Tag, untag and various GICF port mode switch is
personnel network engineering debugging switch contact most concepts, however,
I found the technology in practical work are often not fully understand these
concepts, the author according to their own understanding and then with a case
study, trying to clarify these concepts
Untag is the normal Ethernet message, the
PC card can identify this message communication;
Changes in the tag message structure is in
the source MAC address and a destination MAC address, plus the 4bytes VLAN
information, namely VLAN tag head; in general message PC this card is not
recognized
The figure below illustrates the 802.1Q
package tag message frame structure
With the 802.1Q frame in a standard
Ethernet frame into 4 byte identifier. Contains:
Protocol 2 identifier bytes (TPID), fixed
value of the current 0x8100 set, show that the frame with the 802.1Q tag
information.
Tag control information 2 bytes (TCI),
contains three domains.
The Priority domain, 3bits, said the
message priority, a value of 0 to 7, 7 is the highest priority, 0 is the lowest
priority. The domain is adopted by 802.1p.
Canonical format indicator (CFI) domain,
accounting for 1bit, 0 said that the specification format, used in Ethernet; 1
said that the non canonical format, used in Token Ring.
VLAN ID domain, 12bit, is used to mark the
ownership of VLAN.
There are three kinds of link type Ethernet
port: Access, Hybrid and Trunk.
Access type of port can only belong to 1
VLAN, typically used to connect the computer port;
Type Trunk port allows multiple VLAN, can
message receiving and transmitting multiple VLAN, generally used for connecting
ports between switches;
Type Hybrid port allows multiple VLAN, can
message receiving and transmitting multiple VLAN connections, can be used to
switch between, can also be used to connect the user's computer.
The Hybrid port and the Trunk port when
receiving data, processing method is the same, the only difference is that the
data is sent: send Hybrid port allows multiple VLAN message without a label,
and the Trunk port is only allowed to send the default VLAN message without a
label.
The concept of the default VLAN here to
show port
The Access port belongs to only 1 of VLAN,
so the default VLAN it is the VLAN, not set;
The Hybrid port and Trunk port belong to
more than one VLAN, you need to set the default VLAN ID. By default, the
default VLAN Hybrid port and Trunk port for VLAN 1
If you set the default VLAN port of ID,
when the port receives the message without VLAN Tag, the message to belong to
the default VLAN port; when the message send port with VLAN Tag, if the message
VLAN ID and port the default VLAN ID, the system will go out the message of the
VLAN Tag, and then send the message.
Note: for Huawei switch the default VLAN is
called "Pvid Vlan", Cisco switches for the default VLAN is called
"Native Vlan"
Switch interface and data processing
procedure is as follows:
Acess port message:
Receive a message, to judge whether there
is VLAN information: if not, a PVID port forwarding, and exchange, if there is
discarded directly (default)
The Acess port to send message:
The VLAN information release message, sent
directly.
Trunk port message:
Receive a message, to judge whether there
is VLAN information: if not a port of the PVID, and exchange forwarding, if the
trunk port whether to allow the VLAN data into: if the forwarding, or discarded
The trunk port to send message:
Comparison of PVID port and will be sending
message VLAN information, if it is equal, stripping VLAN information, send, if
not equal to directly transmit
Hybrid port message:
Receive a message, to judge whether there
is VLAN information: if not a port of the PVID, and exchange forward, if it is
determined that the hybrid port is to allow the VLAN data into: if the
forwarding, or discarded (at ports on the untag configuration is not
considered, only the untag configuration effect of packet transmission)
The hybrid port to send message:
1, whether the VLAN properties in the port
(disp interface can see the port is untag, on which VLAN is what VLAN tag)
2, if untag is the stripping VLAN
information, send, if tag is directly send
The hybrid port mode the following cases
can help you understand the Huawei switch
[Switch-Ethernet0/1]int e0/1
[Switch-Ethernet0/1]port link-type hybrid
[Switch-Ethernet0/1]port hybrid PVID VLAN
10
[Switch-Ethernet0/1]port hybrid VLAN 1020
untagged
[Switch-Ethernet0/1] int e0/2
[Switch-Ethernet0/2]port link-type hybrid
[Switch-Ethernet0/2]port hybrid PVID VLAN
20
[Switch-Ethernet0/2]port hybrid VLAN 1020
untagged
The inter e0/1 and inter e0/2 of the PC is
to communicate with each other, but the communication data go round VLAN is
different.
The following inter e0/1 under the PC1 to
access the inter e0/2 under the PC2 as an example
PC1 issued by the data, marked by PVID
vlan10 package vlan10 inter0/1's post into the switch, switch inter e0/2 allows
VLAN 10 through the data, so the data is forwarded to the inter e0/2, because
inter e0/2 VLAN 10 is untagged, marked by the removal of vlan10 packet and
switch at this time, to ordinary the package to PC2, then pc1->p2 is vlan10
Analysis of PC2 PC1 to back to pack again
too
6. That Huawei router access-list rule
configuration command parameters
That Huawei router access-list rule
configuration command parameters
Huawei router configuration command access
rules, access-list is used to create an access rule. The following article is a
part of Huawei router configuration commands, to understand the other
configuration command friends please pay attention to the following article.
Huawei router configuration command
[default]
The system default does not allocate any
access rules.
[Huawei router configuration command
command mode]
◆ global
configuration mode
Huawei router configuration command [guide]
◆ the same
number of rules can be regarded as a kind of rules; rules defined not only can
be used to filter the messages on the interface such as DDR, can also be used
to determine whether a message is the message, interested at this time, permit
and deny are interested or not interested.
◆ use protocol
domain to represent all of the IP protocol for the IP extended access list.
Between the same number are arranged
according to certain rules and principles, this sequence can be seen through
the show access-list command.
◆ create
standard access list access-list [normal special] listnumber1 permit | | {deny}
source-addr [source-mask]
◆ create
extended access list access-list [normal listnumber2 special] | {permit deny}
protocol source-addr source-mask | [operator port1] dest-addr [port2] dest-mask
[operator port1 [port2] | icmp-type [icmp-code]] [log]
◆ delete
access list no access-list {normal special} {all | | listnumber [subitem]}
[note] Huawei router configuration command
parameters
The normal specifies the rules into the
common time.
The special specifies the rules to join the
special time.
The listnumber1 is a value between 1 to 99,
said the rules are standard access list rules.
The listnumber2 is a value between 100 to
199, said the rule is extended access list rules.
◆ permit that
allow messages to meet the conditions of the.
◆ deny
indicates that the message is prohibited to meet the conditions of the.
◆ protocol as
the protocol type, support ICMP, TCP, UDP, other protocol support, no concept
of port is at this time; IP has a special meaning, on behalf of all of the IP
protocol.
◆ source-addr
source address.
◆ source-mask
as the source address through coordination, in the standard access list is
optional, not input represents the ligand for 0.0.0 .0.
◆ dest-addr as
the destination address.
◆ dest-mask as
the destination address through coordination.
◆
operator[optional] port operator, in agreement with type TCP or UDP port,
support comparison operations are: equal to (EQ), (GT), less than (greater than
LT), not equal to (NEQ) or between (range);
◆ if operators
for the range, followed with two ports.
◆ port1 in
protocol type is TCP or UDP, you can set the default keyword (such as telnet)
to a value or 0~65535.
◆ port2 in
protocol type is TCP or UDP and the operation type is range; can be preset
values for keyword (such as telnet) to a value or 0~65535.
◆
icmp-type[optional] appear in the protocol for the ICMP, representing the ICMP
message type; can be preset keyword set (such as echo-reply) or a value between
0~255.
The icmp-code protocol for ICMP and did not
appear to preset values; on behalf of the ICMP code, is a numeric value between
0~255.
◆ log
[optional] said that if the message is in line with the conditions, need to do
log.
◆ listnumber
for deletion rule number, is a numeric value between 1~199.
◆
subitem[optional] removes the specified number of rule listnumber access list
number.
[for example] Huawei router configuration
command
◆ allows
access to the 10.10.1 .0 network source
address, destination address for the 10.1.2.0 network WWW, but does not allow
the use of FTP.
The Quidway (config) #access-list 100
permit TCP 10.10.1 .0 0.0.0.255 10.1.2.0 0.0.0.255 EQ
www
The Quidway (config) #access-list 100 deny
TCP 10.10.1 .0 0.0.0.255 10.1.2.0 0.0.0.255 EQ
FTP OPFA
