HPE Community
Comware Based
1753792 Members
6470 Online
108799 Solutions
New Discussion

vlan

 
SOLVED
Go to solution
gadisontag
Advisor

‎03-03-2021 10:35 PM

‎03-03-2021 10:35 PM

vlan

Good morning 

I have a two 5940 switch with irf 
Is it possible to define on the switch, configuration, what will be the same vlan id number without any connection with them, that is, a switch let's say with 48 ports, half switch will belong to company a half switch to company b, in 2 companies will have the same vlan id - of course there will be no ability Communication between the 2 vlan id.
Of course communication between the 2 companies is forbidden!
There does not have to be a future capability of communication between the 2 environments / companies.

best regard

 

gadihp vlan.JPG

0 Kudos
4 REPLIES 4
Ivan_B
HPE Pro

‎03-03-2021 11:01 PM

‎03-03-2021 11:01 PM

Solution

Re: vlan

Hello @gadisontag !

Chassis-based switches, like 12900 series have a feature called Multitenant Device Context (MDC) - it is 1:N virtualization technology that  can partition a physical device or an IRF fabric into multiple logical devices. Each MDC uses its own hardware and software resources, runs independently of other MDCs, and provides services for its own customer. Creating, starting, rebooting, or deleting an MDC does not affect any other MDCs. From the user's perspective, an MDC is a standalone physical device. MDCs on the same physical device are isolated from each other.

But 59xx series do not support it and such support is not planned.

Without MDC VLAN numbers use same namespace, so they must be unique, they can't overlap, so there is no way to re-use same VLAN numbers for different tenants (companies). But you have more than 4000 VLANs at your disposal, so you can create a simple rule for VLAN assignment, like:

Company A: VLAN 1-999
Company B: VLAN 1000-1999
etc

However, the desired tenant separation with 5940 is possible on Layer 3. All you need to do is to create separate VPN-instances (other vendors call it 'VRF'), one per Company and assign Vlan-interfaces (SVIs) of each company to its own vpn-instance:

ip vpn-instance CompanyA
 route-distinguisher 1:1
#
ip vpn-instance CompanyB
 route-distinguisher 1:2
#
interface Vlan-interface10
 ip binding vpn-instance CompanyA 
 ip address 10.0.10.1 24
#
interface Vlan-interface1010
 ip binding vpn-instance CompanyB
 ip address 10.0.10.1 24

 

Same IP address and subnet on SVIs Vlan-interface 10 and 1010 is not a typo - you can re-use subnets in different VPN-instances, as each VPN-instance have its own routing table and it doesn't create any issue.

Hope this helps!

 

I am an HPE employee

Accept or Kudo

0 Kudos
gadisontag
Advisor

‎03-04-2021 01:59 AM

‎03-04-2021 01:59 AM

Re: vlan

thank you ver much !

Is it possible to put the same vlan id in the vpn-instance method ? layer 2 only ?

Unfortunately I do not have lab equipment to play with the settings, i installs HP Network Simulator for Comware Devices environment - Ubuntu User Guide_v2.0

 

for example :

 

ip vpn-instance CompanyA
 route-distinguisher 1:1
#
ip vpn-instance CompanyB
 route-distinguisher 1:2
#
interface Vlan-interface200
 ip binding vpn-instance CompanyA 
 ip address 10.0.10.1 24
#
interface Vlan-interface200
 ip binding vpn-instance CompanyB
 ip address 10.0.10.1 24

 

best regard

 

gadi

 

0 Kudos
Ivan_B
HPE Pro

‎03-04-2021 02:44 AM

‎03-04-2021 02:44 AM

Re: vlan

No, that won't work. VLAN numbers are unique, as well as Vlan-interfaces. Separation is performed on Layer 3.

I am an HPE employee

Accept or Kudo

0 Kudos
gadisontag
Advisor

‎03-04-2021 03:25 AM

‎03-04-2021 03:25 AM

Re: vlan

thank

 

have a nice day

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.