VLAN Configuration Guide

Model: S5500-48T8SP

Chapter 1: VLAN Configuration

1.1 VLAN Introduction

Virtual LAN (VLAN) refers to a group of logically networked devices on one or more LANs that are configured to communicate as if they were attached to the same wire, even when located on different LAN segments. Established in 1999, the IEEE 802.1Q Protocol Standard Draft standardizes VLAN realization. VLANs are based on logical, not physical, connections, offering flexibility in user/host management, bandwidth allocation, and resource optimization.

Types of Virtual LANs include:

Port-Based VLAN: Each physical switch port is configured with an access list specifying its membership in a set of VLANs.
802.1Q Trunk Mode: Supported on the interface.
Access Mode Interface: Supported.

Port-Based VLAN assigns a port to a subset of VLANs supported by the switch. If this subset contains only one VLAN, the port is an access port. If it contains multiple VLANs, the port is a trunk port. A default VLAN exists among these multiple VLANs, with its ID serving as the port VLAN ID (PVID).

VLAN-allowed range is supported on the interface. The vlan-allowed parameter controls the range of VLANs a port belongs to. The vlan-untagged parameter configures a port to send packets without a VLAN tag to the corresponding VLAN.

1.2 VLAN Configuration Task List

Adding/Deleting VLAN
Configuring Switch Port
Creating/Deleting VLAN Interface
Monitoring Configuration and State of VLAN

1.3 VLAN Configuration Task

1.3.1 Adding/Deleting VLAN

A VLAN groups hosts with common requirements, enabling communication as if on the same wire, irrespective of physical location. VLANs offer the same attributes as physical LANs but allow grouping end stations across different LAN segments. A VLAN can have multiple ports, and unicast, multicast, and broadcast messages are forwarded within the same VLAN. For inter-VLAN communication, routing or bridging is required.

Commands to configure VLAN:

Run...	To...
`vlan <vlan-id>`	Enter the VLAN configuration mode.
`name <str>`	Name in the VLAN configuration mode.
`exit`	Exit VLAN configuration mode and establish VLAN.
`vlan <vlan-range>`	Establish multiple VLANs simultaneously.
`no vlan <vlan-id \| vlan-range>`	Delete one or multiple VLANs.

VLANs can be dynamically added or deleted using the VLAN management protocol GVRP.

1.3.2 Configuring Switch Port

Switch ports support three modes: access, trunk, and dot1q-tunnel.

Access Mode: The port is subordinate to a single VLAN and handles only untagged Ethernet frames.
Trunk Mode: The port connects to other switches and handles tagged Ethernet frames.
dot1q-tunnel Mode: This mode treats received packets as untagged. The switch chip automatically adds the port's PVID as a new tag, allowing the switch to ignore different VLAN partitions connected to the network. Packets are then delivered unchanged to other ports in the same customer's subnetwork, enabling transparent transmission.

Each port has a default VLAN and PVID. Data received on a port without a VLAN tag belongs to that port's default VLAN.

Trunk mode allows a port to be assigned to multiple VLANs. It also enables configuration of packet forwarding types and the VLAN list the port belongs to, specifying whether packets sent on the port are tagged or untagged.

Commands to configure switch ports:

Run...	To...
`switchport pvid <vlan-id>`	Configure the PVID of the switch port.
`switchport mode {access \| trunk \| dot1q-tunnel}`	Configure the port mode of the switch.
`switchport trunk vlan-allowed ...`	Configure the allowed VLAN range for the switch port.
`switchport trunk vlan-untagged ...`	Configure the untagged VLAN range for the switch port.

Note: Not all switches support the dot1q-tunnel feature. Some switches only allow global enabling/disabling of this feature without per-port strategy configuration.

The command to globally enable dot1q-tunnel is:

Command	Description
`double-tagging`	Globally enables the double-tagging feature of the switch.

The capability for various switch models to support dot1q-tunnel is as follows:

Model	Capability to support dot1q-tunnel
2116 / 2224 / 2224M / 2226 / 2448B / 3224 / 3224M / 3424 / 6508	Not support
2224D	Global
2448 / 2516 / 2524 / 3448 / 3512	Interface

For models not listed or for the latest models, consult FS technicians or download the latest instructions from the FS website.

1.3.3 Creating/Deleting VLAN Interface

A VLAN interface can be established for network management or Layer 3 routing. It allows specifying an IP address and mask. The command to configure a VLAN interface is:

Run...	To...
`[no] interface vlan <vlan-id>`	Create/Delete a VLAN interface.

1.3.4 Configuring Super VLAN Interface

Super VLAN technology allows hosts in different VLANs on the same switch to share the same IPv4 subnet, saving IP addresses. It classifies different VLANs into a group that shares a management interface and an IPv4 network section/gateway. VLANs within a Super VLAN group are called SubVLANs. No SubVLAN can possess the management interface by configuring an IP address.

You can configure a Super VLAN interface via the command line. The procedure is as follows:

Command Description

[no] supervlan <index> Enters the interface configuration mode. If the specified Super VLAN interface does not exist, the system creates it. The index is the Super VLAN interface index, ranging from 1 to 32. no deletes the Super VLAN interface.

Command	Description
`[no] supervlan <index>`	Enters the interface configuration mode. If the specified Super VLAN interface does not exist, the system creates it. The `index` is the Super VLAN interface index, ranging from 1 to 32. `no` deletes the Super VLAN interface.
`[no] subvlan [<setstr>] [add <addstr>] [remove <remstr>]`	Configures SubVLANs within a Super VLAN. Added Sub VLANs cannot have a management interface. Initially, a Super VLAN does not include Sub VLANs. Only one sub-command can be used at a time. `setstr`: Sets the Sub VLAN list (e.g., `2,4-6` indicates VLANs 2, 4, 5, and 6). `add`: Adds a VLAN list to the original SubVLAN list. `addstr` uses the same format as `setstr`. `remove`: Deletes a VLAN list from the original SubVLAN list. `remstr` uses the same format as `setstr`. `no`: Deletes all SubVLANs in the Super VLAN. This `no` command cannot be used with other sub-commands.

[no] subvlan [<setstr>] [add <addstr>] [remove <remstr>]

Configures SubVLANs within a Super VLAN. Added Sub VLANs cannot have a management interface. Initially, a Super VLAN does not include Sub VLANs. Only one sub-command can be used at a time.

setstr: Sets the Sub VLAN list (e.g., 2,4-6 indicates VLANs 2, 4, 5, and 6).
add: Adds a VLAN list to the original SubVLAN list. addstr uses the same format as setstr.
remove: Deletes a VLAN list from the original SubVLAN list. remstr uses the same format as setstr.
no: Deletes all SubVLANs in the Super VLAN. This no command cannot be used with other sub-commands.

After configuring the Super VLAN interface, you can assign an IP address to it. The Super VLAN interface also functions as a routing port and can be configured like other ports.

1.3.5 Monitoring Configuration and State of VLAN

Run the following commands in EXEC mode to monitor VLAN configuration and state:

Run...	To...
`show vlan [<id x> \| <interface intf>]`	Display configuration and state of VLAN.
`show interface {vlan \| supervlan} <x>`	Display the states of VLAN ports.

1.4 Configuration Examples

Scenario: Six PCs (PC1-PC6) are connected to switch ports 1-6, respectively. Their IP addresses belong to the 192.168.1.0/24 network. Although PC1-PC3 and PC4-PC6 are in different Layer 2 broadcast domains, all PCs can ping each other and be managed via the IP address 192.168.1.100. This requires configuring ports 1-3 for VLAN 1 and ports 4-6 for VLAN 2. Subsequently, VLAN 1 and VLAN 2 must be added as SubVLANs to a Super VLAN.

The following configuration steps are performed on the switch:

interface fastethernet 0/1
 switchport pvid 1
!
interface fastethernet 0/2
 switchport pvid 1
!
interface fastethernet 0/3
 switchport pvid 1
!
interface fastethernet 0/4
 switchport pvid 2
!
interface fastethernet 0/5
 switchport pvid 2
!
interface fastethernet 0/6
 switchport pvid 2
!
interface supervlan 1
 subvlan 1,2
 ip address 192.168.1.100 255.255.255.0
 ip proxy-arp subvlan

Diagram Description: The diagram illustrates a network topology where six PCs (PC1 through PC6) are connected to a central switch. Each PC is assigned an IP address within the 192.168.1.0/24 subnet. The connections are shown as lines from each PC to specific ports on the switch (ports 1-6). The diagram visually represents the setup described in the example, highlighting the connectivity between the PCs and the switch.

	FS S5500-48T8SP PDP Configuration Guide This guide provides detailed instructions on configuring PDP (Protocol Discovery Protocol) on FS S5500-48T8SP switches, covering default settings, version management, port configuration, and monitoring.
	FS S3400C-24MG4S Switch Web Configuration Guide Comprehensive guide for configuring the FS S3400C-24MG4S switch using its web-based interface. Covers setup, network settings, security, and management.
	FS S5500-48T8SP PoE+ Switch: Quick Start Guide Quick start guide for the FS S5500-48T8SP 48-Port Gigabit Stackable L3 PoE+ Managed Switch, covering hardware overview, installation, connectivity, configuration, and troubleshooting.
	FS PoE+ Series Switch S3260-16T4FP Typical Network Solution This document outlines a typical network solution utilizing the FS PoE+ Series Switch S3260-16T4FP. It details the product's capabilities, presents a case study for an SMB network, and lists relevant hardware components, focusing on performance, security, and scalability.
	FS S5500-48T8SP Security Configuration Guide This document provides a comprehensive guide to configuring security features on the FS S5500-48T8SP switch, focusing on AAA (Authentication, Authorization, and Accounting) and RADIUS. It details how to set up authentication methods, authorization policies, and accounting for network access control, as well as web authentication configurations.
	FS PoE+ Series Switches Reset and Recovery System Configuration Guide A configuration guide for FS PoE+ Series Switches, detailing the reset and recovery system, including connection steps, software download, and factory reset procedures.
	FS S3150-S5500 Series Switches Software Upgrade Guide Learn how to upgrade the software for FS S3150, S3260, S3400, S3700, S3900, and S5500 series network switches using CLI and Web interfaces. This guide covers essential steps for maintaining optimal performance.
	FS S3150-8T2F Switch Web-based Configuration Guide Comprehensive guide for configuring the FS S3150-8T2F network switch using its web-based interface. Covers setup, management, and advanced features for network administrators.