配置MUX VLAN配置案例

组网需求

如图4-25所示，用户希望网络内主机均可以访问Internet，并且VLAN3内的主机可以互相访问，VLAN4内的主机不能互访。

微思 2002年成立，专业IT认证培训21年！

公众号【厦门微思网络】

本例中interface1、interface2、interface3分别代表10GE1/0/1、10GE1/0/2、10GE1/0/3。

图4-25 配置MUX VLAN组网图

操作步骤

1. 配置MUX VLAN。

  # 在DeviceB上创建VLAN 2~VLAN 4，配置VLAN 2为主VLAN，VLAN 3为互通型从VLAN，VLAN4为隔离型从VLAN。

<HUAWEI> system-view

[HUAWEI] sysname DeviceB

[DeviceB] vlan batch 2 3 4

[DeviceB] vlan 2

[DeviceB-vlan2] mux-vlan

[DeviceB-vlan2] subordinate group 3

[DeviceB-vlan2] subordinate separate 4

[DeviceB-vlan2] quit

# 在DeviceC上创建VLAN 2~VLAN 4，配置VLAN 2为主VLAN，VLAN 3为互通型从VLAN，VLAN 4为隔离型从VLAN。

<HUAWEI> system-view

[HUAWEI] sysname DeviceC

[DeviceC] vlan batch 2 3 4

[DeviceC] vlan 2

[DeviceC-vlan2] mux-vlan

[DeviceC-vlan2] subordinate group 3

[DeviceC-vlan2] subordinate separate 4

[DeviceC-vlan2] quit

# 在DeviceD上创建VLAN 2~VLAN 4，配置VLAN 2为主VLAN，VLAN 3为互通型从VLAN，VLAN 4为隔离型从VLAN。

<HUAWEI> system-view

[HUAWEI] sysname DeviceD

[DeviceD] vlan batch 2 3 4

[DeviceD] vlan 2

[DeviceD-vlan2] mux-vlan

[DeviceD-vlan2] subordinate group 3

[DeviceD-vlan2] subordinate separate 4

[DeviceD-vlan2] quit

2. 配置DeviceB的上行口interface1加入VLAN 2，并使能MUX VLAN功能，配置下行口interface2和interface3允许VLAN 2～VLAN 4通过。

[DeviceB] interface 10ge 1/0/1

[DeviceB-10GE1/0/1] portswitch

[DeviceB-10GE1/0/1] port link-type trunk

[DeviceB-10GE1/0/1] port trunk allow-pass vlan 2

[DeviceB-10GE1/0/1] port mux-vlan enable vlan 2

[DeviceB-10GE1/0/1] quit

[DeviceB] interface 10ge 1/0/2

[DeviceB-10GE1/0/2] portswitch

[DeviceB-10GE1/0/2] port link-type trunk

[DeviceB-10GE1/0/2] port trunk allow-pass vlan 2 to 4

[DeviceB-10GE1/0/2] quit

[DeviceB] interface 10ge 1/0/3

[DeviceB-10GE1/0/3] portswitch

[DeviceB-10GE1/0/3] port link-type trunk

[DeviceB-10GE1/0/3] port trunk allow-pass vlan 2 to 4

[DeviceB-10GE1/0/3] quit

3. 配置DeviceC的上行口interface1允许VLAN 2~VLAN 4通过，配置下行口interface2和interface3加入VLAN 3并在接口下使能MUX VLAN功能。

[DeviceC] interface 10ge 1/0/1

[DeviceC-10GE1/0/1] portswitch

[DeviceC-10GE1/0/1] port link-type trunk

[DeviceC-10GE1/0/1] port trunk allow-pass vlan 2 to 4

[DeviceC-10GE1/0/1] quit

[DeviceC] interface 10ge 1/0/2

[DeviceC-10GE1/0/2] portswitch

[DeviceC-10GE1/0/2] port link-type access

[DeviceC-10GE1/0/2] port default vlan 3

[DeviceC-10GE1/0/2] port mux-vlan enable vlan 3

[DeviceC-10GE1/0/2] quit

[DeviceC] interface 10ge 1/0/3

[DeviceC-10GE1/0/3] portswitch

[DeviceC-10GE1/0/3] port link-type access

[DeviceC-10GE1/0/3] port default vlan 3

[DeviceC-10GE1/0/3] port mux-vlan enable vlan 3

[DeviceC-10GE1/0/3] quit

4. 配置DeviceD的上行口interface1允许VLAN 2~VLAN 4通过，配置下行口interface2和interface3加入VLAN 4并在接口下使能MUX VLAN功能。

[DeviceD] interface 10ge 1/0/1

[DeviceD-10GE1/0/1] portswitch

[DeviceD-10GE1/0/1] port link-type trunk

[DeviceD-10GE1/0/1] port trunk allow-pass vlan 2 to 4

[DeviceD-10GE1/0/1] quit

[DeviceD] interface 10ge 1/0/2

[DeviceD-10GE1/0/2] portswitch

[DeviceD-10GE1/0/2] port link-type access

[DeviceD-10GE1/0/2] port default vlan 4

[DeviceD-10GE1/0/2] port mux-vlan enable vlan 4

[DeviceD-10GE1/0/2] quit

[DeviceD] interface 10ge 1/0/3

[DeviceD-10GE1/0/3] portswitch

[DeviceD-10GE1/0/3] port link-type access

[DeviceD-10GE1/0/3] port default vlan 4

[DeviceD-10GE1/0/3] port mux-vlan enable vlan 4

[DeviceD-10GE1/0/3] quit

5. 在DeviceA上创建VLANIF 2，配置IP地址为10.1.1.1 24，并配置接口interface1加入VLAN 2。

<HUAWEI> system-view

[HUAWEI] sysname DeviceA

[DeviceA] vlan batch 2

[DeviceA] interface 10ge 1/0/1

[DeviceA-10GE1/0/1] portswitch

[DeviceA-10GE1/0/1] port link-type trunk

[DeviceA-10GE1/0/1] port trunk allow-pass vlan 2

[DeviceA-10GE1/0/1] quit

[DeviceA] interface vlanif 2

[DeviceA-Vlanif2] ip address 10.1.1.1 24

[DeviceA-Vlanif2] quit

如果MUX VLAN中有多个Group VLAN，并且Group VLAN之间需要互通，则需要在DeviceA的VLANIF接口下执行命令arp proxy intra-vlan enable配置VLAN内ARP Proxy功能。

6. 配置网络内主机的IP地址，使其和DeviceA上VLANIF 2接口的IP地址同网段。

检查配置结果

• Host1、Host2、Host3、Host4可以访问Internet。
• Host1和Host2可以互相ping通。
• Host3和Host4互相ping不通。
• VLAN3内主机（Host1、Host2）和VLAN4内主机（Host3、Host4）互相ping不通。

配置脚本

DeviceA

sysname DeviceA

vlan batch 2

interface Vlanif2

ip address 10.10.10.1 255.255.255.0

interface 10GE1/0/1

port link-type trunk

port trunk allow-pass vlan 2

DeviceB

sysname DeviceB

vlan batch 2 to 4

vlan 2

mux-vlan

subordinate separate 4

subordinate group 3

interface 10GE1/0/1

port link-type trunk

port trunk allow-pass vlan 2

port mux-vlan enable vlan 2

interface 10GE1/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4

interface 10GE1/0/3

port link-type trunk

port trunk allow-pass vlan 2 to 4

DeviceC

sysname DeviceC

vlan batch 2 to 4

vlan 2

mux-vlan

subordinate separate 4

subordinate group 3

interface 10GE1/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4

interface 10GE1/0/2

port default vlan 3

port mux-vlan enable vlan 3

interface 10GE1/0/3

port default vlan 3

port mux-vlan enable vlan 3

DeviceD

sysname DeviceD

vlan batch 2 to 4

vlan 2

mux-vlan

subordinate separate 4

subordinate group 3

interface 10GE1/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4

interface 10GE1/0/2

port default vlan 4

port mux-vlan enable vlan 4

interface 10GE1/0/3

port default vlan 4

port mux-vlan enable vlan 4