Configure IP Subnet-Based VLANs
Network Requirements
- Server1 is the server in the office network, and Server2 is the server in the production network.
- The IP subnet-based VLAN functions need to be configured so that PC1 can access only Server1 and PC2 can access only Server2.
Network Topology
Figure 3-4 Configuring an IP Subnet-Based VLAN
Configuration Steps
Step 1: On Device, configure VLANs, and configure the port link types of the ports.
#On Device, create VLAN2 and VLAN3.
|
Device#configure terminal
Device(config)#vlan 2-3
|
#On Device, configure the link type of port gigabitethernet0/1 to Hybrid and allow services of VLAN2 and VLAN3 to pass, and set PVID to 2.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode hybrid
Device(config-if-gigabitethernet0/1)#switchport hybrid untagged vlan 2-3
Device(config-if-gigabitethernet0/1)#switchport hybrid pvid vlan 2
Device(config-if-gigabitethernet0/1)#exit
|
#On Device, configure the link type of ports gigabitethernet0/2 and gigabitethernet0/3 to Access. Configure gigabitethernet0/2 to allow services of VLAN2 to pass and configure gigabitethernet0/3 to allow services of VLAN3 to pass.
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 2
Device(config)#interface gigabitethernet 0/3
Device(config-if-gigabitethernet0/3)#switchport mode access
Device(config-if-gigabitethernet0/3)#switchport access vlan 3
Device(config-if-gigabitethernet0/3)#exit
|
Step 2: Configure IP subnet-based VLAN functions.
#On Device, configure IP subnet-based VLAN entries so that the packets with the source IP address in the 2.1.1.0/24 subnet can be forwarded in VLAN3.
|
Device(config)#ip-subnet-vlan ipv4 2.1.1.0 mask 255.255.255.0 vlan 3
|
#On port gigabitethernet0/1 of Device, enable the IP subnet-based VLAN function.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#ip-subnet-vlan enable
Device(config-if-gigabitethernet0/1)#exit
|
Step 3: Check the result.
#On Device, query IP subnet VLAN entries and port enable status.
Device(config)#show ip-subnet-vlan
---------------------IP-SUBNET-VLAN--------------------------
NO. IP MASK VLAN PRI
--- --------------- --------------- ------- ------
1 2.1.1.0 255.255.255.0 3 -
--------------------Enable SUBNET-VLAN----------------------
gi0/1
----------------Enable SUBNET-VLAN Priority-----------------
#PC1 can access only Server1 and PC2 can access only Server2.
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
