAN 
entries. display mac-vlan
 { all | dynamic  | mac-address  
mac-address [ mask  mac-mask  ] | static | vlan  
vlan-id  } [ | { begin |  exclude | include  } 
regular-expression  ]   Available in any 
view 
Display all interfaces with 
MAC-based VLAN enabled. 
display mac-vlan interface
 [ | { begin |  exclude | 
include  } regular-expression ]  Available in any 
view 
Display protocol information and 
protocol indexes of the specified 
VLANs. display protocol-vlan vlan
 { vlan-id  [ to  vlan -id  ] |  all } 
[  | { begin  | exclude |  include } regular-expression ]  Available in any 
view 
Display protocol-based VLAN 
information on specified 
interfaces.  display protocol-vlan interface 
{ interface-type 
interface-number  [ to interface-type interface-number  ] 
|  all  } [ |  { begin  | exclude |  include } 
regular-expression  ]  Available in any 
view 
Display IP subnet-based VLAN 
information and IP subnet indexes 
of specified VLANs.  display ip-subnet-vlan vlan
 { vlan-id [ to vlan-id  ] | 
all  } [ |  { begin |  exclude | include  } 
regular-expression  ]  Available in any 
view 
Display the IP subnet-based VLAN 
information and IP subnet indexes 
of specified ports.  display ip-subnet-vlan interface
 { interface-list | all } 
[  | { begin  | exclude |  include } regular-expression ]  Available in any 
view 
Clear statistics on a port. 
reset counters interface vlan-interface
 
[ vlan-interface-id  ]  Available in user 
view
    Add page 353 to Favourites
    image text
    Enable zoom 
    							 142 
Configuring a super VLAN (available only on 
the 5500 EI) 
Overview 
Super VLAN, also called VLAN aggregation, was introduced to save IP address space.  
A super VLAN is associated with multiple sub-VLANs. You can create a VLAN interface for a super VLAN 
and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a 
sub-VLAN. You can assign a physical port to a sub-VLAN, but not to a super VLAN. All ports of a 
sub-VLAN use the VLAN interface IP address of the associated super VLAN. Packets cannot be 
forwarded between sub-VLANs at Layer 2.  
To enable Layer 3 communication between sub-VLANs, create a super VLAN and the VLAN interface, 
and enable local proxy Address Resolution Protocol (ARP) or local proxy Neighbor Discovery (ND) on 
the VLAN interface depending on the VLAN interface IP address type (IPv4 or IPv6) as follows: 
•   In an IPv4 network, enable local proxy ARP on the VLAN interface, so that the super VLAN can 
forward and process ARP requests and replies. 
•   In an IPv6 network, enable local proxy ND on the VLAN interface, so that the super VLAN can 
forward and process the Neighbor Solicitation (NS) messages and Neighbor Advertisement (NA) 
messages. 
Configuration procedure 
To configure a super VLAN, complete the following tasks: 
1. Configure sub-VLANs.  
2. Configure a super VLAN, and associate the super  VLAN with the sub-VLANs configured earlier. 
3. Configure a VLAN interface for the super VLAN. The VLAN interface enables communication 
among hosts and sub-VLANs. 
Configuring sub-VLANs 
To configure a sub-VLAN:  
Step Command Remarks 
1.  Enter system view. 
system-view N/A 
2.  Create a sub-VLAN and enter 
VLAN view.  vlan
 vlan-id   If the specified VLAN already exists, this 
command enters VLAN view only. 
 
 
NOTE: 
To configure more sub-VLANs, repeat these steps. 
 
Configuring a super VLAN 
To configure a super VLAN:
    Add page 354 to Favourites
    image text
    Enable zoom 
    							 143 
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Enter VLAN view. 
vlan vlan-id   If the specified VLAN does not exist, this command 
creates the VLAN first, and then enters VLAN view. 
3.
  Configure the VLAN as a 
super VLAN.  supervlan 
Not configured by default. 
4.  Associate the super 
VLAN with the specified 
sub-VLANs.  subvlan 
vlan-list  VLANs specified by 
vlan-list must be the 
sub-VLANs configured earlier.  
 
  NOTE: 
•  When dynamic MAC-based VLAN assignment is enabled on a port, you cannot confi
gure VLANs of the
MAC address-to-VLAN entries as super VLANs. 
•   Wh e n  a  V L A N  i s  c o n fig u re d  as  a n  i s o l a t e - us er-V L A N  o r  as s o cia t e d  wi t h  s e c o n d a r y  V L A N s,  you  c a n n o
t
configure the VLAN as a super VLAN.   
Configure a VLAN interf ace for the super VLAN 
When you a VLAN interface for the super VLAN, follow these guidelines: 
•  Configure the IP address of the VLAN interface with that of the corresponding super VLAN. 
•   For more information about local proxy ARP and proxy ND functions, see  Layer 3—IP Services 
Configuration Guide . For more information about  local-proxy-arp enable and local-proxy-nd 
enable  commands, see  Layer 3—IP Services Command Reference . 
•   You cannot configure a super VLAN as the guest VLAN for a port, and vice versa. For more 
information about guest VLANs, see Security Configuration Guide .  
•   You can configure Layer 2 multicast for a super  VLAN, but the configuration is ineffective. 
•   You can configure DHCP, Layer 3 multicast, and dynamic routing for the VLAN interface of a super 
VLAN. However, only DHCP takes effect. 
•   HP does not recommend configuring VRRP for the VLAN interface of a super VLAN, because it 
affects network performance. For more information about VRRP, see  High Availability Configuration 
Guide. 
To configure a VLAN interface for the super VLAN: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Create a VLAN 
interface, and enter 
VLAN interface view.  interface vlan-interface 
vlan-interface-id
 The value of vlan-interface-id  must 
be the ID of the super VLAN. 
3.   Configure the IP address 
of the VLAN interface. 
• ip  address  ip-address  { mask | 
mask-length  } [ sub ] 
• ipv6 address  { ipv6-address  
{  prefix-length  | link-local  } | 
ipv6-address/prefix-length  [ anycast 
|  eui-64 ] | auto  [ link-local ] }  Use either command. 
By default, the IP address of a 
VLAN interface is not configured.
    Add page 355 to Favourites
    image text
    Enable zoom 
    							 144 
Step Command Remarks 
4.  Enable local proxy ARP. 
local-proxy-arp enable 
Use either command. 
Disabled by default. 
5.  Enable local proxy ND. 
local-proxy-nd enable 
 
Displaying and maintaining super VLAN 
 
Task Command Remarks 
Display the mapping between a 
super VLAN and its sub-VLANs.  display supervlan 
[ supervlan-id  ] [ | { begin  | 
exclude  | include  } regular-expression ]  Available in any view 
 
Super VLAN configuration example 
Network requirements 
As shown in 
Figure 45: 
•   Cr
eate super VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24. 
•   Create the sub-VLANs VLAN 2, VLAN 3, and VLAN 5. 
•   Assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 2, GigabitEthernet 1/0/3 
and GigabitEthernet 1/0/4 to VLAN 3, and GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 
to VLAN 5. 
•   The sub-VLANs are isolated at Layer 2 but connected at Layer 3. 
Figure 45  Network diagram 
 
 
Configuration procedure 
# Create VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24. 
 system-view 
[Sysname] vlan 10 
[Sysname-vlan10] quit 
[Sysname] interface vlan-interface 10 
[Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0 
# Enable local proxy ARP. 
[Sysname-Vlan-interface10] local-proxy-arp enable 
[Sysname-Vlan-interface10] quit
    Add page 356 to Favourites
    image text
    Enable zoom 
    							 145 
# Create VLAN 2, and assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to it. 
[Sysname] vlan 2 
[Sysname-vlan2] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 
[Sysname-vlan2] quit 
# Create VLAN 3, and assign GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to it. 
[Sysname] vlan 3 
[Sysname-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 
[Sysname-vlan3] quit 
# Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to it. 
[Sysname] vlan 5 
[Sysname-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 
[Sysname-vlan5] quit 
# Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its 
sub-VLANs. 
[Sysname] vlan 10 
[Sysname-vlan10] supervlan 
[Sysname-vlan10] subvlan 2 3 5 
[Sysname-vlan10] quit 
[Sysname] quit 
Verifying the configurations 
# Display information about VLAN 10, the super VLAN, to verify the configuration.  
 display supervlan 
 SuperVLAN ID :  10 
 SubVLAN ID :  2-3 5 
 
 VLAN ID: 10 
 VLAN Type: static 
 It is a Super VLAN. 
 Route Interface: configured 
 IPv4 Address: 10.0.0.1 
 IPv4 Subnet Mask: 255.255.255.0 
 Description: VLAN 0010 
 Name: VLAN 0010 
 Tagged   Ports: none 
 Untagged Ports: none 
 
 VLAN ID: 2 
 VLAN Type: static 
 It is a Sub VLAN. 
 Route Interface: configured 
 IPv4 Address: 10.0.0.1 
 IPv4 Subnet Mask: 255.255.255.0 
 Description: VLAN 0002 
 Name: VLAN 0002 
 Tagged   Ports: none 
 Untagged Ports:
    Add page 357 to Favourites
    image text
    Enable zoom 
    							 146 
    GigabitEthernet1/0/1     GigabitEthernet1/0/2 
 
 VLAN ID: 3 
 VLAN Type: static 
 It is a Sub VLAN. 
 Route Interface: configured 
 IPv4 Address: 10.0.0.1 
 IPv4 Subnet Mask: 255.255.255.0 
 Description: VLAN 0003 
 Name: VLAN 0003 
 Tagged   Ports: none 
 Untagged Ports: 
    GigabitEthernet1/0/3     GigabitEthernet1/0/4 
 
 VLAN ID: 5 
 VLAN Type: static 
 It is a Sub VLAN. 
 Route Interface: configured 
 IPv4 Address: 10.0.0.1 
 IPv4 Subnet Mask: 255.255.255.0 
 Description: VLAN 0005 
 Name: VLAN 0005 
 Tagged   Ports: none 
 Untagged Ports: 
    GigabitEthernet1/0/5     GigabitEthernet1/0/6
    Add page 358 to Favourites
    image text
    Enable zoom 
    							 147 
Configuring an isolate-user-VLAN 
Overview 
An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, 
isolate-user-VLAN and secondary VLAN, are configured on the same device. 
The following are the characteristics of the isolate-user-VLAN implementation: 
•  Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be 
associated with multiple secondary VLANs. As  the upstream device identifies only the 
isolate-user-VLAN and not the secondary VLANs, network configuration is simplified and VLAN 
resources are saved. 
•   You can isolate the Layer 2 traffic of different users by assigning the ports connected to them to 
different secondary VLANs. To enable communic ation between secondary VLANs associated with 
the same isolate-user-VLAN, you can enable local proxy ARP on the upstream device (for example, 
Device A in  Figure 46) to r
 ealize Layer 3 communication between the secondary VLANs. 
As shown in Figure 46 , t
he isolate-user-VLAN function is enabled on Device B. VLAN 10 is the 
isolate-user-VLAN. VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs associated with VLAN 10 and 
are invisible to Device A. 
Figure 46  An isolate-user-VLAN example 
 
 
To configure an isolate-user-VLAN, complete the following tasks: 
1. Configure the isolate-user-VLAN. 
2. Configure the secondary VLANs. 
3. Configure uplink and downlink ports: 
{  Configure the uplink ports, for example, the port connecting Device B to Device A in Figure 46 , 
to
 operate in  promiscuous  mode in the specified VLAN, so that the uplink ports can be added 
to the specified isolate-user-VLAN and the secondary VLANs associated with the 
isolate-user-VLAN synchronously. 
{  Configure the downlink ports, for example, the ports connecting Device B to hosts in  Figure 46, 
to oper
ate in host mode, so that the downli nk ports can be added to the isolate-user-VLAN 
associated with the secondary VLAN synchronously.
    Add page 359 to Favourites
    image text
    Enable zoom 
    							 148 
{ For more information about the promiscuous and host mode commands, see  Layer 2—LAN 
Switching Command Reference .  
4. Associate the isolate-user-VLAN with the specified secondary VLANs. 
Configuration restrictions and guidelines 
•  To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3, follow 
these steps: 
a. Configure VLAN interfaces for the isolate-user -VLAN and the secondary VLANs, and configure 
the gateway IP address for the isolate-user-VLAN  interface (you do not need to configure IP 
addresses for the secondary VLAN interfaces).  
b.  You must configure the isolated-vlan enable  command for at least one secondary VLAN to 
isolate the ports in the secondary VLAN. 
•   The dynamic MAC addresses entries learned in  the isolate-user-VLAN are automatically 
synchronized to all the secondary VLANs, and the dynamic MAC address entries learned in a 
secondary VLAN are automatically synchronized to the isolate-user-VLAN. Static MAC address 
entries cannot be automatically synchronized. If you have configured static MAC address entries in 
the isolate-user-VLAN, you should also config ure the same static MAC address entries in the 
secondary VLANs to avoid broadcasts, and vice versa.  
•   You cannot configure the member port of a service loopback group as the uplink or downlink port 
of an isolate-user-VLAN. For more information about the service loopback group, see  Configuring 
a ser

vice loopback group (available only on the 5500 EI) . 
Configuration procedure 
To configure an isolate-user-VLAN:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Create a VLAN and enter 
VLAN view.  vlan
 vlan-id  N/A 
3.  Configure the VLAN as an 
isolate-user-VLAN.  isolate-user-vlan enable 
Not configured by default. 
4.  Return to system view. 
quit  N/A 
5.  Create secondary VLANs. 
vlan { vlan-id1  [ to vlan-id2  ] | all } N/A 
6.  Configure Layer 2 isolation 
between ports in the same 
secondary VLAN.  isolated-vlan enable  Optional. 
By default, ports in the same 
secondary VLAN can 
communicate with one another at 
Layer 2.  
This configuration takes effect only 
after you configure the downlink 
ports to operate in host
 mode and 
associate the secondary VLANs 
with an isolate-user-VLAN. 
7.   Return to system view. 
quit  N/A
    Add page 360 to Favourites
    image text
    Enable zoom 
    							 149 
Step Command Remarks 
8.  Configure the uplink port.  a.
 Enter Layer 2 Ethernet or 
aggregate interface view:
 
interface  interface-type 
interface-number 
Or  
interface 
bridge-aggregation 
interface-number 
b.  Con figure the port to 
operate in promiscuous 
mode in a specific VLAN:
 
port isolate-user-vlan  
vlan-id  promiscuous  N/A 
9.
  Return to system view. 
quit  N/A 
10. Configure the downlink port.  a.
 Enter Layer 2 Ethernet or 
aggregate interface view:
 
interface  interface-type 
interface-number 
Or 
interface 
bridge-aggregation 
interface-number 
b.  Configure the link type of 
the port: 
port link-type  { access | 
hybrid | trunk  } 
c.   Assign ports to the 
secondary VLAN: 
Access port:  port access 
vlan  vlan-id 
Hybrid port:  port hybrid 
vlan  vlan-id-list  { tagged  | 
untagged  } 
Tru n k  p or t :   port trunk 
permit vlan { vlan-id-list  | 
all  } 
d.  Configure the port to 
operate in host mode: 
port isolate-user-vlan host
 
N/A 
11.  Return to system view. 
quit  N/A 
12. Associate the 
isolate-user-VLAN with the 
specified secondary VLANs.  isolate-user-vlan 
isolate-user-vlan-id
 secondary 
secondary-vlan-id  [ to 
secondary-vlan-id  ]  Not configured by default. 
 
Displaying and maintaining isolate-user-VLAN
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide