Task
Configuring the network-side port
Configuration prerequisites
Before configuring many-to-one VLAN mapping:
•
Make sure that all home users obtain IP addresses through DHCP. For how to assign IP addresses
through DHCP, see Layer 3—IP Services Configuration Guide.
Create CVLANs and SVLANs, and plan CVLANs-to-SVLAN mappings.
•
Enabling DHCP snooping
Step
1.
Enter system view.
2.
Enable DHCP snooping.
Enabling ARP detection in SVLANs
The ARP detection function enables a switch to modify the VLAN attributes of ARP packets, which is
impossible under the normal ARP packet processing procedure. For more information about ARP
detection, see Security Configuration Guide.
To enable ARP detection in all SVLANs:
Step
1.
Enter system view.
2.
Enter VLAN view.
3.
Enable ARP detection.
NOTE:
To defend against ARP attacks, enable ARP detection also in all CVLANs.
Configuring an uplink policy
To configure an uplink policy to map a group of CVLANs to one SVLAN:
Step
1.
Enter system view.
2.
Create a class and enter class
view.
3.
Configure multiple CVLANs
as match criteria.
Description
Configures VLAN and other settings required for many-to-one
VLAN mapping (required).
Command
system-view
dhcp-snooping
Command
system-view
vlan vlan-id
arp detection enable
Command
system-view
traffic classifier tcl-name operator
or
if-match customer-vlan-id { vlan-list
| vlan-id1 to vlan-id2 }
210
Remarks
N/A
Disabled by default.
Remarks
N/A
N/A
Disabled by default.
Remarks
N/A
Repeat these steps to configure one
class for each group of CVLANs.