Configure Protocol-Based VLANs
Network Requirements
- PC is a host in the Ethernet, and Server1 and Server2 are two servers in the Ethernet.
- The protocol-based VLAN function needs to be configured so that the PC can access only Server 1 before the protocol-based VLAN function is enabled on the port of Device. After the protocol-based VLAN function is enabled on the port, PC can access only Server2.
Network Topology
Figure 3-5 Networking for Configuring Protocol-Based VLANs
Configuration Steps
Step 1: On Device, configure VLANs, and configure the port link types of the ports.
#On Device, create VLAN2 and VLAN3.
|
Device#configure terminal
Device(config)#vlan 2-3
|
#On Device, configure the link type of port gigabitethernet0/1 to Hybrid and allow services of VLAN2 and VLAN3 to pass, and set PVID to 2.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport hybrid untagged vlan 2-3
Device(config-if-gigabitethernet0/1)#switchport hybrid pvid vlan 2
|
#On Device, configure the link type of ports gigabitethernet0/2 and gigabitethernet0/3 to Access. Configure gigabitethernet0/2 to allow services of VLAN2 to pass and configure gigabitethernet0/3 to allow services of VLAN3 to pass.
|
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 2
Device(config-if-gigabitethernet0/2)#exit
Device(config)#interface gigabitethernet 0/3
Device(config-if-gigabitethernet0/3)#switchport mode access
Device(config-if-gigabitethernet0/3)#switchport access vlan 3
Device(config-if-gigabitethernet0/3)#exit
|
Step 2: Configure the protocol-based VLAN function.
#On Device, configure a protocol profile for IP(0x0800) packets that are based on ETHERII encapsulation.
|
Device(config)#protocol-vlan profile 1 frame-type ETHERII ether-type 0x0800 vlan 3
|
#On port gigabitethernet0/1 of Device, the packets that match the protocol profile are forwarded in VLAN3, and the protocol VLAN function is enabled.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#protocol-vlan enable
Device(config-if-gigabitethernet0/1)#exit
|
Step 3: Check the result.
#On Device, query protocol VLAN entries and port enable status.
Device#show protocol-vlan profile
...........................PROTOTOCL-VLAN................
Profile Frame-type Ether-type VLAN
.........................................................
1 ETHERII 0x800 3
.......................Enable PROTOCOL-VLAN..............
gi0/1
#When the protocol-based VLAN function is not enabled on port gigabitethernet0/1, PC can access only Server1. After the protocol-based VLAN function is enabled on port gigabitethernet0/1, PC can access only Server2.
Switch
.png){kind=icon}
.png){kind=logo}
