Maipu Administration Guide

Configure IP Subnet-Based VLANs

Network Requirements

Server1 is the server in the office network, and Server2 is the server in the production network.
The IP subnet-based VLAN functions need to be configured so that PC1 can access only Server1 and PC2 can access only Server2.

Network Topology

Configuring an IP Subnet-Based VLAN

Figure 3-4 Configuring an IP Subnet-Based VLAN

Configuration Steps

Step 1: On Device, configure VLANs, and configure the port link types of the ports.

#On Device, create VLAN2 and VLAN3.

Device#configure terminal
Device(config)#vlan 2-3

#On Device, configure the link type of port gigabitethernet0/1 to Hybrid and allow services of VLAN2 and VLAN3 to pass, and set PVID to 2.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode hybrid
Device(config-if-gigabitethernet0/1)#switchport hybrid untagged vlan 2-3
Device(config-if-gigabitethernet0/1)#switchport hybrid pvid vlan 2
Device(config-if-gigabitethernet0/1)#exit

#On Device, configure the link type of ports gigabitethernet0/2 and gigabitethernet0/3 to Access. Configure gigabitethernet0/2 to allow services of VLAN2 to pass and configure gigabitethernet0/3 to allow services of VLAN3 to pass.

Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 2
Device(config)#interface gigabitethernet 0/3
Device(config-if-gigabitethernet0/3)#switchport mode access
Device(config-if-gigabitethernet0/3)#switchport access vlan 3
Device(config-if-gigabitethernet0/3)#exit

Step 2: Configure IP subnet-based VLAN functions.

#On Device, configure IP subnet-based VLAN entries so that the packets with the source IP address in the 2.1.1.0/24 subnet can be forwarded in VLAN3.

Device(config)#ip-subnet-vlan ipv4 2.1.1.0 mask 255.255.255.0 vlan 3

#On port gigabitethernet0/1 of Device, enable the IP subnet-based VLAN function.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#ip-subnet-vlan enable
Device(config-if-gigabitethernet0/1)#exit

Step 3: Check the result.

#On Device, query IP subnet VLAN entries and port enable status.

Device(config)#show ip-subnet-vlan   
---------------------IP-SUBNET-VLAN--------------------------
NO.   IP                MASK              VLAN    PRI  
---  ---------------   ---------------   ------- ------      
1     2.1.1.0           255.255.255.0      3       -          
--------------------Enable SUBNET-VLAN----------------------
gi0/1                                
----------------Enable SUBNET-VLAN Priority-----------------

#PC1 can access only Server1 and PC2 can access only Server2.