Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment
In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping.
The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the DHCP snooping entry lookup.
Configuration restrictions and guidelines
When you configure many-to-one VLAN mapping in a network that uses dynamic address assignment, follow these restrictions and guidelines:
Before you configure many-to-one VLAN mapping, create the original VLANs and the translated VLANs.
Customer-side many-to-one VLAN mapping is not supported on Layer 2 aggregate interfaces.
To ensure correct traffic forwarding from the service provider network to the customer network, do not configure many-to-one VLAN mapping together with uRPF. For more information about uRPF, see Security Configuration Guide.
To modify many-to-one VLAN mappings, first use the reset dhcp snooping binding command to clear the DHCP snooping entries.
Configuration task list
Tasks at a glance |
---|
(Required.) Enabling DHCP snooping |
(Required.) Enabling ARP detection |
(Required.) Configuring the customer-side port |
(Required.) Configuring the network-side port |
Enabling DHCP snooping
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable DHCP snooping. | dhcp snooping enable | By default, DHCP snooping is disabled. For more information about DHCP snooping configuration commands, see Layer 3—IP Services Command Reference. |
Enabling ARP detection
Enable ARP detection for the original VLANs and the translated VLANs.
To enable ARP detection:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter VLAN view. | vlan vlan-id | N/A |
3. Enable ARP detection. | arp detection enable | By default, ARP detection is disabled. For more information about ARP detection configuration commands, see Security Command Reference. |
Configuring the customer-side port
Step | Command | Remarks | |
---|---|---|---|
1. Enter system view. | system-view | N/A | |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A | |
3. Set the link type of the port. |
| By default, the link type of a port is access. | |
4. Assign the port to the original VLANs and the translated VLANs. |
| N/A | |
5. Configure a many-to-one VLAN mapping. | vlan mapping uni { range vlan-range-list | single vlan-id-list } translated-vlan vlan-id | By default, no VLAN mapping is configured on an interface. | |
6. Enable DHCP snooping entry recording. | dhcp snooping binding record | By default, DHCP snooping entry recording is disabled on an interface. |
Configuring the network-side port
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
| N/A |
3. Set the link type of the port. |
| By default, the link type of a port is access. |
4. Assign the port to the translated VLANs. |
| N/A |
5. Configuring the port as a DHCP snooping trusted port. | dhcp snooping trust | By default, all ports that support DHCP snooping are untrusted ports when DHCP snooping is enabled. |
6. Configure the port as an ARP trusted port. | arp detection trust | By default, all ports are ARP untrusted ports. |
7. Configure the port to use the original VLAN tags of the many-to-one mapping to replace the VLAN tags of the packets destined for the user network. | vlan mapping nni | By default, the port does not replace the VLAN tags of the packets destined for the user network. |