vlan

vlan [<id> option-82] |[<name> <vlan-ids>]|[range remove <WORD> ]|[wired aaa-profile <profile>]

Description

This command creates a VLAN ID or a range of VLAN IDs on the managed device. Use the vlan-name command to create a named VLAN to set up a VLAN pool. A VLAN pool consists of a set of VLAN IDs which are grouped together to efficiently manage multi-managed device networks from a single location.

To enable role-based access for wired clients connected to an untrusted VLAN or port on the managed device, you must use the wired aaa-profile parameter to specify the wired AAA profile you would like to apply to that VLAN. If you do not specify a per-VLAN wired AAA profile, traffic from clients connected to an untrusted wired port or VLAN will use the global wired AAA profile, if configured.

Parameter

Description

<id>

Identification number for the VLAN.

Range: 2-4094

Default: 1

option-82

Turn on Option-82

<name>

(Optional) Identification name of the VLAN. The VLAN name was created using the vlan-name command.

Range: 1-32 characters; a name cannot begin with a numeric character

Default: VLAN<id>

<vlan-ids>

(Optional) List of VLAN IDs that are associated with this VLAN. If two or more IDs are listed, the VLAN needs to specified first as a VLAN pool using the vlan-name command.

Range: Existing VLAN IDs

Default: 1

range <range>

Create a range of multiple VLAN IDs by specifying the beginning and ending VLAN ID separated by a hyphen.

For example, 55-58

Range: 2-4094

remove <WORD>

List a range of vlans to be removed and it is a comma and a '-' separated list of vlans.

wired aaa-profile <profile>

Assign an AAA profile to a VLAN to enable role-based access for wired clients connected to an untrusted VLAN or port on the managed device. This parameter applies to wired clients only.

Note that this profile will only take effect if the VLAN or the port on the managed device is untrusted. If both the port and the VLAN are trusted, no AAA profile is assigned.

Example

The following example creates VLAN ID 27 with the description myvlan on the managed device.

(host) [mynode] (config) #vlan 27 myvlan

The following example associates the VLAN IDs 5, 12 and 100 with VLAN guestvlan on the managed device.

vlan guestvlan 5,12,100

The following example creates VLAN IDs 200-300, 302, 303-400.

(host) [mynode] (config) #vlan range 200-300,302, 303-400

Related Commands

Command

Description

show vlan

This command shows a configured VLAN interface number, description and associated ports

aaa authentication wired

This command configures authentication for a client device that is directly connected to a port on the managed device.

Command History

Release

Modification

AOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Conductor.