Page 2
, H3CS, H3CIE, H3CNE, Aolynk, Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
Page 3
VLAN, eliminate Layer 2 loops, divide VLANs, transmit customer network packets through the public network, and modify VLAN tags for packets. This preface includes the following topics about the documentation: • Audience. • Conventions. • About the H3C S7500E-X documentation set. • Obtaining documentation. • Technical support.
Page 4
GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.
Description Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG card. About the H3C S7500E-X documentation set The H3C S7500E-X documentation set includes the following categories of documents: Category Documents Purposes Guides you through initial installation and setup...
[Products & Solutions]—Provides information about products and technologies, as well as solutions. [Software Download]—Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
Contents Configuring the MAC address table ································································ 1 Overview ···························································································································································· 1 How a MAC address entry is created ········································································································· 1 Types of MAC address entries ··················································································································· 1 MAC address table configuration task list ·········································································································· 2 Configuring MAC address entries ······················································································································...
Page 8
Ethernet link aggregation configuration task list ······························································································ 27 Configuring an aggregation group ··················································································································· 28 Configuration restrictions and guidelines ································································································· 28 Configuring a static aggregation group ···································································································· 29 Configuring a dynamic aggregation group ······························································································· 30 Configuring an aggregate interface ·················································································································· 32 ...
Page 9
Configuring the current device as the root bridge of a specific spanning tree ········································· 76 Configuring the current device as a secondary root bridge of a specific spanning tree ··························· 77 Configuring the device priority ························································································································· 77 Configuring the maximum hops of an MST region ···························································································...
Page 10
Enabling loop detection globally············································································································· 109 Enabling loop detection on a port··········································································································· 109 Setting the loop protection action ··················································································································· 109 Setting the global loop protection action ································································································ 110 Setting the loop protection action on a Layer 2 Ethernet interface ························································ 110 ...
Page 11
Configuring voice VLANs ············································································ 158 Overview ························································································································································ 158 Methods of identifying IP phones ··················································································································· 158 Identifying IP phones through OUI addresses ······················································································· 158 Automatically identifying IP phones through LLDP ················································································ 159 Advertising the voice VLAN information to IP phones ··················································································· 159 ...
Page 12
Configuring the CVLAN TPID ················································································································· 192 Configuring the SVLAN TPID ················································································································· 193 Setting the 802.1p priority in SVLAN tags ······································································································ 193 Displaying and maintaining QinQ ··················································································································· 194 QinQ configuration examples ························································································································· 195 Basic QinQ configuration example ········································································································· 195 ...
Page 13
Configuring service loopback groups ·························································· 251 Overview ························································································································································ 251 Configuration restrictions and guidelines ······································································································· 251 Configuring a service loopback group ············································································································ 252 Displaying and maintaining service loopback groups ···················································································· 252 Service loopback group configuration example ····························································································· 252 ...
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Step Command Remarks By default, no multiport unicast MAC address entry is configured mac-address multiport globally. Add or modify a multiport mac-address interface unicast MAC address entry. Make sure you have created the interface-list vlan vlan-id VLAN and assigned the interface to the VLAN.
Disabling MAC address learning on interfaces When global MAC address learning is enabled, you can disable MAC address learning on a single interface. To disable MAC address learning on an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number...
expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can promptly update to accommodate latest network topology changes. A stable network requires a longer aging interval, and an unstable network requires a shorter aging interval.
To configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enter interface view. •...
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id...
Page 23
Figure 1 MAC address tables of devices when Client A accesses AP C When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 2 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization:...
Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: • Interface B receives a packet with the MAC address as the source MAC address. •...
Step Command Remarks (Optional.) Set a The default setting is 30 mac-address notification mac-move suppression interval for seconds. suppression interval interval-value MAC address moves. (Optional.) Set a suppression threshold mac-address notification mac-move The default setting is 3. for MAC address suppression threshold threshold-value moves.
Step Command Remarks Enter system view. system-view Enable ARP fast update By default, ARP fast update for mac-address mac-move for MAC address moves. MAC address moves is disabled. fast-update Disabling static source check By default, the static source check feature is enabled on an interface. The check identifies whether a received frame meets the following conditions: •...
Step Command Remarks By default, SNMP notifications are enabled for the MAC address table. Enable SNMP notifications for snmp-agent trap enable mac-address When SNMP notifications are the MAC address [ mac-move ] disabled for the MAC address table. table, syslog messages are sent to notify important events on the MAC address table module.
Configuration procedure # Add a static MAC address entry for MAC address 000f-e235-dc71 on GigabitEthernet 1/0/1 that belongs to VLAN 1. <Device> system-view [Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
To set the MAC Information mode: Step Command Remarks Enter system view. system-view Set the MAC Information mac-address information mode The default setting is trap. mode. { syslog | trap } Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
Page 32
Enable MAC Information on Device: # Enable MAC Information globally. [Device] mac-address information enable # Configure the MAC Information mode as syslog. [Device] mac-address information mode syslog # Enable MAC Information on interface GigabitEthernet 1/0/1 to enable GigabitEthernet 1/0/1 to record MAC address change information when the interface performs either of the following tasks: Learns a new MAC address.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
The port has not received LACPDUs from its peer port. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.
Link aggregation modes An aggregation group operates in one of the following modes: • Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.
Figure 6 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached in a static aggregation group, new member ports in the group are placed in the Unselected state. This mechanism prevents traffic interruption on the existing Selected ports.
Page 37
LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table Table 2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP Basic LACP functions priority, system MAC address, port priority, port number, and operational key. Implemented by extending the LACPDU with new TLV fields.
How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports that are in up state and have the same attribute configurations as the aggregate interface. A Selected port must have the same operational key and attribute configurations as the reference port.
Page 39
Figure 7 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID is aware of the aggregation state changes on the peer system. The system sets the aggregation state of local member ports the same as their peer ports.
• When the aggregation state of a local port changes in a dynamic aggregation group, the aggregation state of the peer port also changes. • After the Selected port limit has been reached, a port joining the aggregation group is placed in the Selected state if it is more eligible than a current Selected port.
Tasks at a glance (Optional.) Configuring an aggregate interface: • Setting the description for an aggregate interface • Specifying ignored VLANs for a Layer 2 aggregate interface • Reserving a VLAN interface resource for a Layer 2 aggregate interface • Setting the MTU for a Layer 3 aggregate interface •...
AC-VSI association (see MPLS Configuration Guide). • You cannot assign a port to a Layer 3 aggregation group if any of the following features are configured on the port: Association between AC and cross connection (see MPLS Configuration Guide). AC-VSI association (see MPLS Configuration Guide). •...
Step Command Remarks When you create a Layer 3 Create a Layer 3 aggregate aggregate interface, the system interface route-aggregation interface and enter Layer 3 automatically creates a Layer 3 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.
Page 44
Step Command Remarks a. Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two substeps to interface-number Assign an interface to the assign more Layer 2 Ethernet specified Layer 2 b. Assign the interface to interfaces to the aggregation aggregation group.
Step Command Remarks a. Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two substeps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer 3 b. Assign the interface to interfaces to the aggregation aggregation group.
Step Command Remarks By default, the description of an Set the description for interface is interface-name description text the aggregate interface. Interface. Specifying ignored VLANs for a Layer 2 aggregate interface By default, to become Selected ports, the member ports must have the same VLAN permit state and VLAN tagging mode as the corresponding Layer 2 aggregate interface.
Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface. To set the MTU for a Layer 3 aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 3 aggregate interface route-aggregation interface view.
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number By default, the minimum number Set the minimum number of of Selected ports for the link-aggregation selected-port Selected ports for the aggregation group is not...
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the aggregate By default, an aggregate interface interface as an edge does not operate as an edge lacp edge-port aggregate interface.
Step Command Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups This section explains how to configure the load sharing modes for link aggregation groups and how to enable local-first load sharing for link aggregation.
Setting the group-specific load sharing mode In Layer 2 aggregate interface view, the switch supports the following load sharing modes and combinations: • Source IP address. • Destination IP address. • Source MAC address. • Destination MAC address. • Layer 1 MPLS label. •...
Figure 8 Load sharing for multidevice link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member devices Local-first load sharing mechanism enabled? Any Selected ports on the ingress device? Packets are load-shared only Packets are load-shared across...
• To avoid traffic interruption on Layer 2 dynamic aggregate links after link-aggregation traffic redirection is enabled, make sure the corresponding aggregate interfaces do not have static MAC address entries. For information about MAC address entries, see Layer 2—LAN Switching Configuration Guide. Configuration procedure To enable link-aggregation traffic redirection: Step...
Page 54
• Configure a Layer 2 static aggregation group on both Device A and Device B. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end. • Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags:...
Page 56
Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {ACDEF} GE1/0/2 32768 {ACDEF} GE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.
Page 58
[DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar...
Page 60
Figure 12 Network diagram Configuration procedure Configure the device: # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when they have not received LACPDUs from the server. Both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward packets, which ensures zero packet loss. Layer 3 static aggregation configuration example Network requirements On the network shown in...
Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper-Key -------------------------------------------------------------------------------- GE1/0/1 32768 GE1/0/2 32768 GE1/0/3 32768 The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports. Layer 3 dynamic aggregation configuration example Network requirements On the network shown in Figure...
[DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Route-Aggregation1 Aggregation Mode: Dynamic...
Page 64
# Configure Layer 3 aggregation group 1 to load share packets based on source IP addresses. [DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip # Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to aggregation group 1.
Aggregate Interface: Route-Aggregation2 Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper-Key -------------------------------------------------------------------------------- GE1/0/3 32768 GE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A.
Page 66
[Device-Route-Aggregation1] lacp edge-port [Device-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to aggregation group 1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-aggregation group 1 [Device-GigabitEthernet1/0/1] quit [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] port link-aggregation group 1 [Device-GigabitEthernet1/0/2] quit Configure the server as required.
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Displaying and maintaining port isolation Execute display commands in any view. Task Command Display isolation group information. display port-isolate group [ group-number ] Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the device, respectively.
[Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/0/3] port-isolate enable group 2 [Device-GigabitEthernet1/0/3] quit Verifying the configuration # Display information about isolation group 2. [Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 Community VLAN ID: None The output shows that ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
Page 73
Calculation process The STP algorithm uses the following calculation process: Network initialization. Upon initialization of a device, each port generates a BPDU with the following contents: The port as the designated port. The device as the root bridge. 0 as the root path cost. The device ID as the designated bridge ID.
Page 74
Step Actions configuration BPDU. The following are the principles of configuration BPDU comparison: a. The configuration BPDU with the lowest root bridge ID has the highest priority. b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
Page 75
Configuration BPDU on Device Port name the port Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Device C Port C2 {2, 0, 2, Port C2} Configuration BPDUs comparison on each device. Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
Page 76
Configuration BPDU Device Comparison process on ports after comparison port, Device B calculates a designated port configuration BPDU for Port B2 {0, 5, 1, Port B2}. Device B compares it with the existing configuration BPDU of Port B2 {1, 0, 1, Port B2}.
Page 77
Configuration BPDU Device Comparison process on ports after comparison plus path cost of Port C2 (4). Device C determines that the configuration BPDU of Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU unchanged.
Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when...
A port's link type determines the type of BPDUs the port sends. • An access port sends STP BPDUs. • A trunk or hybrid port sends STP BPDUs in VLAN 1 and sends PVST BPDUs in other VLANs. MSTP MSTP overcomes the following STP, RSTP, and PVST limitations: •...
Figure 21 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...
Page 81
• Same MSTP revision level • Physically linked together Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region, as shown in Figure • The switched network contains four MST regions, MST region 1 through MST region 4. •...
Page 82
Port roles A port can play different roles in different MSTIs. As shown in Figure 23, an MST region contains Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge.
• Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state. • Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic. NOTE: When in different MSTIs, a port can be in different states.
In addition to basic MSTP features, the following features are provided for ease of management: • Root bridge hold • Root bridge backup • Root guard • BPDU guard • Loop guard • TC-BPDU guard • Port role restriction • TC-BPDU transmission restriction •...
• The member ports of an aggregation group do not participate in spanning tree calculation. However, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group. Spanning tree configuration task lists Before configuring a spanning tree, complete the following tasks: •...
Tasks at a glance • (Optional.) Configuring edge ports • (Optional.) Configuring the port link type • (Optional.) Enabling outputting port state transition information • (Required.) Enabling the spanning tree feature Configuring the leaf nodes: • (Required.) Setting the spanning tree mode •...
Tasks at a glance (Optional.) Performing mCheck (Optional.) Configuring protection features (Optional.) Enabling SNMP notifications for new-root election and topology change events MSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode •...
Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. • RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device.
Step Command Remarks Enter system view. system-view Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. • Use one of the commands. instance instance-id vlan Configure the vlan-id-list By default, all VLANs in an MST VLAN-to-instance mapping •...
Step Command Remarks device as the root function as the root bridge. stp root primary bridge. • In PVST mode: stp vlan vlan-id-list root primary • In MSTP mode: stp [ instance instance-list ] root primary Configuring the current device as a secondary root bridge of a specific spanning tree Step Command...
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it.
its state after a forward delay timer to make sure the state transition of the local port stays synchronized with the peer. • Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device receives no configuration BPDUs within the timeout period, it recalculates the spanning tree.
Step Command Remarks stp vlan vlan-id-list timer hello time • In STP/RSTP/MSTP mode: stp timer max-age time Set the max age timer. • The default setting is 20 seconds. In PVST mode: stp vlan vlan-id-list timer max-age time Setting the timeout factor The timeout factor is a parameter used to decide the timeout period.
Step Command Remarks rate of the ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When network topology change occurs, an edge port will not cause a temporary loop.
Page 95
You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: • dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998. • dot1t—The device calculates the default path cost for ports based on IEEE 802.1t. •...
Page 96
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard ports Aggregate interface containing four Selected 50000 ports Single port 20000 Aggregate interface containing two Selected 10000 ports Aggregate interface 1000 Mbps containing three Selected 6666 ports Aggregate interface containing four Selected 5000 ports...
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing two Selected ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Configuring path costs of ports When the path cost of a port changes, the system recalculates the role of the port and initiates a state transition.
Cost of every port will be reset and automatically re-calculated after you change the current pathcost standard. Continue?[Y/N]:y Cost of every port has been re-calculated [Sysname] interface gigabitethernet 1/0/3 [Sysname-GigabitEthernet1/0/3] stp vlan 20 to 30 cost 2000 Configuring the port priority The priority of a port is a factor that determines whether the port can be elected as the root port of a device.
Configuration procedure To configure the link type of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number By default, the link type is auto stp point-to-point { auto | Configure the port link type.
Step Command Remarks Enter system view. system-view • In STP/RSTP mode: stp port-log instance 0 • Enable outputting port In PVST mode: By default, this feature is state transition stp port-log vlan vlan-id-list enabled. information. • In MSTP mode: stp port-log { all | instance instance-list } Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related...
Performing mCheck The mCheck feature enables user intervention in the port status transition process. When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically transit back to the original mode when the following conditions exist: •...
Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your H3C device is connected to a third-party device that uses its private key to calculate the configuration digest.
Digest Snooping configuration example Network requirements As shown in Figure 24, Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region. Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three devices can communicate with one another.
Page 104
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device. RSTP and MSTP devices have the following differences: • For MSTP, the root port of the downstream device sends an agreement packet only after it receives an agreement packet from the upstream device.
Configuration prerequisites Before you configure the No Agreement Check feature, complete the following tasks: • Connect a device to a third-party upstream device that supports spanning tree protocols through a point-to-point link. • Configure the same region name, revision level, and VLAN-to-instance mappings on the two devices.
• The spanning tree feature is disabled on Device A and Device B and enabled on all devices in user network 1 and user network 2. • The IRF fabric transparently transmits BPDUs for both user networks and is not involved in the calculation of spanning trees.
Configuring protection features A spanning tree device supports the following protection features: • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop Configuring BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.
Step Command Remarks feature. stp bpdu-protection By default, BPDU guard is globally • disabled and not configured on a Configure BPDU guard on a per-interface basis. per-interface basis: a. interface interface-type interface-number b. stp port bpdu-protection { disable | enable } Enabling root guard The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.
The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops. Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the discarding state in all MSTIs because it cannot receive BPDUs.
Make this configuration on the port that connects to the user access network. To configure TC-BPDU transmission restriction: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number By default, TC-BPDU Enable TC-BPDU transmission restriction is stp tc-restriction transmission restriction.
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable BPDU drop on the By default, BPDU drop is bpdu-drop any current interface. disabled. Enabling SNMP notifications for new-root election and topology change events This feature enables the device to generate logs and report new-root election events or spanning tree topology changes to SNMP.
Task Command Display information about ports blocked by spanning display stp abnormal-port tree protection features. display stp bpdu-statistics [ interface Display BPDU statistics on ports. interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features.
Page 113
Figure 29 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 114
[DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
Page 115
Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.
Figure 30 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
Page 117
Figure 31 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 118
[DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 119
GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 32 VLAN spanning tree topologies...
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
• Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 9 TLVs supported by loop detection Description Remarks...
NOTE: Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this, use the shutdown action, or manually remove the loop. Loop detection configuration task list Tasks at a glance (Required.) Enabling loop detection (Optional.) Setting the loop protection action (Optional.)
Setting the global loop protection action Step Command Remarks Enter system view. system-view By default, the device generates a Configure the global loop loopback-detection global log but performs no action on the protection action. action shutdown port on which a loop is detected. Setting the loop protection action on a Layer 2 Ethernet interface Step...
Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements As shown in Figure 35, configure loop detection on Device A to meet the following requirements: •...
[DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Configure the global loop protection action as shutdown. [DeviceA] loopback-detection global action shutdown # Set the loop detection interval to 35 seconds. [DeviceA] loopback-detection interval-time 35 Configure Device B: # Create VLAN 100.
Page 126
%Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/1 recovered. %Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/2 recovered. The output shows the following information: • Device A detected loops on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 within a loop detection interval.
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
to a different value. For compatibility with a neighbor device, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
NOTE: • As the system default VLAN, VLAN 1 cannot be created or deleted. • Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. Configuring basic settings of a VLAN interface For hosts of different VLANs to communicate at Layer 3, you can use VLAN interfaces.
Step Command Remarks By default, a VLAN interface is not manually shut down. The following guidelines apply to the VLAN interface that is in default state: (Optional.) Bring up the undo shutdown VLAN interface. • The VLAN interface is down if all ports in the VLAN are down.
How ports of different link types handle frames Actions Access Trunk Hybrid In the • If the PVID is permitted on the port, tags the frame with the inbound Tags the frame with the PVID tag. direction for PVID tag. an untagged •...
Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter S-channel interface view: interface s-channel Enter interface view. interface-number.channel- • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel- Configure the link type of the By default, all ports are access port link-type access port as access.
Step Command Remarks The default setting is VLAN 1. (Optional.) Configure the port trunk pvid vlan vlan-id RPR logical interfaces do not PVID of the trunk port. support this command. Assigning a hybrid port to a VLAN A hybrid port supports multiple VLANs. You can assign it to the specified VLANs in interface view. Make sure the VLANs have been created.
Configuring MAC-based VLANs Introduction This feature is available only on hybrid ports. The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is also called user-based VLAN because VLAN configuration remains the same regardless of a user's physical location.
Page 135
If the frame is tagged, the port gets the source MAC address of the frame. If the frame is untagged, the port selects a VLAN for the frame by using the following matching order: − MAC-based VLAN (fuzzy and exact MAC address match). −...
When you configure dynamic MAC-based VLAN assignment, follow these guidelines: • When a port joins a VLAN specified in the MAC-to-VLAN entry, one of the following events occurs depending on the port configuration: If the port has not been configured to allow packets from the VLAN to pass through, the port joins the VLAN as an untagged member.
Step Command Remarks Configure the link type of By default, all ports are access port link-type hybrid the port as hybrid. ports. By default, a hybrid port is an Assign the hybrid port to port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN the MAC-based VLANs.
Step Command Remarks Enable the MAC-based By default, MAC-based VLAN is mac-vlan enable VLAN feature. disabled. By default, dynamic MAC-based VLAN assignment is disabled. Enable dynamic The VLAN assignment for a port is MAC-based VLAN mac-vlan trigger enable triggered only when the source MAC assignment.
Use this feature when untagged packets from an IP subnet or IP address must be transmitted in a VLAN. This feature is available only on hybrid ports, and it processes only untagged packets. An IP subnet-based VLAN has one or multiple subnets to match inbound packets. Each subnet has a unique index in the IP subnet-based VLAN.
• Assign the port to the protocol-based VLANs. • Associate the port with the protocol templates of the protocol-based VLANs. When an untagged packet arrives at the port, the port processes the packet as follows: • If the protocol type and encapsulation format in the packet match a protocol template, the port tags the packet with the VLAN tag specific to the protocol template.
Step Command Remarks Enter system view. system-view Create a VLAN group and By default, no VLAN group exists. vlan-group group-name enter VLAN group view. Add VLANs to the VLAN By default, no VLAN exists in a vlan-list vlan-id-list group. VLAN group. Displaying and maintaining VLANs Execute display commands in any view and reset commands in user view.
Page 142
Figure 39 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...
[DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 144
[DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.
State: S - Static, D – Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN entries count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 41, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.
[DeviceC-vlan200] quit # Configure GigabitEthernet 1/0/11 as a hybrid port, and assign it to VLAN 100 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/11] quit # Configure GigabitEthernet 1/0/12 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member.
Page 147
To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200. Figure 42 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/11 GE1/0/12...
Page 148
[Device-vlan100] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 149
VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.
To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a By default, a VLAN is not a super VLAN. supervlan super VLAN. By default, a super VLAN is not associated with Associate the super any sub-VLANs.
Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. • GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 are in VLAN 3. •...
# Create VLAN 3, and assign GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to the VLAN. [DeviceA] vlan 3 [DeviceA-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [DeviceA-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to the VLAN. [DeviceA] vlan 5 [DeviceA-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [DeviceA-vlan5] quit # Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN.
Page 154
It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0005...
Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.
Configure the secondary VLANs. Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A Figure 44): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
Page 157
Step Command Remarks Return to system view. quit Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | secondary VLANs. all } Return to system view. quit Enter VLAN view of the vlan vlan-id primary VLAN. Associate the primary By default, a primary VLAN is not private-vlan secondary VLAN with the secondary...
Step Command Remarks • Configure the downlink port as a host port: port private-vlan host • Configure the downlink 15. Configure the downlink By default, a port is not a host or trunk port as a trunk secondary port as a host or trunk secondary port.
Private VLAN configuration examples Promiscuous port configuration example Network requirements As shown in Figure 45, configure the private VLAN feature to meet the following requirements: • On Device B, VLAN 5 is a primary VLAN that is associated with secondary VLANs 2 and 3. GigabitEthernet 1/0/5 is in VLAN 5.
Page 160
# Configure the uplink port GigabitEthernet 1/0/5 as a promiscuous port of VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port private-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit # Assign the downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.
Page 162
• VLANs 5 and 10 are primary VLANs on Device B. The uplink port GigabitEthernet 1/0/1 on Device B permits the packets from VLANs 5 and 10 to pass through tagged. • On Device B, the downlink port GigabitEthernet 1/0/2 permits secondary VLAN 2. The downlink port GigabitEthernet 1/0/3 permits secondary VLAN 3.
[DeviceB] vlan 10 [DeviceB-vlan10] private-vlan secondary 6 8 [DeviceB-vlan10] quit # Configure the uplink port GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 5 and [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port private-vlan 5 10 trunk promiscuous [DeviceB-GigabitEthernet1/0/1] quit # Assign the downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.
Trunk promiscuous and trunk secondary port configuration example Network requirements As shown in Figure 47, configure the private VLAN feature to meet the following requirements: • VLANs 10 and 20 are primary VLANs on Device A. The uplink port GigabitEthernet 1/0/5 on Device A permits the packets from VLANs 10 and 20 to pass through tagged.
Page 166
[DeviceA-vlan20] private-vlan primary [DeviceA-vlan20] quit # Create VLANs 11, 12, 21, and 22. [DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22 # Associate secondary VLANs 11 and 12 with primary VLAN 10. [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan secondary 11 12 [DeviceA-vlan10] quit # Associate secondary VLANs 21 and 22 with primary VLAN 20.
Page 167
# Assign the port GigabitEthernet 1/0/3 to VLAN 11. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 11 [DeviceB-GigabitEthernet1/0/3] quit # Assign the port GigabitEthernet 1/0/4 to VLAN 21. [DeviceB] interface gigabitethernet 1/0/4 [DeviceB-GigabitEthernet1/0/4] port access vlan 21 [DeviceB-GigabitEthernet1/0/4] quit Configure Device C: # Create VLANs 10 and 20.
OUI address Vendor 0001-E300-0000 Siemens phone 0003-6B00-0000 Cisco phone 0004-0D00-0000 Avaya phone 000F-E200-0000 H3C Aolynk phone 0060-B900-0000 Philips/NEC phone 00D0-1E00-0000 Pingtel phone 00E0-7500-0000 Polycom phone 00E0-BB00-0000 3Com phone Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a globally unique identifier that IEEE assigns to a vendor.
Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.
Figure 50 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 51, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.
When the device reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...
Voice VLAN configuration task list Tasks at a glance (Required.) Configuring the QoS priority settings for voice traffic (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods:...
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.
Step Command Remarks By default, the voice VLAN feature is disabled. Enable the voice VLAN voice-vlan vlan-id enable feature on the port. Before you configure a voice VLAN, you must create a VLAN. Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in manual voice VLAN assignment mode, follow these...
Step Command Remarks • For the access port, see "Assigning an access port to VLAN." • Assign the access, trunk, or For the trunk port, see After you assign an access port to hybrid port to the voice "Assigning a trunk port to a the voice VLAN, the voice VLAN VLAN.
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID. network-policy vlan-id the command, see Layer 2—LAN Switching Command Reference.
GE1/0/1 AUTO GE1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure • Device A transmits only voice traffic. • IP phone A send untagged voice traffic. For correct voice traffic transmission, perform the following tasks on Device A: •...
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 186
Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.
• Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.
receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Configure an MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
Table 14 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP.
• The devices can register and deregister dynamic VLANs. • The devices can keep identical VLAN configurations for each MSTI. Figure 55 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1...
Page 193
# Globally enable the spanning tree feature. [DeviceA] stp global enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1.
Page 194
[DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all...
[DeviceC-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view.
Page 197
• GigabitEthernet 1/0/2 has declared VLAN 1, and registered and propagated no VLANs. • GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status...
Page 198
1(default), 10 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 199
• GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
Page 200
[DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer...
Page 201
The output shows that dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 57 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • Before you configure QinQ on a port, you must remove any VLAN mappings on the port. After you enable QinQ on the port, you can configure all VLAN mapping types except two-to-two VLAN mapping on it.
Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an H3C device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.
Step Command Remarks Configure the TPID value for The default setting is 0x8100 for qinq ethernet-type CVLAN tags. CVLAN tags. customer-tag hex-value Configuring the SVLAN TPID Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view.
Step Command Remarks • Replace the priority in the SVLAN tags of matching frames with the configured priority: Configure a priority marking action for SVLAN remark dot1p dot1p-value tags. • Copy the 802.1p priority in the CVLAN tag to the SVLAN tag: remark dot1p customer-dot1p-trust Return to system view.
QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
Page 209
# Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 # Set the TPID value in the SVLAN tags to 0x8200 on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200.
# Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to a company's VLANs 10 through 50. •...
Page 211
Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Configure VLAN 100 as the PVID of GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
Application scenario of one-to-two and two-to-two VLAN mapping Figure 61 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the two remote sites of the same VPN must communicate across two SP networks. Figure 61 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
Page 215
Figure 62 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 63, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 216
Figure 64 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 65, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.
Figure 66 Two-to-two VLAN mapping implementation VLAN mapping configuration task list When you configure VLAN mapping, follow these guidelines: • To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a...
Enabling DHCP snooping Step Command Remarks Enter system view. system-view By default, DHCP snooping is disabled. Enable DHCP For more information about DHCP snooping dhcp snooping enable snooping. configuration commands, see Layer 3—IP Services Command Reference. Enabling ARP detection Enable ARP detection for the original VLANs and the translated VLANs. To enable ARP detection: Step Command...
Step Command Remarks By default, DHCP snooping Enable DHCP snooping entry entry recording is disabled on dhcp snooping binding record recording. an interface. Configuring the network-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet...
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number Configure the link type of the By default, the link type of a port link-type hybrid port as hybrid.
Step Command Remarks • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the link type of the port. • port is access. Configure the port as a hybrid port: port link-type hybrid •...
Page 223
VLANs on wiring-closet VLANs on home VLANs on campus switch Service switches (Switch A and gateways (Switch C) Switch B) VoIP VLAN 3 VLANs 301, 302, 303, 304 VLAN 503 Figure 67 Network diagram DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 ->...
Page 224
[SwitchA] vlan 301 to 302 # Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port. <SwitchA> system-view [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to all original VLANs and translated VLANs. [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively.
Page 226
# Configure the network-side port GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. [SwitchC] interface gigabitethernet 1/0/3 [SwitchC-GigabitEthernet1/0/3] vlan mapping nni # Configure GigabitEthernet 1/0/3 as a trunk port. [SwitchC-GigabitEthernet1/0/3] port link-type trunk # Assign GigabitEthernet 1/0/3 to the translated VLANs.
303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 228
[PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to VLAN 100. [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port.
Page 229
[PE4-GigabitEthernet1/0/2] port hybrid vlan 200 untagged # Configure a one-to-two VLAN mapping on customer-side port GigabitEthernet 1/0/2 to add SVLAN tag 200 to packets from VLAN 6. [PE4-GigabitEthernet1/0/2] vlan mapping nest single 6 nested-vlan 200 [PE4-GigabitEthernet1/0/2] quit Verifying the configuration # Verify VLAN mapping information on PE 1.
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform makes sure different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 231
LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. • LLDP frame encapsulated in Ethernet II Figure 70 Ethernet II-encapsulated LLDP frame Table 17 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
Page 232
Figure 71 SNAP-encapsulated LLDP frame Table 18 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 233
Table 19 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID TLV carries the MAC address of the sending port. Mandatory.
Page 234
NOTE: • H3C devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 21 IEEE 802.3 organizationally specific TLVs Type Description...
Type Description Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version.
the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...
Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. As a best practice to prevent LLDP from affecting topology discovery of OpenFlow controllers, disable LLDP on ports of OpenFlow instances.
Step Command Remarks Set the number of LLDP frames sent each time fast The default setting is 4. lldp fast-count count LLDP frame transmission is triggered. Set the fast LLDP frame The default setting is 1 second. lldp timer fast-interval interval transmission interval.
Step Command Remarks By default, LLDP PVID Disable LLDP PVID inconsistency check is lldp ignore-pvid-inconsistency inconsistency check. enabled. Configuring CDP compatibility To make your device work with Cisco IP phones, you must enable CDP compatibility. If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device.
Detects configuration errors on peer devices. • Remotely configures the peer device if the peer device accepts the configuration. NOTE: H3C devices support only the remote configuration function. Figure 73 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in...
ETS Configuration. ETS Recommendation. PFC. APP. H3C devices can send these types of DCBX information to a server or storage adapter supporting FCoE. However, H3C devices cannot accept these types of DCBX information. DCBX configuration task list Tasks at a glance (Required.)
Setting the DCBX version When you set the DCBX version, follow these restrictions and guidelines: • For DCBX to work correctly, configure the same DCBX version on the local port and peer port. As a best practice, configure the highest version supported on both ends. IEEE Std 802.1Qaz-2011, DCBX Rev 1.01, and DCBX Rev 1.00 are in descending order.
Page 248
Step Command Remarks Enter system view. system-view An Ethernet frame header ACL number is in the range of 4000 to 4999. An IPv4 advanced ACL number is in the range of 3000 to Create an Ethernet frame 3999. acl number acl-number [ name header ACL or an IPv4 acl-name ] [ match-order { auto | DCBX Rev 1.00 supports only...
Step Command Remarks • (Method 1) To the outgoing traffic of all ports: qos apply policy policy-name global outbound • Configurations made in • (Method 2) To the outgoing system view take effect on all traffic of a Layer 2 Ethernet ports.
Page 250
Step Command Remarks Configure the behavior to mark packets with the By default, no local precedence remark local-precedence specified local precedence marking action is configured. local-precedence value. Return to system view. quit Create a QoS policy and By default, no policy exists. qos policy policy-name enter QoS policy view.
Configuring PFC parameters To prevent packets with an 802.1p priority value from being dropped, enable PFC for the 802.1p priority value. This feature reduces the sending rate of packets carrying this priority when network congestion occurs. The device uses PFC parameters to negotiate with the server adapter and to enable PFC for the specified 802.1p priorities on the server adapter.
Step Command Remarks Enable LLDP-MED trapping (in Layer 2/Layer By default, LLDP-MED lldp notification med-topology-change 3 Ethernet interface view trapping is disabled. enable or management Ethernet interface view). Return to system view. quit (Optional.) Set the LLDP The default setting is 30 lldp timer notification-interval interval trap transmission interval.
Page 253
Figure 74 Network diagram GE1/0/1 GE1/0/2 GE1/0/1 Switch A Switch B Configuration procedure Configure Switch A: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1.
Page 254
Bridge mode of LLDP: customer-bridge The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit credit max Hold multiplier...
Page 255
Number of received unknown TLV : 3 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...
Page 256
Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 5 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s...
Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 CDP-compatible LLDP configuration example Network requirements As shown in Figure 75, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A are each connected to a Cisco IP phone, which sends tagged voice traffic.
# Configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1. [SwitchA-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/1] quit # Enable LLDP on GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] lldp enable # Configure LLDP to operate in TxRx mode on GigabitEthernet 1/0/2.
Page 259
Figure 76 Network diagram Configuration procedure Enable LLDP and DCBX TLV advertising: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on interface GigabitEthernet 1/0/1. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx Set the DCBX version to Rev.
Page 260
Configure ETS parameters: # Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local precedence 3. (This is the default mapping table. You can modify this configuration as needed.) [SwitchA] qos map-table outbound dot1p-lp [SwitchA-maptbl-out-dot1p-lp] import 3 export 3 [SwitchA-maptbl-out-dot1p-lp] quit # Enable byte-count WRR queuing on interface GigabitEthernet 1/0/1, and configure queue 3 on the interface to use SP queuing.
Page 261
Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information...
Page 262
DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 0 Priority Group ID of Priority 3: 1 Priority Group ID of Priority 2: 0 Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0 Priority Group ID of Priority 7: 0 Priority Group ID of Priority 6: 0 Priority Group 0 Percentage: 50...
Page 263
Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No...
Configuring service loopback groups Overview A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
Configuring a service loopback group Step Command Remarks Enter system view. system-view By default, no service loopback groups exist. service-loopback group Create a service loopback group-id type In the current software version, group and specify its service { { multicast-tunnel | tunnel } * | the device does not support the type.
Page 266
[DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1 All configurations on the interface will be lost. Continue?[Y/N]:y [DeviceA-GigabitEthernet1/0/3] quit # Create the interface Tunnel 1 and set it to GRE mode. The interface will automatically use service loopback group 1.
Page 268
voice VLAN port operation configuration LLDP CDP-compatible configuration, 244 (automatic assignment), 164, 168 voice VLAN information advertisement to IP phones, 159 checking backing up spanning tree No Agreement Check, 90, 92 MST backup port, 69 choosing bandwidth Ethernet link aggregation reference port, 22, 25 Ethernet link aggregate interface (expected Cisco bandwidth), 35...
Page 269
LLDP DCBX, 232, 245 spanning tree, 58, 72, 99 LLDP ETS parameter, 236 spanning tree BPDU guard, 94 LLDP group-based WRR queuing, 237 spanning tree BPDU transmission rate, 80 LLDP management address, 228 spanning tree device priority, 77 LLDP management address encoding spanning tree Digest Snooping, 88, 90 format, 228 spanning tree edge port, 81...
Page 270
voice VLAN QoS priority setting spanning tree BPDU drop, 97 configuration, 163 spanning tree BPDU guard, 94 cost spanning tree Digest Snooping, 88, 90 spanning tree port path cost calculation spanning tree loop guard, 95 standard, 81 spanning tree No Agreement Check, 90, 92 spanning tree port path cost spanning tree port role restriction, 96 configuration, 81, 84...
Page 271
Ethernet link aggregation edge aggregate voice VLAN LLDP, 166 interface, 27 encapsulating Ethernet link aggregation group, 30 LLDP frame encapsulation (Ethernet II), 218 Ethernet link aggregation mode, 22 LLDP frame encapsulation (SNAP), 218 Layer 2 Ethernet link aggregation, 42 LLDP frame encapsulation format, 230 Layer 2 Ethernet link aggregation edge VLAN frame encapsulation, 114 aggregate interface, 46...
Page 282
spanning tree path cost configuration, 81, 84 procedure spanning tree port link type configuration, 85 adding MAC address table blackhole entry, 4 spanning tree port mode configuration, 86 adding MAC address table entry (global), 3 spanning tree port priority configuration, 85 adding MAC address table entry (on interface), 3 spanning tree port role restriction, 96 adding MAC address table multiport unicast...
Page 283
configuring Layer 3 Ethernet link aggregation configuring port isolation (multiple isolation group (dynamic), 31 groups), 55 configuring Layer 3 Ethernet link aggregation configuring port-based VLAN, 117, 128 group (static), 29 configuring private VLAN, 143, 146 configuring Layer 3 Ethernet link aggregation configuring private VLAN promiscuous port, 146 load sharing, 50 configuring private VLAN trunk promiscuous...