Dividing a LAN into VLANs Based on Ports

Dividing a LAN into VLANs based on ports is the most simple and effective VLAN division mode.

Context

After VLANs are configured based on ports, the VLANs can process tagged and untagged frames in the following manners:

After receiving an untagged frame, a port adds the PVID to the frame, searches the MAC address table for an outbound port, and sends the tagged frame from the outbound port.
After a port receives a tagged frame, it checks the VLAN ID carried in the frame:
- If the port allows frames with the specified VLAN ID to pass through, it forwards the frame.
- If the port does not allow frames with the specified VLAN ID to pass through, it discards the frame.

The configuration roadmap is as follows:

Create VLANs.
Configure the port type and features: access, trunk, or hybrid.
Add ports to VLANs.

Procedure

Access the system view.
```
system-view
```
Create a VLAN and access the VLAN view.
```
vlan vlan-id
```
If the specified VLAN has been created, the VLAN view is directly displayed.

The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in batches, and then run the vlan vlan-id command to enter the view of a specified VLAN.
Return to the system view.
```
quit
```
Configure the port type and features.
1. Run the interface { ethernet | gigabitethernet | xgigabitethernet | epon } interface-number command to enter the view of an Ethernet port to be added to the VLAN.
2. Run the portswitch command to switch an Ethernet interface from the Layer-3 mode to the Layer-2 mode
3. Run the port link-type { access | hybrid | trunk } command to configure the port type.
  
  By default, the port type is hybrid.
  - If a Layer-2 Ethernet port is directly connected to a terminal, set the port type to access or hybrid.
  - If a Layer-2 Ethernet port is connected to another switch, the port type can be set to access, trunk, hybrid, or QinQ.
Add ports to the VLAN.
Run either of the following commands as needed:
- For access ports:
  
  Run the port default vlan vlan-id command to add a port to a specified VLAN.
  
  To add ports to a VLAN in batches, run the port interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the VLAN view.
  
  The input port format must be correct. The port number following to must be greater than the port number before to. If a group of ports are specified, ensure that these ports are of the same type and all specified ports exist.
  
  In one port command, a maximum of 10 groups of ports can be specified by using to.
- For trunk ports:
  - Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add the port to specified VLANs.
  - (Optional) Run the port trunk pvid vlan vlan-id vlan-id command to specify the default VLAN for a trunk port.
- For hybrid ports:
  - Run either of the following commands to add a port to VLANs in untagged or tagged mode:
    - Run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add a port to VLANs in untagged mode.
      
      In untagged mode, a port removes tags from frames and then forwards the frames. This is applicable to scenarios in which Layer-2 Ethernet ports are connected to terminals.
    - Run the port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to add a port to VLANs in tagged mode.
      
      In tagged mode, a port forwards frames without removing their tags. This is applicable to scenarios in which Layer-2 Ethernet ports are connected to switches.
  - (Optional) Run the port hybrid pvid vlan vlan-id command to specify the default VLAN of a hybrid port.