Configuring an uplink policy, Configuring the customer-side port – H3C Technologies H3C S10500 Series Switches User Manual

201

To do...

Use the command...

Remarks

Enter VLAN view

vlan vlan-id ––

Enable ARP detection

arp detection enable

Required
Disabled by default.

NOTE:

To defend against ARP attacks, enable ARP detection also in all CVLANs.

Configuring an uplink policy

Follow these steps to configure an uplink policy to map a group of CVLANs to one SVLAN:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create a class and enter class
view

traffic classifier tcl-name operator
or

Configure multiple CVLANs as
match criteria

if-match customer-vlan-id
{ vlan-id-list | vlan-id1 to vlan-id2 }

Return to system view

quit

Required
Repeat these steps to configure one
class for each group of CVLANs.

Create a traffic behavior and
enter traffic behavior view

traffic behavior behavior-name

Configure an SVLAN marking
action

remark service-vlan-id vlan-id

Return to system view

quit

Required
Repeat these steps to configure one
behavior for each SVLAN.

Create a QoS policy and enter
QoS policy view

qos policy policy-name Required

Map the CVLANs to the SVLAN by
associating the class with the

behavior

classifier tcl-name behavior
behavior-name mode

dot1q-tag-manipulation

Required
Repeat this step to create other

CVLANs-to-SVLAN mappings.

Configuring the customer-side port

Follow these steps to configure the customer-side port:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet interface view

interface interface-type
interface-number

—

Configure the port as a trunk port

port link-type trunk

Required
The default link type of an Ethernet port is
access.

Assign the port to CVLANs and
SVLANs

port trunk permit vlan
{ vlan-id-list | all }

Required
By default, a trunk port is in only VLAN 1.