Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment

In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping.

The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the DHCP snooping entry lookup.

Configuration restrictions and guidelines

When you configure many-to-one VLAN mapping in a network that uses dynamic address assignment, follow these restrictions and guidelines:

Configuration task list

Enabling DHCP snooping

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable DHCP snooping.

dhcp snooping enable

By default, DHCP snooping is disabled.

For more information about DHCP snooping configuration commands, see Layer 3—IP Services Command Reference.

Enabling ARP detection

Enable ARP detection for the original VLANs and the translated VLANs.

To enable ARP detection:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter VLAN view.

vlan vlan-id

N/A

3. Enable ARP detection.

arp detection enable

By default, ARP detection is disabled.

For more information about ARP detection configuration commands, see Security Command Reference.

Configuring the customer-side port

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

3. Set the link type of the port.

  • Set the port link type to trunk:port link-type trunk

  • Set the port link type to hybrid:port link-type hybrid

By default, the link type of a port is access.

4. Assign the port to the original VLANs and the translated VLANs.

  • For the trunk port:port trunk permit vlan vlan-id-list

  • For the hybrid port:port hybrid vlan vlan-id-list tagged

N/A

5. Configure a many-to-one VLAN mapping.

vlan mapping uni { range vlan-range-list | single vlan-id-list } translated-vlan vlan-id

By default, no VLAN mapping is configured on an interface.

6. Enable DHCP snooping entry recording.

dhcp snooping binding record

By default, DHCP snooping entry recording is disabled on an interface.

Configuring the network-side port

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

  • Enter Layer 2 Ethernet interface view:interface interface-type interface-number

  • Enter Layer 2 aggregate interface view:interface bridge-aggregation interface-number

N/A

3. Set the link type of the port.

  • Set the port link type to trunk:port link-type trunk

  • Set the port link type to hybrid:port link-type hybrid

By default, the link type of a port is access.

4. Assign the port to the translated VLANs.

  • For the trunk port:port trunk permit vlan vlan-id-list

  • For the hybrid port:port hybrid vlan vlan-id-list tagged

N/A

5. Configuring the port as a DHCP snooping trusted port.

dhcp snooping trust

By default, all ports that support DHCP snooping are untrusted ports when DHCP snooping is enabled.

6. Configure the port as an ARP trusted port.

arp detection trust

By default, all ports are ARP untrusted ports.

7. Configure the port to use the original VLAN tags of the many-to-one mapping to replace the VLAN tags of the packets destined for the user network.

vlan mapping nni

By default, the port does not replace the VLAN tags of the packets destined for the user network.