Comware

 View Only

  • 1.  vlan

    Posted Mar 04, 2021 01:36 AM

    Good morning 

    I have a two 5940 switch with irf 
    Is it possible to define on the switch, configuration, what will be the same vlan id number without any connection with them, that is, a switch let's say with 48 ports, half switch will belong to company a half switch to company b, in 2 companies will have the same vlan id - of course there will be no ability Communication between the 2 vlan id.
    Of course communication between the 2 companies is forbidden!
    There does not have to be a future capability of communication between the 2 environments / companies.

    best regard

     

    gadihp vlan.JPG



  • 2.  RE: vlan

    Posted Mar 04, 2021 02:01 AM

    Hello @gadisontag !

    Chassis-based switches, like 12900 series have a feature called Multitenant Device Context (MDC) - it is 1:N virtualization technology that  can partition a physical device or an IRF fabric into multiple logical devices. Each MDC uses its own hardware and software resources, runs independently of other MDCs, and provides services for its own customer. Creating, starting, rebooting, or deleting an MDC does not affect any other MDCs. From the user's perspective, an MDC is a standalone physical device. MDCs on the same physical device are isolated from each other.

    But 59xx series do not support it and such support is not planned.

    Without MDC VLAN numbers use same namespace, so they must be unique, they can't overlap, so there is no way to re-use same VLAN numbers for different tenants (companies). But you have more than 4000 VLANs at your disposal, so you can create a simple rule for VLAN assignment, like:

    Company A: VLAN 1-999
    Company B: VLAN 1000-1999
    etc

    However, the desired tenant separation with 5940 is possible on Layer 3. All you need to do is to create separate VPN-instances (other vendors call it 'VRF'), one per Company and assign Vlan-interfaces (SVIs) of each company to its own vpn-instance:

    ip vpn-instance CompanyA
 route-distinguisher 1:1
#
ip vpn-instance CompanyB
 route-distinguisher 1:2
#
interface Vlan-interface10
 ip binding vpn-instance CompanyA 
 ip address 10.0.10.1 24
#
interface Vlan-interface1010
 ip binding vpn-instance CompanyB
 ip address 10.0.10.1 24

     

    Same IP address and subnet on SVIs Vlan-interface 10 and 1010 is not a typo - you can re-use subnets in different VPN-instances, as each VPN-instance have its own routing table and it doesn't create any issue.

    Hope this helps!

     



  • 3.  RE: vlan

    Posted Mar 04, 2021 04:59 AM

    thank you ver much !

    Is it possible to put the same vlan id in the vpn-instance method ? layer 2 only ?

    Unfortunately I do not have lab equipment to play with the settings, i installs HP Network Simulator for Comware Devices environment - Ubuntu User Guide_v2.0

     

    for example :

     

    ip vpn-instance CompanyA
 route-distinguisher 1:1
#
ip vpn-instance CompanyB
 route-distinguisher 1:2
#
interface Vlan-interface200
 ip binding vpn-instance CompanyA 
 ip address 10.0.10.1 24
#
interface Vlan-interface200
 ip binding vpn-instance CompanyB
 ip address 10.0.10.1 24

     

    best regard

     

    gadi

     



  • 4.  RE: vlan

    Posted Mar 04, 2021 05:44 AM

    No, that won't work. VLAN numbers are unique, as well as Vlan-interfaces. Separation is performed on Layer 3.



  • 5.  RE: vlan

    Posted Mar 04, 2021 06:26 AM

    thank

     

    have a nice day



Related Content