Protocol-based VLAN configuration example

Network requirements

As shown in Figure 45:

To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200.

Figure 45: Network diagram

Configuration procedure

In this example, L2 Switch A and L2 Switch B use the factory configuration.

  1. Configure Device:

    # Create VLAN 100, and configure the description for VLAN 100 as protocol VLAN for IPv4.

    <Device> system-view
    [Device] vlan 100
    [Device-vlan100] description protocol VLAN for IPv4
    

    # Assign Ten-GigabitEthernet 1/0/11 to VLAN 100.

    [Device-vlan100] port ten-gigabitethernet 1/0/11
    [Device-vlan100] quit
    

    # Create VLAN 200, and configure the description for VLAN 200 as protocol VLAN for IPv6.

    [Device] vlan 200
    [Device-vlan200] description protocol VLAN for IPv6
    

    # Assign Ten-GigabitEthernet 1/0/12 to VLAN 200.

    [Device-vlan200] port ten-gigabitethernet 1/0/12
    

    # Configure VLAN 200 as a protocol-based VLAN, and create an IPv6 protocol template with the index 1 for VLAN 200.

    [Device-vlan200] protocol-vlan 1 ipv6
    [Device-vlan200] quit
    

    # Configure VLAN 100 as a protocol-based VLAN, and create an IPv4 protocol template with the index 1 for VLAN 100.

    [Device] vlan 100
    [Device-vlan100] protocol-vlan 1 ipv4
    

    # Create an ARP protocol template with the index 2 for VLAN 100. (In Ethernet II encapsulation, the protocol type ID for ARP is 0x0806.)

    [Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806
    [Device-vlan100] quit
    

    # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.

    [Device] interface ten-gigabitethernet 1/0/1
    [Device-Ten-GigabitEthernet1/0/1] port link-type hybrid
    [Device-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
    

    # Associate Ten-GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.

    [Device-Ten-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 1 to 2
    [Device-Ten-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 1
    [Device-Ten-GigabitEthernet1/0/1] quit
    

    # Configure Ten-GigabitEthernet 1/0/2 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.

    [Device] interface ten-gigabitethernet 1/0/2
    [Device-Ten-GigabitEthernet1/0/2] port link-type hybrid
    [Device-Ten-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
    

    # Associate Ten-GigabitEthernet 1/0/2 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.

    [Device-Ten-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 1 to 2
    [Device-Ten-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 1
    [Device-Ten-GigabitEthernet1/0/2] quit
    
  2. Configure hosts and servers:

    1. Configure IPv4 Host A, IPv4 Host B, and IPv4 server to be on the same network segment (192.168.100.0/24, for example). (Details not shown.)

    2. Configure IPv6 Host A, IPv6 Host B, and IPv6 server to be on the same network segment (2001::1/64, for example). (Details not shown.)

Verifying the configuration

  1. Verify the following:

    • The hosts and the server in VLAN 100 can successfully ping one another. (Details not shown.)

    • The hosts and the server in VLAN 200 can successfully ping one another. (Details not shown.)

    • The hosts or the server in VLAN 100 cannot ping the hosts or server in VLAN 200. (Details not shown.)

  2. Verify the protocol-based VLAN configuration:

    # Display protocol-based VLANs on Device.

    [Device] display protocol-vlan vlan all
     VLAN ID: 100
      Protocol index  Protocol type
      1               IPv4
      2               Ethernet II Etype 0x0806
    
     VLAN ID: 200
      Protocol index  Protocol type
      1               IPv6
    

    # Display protocol-based VLANs on the ports of Device.

    [Device] display protocol-vlan interface all
     Interface: Ten-GigabitEthernet1/0/1
      VLAN ID  Protocol index  Protocol type             Status
      100      1               IPv4                      Active
      100      2               Ethernet II Etype 0x0806  Active
      200      1               IPv6                      Active
    
     Interface: Ten-GigabitEthernet 1/0/2
      VLAN ID  Protocol index  Protocol type             Status 
      100      1               IPv4                      Active
      100      2               Ethernet II Etype 0x0806  Active
      200      1               IPv6                      Active