The Menu interface enables configuration and display of port-based VLANs only. The CLI configures and displays port-based and protocol-based VLANs.
In the factory default state, the switch is enabled for up to 256 VLANs, all ports belong to the default primary VLAN and are in the same broadcast/multicast domain. You can reconfigure the switch to support up to 2048 VLANs, with up to 4094 VIDs, by adding new VLAN names and VIDs and then assigning one or more ports to each VLAN.
This example shows the options available to assign individual ports to a static VLAN.
Note that GVRP, if configured, affects these options and the VLAN behavior on the switch.
Per-port VLAN configuration options
|
|
NOTE: The Menu interface configures and displays only port-based VLANs. The CLI configures and displays port-based and protocol-based VLANs (see Using the CLI to configure port-based and protocol-based VLAN parameters. |
|
|
In the factory default state, support is enabled for up to 256 VLANs. (You can reconfigure the switch to support up to 2048 (vids up to 4094) VLANs.) Also, in the default configuration, all ports on the switch belong to the default VLAN and are in the same broadcast/multicast domain. (The default VLAN is also the default Primary VLAN; see The primary VLAN.) In addition to the default VLAN, you can configure additional static VLANs by adding new VLAN names and VIDs, and then assigning one or more ports to each VLAN. (The maximum of 2048 VLANs includes the default VLAN, all additional static VLANs you configure, and any dynamic VLANs the switch creates if you enable GVRP; see GVRP.) Note that each port can be assigned to multiple VLANs by using VLAN tagging; see VLAN tagging rules.)
The following procedure provides instructions for changing the maximum number of VLANs to support, changing the primary VLAN selection and enabling or disabling dynamic VLANs.
-
From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 1. VLAN Support
-
Press E (for Edit) and then do one or more of the following:
-
To change the maximum number of VLANs, enter the new number (1 - 2048 allowed; default 256).
-
To designate a different VLAN as the Primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. The Primary VLAN must be a static, port-based VLAN.
-
To enable or disable dynamic VLAgNs, select the GVRP Enabled field and use the Space bar to toggle between options. For GVRP information, see GVRP.
NOTE: For optimal switch memory utilization, set the number of VLANs at the number you will likely be using or a few more. If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time.
-
-
Press Enter and then S to save the VLAN support configuration and return to the VLAN Menu screen.
If you changed the value for Maximum VLANs to support, an asterisk appears next to the VLAN Support option; see VLAN menu screen indicating the need to reboot the switch.
Use this procedure to add a new VLAN or to edit the name of an existing VLAN.
-
From the Main Menu select 2. Switch Configuration —> 8. VLAN Menu … —> 2. VLAN Names
If multiple VLANs are not yet configured, you will see a screen similar to The default VLAN names screen.
-
You will be prompted for a new VLAN name and VLAN ID:
802.1Q VLAN ID : 1 Name : _ -
Type a VID (VLAN ID number). This can be any number from 2 to 4094 that is not already being used by another VLAN (the switch reserves 1 for the default VLAN).
NOTE: A VLAN must have the same VID in every switch in which you configure that same VLAN. GVRP dynamically extends VLANs with correct VID numbering to other switches; see GVRP .
-
Press ↓ key to move the cursor to the Name line and enter the VLAN name, using up to 12 characters with no spaces. Press Enter.
NOTE: Do not use the following characters in VLAN names: @, #:, $, ^, &, *, ( and ).
-
Repeat steps 2 through 5 to add more VLANs.
You can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen. This includes any VLANs added dynamically due toGVRP operation.
Return to the VLAN Menu to assign ports to the new VLAN, as described in Adding or changing a VLAN port assignment (Menu).
Ports not specifically assigned to a VLAN are automatically in the default VLAN.
-
From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 3. VLAN Port Assignment
You will see a screen similar to the following:
-
To change a port's VLAN assignment:
-
Use the arrow keys to select a VLAN assignment you want to change.
-
Press the Space bar to make your assignment selection (No, Tagged, Untagged , or Forbid. For information on VLAN tags, see 802.1Q VLAN tagging.
-
If you are finished assigning ports to VLANs, press Enter and then S (for Save) to activate the changes and return to the Configuration menu. (The console then returns to the VLAN menu.)
-
NOTE: For GVRP Operation: If you enable GVRP on the switch, No converts to Auto, which allows the VLAN to dynamically join an advertised VLAN that has the same VID.
For ports A4 and A5 to belong to both DEFAULT_VLAN and VLAN-22 and ports A6 and A7 to belong only to VLAN-22, use the settings in The default VLAN names screen. This example assumes that the default GVRP setting is disabled
and that you do not plan to enable GVRP later.
In the factory default state, all ports on the switch belong to the port-based default VLAN (DEFAULT_VLAN; VID=1) and are in the same broadcast/multicast domain.
The default VLAN is also the Primary VLAN. For more on this topic, see The primary VLAN.)
You can configure up to 255 additional static VLANs by adding new VLAN names and then assigning one or more ports to each VLAN.
The switch accepts a maximum of 2048 VLANs with VIDs numbered up to 4094. This must include the default VLAN and any dynamic VLANs the switch creates if you enable GVRP (see GVRP).
|
|
NOTE: Each port can be assigned to multiple VLANs by using VLAN tagging. See VLAN tagging rules. |
|
|
The vlan
command operates in the global configuration context to configure a static VLAN and/or take the CLI to a specified VLAN's context.<vid>
Syntax:
If
does not exist in the switch, this command creates a port-based VLAN with the specified
<vid>
<vid>
If the command does not include options, the CLI, moves to the newly created VLAN context.
If an optional name is not specified, the switch assigns a name in the default format
VLAN
n, wheren
is theassigned to the VLAN.
<vid>
If the VLAN already exists and you enter either the
or the
<vid>
,the CLI moves to the specified VLAN's context.
<ascii-name-string>
The
no
form of the command deletes the VLAN as follows:If one or more ports belong only to the VLAN to be deleted, the CLI notifies you that these ports will be moved to the default VLAN and prompts you to continue the deletion. For member ports that also belong to another VLAN, there is no move prompt.
Configures a static, protocol VLAN of the specified type.
If multiple protocols are configured in the VLAN, the
no
form removes the specified protocolIf a protocol VLAN is configured with only one protocol type and you use the
no
form of this command to remove that protocol, the switch changes the protocol VLAN to a port-based VLAN (if the VLAN does not have an untagged member port).If an untagged member port exists on the protocol VLAN, you must either convert the port to a tagged member or remove the port from the VLAN before removing the last protocol type from the VLAN.
When included in a
vlan
command to create a new static VLAN, this command specifies a non-default VLAN name. Also used to change the current name of an existing VLAN.
NOTE: Avoid spaces and the following characters in the
entry:
<ascii-name-string>
@
,#:
,$
,^
,&
,*
,(
and)
. To include a blank space in a VLAN name, enclose the name in single or double quotes.
voice
Designates a VLAN for VoIP use. For more on this topic, see Using voice VLANs.
NOTE: You can use these options from the configuration level by beginning the command with
vlan
, or from the context level of the specific VLAN by just entering the command option.<vid>
Creating a new port-based static VLAN
The following example shows how to create a new port-based, static VLAN with a VID of 100 using the following steps:
-
To create the new VLAN, type the
vlan 100
command. -
To show the VLANs currently configured in the switch, type the
show vlans
command.
If the Management VLAN field (Primary VLAN : DEFAULT_VLAN Management VLAN
shown in the display information below) is empty, a Secure Management VLAN is not configured in the switch. For more information on configuring a secure management VLAN, see The secure Management VLAN.
HP Switch(config)#: vlan 100 HP Switch(config)#: show vlans Status and Counters - VLAN Information Maximum VLANs to support : 8 Primary VLAN : DEFAULT_VLAN Management VLAN : VLAN ID Name Status Voice Jumbo ------- -------------------- ------------ ----- ----- 1 DEFAULT_VLAN Port-based No No 100 VLAN100 Port-based No No
Syntax:
This command, used with the options listed below, changes the name of an existing static VLAN and the per-port VLAN membership settings.
|
|
NOTE: You can use these options from the configuration level by beginning the command with |
|
|
Configures the indicated port as Tagged for the specified VLAN. The
no
version sets the port to either No or (if GVRP is enabled) to Auto.
untagged
<port-list>
Configures the indicated port as Untagged for the specified VLAN. The
no
version sets the port to either No or (if GVRP is enabled) to Auto.
forbid
<port-list>
Used in port-based VLANs, configures
as forbidden, to become a member of the specified VLAN, as well as other actions. Does not operate with option not allowed protocol VLANs. The
<port-list>
no
version sets the port to eitherNo
or (if GVRP is enabled) toAuto
. See GVRP.
auto
<port-list>
Available if GVRP is enabled on the switch. Returns the per-port settings for the specified VLAN to
Auto
operation.Auto
is the default per-port setting for a static VLAN if GVRP is running on the switch. For information on dynamic VLAN and GVRP operation, see GVRP.
Changing the VLAN name and set ports to tagged
Suppose there is a VLAN named VLAN100 with a VID of 100 and all ports are set to No for this VLAN. To change the VLAN name to Blue_Team
and set ports A1 - A5 to Tagged, use the following commands:
HP Switch(config)#: vlan 100 name Blue_Team HP Switch(config)#: vlan 100 tagged a1-a5
Moving the context level
To move to the vlan 100
context level and execute the same commands:
HP Switch(config)#: vlan 100 HP Switch(vlan-100)#: name Blue_Team HP Switch(vlan-100)#: tagged a1-a5
Changing tagged ports
Similarly, to change the tagged ports in the above examples to No
(or Auto
, if GVRP is enabled), use either of the following commands.
At the global config level, use:
HP Switch(config)#: no vlan 100 tagged a1-a5
At the VLAN 100 context level, use:
HP Switch(vlan-100)#: no tagged a1-a5
Syntax:
Converts a dynamic, port-based VLAN membership to static, port-based VLAN membership (allows port-based VLANs only).
For this command,
refers to the VID of the dynamic VLAN membership. Use
<vlan-id>
show vlan
to help identify the VID.This command requires that GVRP is running on the switch and a port is currently a dynamic member of the selected VLAN.
After you convert a dynamic VLAN to static, you must configure the switch's per-port participation in the VLAN in the same way that you would for any static VLAN. For GVRP and dynamic VLAN operation, see GVRP.
Syntax:
Deleting a static VLAN
Following VLAN Names screen with a new VLAN added, if ports B1-B5 belong to both VLAN 2 and VLAN 3 and ports B6-B10 belong to VLAN 3, deleting VLAN 3 causes the CLI to prompt you to approve moving ports B6 - B10 to VLAN 1 (the default VLAN). (Ports B1-B5 are not moved because they still belong to another VLAN.)
HP Switch(config)#: no vlan 3
The following ports will be moved to the default VLAN:
B6-B10
Do you want to continue?
[y/n]
Y
HP Switch(config)#::
Enables the user to add or delete interfaces from multiple tagged or untagged VLANs or SVLANs using a single command. Interfaces can be added or deleted up to 256 VLANs at a time. If more than 256 VLANs are specified, an error displays. The forbid
command option prevents specified ports from becoming members of specified VLANs or SVLANs when used with GVRP. The command is executed in the interface context.
Syntax
Removing an interface from several VLANs
The vlan-id-list
includes a comma-separated list of VLAN IDs and/or VLAN ID ranges.
You can administratively disable the IP address on specified VLANs with static IP addresses without removing the Layer 3 configuration. The switch can be pre-configured as a backup router, then quickly transition from backup to active by re-enabling Layer 3 routing on one or more VLANs. While the switch is in “backup” mode, it will still performing Layer 2 switching.
A MIB object will be toggled to make Layer 3 routing active or inactive on a VLAN.
This feature affects management access to the switch as follows:
When the disable layer3
command is configured on a VLAN, the behavior is as if no IP address were configured for that VLAN. There is no other change in behavior.
Syntax:
In config context, turns off Layer 3 routing for the specified VLAN or VLANs. When executed in vlan context, turns off Layer 3 routing for that VLAN.
The
no
form turns on Layer 3 routing for the specified VLAN or VLANs.
The show ip
command displays disabled
in the IP Config column if Layer 3 has been disabled, or if the VLAN has no IP configuration. You can tell which is the case by viewing the remaining columns; if there is no IP configuration, the remaining columns are blank.
Displaying a VLAN disabled for Layer 3
HP Switch(config)#: show ip Internet (IP) Service IP Routing : Disabled Default Gateway : 172.22.16.1 Default TTL : 64 Arp Age : 20 Domain Suffix : DNS server : VLAN | IP Config IP Address Subnet Mask Proxy ARP -------------------- + ---------- --------------- --------------- --------- DEFAULT_VLAN | DHCP/Bootp 172.22.18.100 255.255.248.0 No No VLAN3 | Disabled 172.17.17.17 255.255.255.0 No No VLAN6 | Disabled VLAN7 | Manual 10.7.7.1 255.255.255.0 No No
For IPv6, the Layer 3 Status
field displays the status of Layer 3 on that VLAN.
Displaying IPv6 Layer 3 status for a VLAN
HP Switch(config)#: show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : ND DAD : Enabled DAD Attempts : 3 Vlan Name : DEFAULT_VLAN IPv6 Status : Disabled Layer 3 Status : Enabled Vlan Name : layer3_off_vlan IPv6 Status : Disabled Layer 3 Status : Disabled Address | Address Origin | IPv6 Address/Prefix Length Status ---------- + ------------------------------------------- ----------- manual | abcd::1234/32 tentative autoconfig | fe80::218:71ff:febd:ee00/64 tentative
Disabling Layer 3 functionality and DHCP are mutually exclusive, with DHCP taking precedence over disable layer3 on a VLAN. The following interactions occur:
-
If the
disable layer3
command is executed when DHCP is already configured, no disabling of the VLAN occurs. This error message displays: “Layer 3 cannot be disabled on a VLAN that has DHCP enabled.” -
From the CLI: If
disable layer3
is configured already and an attempt is made to configure DHCP, DHCP takes precedence and will be set. The warning message displays: “Layer 3 has also been enabled on this VLAN since it is required for DHCP.” -
From the CLI: When disabling a range of VLAN IDs, this warning message displays: “Layer 3 will not be disabled for any LANs that have DHCP enabled.”
-
From SNMP: If the
disable layer3
command is executed when DHCP is already configured, no disabling of the VLAN occurs. An INCONSISTENT_VALUE error is returned. -
From SNMP: If
disable layer3
is configured already and an attempt is made to configure DHCP, DHCP takes precedence and will be set.
For more information on Primary VLANs, see The primary VLAN.
Syntax:
In the default VLAN configuration, the port-based default VLAN (
DEFAULT_VLAN
) is the Primary VLAN. This command allows reassignment of the Primary VLAN function to an existing, port-based, static VLAN.The switch will not reassign the Primary VLAN function to a protocol VLAN.
NOTE: If you reassign the Primary VLAN to a non-default VLAN, you cannot later delete that VLAN from the switch until you assign the Primary VLAN to another port-based, static VLAN.
To identify the current Primary VLAN and list the available VLANs and their respective VIDs, use
show vlans
.
Re-assigning, renaming and displaying the VLAN command sequence
The following example shows how to re-assign the Primary VLAN to VLAN 22 (first command line), rename the VLAN 22-Primary (second command line) and then display the result (third command line):
HP Switch(config)#: primary-vlan 22 HP Switch(config)#: vlan 22 name 22-Primary HP Switch(config)#: show vlans Status and Counters - VLAN Information Maximum VLANs to support : 8 Primary VLAN : 22-Primary Management VLAN : VLAN ID Name Status Voice Jumbo ------- -------------------- ------------ ----- ----- 1 DEFAULT_VLAN Static No No 22 22-Primary Static No No
-
Determine a VID and VLAN name suitable for your Management VLAN.
-
Plan your topology to use HP switches that support Management VLANs. See The secure Management VLAN.
-
Include only the following ports:
-
Ports to which you will connect authorized management stations, such as Port A7 in Management VLAN control in a LAN.
-
Ports on one switch that you will use to extend the Management VLAN to ports on other HP switches, such as ports A1 and Management VLAN control in a LAN.
-
-
Half-duplex repeaters dedicated to connecting management stations to the Management VLAN can also be included in this topology. Note that any device connected to a half-duplex repeater in the Management VLAN will also have Management VLAN access.
-
Test the Management VLAN from all of the management stations authorized to use it, including any SNMP-based network management stations. Also test any Management VLAN links between switches.
|
|
NOTE: If you configure a Management VLAN on a switch using a Telnet connection through a port not in the Management VLAN, you will lose management contact with the switch if you log off your Telnet connection or execute |
|
|
Syntax:
Configures an existing VLAN as the Management VLAN.
The
no
form disables the Management VLAN and returns the switch to its default management operation.Default: Disabled. In this case, the VLAN returns to standard VLAN operation.
Switch configuration
You have configured a VLAN named My_VLAN
with a VID of 100 and want to configure the switch to do the following:
-
Use
My_VLAN
as a Management VLAN (tagged, in this case) to connect port A1 on switch "A" to a management station. The management station includes a network interface card with 802.1Q tagged VLAN capability. -
Use port A2 to extend the Management VLAN to port B1 which is already configured as a tagged member of
My_VLAN
, on an adjacent HP switch that supports the Management VLAN feature.
HP Switch (config)#: management-vlan 100 HP Switch (config)#: vlan 100 tagged a1 HP Switch (config)#: vlan 100 tagged a2
Use DHCP to obtain an IPv4 address for your Management VLAN or a client on that VLAN. The following examples illustrate when an IP address will be received from the DHCP server.
DHCP server on a Management VLAN
If Blue_VLAN is configured as the Management VLAN and the DHCP server is also on Blue_VLAN, Blue_VLAN receives an IP address. Because DHCP Relay does not forward onto or off of the Management VLAN, devices on Red_VLAN cannot get an IP address from the DHCP server on Blue_VLAN (Management VLAN) and Red_VLAN does not receive an IP address.
DHCP server on a different VLAN from the Management VLAN
If Red_VLAN is configured as the Management VLAN and the DHCP server is on Blue_VLAN, Blue_VLAN receives an IP address but Red_VLAN does not.
No Management VLANs configured
If no Management VLAN is configured, both Blue_VLAN and Red_VLAN receive IP addresses.
A client on a different Management VLAN from the DHCP server
If Red_VLAN is configured as the Management VLAN and the client is on Red_VLAN, but the DHCP server is on Blue_VLAN, the client will not receive an IP address.
A DHCP server and client on the Management VLAN
If Blue_VLAN is configured as the Management VLAN, the client is on Blue_VLAN and the DHCP server is on Blue_VLAN, the client receives an IP address.
You can disable the Secure Management feature without deleting the VLAN.
Disabling the secure management feature
The following commands disable the Secure Management feature in the above example:
HP Switch (config)#: no management-vlan 100 HP Switch (config)#: no management-vlan my_vlan
For more information, see The secure Management VLAN.
Syntax:
In the default VLAN configuration, the switch allows a maximum of 256 VLANs. Use this command to specify the maximum VLANs to allow and specify any value from 1 to 2048.
If GVRP is enabled, this setting includes any dynamic VLANs on the switch. As part of implementing a new setting, you must execute a
write memory
command to save the new value to the startup-config file and then reboot the switch.
NOTE: If multiple VLANs exist on the switch, you cannot reset the maximum number of VLANs to a value smaller than the current number of VLANs.
Changing the number of allowed VLANs
The following example shows the command sequence for changing the number of VLANs allowed to 10. Note that you can execute the commands to write memory
and boot
at another time.
HP Switch(config)#: max-vlans 10
This command will take effect after saving the configuration
and rebooting the system.
HP Switch(config)#: write memory
HP Switch(config)#: boot
Device will he rebooted, do you want to continue [y/n]?
Y