You are here: Home > CLI Commands > Just_CLI_Topics > interface vlan

interface vlan

interface vlan <vlan>

bandwidth-contract <name>

bcmc-optimization

description <string>

filter-broadcast-on-helper

filter-broadcast-on-ipv6-helper

ip

access-group in <aclAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port._name>

address {<ipaddr> <ipmask>|dhcp-client client-id<cid>|internal|pppoe}

helper-address <address>

igmp {proxy {gigabitethernet <slot/module/port> | port-chanel <id>}}|snooping

local-proxy-arp

nat {inside|outside}

ospf

area

authentication message-digest

cost <value>

dead-interval <1-65535>

hello-interval <1-65535>

message-digest-key <1 - 255> <passwd>

priority <0-255>

retransmit-interval <1-65535>

transmit-delay <1-65535>

pppoe-max-segment-size <mss>

pppoe-password <password>

pppoe-service-name <service-name>

pppoe-username <username>

pppoe-gatewayGateway is a network node that allows traffic to flow in and out of the network.-nat <nat-ip>

routing

ipv6

address {dhcp6-client|link-local <ipv6-address>|pd <pd-name> ::X:X:X:X:X|<ipv6-prefix>/<prefix-length> eui-64}

dhcp {pdclient <pd_name>|server <pool name>}

helper-address <address>

mld {proxy {gigabitethernet <slot/module/port>|port-chanel <id>}}|snooping

nd

ra {dns <ipv6_address>|enable|hop-limit <value>|interval <value>|life-time <value>|managed-config-flag|mtu <value>|other-config-flag|preference {high|low|medium}|prefix X:X:X:X::X/<0-128>}

reachable-time <value>

retransmit-time <value>

mtu <1280-1500>

multimode-auth lease-time <5-3600>

no ...

operstate up

option-82 {ap-name essid}|{mac [essid]}

shutdown

suppress-arp

Description

This command configures a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface.

Syntax

Parameter

Description

Range

Default

vlan

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID number.

1-4094

bandwidth-contract <name>

Name of the bandwidth contract to be applied to this VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface. When applied to a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., the contract limits both broadcast and multicast traffic. Use the aaa bandwidth-contract command to configure a bandwidth contract.

bcmc-optimization

Enables broadcast and multicast traffic optimization to prevent flooding of broadcast and multicast traffic on VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. If this feature is enabled on uplink ports, any managed device-generated Layer-2 packets will be dropped.

disabled

description

String that describes this interface.

802.1q VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.

filter-broadcast-on-helper

Filters DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  discover broadcast when the helper is configured.

filter-broadcast-on-ipv6-helper

Filters DHCPv6 client multicast packets when the helper is configured.

ip

Configures IPv4 for this interface.

 

 

access-group in <acl_name>

Assigns an access list to inbound traffic on the interface, where <name> is the name of an access list.

Routing ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is the only supported ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. type that can be configured on a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. Interface. Other ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. types are not supported.

 

 

address

Configures the IP address for this interface, which can be one of the following:

<ipaddr> <netmask>Netmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses.

dhcp-client: use DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  to obtain the IP address

internal: IP address allocated from the branch group config.

pppoe: use PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. to obtain the IP address

helper-address <address>

IP address of the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server for relaying DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  requests for this interface. If the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server is on the same subnetwork as this VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, you do not need to configure this parameter.

igmp

Enables IGMPInternet Group Management Protocol. Communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. proxy or IGMP snoopingIGMP snooping prevents multicast flooding on Layer 2 network by treating multicast traffic as broadcast traffic. Without IGMP snooping, all streams could be flooded to all ports on that VLAN. When multicast flooding occurs, end-hosts that happen to be in the same VLAN would receive all the streams only to be discarded without snooping. on this interface. See interface vlan ip igmp

for complete details on this parameter.

local-proxy-arp

Enables local proxy ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. .

nat {inside|outside}

Enables source NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. for all traffic routed from or to this VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

CAUTION: All ports on the managed device are assigned to VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 by default. Do not enable the nat inside option for VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1, as this will prevent IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. connectivity between the managed device and its IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. peers.

ospf

Define an OSPFOpen Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). area. See interface vlan ip ospf for complete details on this parameter.

pppoe-max-segment-site

Configures the TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. MSSMaximum Segment Size. MSS is a parameter of the options field in the TCP header that specifies the largest amount of data, specified in bytes, that a computer or communications device can receive in a single TCP segment. in bytes.

128

pppoe-password

Configures the PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. password on the PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. Access Concentrator for the switch.

1–80

pppoe-service-name

Configures the PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. service name.

1–80

pppoe-username

Configures the PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. username on the PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. Access Concentrator for the switch.

1–80

pppoe-gateway-nat <nat-ip>

Use the <nat-ip> sub-parameter to specify a NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. IP address instead of actual PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. gatewayGateway is a network node that allows traffic to flow in and out of the network. IP address to configure a default route.

routing

Enables layer-3 forwarding on the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface. To disable layer-3 forwarding, you must configure the IP address for the interface and specify no ip routing.

(enabled)

ipv6

Configures IPv6 for this interface.

address

Configures the IPv6 address of interface.

dhcp6-client - The DHCPv6 is used to obtain an IPv6 address.

link-local - The link local address

pd - The prefix obtained by PD client on uplink.

X:X:X:X::X/<0-128> - The IPv6 prefix/prefix-length used to configure the global unicast address for this interface.

dhcp

Configures DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  for IPv6.

pdclient - The IPv6 prefix from a DHCPv6 Prefix delegation server.

server - Configures the DHCPv6 pool for the vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

helper-address <address>

IPv6 address of the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server for relaying DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  requests for this interface. If the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server is on the same subnetwork as this VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, you do not need to configure this parameter.

mld

Enables MLDMulticast Listener Discovery. A component of the IPv6 suite. It is used by IPv6 routers for discovering multicast listeners on a directly attached link. on this interface.

proxy - Configures MLDMulticast Listener Discovery. A component of the IPv6 suite. It is used by IPv6 routers for discovering multicast listeners on a directly attached link. proxy on the following interfaces.

fastethernet

gigabitethernet <slot/module/port>

port-channel

snooping - Configures the MLDMulticast Listener Discovery. A component of the IPv6 suite. It is used by IPv6 routers for discovering multicast listeners on a directly attached link. snooping on this interface.

nd {ra | reachable-time |retransmit-time}

Configures the IPv6 neighbor discovery options.

ra - configures the following router advertizement options:

dns - Configures IPv6 recursive DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server

enable - Enables IPv6 RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers.

hop-limit - Configures RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. hop-limit

interval - Configures RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. interval

life-time - Configures RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. lifetime

managed-config-flag - Enables hosts to use DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server for stateful address autoconfiguration

mtu - Configures MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. for RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers.

other-config-flag - Enables hosts to use DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server for other non-address stateful autoconfiguration

preference - Configures a router preference of high/low/medium

prefix - Configures IPv6 RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. prefix

reachable-time - Configures neighbor discovery reachable time. By default this field is set to 0. Valid value - 0-3, 600,000 msec.

retransmit-time - Configures neighbor discovery retransmit time. By default this field is set to 0. Valid value - 0-3, 600,000 msec.

no

Negates any configured parameter.

mtu

MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. setting for the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

1024-1500

multimode-auth

MultiMode Authentication Support on VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.

operstate up

Set the state of the interface to be up.

option-82 {ap-name [essid] |mac [essid]}

Allows a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relay agent to insert circuit specific information into a request that is being forwarded to a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server.

The managed device, when acting as a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relay agent, needs to be able to insert information about the AP and SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. through which a client is connecting into the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  request.

Many service providers use this mechanism to make access control decisions. You can include:

AP name or AP name and ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set..

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address or MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address and ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set..

shutdown

Causes a hard shutdown of the interface.

suppress-arp

Prevents flooding of ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. broadcasts on all the untrusted interfaces.

Usage Guidelines

All ports on the managed device are assigned to VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 by default. Use the interface gigabitethernet command to assign a port to a configured VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. Use the show interface vlan and show user commands to view DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  option-82 related output.

Example

The following command configures a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface:

(host) [mynode] (config) #interface vlan 16

(host) [mynode] (config-submode) #ip address 10.26.1.1 255.255.255.0

(host) [mynode] (config-submode) #ip helper-address 10.4.1.22

The following example displays the use of extended scope of address range:

(host)[mynode](config) #interface vlan 214

(host) [mynode] (config-submode) #ipv6 address 2014::2/64

(host) [mynode] (config-submode) #ipv6 nd reachable-time 1000

(host) [mynode] (config-submode) #ipv6 nd retransmit-time 1000

(host) [mynode] (config-submode) #ipv6 nd ra enable

(host) [mynode] (config-submode) #ipv6 nd ra preference high

(host) [mynode] (config-submode) #ipv6 nd ra prefix 2014::/64

(host) [mynode] (config-submode) #operstate up

(host) [mynode] (config-submode) #ipv6 mld snooping

Related Commands

Command

Description

ip access-list route

This command configures an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. for PBRPolicy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator..

ip nexthop-list

Use this command to define a next-hop list for a routing policy.

Command History

Release

Modification

ArubaOS 8.4.0.0

The pppoe-gateway-nat <nat-ip> sub-parameter was added.

ArubaOS 8.2.0.0

The following changes were introduced:

Updated the new syntax as access-group in <acl_name>.

Added the following sub-parameters:

filter-broadcast-on-helper

filter-broadcast-on-ipv6-helper

ipv6 <helper-address>

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/