Please select To the mobile version | Continue to access the desktop computer version
 Forgot password?
 Register now


Switch

View: 78|Reply: 0

How to configure super vlan?

[Copy link]

36

Digests

674

Posts

856

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
856
Post time 2021-9-18 11:35:16 | Show all posts |Read mode

Confiure Supper Vlan


I. Networking Requirements

Core switch A serves as the user gateway and is connected to the access devices Switch B, Switch C, and Switch D through the Trunk ports. L2 network segmentation is implemented through VLAN setup for access users. All VLAN users share one IP gateway for L3 communication and Internet access.

II. Network Topology

                                               

III. Configuration Tips

1. On the access devices (Switch B, Switch C, and Switch D), configure only common VLANs (VLAN 10, VLAN 20, and VLAN 30 in this example).

2. On the user gateway device, create a Super VLAN and set the VLAN 10, VLAN 20, and VLAN30 of the access devices as sub VLANs.

3. Set the SVI port for the Super VLAN and specify IP address ranges for each sub VLAN.

IV. Configuration Steps

On the core server, perform the following steps:

1. Create VLAN 2, VLAN 10, VLAN 20, and VLAN 30.

Ruijie#configure terminal

Ruijie(config)#vlan 2

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 10

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 20

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30

Ruijie(config-vlan)#exit

2. Set VLAN 2 as the Super VLAN and VLAN 10, VLAN 20, and VLAN 30 as its sub VLANs.

Ruijie(config)#vlan 2

Ruijie(config-vlan)#supervlan  ----->configure Vlan2 as Super vlan

Ruijie(config-vlan)#subvlan 10,20,30   -----> SVI port could not be added to subvlan, need to execute command “no  interface vlan vlan-id”  to remove SVI port before adding to subvlan)

Ruijie(config-vlan)#exit

On a non-simplified network (gateway mode), Super VLAN broadcast packets are replicated to all its sub VLANs. Therefore, if a Super VLAN is configured with too many sub VLANs, the performance is undermined. Considering the packet forwarding performance, it is recommended that a Super VLAN is configured with no more than 200 sub VLANs.

3. Set the L3 virtual interface for the Super VLAN 2. The users of the sub VLANs of the Super VLAN 2 communicate through the configured interface.

Ruijie(config)#interface vlan 2    ----->configure svi interface

Ruijie(config-if-VLAN 2)#ip address 192.168.1.1 255.255.255.0

4. Set the IP address range of the sub VLAN 10 to 192.168.1.10 to 192.168.1.50, that of sub VLAN 20 to 192.168.1.60 to 192.168.1.100, and that of sub VLAN 30 to 192.168.1.110 to 192.168.1.150.

Ruijie(config)#vlan 10

Ruijie(config-vlan)#subvlan-address-range 192.168.1.10 192.168.1.50

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 20

Ruijie(config-vlan)#subvlan-address-range 192.168.1.60 192.168.1.100

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30

Ruijie(config-vlan)#subvlan-address-range 192.168.1.110 192.168.1.150

5. Set the ports Gi 1/1, Gi 1/5, and Gi 1/9 as the Trunk ports for connecting Switch B, Switch C, and Switch D.

Ruijie(config)#interface range gigabitEthernet 1/1,1/5,1/9

Ruijie(config-if-range)#switchport mode trunk

6. Save the configurations.

Ruijie(config-if-range)#end

Ruijie#write

Note:

1. By default, the Super VLAN agent APR function is enabled on the switch. In this case, users can access each other between sub VLANs. To prevent access between sub VLANs, disable the agent function of the Super VLAN.

Ruijie(config)#vlan 2

Ruijie(config-vlan)#no proxy-arp

Ruijie(config-vlan)#end

2. In a DHCP environment, you do not have to specify the IP address range for a sub VLAN.

In this case, the IP addresses are randomly allocated within one sub VLAN. The VLAN of the port connecting the access switch determines the home sub VLAN of a PC.

Ruijie(config)#vlan 10

Ruijie(config-vlan)#subvlan-address-range 192.168.1.10 192.168.1.50

Ruijie(config-vlan)#vlan 20

Ruijie(config-vlan)#subvlan-address-range 192.168.1.60 192.168.1.100

Ruijie(config-vlan)#vlan 30

Ruijie(config-vlan)#subvlan-address-range 192.168.1.110 192.168.1.150

3. Disable broadcast storm prevention on the connecting port of the access switch.

When a user on another network segment accesses a user in the Super VLAN, if the user device does not exist, the switch sends ARP requests to all sub VLANs of the Super VLAN, as the Super VLAN does not obtain the ARP information during query when resolving the user device ARP before forwarding the IP packet to the designated user device. In this case, If the Super VLAN is configured with many sub VLANs, the Super VLAN has to send a large number of ARP packets.

In a DHCP environment, if there are too many sub VLANs in the Super VLAN, the number of broadcast packets sent on each sub VLAN is great as well, because the broadcast packet is replicated on each sub VLAN.

In this case, if the broadcast storm prevention function is enabled on corresponding port on the access switch, some broadcast packets, including DHCP packets or ARP packets, are discarded. To prevent this, you are recommended to disable the broadcast storm prevention function for the port on the access switch. For details, see Storm Control.

4. A Super VLAN is subject to the following restrictions:
a. A Super VLAN does not have physical interfaces as its direct member. A Super VLAN is configured with only sub VLANs and a sub VLAN contains physical interfaces.

b. A Super VLAN cannot be configured as a sub VLAN of another Super VLAN.

c. VLAN 1 cannot be configured as a Super VLAN.

d. A sub VLAN cannot be configured as a network interface and cannot be allocated with an IP address.

V. Verification

Check the Super VLAN.

Ruijie#show supervlan

supervlan id  supervlan arp-proxy  subvlan id  subvlan arp-proxy    subvlan ip range

------------  -------------------    -----------  -----------------------------------------------------

2                 ON10ON192.168.1.10 - 192.168.1.50

20ON192.168.1.60 - 192.168.1.100

                              30ON192.168.1.110 - 192.168.1.150


Reply

Use magic Report

You have to log in before you can reply Login | Register now