Huawei switch port application

Posted on 01-07-2013



Usually, in order to realize the isolation switch port between the most simple,commonly used method is to divide the VLAN (virtual local area network).However, in the specific application, often hope between port isolation after some VALN flexible exchange. Under normal circumstances, need to realize the isolationin the two layer switch, and then realize exchange of visits between the VLAN inthe three layer switch or router.

In fact, only using layer two switches can also complete isolation and visits thefunction, this is the two layer switch Hybrid (mixed) application port mode.

The 1 switch link port mode

Huawei layer two switches generally have four kinds of link port mode,respectively is Access, Trunk, Hybrid and Fabric port mode.

1.1 Access port mode

Access type of port can only belong to one VLAN, so the default VLAN it is that it’s VLAN, not set. In general as a connected computer port.

1.2 Trunk port mode

Trunk type of port can belong to multiple VLAN, can message receiving and transmitting a plurality of VLAN, commonly used as a connection between portswitch.

1.3 Hybrid port mode

Hybrid type of port can belong to multiple VLAN, can message receiving and transmitting a plurality of VLAN, can be connected to the switch between, alsocan be used for connecting the user’s computer. The following characteristicsHybrid port mode:

The Hybrid property is a hybrid model, implemented in a untagged (not labeled)port allows packets to tagged (tag) form sent switch. At the same time, you can use the Hybrid property to define respectively belong to the exchange of visits between the different VLAN port, which is the Access and Trunk ports that can not be realized.

Message Hybrid port can also set the VLAN tag, which are not labeled, for the realization of the different VLAN message to perform different processingfoundation.

If you set the default VLAN port of ID, when the port receives a message without VLAN Tag, the packet forwarding to the default VLAN port; when the messagesend port with VLAN Tag, if the message VLAN ID and port the default VLAN ID,then the system will remove the message of VLAN Tag, and then sends the message.

The difference between Hybrid and Trunk port mode is: send message Hybridport allows multiple VLAN without a label (untagged), and the Trunk port is only allowed to send the message of the default VLAN without a label.

1.4 Fabric port mode

The Fabric port is between the Unit port IRF, only for the interconnectionbetween Unit, the user cannot connect.

Application of 2 Hybrid port mode

Through the introduction of the two layer switch various link port mode, we canaccording to the different characteristics of flexibility to complete its various applications.

Below in order to Huawei Quidway S2116-EI switch as example, introduced torealize isolation between ports and visits by two layer switch port Hybrid mode.

2.1 network demand

The S2116-EI switch 1 to 4 ports and 5 to 8 ports are respectively connected with four departments, each department is connected with two ports, 15 portconnected to a WEB server, a 16 port is connected on the outer net export line.

Network demand:

The four departments are isolated from each other but also access to the WEB server; four departments are flexible control of access to the external network.

2.2 solutions

First, each port is divided into different VLAN, is divided into 16 VLAN, each VLANa port. Each port is configured as a hybrid state. Set port PVID is equal to the port of VLAN. The hope can exchange port of PVID VLAN, set to untaggedVLAN, a broadcast frame from the port to the Port A. According to this train of thought, configuration VLAN1 to VLAN4 can only access the VLAN15 (WEB server), VLAN5 to VLAN8 can access the VLAN15 can access VLAN16 (external),VLAN15 can make all VLAN access, VLAN16 allows VLAN5 to VLAN 8 and VLAN15 access. So, the four sectors are respectively connected to 1 to 4 and 5 port toport 8, when four departments need to access the Internet through the switch WEB management interface to open 5 to 8 ports, need to close the Internetsimply shut down 5 to 8 ports.

2.3 main configuration command

Port 16 as an example, the main configuration command S2116-EI as follows:


[Quidway]vlan 16

[Quidway]port Ethernet0/16

[Quidway]interface Ethernet0/16

[Quidway – Ethernet0/16] port link-type hybrid

[Quidway – Ethernet0/16] port hybrid PVID VLAN 16 [Quidway Ethernet0/16]port hybrid VLAN 5 to 815 untagged actually, this configuration is through the hybrid port of the PVID to a unique representation of a port, the receive port bysetting VLAN to untagged VLAN and PVID VLAN, to control whether the VLANport communication. In order to achieve WEB interface management with the following configuration. First check to see if the switch inside the flash file. (WEBinterface management file already in the switch flash #)

<Quidway>dir /all

-rwxrwx 1 noone nogroup 442797 Apr 022000 13:09:50 wnm-xxx.zip


[Quidway]local-user admin

[Quidway-luser-admin]service-type telnet Level 3 [Quidway-luser-admin]password simple admin [Quidway-luser-admin] interface VLAN 1 [Quidway-Vlan-interface1]ip address in the management of computer IE input, you can enter the WEB managementinterface

