H3C S7500E-X Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. H3C S7500E-X
  6. Configuration manual
H3C S7500E-X Configuration Manual

H3C S7500E-X Configuration Manual

Layer 2 lan switching
Hide thumbs Also See for H3C S7500E-X:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S7500E-X Switch Series
Layer 2 - LAN Switching

Configuration Guide

Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: S7500EX-CMW710-R7178
Document version: 6W100-20160118

Advertisement

Table of Contents
loading

Related Manuals for H3C H3C S7500E-X

Summary of Contents for H3C H3C S7500E-X

  • Page 1: Configuration Guide

    H3C S7500E-X Switch Series Layer 2 - LAN Switching Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S7500EX-CMW710-R7178 Document version: 6W100-20160118...
  • Page 2 , H3CS, H3CIE, H3CNE, Aolynk, Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 VLAN, eliminate Layer 2 loops, divide VLANs, transmit customer network packets through the public network, and modify VLAN tags for packets. This preface includes the following topics about the documentation: • Audience. • Conventions. • About the H3C S7500E-X documentation set. • Obtaining documentation. • Technical support.
  • Page 4 GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.

  • Page 5: Obtaining Documentation

    Description Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG card. About the H3C S7500E-X documentation set The H3C S7500E-X documentation set includes the following categories of documents: Category Documents Purposes Guides you through initial installation and setup...

  • Page 6: Technical Support

    [Products & Solutions]—Provides information about products and technologies, as well as solutions. [Software Download]—Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 7: Table Of Contents

    Contents Configuring the MAC address table ································································ 1   Overview ···························································································································································· 1   How a MAC address entry is created ········································································································· 1   Types of MAC address entries ··················································································································· 1   MAC address table configuration task list ·········································································································· 2   Configuring MAC address entries ······················································································································...
  • Page 8 Ethernet link aggregation configuration task list ······························································································ 27   Configuring an aggregation group ··················································································································· 28   Configuration restrictions and guidelines ································································································· 28   Configuring a static aggregation group ···································································································· 29   Configuring a dynamic aggregation group ······························································································· 30   Configuring an aggregate interface ·················································································································· 32  ...
  • Page 9 Configuring the current device as the root bridge of a specific spanning tree ········································· 76   Configuring the current device as a secondary root bridge of a specific spanning tree ··························· 77   Configuring the device priority ························································································································· 77   Configuring the maximum hops of an MST region ···························································································...
  • Page 10 Enabling loop detection globally············································································································· 109   Enabling loop detection on a port··········································································································· 109   Setting the loop protection action ··················································································································· 109   Setting the global loop protection action ································································································ 110   Setting the loop protection action on a Layer 2 Ethernet interface ························································ 110  ...
  • Page 11 Configuring voice VLANs ············································································ 158   Overview ························································································································································ 158   Methods of identifying IP phones ··················································································································· 158   Identifying IP phones through OUI addresses ······················································································· 158   Automatically identifying IP phones through LLDP ················································································ 159   Advertising the voice VLAN information to IP phones ··················································································· 159  ...
  • Page 12 Configuring the CVLAN TPID ················································································································· 192   Configuring the SVLAN TPID ················································································································· 193   Setting the 802.1p priority in SVLAN tags ······································································································ 193   Displaying and maintaining QinQ ··················································································································· 194   QinQ configuration examples ························································································································· 195   Basic QinQ configuration example ········································································································· 195  ...
  • Page 13 Configuring service loopback groups ·························································· 251   Overview ························································································································································ 251   Configuration restrictions and guidelines ······································································································· 251   Configuring a service loopback group ············································································································ 252   Displaying and maintaining service loopback groups ···················································································· 252   Service loopback group configuration example ····························································································· 252  ...

  • Page 14: Configuring The Mac Address Table

    Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...

  • Page 15: Mac Address Table Configuration Task List

    • Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.

  • Page 16: Configuring Mac Address Entries

    Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.

  • Page 17: Adding Or Modifying A Blackhole Mac Address Entry

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id...

  • Page 18: Disabling Mac Address Learning

    Step Command Remarks By default, no multiport unicast MAC address entry is configured mac-address multiport globally. Add or modify a multiport mac-address interface unicast MAC address entry. Make sure you have created the interface-list vlan vlan-id VLAN and assigned the interface to the VLAN.

  • Page 19: Disabling Mac Address Learning On Interfaces

    Disabling MAC address learning on interfaces When global MAC address learning is enabled, you can disable MAC address learning on a single interface. To disable MAC address learning on an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number...

  • Page 20: Setting The Mac Learning Limit On An Interface

    expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can promptly update to accommodate latest network topology changes. A stable network requires a longer aging interval, and an unstable network requires a shorter aging interval.

  • Page 21: Assigning Mac Learning Priority To Interfaces

    To configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enter interface view. •...

  • Page 22: Enabling Mac Address Synchronization

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id...
  • Page 23 Figure 1 MAC address tables of devices when Client A accesses AP C When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 2 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization:...

  • Page 24: Configuring Mac Address Move Notifications And Suppression

    Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: • Interface B receives a packet with the MAC address as the source MAC address. •...

  • Page 25: Enabling Arp Fast Update For Mac Address Moves

    Step Command Remarks (Optional.) Set a The default setting is 30 mac-address notification mac-move suppression interval for seconds. suppression interval interval-value MAC address moves. (Optional.) Set a suppression threshold mac-address notification mac-move The default setting is 3. for MAC address suppression threshold threshold-value moves.

  • Page 26: Disabling Static Source Check

    Step Command Remarks Enter system view. system-view Enable ARP fast update By default, ARP fast update for mac-address mac-move for MAC address moves. MAC address moves is disabled. fast-update Disabling static source check By default, the static source check feature is enabled on an interface. The check identifies whether a received frame meets the following conditions: •...

  • Page 27: Displaying And Maintaining The Mac Address Table

    Step Command Remarks By default, SNMP notifications are enabled for the MAC address table. Enable SNMP notifications for snmp-agent trap enable mac-address When SNMP notifications are the MAC address [ mac-move ] disabled for the MAC address table. table, syslog messages are sent to notify important events on the MAC address table module.

  • Page 28: Configuration Procedure

    Configuration procedure # Add a static MAC address entry for MAC address 000f-e235-dc71 on GigabitEthernet 1/0/1 that belongs to VLAN 1. <Device> system-view [Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries.

  • Page 29: Configuring Mac Information

    Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 30: Setting The Mac Change Notification Interval

    To set the MAC Information mode: Step Command Remarks Enter system view. system-view Set the MAC Information mac-address information mode The default setting is trap. mode. { syslog | trap } Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.

  • Page 31: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
  • Page 32 Enable MAC Information on Device: # Enable MAC Information globally. [Device] mac-address information enable # Configure the MAC Information mode as syslog. [Device] mac-address information mode syslog # Enable MAC Information on interface GigabitEthernet 1/0/1 to enable GigabitEthernet 1/0/1 to record MAC address change information when the interface performs either of the following tasks: Learns a new MAC address.

  • Page 33: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 34: Operational Key

    The port has not received LACPDUs from its peer port. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.

  • Page 35: Link Aggregation Modes

    Link aggregation modes An aggregation group operates in one of the following modes: • Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.

  • Page 36: Aggregating Links In Dynamic Mode

    Figure 6 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached in a static aggregation group, new member ports in the group are placed in the Unselected state. This mechanism prevents traffic interruption on the existing Selected ports.
  • Page 37 LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table Table 2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP Basic LACP functions priority, system MAC address, port priority, port number, and operational key. Implemented by extending the LACPDU with new TLV fields.

  • Page 38: How Dynamic Link Aggregation Works

    How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports that are in up state and have the same attribute configurations as the aggregate interface. A Selected port must have the same operational key and attribute configurations as the reference port.
  • Page 39 Figure 7 Setting the state of a member port in a dynamic aggregation group   Meanwhile, the system with the higher system ID is aware of the aggregation state changes on the peer system. The system sets the aggregation state of local member ports the same as their peer ports.

  • Page 40: Edge Aggregate Interface

    • When the aggregation state of a local port changes in a dynamic aggregation group, the aggregation state of the peer port also changes. • After the Selected port limit has been reached, a port joining the aggregation group is placed in the Selected state if it is more eligible than a current Selected port.

  • Page 41: Configuring An Aggregation Group

    Tasks at a glance (Optional.) Configuring an aggregate interface: • Setting the description for an aggregate interface • Specifying ignored VLANs for a Layer 2 aggregate interface • Reserving a VLAN interface resource for a Layer 2 aggregate interface • Setting the MTU for a Layer 3 aggregate interface •...

  • Page 42: Configuring A Static Aggregation Group

    AC-VSI association (see MPLS Configuration Guide). • You cannot assign a port to a Layer 3 aggregation group if any of the following features are configured on the port: Association between AC and cross connection (see MPLS Configuration Guide). AC-VSI association (see MPLS Configuration Guide). •...

  • Page 43: Configuring A Dynamic Aggregation Group

    Step Command Remarks When you create a Layer 3 Create a Layer 3 aggregate aggregate interface, the system interface route-aggregation interface and enter Layer 3 automatically creates a Layer 3 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.
  • Page 44 Step Command Remarks a. Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two substeps to interface-number Assign an interface to the assign more Layer 2 Ethernet specified Layer 2 b. Assign the interface to interfaces to the aggregation aggregation group.

  • Page 45: Configuring An Aggregate Interface

    Step Command Remarks a. Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two substeps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer 3 b. Assign the interface to interfaces to the aggregation aggregation group.

  • Page 46: Specifying Ignored Vlans For A Layer 2 Aggregate Interface

    Step Command Remarks By default, the description of an Set the description for interface is interface-name description text the aggregate interface. Interface. Specifying ignored VLANs for a Layer 2 aggregate interface By default, to become Selected ports, the member ports must have the same VLAN permit state and VLAN tagging mode as the corresponding Layer 2 aggregate interface.

  • Page 47: Setting The Mtu For A Layer 3 Aggregate Interface

    Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface. To set the MTU for a Layer 3 aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 3 aggregate interface route-aggregation interface view.

  • Page 48: Setting The Expected Bandwidth For An Aggregate Interface

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number By default, the minimum number Set the minimum number of of Selected ports for the link-aggregation selected-port Selected ports for the aggregation group is not...

  • Page 49: Shutting Down An Aggregate Interface

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the aggregate By default, an aggregate interface interface as an edge does not operate as an edge lacp edge-port aggregate interface.

  • Page 50: Configuring Load Sharing For Link Aggregation Groups

    Step Command Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups This section explains how to configure the load sharing modes for link aggregation groups and how to enable local-first load sharing for link aggregation.

  • Page 51: Enabling Local-First Load Sharing For Link Aggregation

    Setting the group-specific load sharing mode In Layer 2 aggregate interface view, the switch supports the following load sharing modes and combinations: • Source IP address. • Destination IP address. • Source MAC address. • Destination MAC address. • Layer 1 MPLS label. •...

  • Page 52: Enabling Link-Aggregation Traffic Redirection

    Figure 8 Load sharing for multidevice link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member devices Local-first load sharing mechanism enabled? Any Selected ports on the ingress device? Packets are load-shared only Packets are load-shared across...

  • Page 53: Configuration Procedure

    • To avoid traffic interruption on Layer 2 dynamic aggregate links after link-aggregation traffic redirection is enabled, make sure the corresponding aggregate interfaces do not have static MAC address entries. For information about MAC address entries, see Layer 2—LAN Switching Configuration Guide. Configuration procedure To enable link-aggregation traffic redirection: Step...
  • Page 54 • Configure a Layer 2 static aggregation group on both Device A and Device B. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end. • Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

  • Page 55: Layer 2 Dynamic Aggregation Configuration Example

    [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags:...
  • Page 56 Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 57: Layer 2 Aggregation Load Sharing Configuration Example

    Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {ACDEF} GE1/0/2 32768 {ACDEF} GE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.
  • Page 58 [DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.

  • Page 59: Layer 2 Edge Aggregate Interface Configuration Example

    Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar...
  • Page 60 Figure 12 Network diagram Configuration procedure Configure the device: # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.

  • Page 61: Layer 3 Static Aggregation Configuration Example

    GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when they have not received LACPDUs from the server. Both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward packets, which ensures zero packet loss. Layer 3 static aggregation configuration example Network requirements On the network shown in...

  • Page 62: Layer 3 Dynamic Aggregation Configuration Example

    Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper-Key -------------------------------------------------------------------------------- GE1/0/1 32768 GE1/0/2 32768 GE1/0/3 32768 The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports. Layer 3 dynamic aggregation configuration example Network requirements On the network shown in Figure...

  • Page 63: Layer 3 Aggregation Load Sharing Configuration Example

    [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Route-Aggregation1 Aggregation Mode: Dynamic...
  • Page 64 # Configure Layer 3 aggregation group 1 to load share packets based on source IP addresses. [DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip # Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to aggregation group 1.

  • Page 65: Layer 3 Edge Aggregate Interface Configuration Example

    Aggregate Interface: Route-Aggregation2 Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper-Key -------------------------------------------------------------------------------- GE1/0/3 32768 GE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A.
  • Page 66 [Device-Route-Aggregation1] lacp edge-port [Device-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to aggregation group 1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-aggregation group 1 [Device-GigabitEthernet1/0/1] quit [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] port link-aggregation group 1 [Device-GigabitEthernet1/0/2] quit Configure the server as required.

  • Page 67: Configuring Port Isolation

    Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.

  • Page 68: Displaying And Maintaining Port Isolation

    Displaying and maintaining port isolation Execute display commands in any view. Task Command Display isolation group information. display port-isolate group [ group-number ] Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the device, respectively.

  • Page 69: Verifying The Configuration

    [Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/0/3] port-isolate enable group 2 [Device-GigabitEthernet1/0/3] quit Verifying the configuration # Display information about isolation group 2. [Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 Community VLAN ID: None The output shows that ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2.

  • Page 71: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 72: Calculation Process Of The Stp Algorithm

    Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
  • Page 73 Calculation process The STP algorithm uses the following calculation process: Network initialization. Upon initialization of a device, each port generates a BPDU with the following contents: The port as the designated port. The device as the root bridge. 0 as the root path cost. The device ID as the designated bridge ID.
  • Page 74 Step Actions configuration BPDU. The following are the principles of configuration BPDU comparison: a. The configuration BPDU with the lowest root bridge ID has the highest priority. b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
  • Page 75 Configuration BPDU on Device Port name the port Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Device C Port C2 {2, 0, 2, Port C2} Configuration BPDUs comparison on each device. Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
  • Page 76 Configuration BPDU Device Comparison process on ports after comparison port, Device B calculates a designated port configuration BPDU for Port B2 {0, 5, 1, Port B2}. Device B compares it with the existing configuration BPDU of Port B2 {1, 0, 1, Port B2}.
  • Page 77 Configuration BPDU Device Comparison process on ports after comparison plus path cost of Port C2 (4). Device C determines that the configuration BPDU of Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU unchanged.

  • Page 78: Rstp

    Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when...

  • Page 79: Mstp

    A port's link type determines the type of BPDUs the port sends. • An access port sends STP BPDUs. • A trunk or hybrid port sends STP BPDUs in VLAN 1 and sends PVST BPDUs in other VLANs. MSTP MSTP overcomes the following STP, RSTP, and PVST limitations: •...

  • Page 80: Mst Region

    Figure 21 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...
  • Page 81 • Same MSTP revision level • Physically linked together Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region, as shown in Figure • The switched network contains four MST regions, MST region 1 through MST region 4. •...
  • Page 82 Port roles A port can play different roles in different MSTIs. As shown in Figure 23, an MST region contains Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge.

  • Page 83: How Mstp Works

    • Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state. • Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic. NOTE: When in different MSTIs, a port can be in different states.

  • Page 84: Protocols And Standards

    In addition to basic MSTP features, the following features are provided for ease of management: • Root bridge hold • Root bridge backup • Root guard • BPDU guard • Loop guard • TC-BPDU guard • Port role restriction • TC-BPDU transmission restriction •...

  • Page 85: Spanning Tree Configuration Task Lists

    • The member ports of an aggregation group do not participate in spanning tree calculation. However, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group. Spanning tree configuration task lists Before configuring a spanning tree, complete the following tasks: •...

  • Page 86: Pvst Configuration Task List

    Tasks at a glance • (Optional.) Configuring edge ports • (Optional.) Configuring the port link type • (Optional.) Enabling outputting port state transition information • (Required.) Enabling the spanning tree feature Configuring the leaf nodes: • (Required.) Setting the spanning tree mode •...

  • Page 87: Mstp Configuration Task List

    Tasks at a glance (Optional.) Performing mCheck (Optional.) Configuring protection features (Optional.) Enabling SNMP notifications for new-root election and topology change events MSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode •...

  • Page 88: Setting The Spanning Tree Mode

    Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. • RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device.

  • Page 89: Configuring The Root Bridge Or A Secondary Root Bridge

    Step Command Remarks Enter system view. system-view Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. • Use one of the commands. instance instance-id vlan Configure the vlan-id-list By default, all VLANs in an MST VLAN-to-instance mapping •...

  • Page 90: Configuring The Current Device As A Secondary Root Bridge Of A Specific Spanning Tree

    Step Command Remarks device as the root function as the root bridge. stp root primary bridge. • In PVST mode: stp vlan vlan-id-list root primary • In MSTP mode: stp [ instance instance-list ] root primary Configuring the current device as a secondary root bridge of a specific spanning tree Step Command...

  • Page 91: Configuring The Network Diameter Of A Switched Network

    Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it.

  • Page 92: Configuration Restrictions And Guidelines

    its state after a forward delay timer to make sure the state transition of the local port stays synchronized with the peer. • Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device receives no configuration BPDUs within the timeout period, it recalculates the spanning tree.

  • Page 93: Setting The Timeout Factor

    Step Command Remarks stp vlan vlan-id-list timer hello time • In STP/RSTP/MSTP mode: stp timer max-age time Set the max age timer. • The default setting is 20 seconds. In PVST mode: stp vlan vlan-id-list timer max-age time Setting the timeout factor The timeout factor is a parameter used to decide the timeout period.

  • Page 94: Configuring Edge Ports

    Step Command Remarks rate of the ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When network topology change occurs, an edge port will not cause a temporary loop.
  • Page 95 You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: • dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998. • dot1t—The device calculates the default path cost for ports based on IEEE 802.1t. •...
  • Page 96 Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard ports Aggregate interface containing four Selected 50000 ports Single port 20000 Aggregate interface containing two Selected 10000 ports Aggregate interface 1000 Mbps containing three Selected 6666 ports Aggregate interface containing four Selected 5000 ports...

  • Page 97: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing two Selected ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Configuring path costs of ports When the path cost of a port changes, the system recalculates the role of the port and initiates a state transition.

  • Page 98: Configuring The Port Priority

    Cost of every port will be reset and automatically re-calculated after you change the current pathcost standard. Continue?[Y/N]:y Cost of every port has been re-calculated [Sysname] interface gigabitethernet 1/0/3 [Sysname-GigabitEthernet1/0/3] stp vlan 20 to 30 cost 2000 Configuring the port priority The priority of a port is a factor that determines whether the port can be elected as the root port of a device.

  • Page 99: Configuration Procedure

    Configuration procedure To configure the link type of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number By default, the link type is auto stp point-to-point { auto | Configure the port link type.

  • Page 100: Enabling The Spanning Tree Feature

    Step Command Remarks Enter system view. system-view • In STP/RSTP mode: stp port-log instance 0 • Enable outputting port In PVST mode: By default, this feature is state transition stp port-log vlan vlan-id-list enabled. information. • In MSTP mode: stp port-log { all | instance instance-list } Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related...

  • Page 101: Performing Mcheck

    Performing mCheck The mCheck feature enables user intervention in the port status transition process. When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically transit back to the original mode when the following conditions exist: •...

  • Page 102: Configuration Restrictions And Guidelines

    Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your H3C device is connected to a third-party device that uses its private key to calculate the configuration digest.

  • Page 103: Digest Snooping Configuration Example

    Digest Snooping configuration example Network requirements As shown in Figure 24, Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region. Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three devices can communicate with one another.
  • Page 104 Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device. RSTP and MSTP devices have the following differences: • For MSTP, the root port of the downstream device sends an agreement packet only after it receives an agreement packet from the upstream device.

  • Page 105: Configuration Prerequisites

    Configuration prerequisites Before you configure the No Agreement Check feature, complete the following tasks: • Connect a device to a third-party upstream device that supports spanning tree protocols through a point-to-point link. • Configure the same region name, revision level, and VLAN-to-instance mappings on the two devices.

  • Page 106: Configuration Restrictions And Guidelines

    • The spanning tree feature is disabled on Device A and Device B and enabled on all devices in user network 1 and user network 2. • The IRF fabric transparently transmits BPDUs for both user networks and is not involved in the calculation of spanning trees.

  • Page 107: Configuring Protection Features

    Configuring protection features A spanning tree device supports the following protection features: • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop Configuring BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.

  • Page 108: Enabling Root Guard

    Step Command Remarks feature. stp bpdu-protection By default, BPDU guard is globally • disabled and not configured on a Configure BPDU guard on a per-interface basis. per-interface basis: a. interface interface-type interface-number b. stp port bpdu-protection { disable | enable } Enabling root guard The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.

  • Page 109: Configuring Port Role Restriction

    The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops. Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the discarding state in all MSTIs because it cannot receive BPDUs.

  • Page 110: Enabling Tc-Bpdu Guard

    Make this configuration on the port that connects to the user access network. To configure TC-BPDU transmission restriction: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number By default, TC-BPDU Enable TC-BPDU transmission restriction is stp tc-restriction transmission restriction.

  • Page 111: Enabling Snmp Notifications For New-Root Election And Topology Change Events

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable BPDU drop on the By default, BPDU drop is bpdu-drop any current interface. disabled. Enabling SNMP notifications for new-root election and topology change events This feature enables the device to generate logs and report new-root election events or spanning tree topology changes to SNMP.

  • Page 112: Spanning Tree Configuration Example

    Task Command Display information about ports blocked by spanning display stp abnormal-port tree protection features. display stp bpdu-statistics [ interface Display BPDU statistics on ports. interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features.
  • Page 113 Figure 29 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
  • Page 114 [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
  • Page 115 Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.

  • Page 116: Pvst Configuration Example

    Figure 30 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
  • Page 117 Figure 31 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
  • Page 118 [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
  • Page 119 GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 32 VLAN spanning tree topologies...

  • Page 120: Configuring Loop Detection

    Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.

  • Page 121: Loop Detection Interval

    • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 9 TLVs supported by loop detection Description Remarks...

  • Page 122: Loop Detection Configuration Task List

    NOTE: Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this, use the shutdown action, or manually remove the loop. Loop detection configuration task list Tasks at a glance (Required.) Enabling loop detection (Optional.) Setting the loop protection action (Optional.)

  • Page 123: Setting The Global Loop Protection Action

    Setting the global loop protection action Step Command Remarks Enter system view. system-view By default, the device generates a Configure the global loop loopback-detection global log but performs no action on the protection action. action shutdown port on which a loop is detected. Setting the loop protection action on a Layer 2 Ethernet interface Step...

  • Page 124: Displaying And Maintaining Loop Detection

    Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements As shown in Figure 35, configure loop detection on Device A to meet the following requirements: •...

  • Page 125: Verifying The Configuration

    [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Configure the global loop protection action as shutdown. [DeviceA] loopback-detection global action shutdown # Set the loop detection interval to 35 seconds. [DeviceA] loopback-detection interval-time 35 Configure Device B: # Create VLAN 100.
  • Page 126 %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/1 recovered. %Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/2 recovered. The output shows the following information: • Device A detected loops on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 within a loop detection interval.

  • Page 127: Configuring Vlans

    Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.

  • Page 128: Protocols And Standards

    to a different value. For compatibility with a neighbor device, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.

  • Page 129: Configuring Basic Settings Of A Vlan Interface

    NOTE: • As the system default VLAN, VLAN 1 cannot be created or deleted. • Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. Configuring basic settings of a VLAN interface For hosts of different VLANs to communicate at Layer 3, you can use VLAN interfaces.

  • Page 130: Configuring Port-Based Vlans

    Step Command Remarks By default, a VLAN interface is not manually shut down. The following guidelines apply to the VLAN interface that is in default state: (Optional.) Bring up the undo shutdown VLAN interface. • The VLAN interface is down if all ports in the VLAN are down.

  • Page 131: Assigning An Access Port To A Vlan

    How ports of different link types handle frames Actions Access Trunk Hybrid In the • If the PVID is permitted on the port, tags the frame with the inbound Tags the frame with the PVID tag. direction for PVID tag. an untagged •...

  • Page 132: Assigning A Trunk Port To A Vlan

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter S-channel interface view: interface s-channel Enter interface view. interface-number.channel- • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel- Configure the link type of the By default, all ports are access port link-type access port as access.

  • Page 133: Assigning A Hybrid Port To A Vlan

    Step Command Remarks The default setting is VLAN 1. (Optional.) Configure the port trunk pvid vlan vlan-id RPR logical interfaces do not PVID of the trunk port. support this command. Assigning a hybrid port to a VLAN A hybrid port supports multiple VLANs. You can assign it to the specified VLANs in interface view. Make sure the VLANs have been created.

  • Page 134: Configuring Mac-Based Vlans

    Configuring MAC-based VLANs Introduction This feature is available only on hybrid ports. The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is also called user-based VLAN because VLAN configuration remains the same regardless of a user's physical location.
  • Page 135 If the frame is tagged, the port gets the source MAC address of the frame. If the frame is untagged, the port selects a VLAN for the frame by using the following matching order: − MAC-based VLAN (fuzzy and exact MAC address match). −...

  • Page 136: General Configuration Restrictions And Guidelines

    When you configure dynamic MAC-based VLAN assignment, follow these guidelines: • When a port joins a VLAN specified in the MAC-to-VLAN entry, one of the following events occurs depending on the port configuration: If the port has not been configured to allow packets from the VLAN to pass through, the port joins the VLAN as an untagged member.

  • Page 137: Configuring Dynamic Mac-Based Vlan Assignment

    Step Command Remarks Configure the link type of By default, all ports are access port link-type hybrid the port as hybrid. ports. By default, a hybrid port is an Assign the hybrid port to port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN the MAC-based VLANs.

  • Page 138: Configuring Server-Assigned Mac-Based Vlan

    Step Command Remarks Enable the MAC-based By default, MAC-based VLAN is mac-vlan enable VLAN feature. disabled. By default, dynamic MAC-based VLAN assignment is disabled. Enable dynamic The VLAN assignment for a port is MAC-based VLAN mac-vlan trigger enable triggered only when the source MAC assignment.

  • Page 139: Configuring Protocol-Based Vlans

    Use this feature when untagged packets from an IP subnet or IP address must be transmitted in a VLAN. This feature is available only on hybrid ports, and it processes only untagged packets. An IP subnet-based VLAN has one or multiple subnets to match inbound packets. Each subnet has a unique index in the IP subnet-based VLAN.

  • Page 140: Configuring A Vlan Group

    • Assign the port to the protocol-based VLANs. • Associate the port with the protocol templates of the protocol-based VLANs. When an untagged packet arrives at the port, the port processes the packet as follows: • If the protocol type and encapsulation format in the packet match a protocol template, the port tags the packet with the VLAN tag specific to the protocol template.

  • Page 141: Displaying And Maintaining Vlans

    Step Command Remarks Enter system view. system-view Create a VLAN group and By default, no VLAN group exists. vlan-group group-name enter VLAN group view. Add VLANs to the VLAN By default, no VLAN exists in a vlan-list vlan-id-list group. VLAN group. Displaying and maintaining VLANs Execute display commands in any view and reset commands in user view.
  • Page 142 Figure 39 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...

  • Page 143: Mac-Based Vlan Configuration Example

    [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
  • Page 144 [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.

  • Page 145: Ip Subnet-Based Vlan Configuration Example

    State: S - Static, D – Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN entries count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 41, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.

  • Page 146: Protocol-Based Vlan Configuration Example

    [DeviceC-vlan200] quit # Configure GigabitEthernet 1/0/11 as a hybrid port, and assign it to VLAN 100 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/11] quit # Configure GigabitEthernet 1/0/12 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member.
  • Page 147 To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200. Figure 42 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/11 GE1/0/12...
  • Page 148 [Device-vlan100] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
  • Page 149 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...

  • Page 150: Configuring Super Vlans

    Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.

  • Page 151: Configuring A Super Vlan Interface

    To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a By default, a VLAN is not a super VLAN. supervlan super VLAN. By default, a super VLAN is not associated with Associate the super any sub-VLANs.

  • Page 152: Super Vlan Configuration Example

    Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. • GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 are in VLAN 3. •...

  • Page 153: Verifying The Configuration

    # Create VLAN 3, and assign GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to the VLAN. [DeviceA] vlan 3 [DeviceA-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [DeviceA-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to the VLAN. [DeviceA] vlan 5 [DeviceA-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [DeviceA-vlan5] quit # Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN.
  • Page 154 It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0005...

  • Page 155: Configuring The Private Vlan

    Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.

  • Page 156: Configuration Restrictions And Guidelines

    Configure the secondary VLANs. Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A Figure 44): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
  • Page 157 Step Command Remarks Return to system view. quit Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | secondary VLANs. all } Return to system view. quit Enter VLAN view of the vlan vlan-id primary VLAN. Associate the primary By default, a primary VLAN is not private-vlan secondary VLAN with the secondary...

  • Page 158: Displaying And Maintaining The Private Vlan

    Step Command Remarks • Configure the downlink port as a host port: port private-vlan host • Configure the downlink 15. Configure the downlink By default, a port is not a host or trunk port as a trunk secondary port as a host or trunk secondary port.

  • Page 159: Private Vlan Configuration Examples

    Private VLAN configuration examples Promiscuous port configuration example Network requirements As shown in Figure 45, configure the private VLAN feature to meet the following requirements: • On Device B, VLAN 5 is a primary VLAN that is associated with secondary VLANs 2 and 3. GigabitEthernet 1/0/5 is in VLAN 5.
  • Page 160 # Configure the uplink port GigabitEthernet 1/0/5 as a promiscuous port of VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port private-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit # Assign the downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.

  • Page 161: Trunk Promiscuous Port Configuration Example

    Secondary VLAN ID: 2-3 VLAN ID: 5 VLAN type: Static Private VLAN type: Primary Route interface: Not configured Description: VLAN 0005 Name: VLAN 0005 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthernet1/0/5 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002...
  • Page 162 • VLANs 5 and 10 are primary VLANs on Device B. The uplink port GigabitEthernet 1/0/1 on Device B permits the packets from VLANs 5 and 10 to pass through tagged. • On Device B, the downlink port GigabitEthernet 1/0/2 permits secondary VLAN 2. The downlink port GigabitEthernet 1/0/3 permits secondary VLAN 3.

  • Page 163: Vlan Member

    [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan secondary 6 8 [DeviceB-vlan10] quit # Configure the uplink port GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 5 and [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port private-vlan 5 10 trunk promiscuous [DeviceB-GigabitEthernet1/0/1] quit # Assign the downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.
  • Page 164 Primary VLAN ID: 5 Secondary VLAN ID: 2-3 VLAN ID: 5 VLAN type: Static Private VLAN type: Primary Route interface: Not configured Description: VLAN 0005 Name: VLAN 0005 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002...

  • Page 165: Trunk Promiscuous And Trunk Secondary Port Configuration Example

    Trunk promiscuous and trunk secondary port configuration example Network requirements As shown in Figure 47, configure the private VLAN feature to meet the following requirements: • VLANs 10 and 20 are primary VLANs on Device A. The uplink port GigabitEthernet 1/0/5 on Device A permits the packets from VLANs 10 and 20 to pass through tagged.
  • Page 166 [DeviceA-vlan20] private-vlan primary [DeviceA-vlan20] quit # Create VLANs 11, 12, 21, and 22. [DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22 # Associate secondary VLANs 11 and 12 with primary VLAN 10. [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan secondary 11 12 [DeviceA-vlan10] quit # Associate secondary VLANs 21 and 22 with primary VLAN 20.
  • Page 167 # Assign the port GigabitEthernet 1/0/3 to VLAN 11. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 11 [DeviceB-GigabitEthernet1/0/3] quit # Assign the port GigabitEthernet 1/0/4 to VLAN 21. [DeviceB] interface gigabitethernet 1/0/4 [DeviceB-GigabitEthernet1/0/4] port access vlan 21 [DeviceB-GigabitEthernet1/0/4] quit Configure Device C: # Create VLANs 10 and 20.

  • Page 168: Secondary Vlan Layer 3 Communication Configuration Example

    GigabitEthernet1/0/5 Untagged ports: None VLAN ID: 12 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0012 Name: VLAN 0012 Tagged ports: GigabitEthernet1/0/5 Untagged ports: GigabitEthernet1/0/3 The output shows that: • The trunk promiscuous port GigabitEthernet 1/0/5 is a tagged member of primary VLAN 10 and secondary VLANs 11 and 12.
  • Page 169 <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan primary [DeviceA-vlan10] quit # Create VLANs 2 and 3. <DeviceA> system-view [DeviceA] vlan 2 to 3 # Associate primary VLAN 10 with secondary VLANs 2 and 3. [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan primary [DeviceA-vlan10] private-vlan secondary 2 3 [DeviceA-vlan10] quit # Configure the uplink port GigabitEthernet 1/0/1 as a promiscuous port of VLAN 10.
  • Page 170 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0010 Name: VLAN 0010 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None...

  • Page 171: Configuring Voice Vlans

    OUI address Vendor 0001-E300-0000 Siemens phone 0003-6B00-0000 Cisco phone 0004-0D00-0000 Avaya phone 000F-E200-0000 H3C Aolynk phone 0060-B900-0000 Philips/NEC phone 00D0-1E00-0000 Pingtel phone 00E0-7500-0000 Polycom phone 00E0-BB00-0000 3Com phone Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a globally unique identifier that IEEE assigns to a vendor.

  • Page 172: Automatically Identifying Ip Phones Through Lldp

    Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.

  • Page 173: Connecting The Ip Phone To The Device

    Figure 50 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 51, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.

  • Page 174: Manual Mode

    When the device reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...

  • Page 175: Security Mode And Normal Mode Of Voice Vlans

    If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...

  • Page 176: Voice Vlan Configuration Task List

    Voice VLAN configuration task list Tasks at a glance (Required.) Configuring the QoS priority settings for voice traffic (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods:...

  • Page 177: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.

  • Page 178: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Step Command Remarks By default, the voice VLAN feature is disabled. Enable the voice VLAN voice-vlan vlan-id enable feature on the port. Before you configure a voice VLAN, you must create a VLAN. Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in manual voice VLAN assignment mode, follow these...

  • Page 179: Enabling Lldp For Automatic Ip Phone Discovery

    Step Command Remarks • For the access port, see "Assigning an access port to VLAN." • Assign the access, trunk, or For the trunk port, see After you assign an access port to hybrid port to the voice "Assigning a trunk port to a the voice VLAN, the voice VLAN VLAN.

  • Page 180: Configuring Cdp To Advertise A Voice Vlan

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID. network-policy vlan-id the command, see Layer 2—LAN Switching Command Reference.

  • Page 181: Displaying And Maintaining Voice Vlans

    Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display OUI addresses on a device. display voice-vlan mac-address Voice VLAN configuration examples Automatic voice VLAN assignment mode configuration example Network requirements As shown in...
  • Page 182 OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-1100-0000 ffff-ff00-0000 IP phone A 0011-2200-0000 ffff-ff00-0000 IP phone B 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000...

  • Page 183: Manual Voice Vlan Assignment Mode Configuration Example

    GE1/0/1 AUTO GE1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure • Device A transmits only voice traffic. • IP phone A send untagged voice traffic. For correct voice traffic transmission, perform the following tasks on Device A: •...
  • Page 184 [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-2200-0000 ffff-ff00-0000 test 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone # Display the voice VLAN state.

  • Page 185: Configuring Mvrp

    Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
  • Page 186 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...

  • Page 187: Mrp Timers

    LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.

  • Page 188: Mvrp Registration Modes

    • Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.

  • Page 189: Configuration Prerequisites

    receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.

  • Page 190: Configuring Mrp Timers

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Configure an MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 191: Enabling Gvrp Compatibility

    Table 14 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP.

  • Page 192: Configuration Procedure

    • The devices can register and deregister dynamic VLANs. • The devices can keep identical VLAN configurations for each MSTI. Figure 55 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1...
  • Page 193 # Globally enable the spanning tree feature. [DeviceA] stp global enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1.
  • Page 194 [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all...

  • Page 195: Verifying The Configuration

    [DeviceC-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view.
  • Page 196 ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default)
  • Page 197 • GigabitEthernet 1/0/2 has declared VLAN 1, and registered and propagated no VLANs. • GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status...
  • Page 198 1(default), 10 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
  • Page 199 • GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
  • Page 200 [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer...
  • Page 201 The output shows that dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.

  • Page 202: Configuring Qinq

    Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 203: Qinq Implementations

    When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 57 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...

  • Page 204: Restrictions And Guidelines

    Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • Before you configure QinQ on a port, you must remove any VLAN mappings on the port. After you enable QinQ on the port, you can configure all VLAN mapping types except two-to-two VLAN mapping on it.

  • Page 205: Configuring The Tpid For Vlan Tags

    Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an H3C device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.

  • Page 206: Configuring The Svlan Tpid

    Step Command Remarks Configure the TPID value for The default setting is 0x8100 for qinq ethernet-type CVLAN tags. CVLAN tags. customer-tag hex-value Configuring the SVLAN TPID Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view.

  • Page 207: Displaying And Maintaining Qinq

    Step Command Remarks • Replace the priority in the SVLAN tags of matching frames with the configured priority: Configure a priority marking action for SVLAN remark dot1p dot1p-value tags. • Copy the 802.1p priority in the CVLAN tag to the SVLAN tag: remark dot1p customer-dot1p-trust Return to system view.

  • Page 208: Qinq Configuration Examples

    QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
  • Page 209 # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 # Set the TPID value in the SVLAN tags to 0x8200 on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200.

  • Page 210: Vlan Transparent Transmission Configuration Example

    # Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to a company's VLANs 10 through 50. •...
  • Page 211 Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Configure VLAN 100 as the PVID of GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1.

  • Page 212: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
  • Page 213 Figure 60 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch VLAN 1 VLAN 1 ->...

  • Page 214: Application Scenario Of One-To-Two And Two-To-Two Vlan Mapping

    Application scenario of one-to-two and two-to-two VLAN mapping Figure 61 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the two remote sites of the same VPN must communicate across two SP networks. Figure 61 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
  • Page 215 Figure 62 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 63, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
  • Page 216 Figure 64 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 65, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.

  • Page 217: Vlan Mapping Configuration Task List

    Figure 66 Two-to-two VLAN mapping implementation VLAN mapping configuration task list When you configure VLAN mapping, follow these guidelines: • To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...

  • Page 218: Configuring Many-To-One Vlan Mapping

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a...

  • Page 219: Enabling Dhcp Snooping

    Enabling DHCP snooping Step Command Remarks Enter system view. system-view By default, DHCP snooping is disabled. Enable DHCP For more information about DHCP snooping dhcp snooping enable snooping. configuration commands, see Layer 3—IP Services Command Reference. Enabling ARP detection Enable ARP detection for the original VLANs and the translated VLANs. To enable ARP detection: Step Command...

  • Page 220: Configuring The Network-Side Port

    Step Command Remarks By default, DHCP snooping Enable DHCP snooping entry entry recording is disabled on dhcp snooping binding record recording. an interface. Configuring the network-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet...

  • Page 221: Configuring Two-To-Two Vlan Mapping

    Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number Configure the link type of the By default, the link type of a port link-type hybrid port as hybrid.

  • Page 222: Displaying And Maintaining Vlan Mappings

    Step Command Remarks • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the link type of the port. • port is access. Configure the port as a hybrid port: port link-type hybrid •...
  • Page 223 VLANs on wiring-closet VLANs on home VLANs on campus switch Service switches (Switch A and gateways (Switch C) Switch B) VoIP VLAN 3 VLANs 301, 302, 303, 304 VLAN 503 Figure 67 Network diagram DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 ->...
  • Page 224 [SwitchA] vlan 301 to 302 # Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port. <SwitchA> system-view [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to all original VLANs and translated VLANs. [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively.
  • Page 225 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203 [SwitchC-vlan203] arp detection enable [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204 [SwitchC-vlan204] arp detection enable [SwitchC-vlan204] vlan 304 [SwitchC-vlan304] arp detection enable [SwitchC-vlan304] vlan 501 [SwitchC-vlan501] arp detection enable...
  • Page 226 # Configure the network-side port GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. [SwitchC] interface gigabitethernet 1/0/3 [SwitchC-GigabitEthernet1/0/3] vlan mapping nni # Configure GigabitEthernet 1/0/3 as a trunk port. [SwitchC-GigabitEthernet1/0/3] port link-type trunk # Assign GigabitEthernet 1/0/3 to the translated VLANs.

  • Page 227: One-To-Two And Two-To-Two Vlan Mapping Configuration Example

    303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
  • Page 228 [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to VLAN 100. [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port.
  • Page 229 [PE4-GigabitEthernet1/0/2] port hybrid vlan 200 untagged # Configure a one-to-two VLAN mapping on customer-side port GigabitEthernet 1/0/2 to add SVLAN tag 200 to packets from VLAN 6. [PE4-GigabitEthernet1/0/2] vlan mapping nest single 6 nested-vlan 200 [PE4-GigabitEthernet1/0/2] quit Verifying the configuration # Verify VLAN mapping information on PE 1.

  • Page 230: Configuring Lldp

    Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform makes sure different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 231 LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. • LLDP frame encapsulated in Ethernet II Figure 70 Ethernet II-encapsulated LLDP frame Table 17 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
  • Page 232 Figure 71 SNAP-encapsulated LLDP frame Table 18 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
  • Page 233 Table 19 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID TLV carries the MAC address of the sending port. Mandatory.
  • Page 234 NOTE: • H3C devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 21 IEEE 802.3 organizationally specific TLVs Type Description...

  • Page 235: Working Mechanism

    Type Description Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version.

  • Page 236: Protocols And Standards

    the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...

  • Page 237: Performing Basic Lldp Configurations

    Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. As a best practice to prevent LLDP from affecting topology discovery of OpenFlow controllers, disable LLDP on ports of OpenFlow instances.

  • Page 238: Setting The Lldp Reinitialization Delay

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer 3 aggregate interface view. By default: • The nearest bridge agent operates in txrx mode. • The nearest customer • In Layer 2/Layer 3 Ethernet interface bridge agent and view or management Ethernet...

  • Page 239: Configuring The Advertisable Tlvs

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer 3 aggregate interface view. • In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] Enable LLDP polling and By default, LLDP polling is...
  • Page 240 Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | system-capability | By default: system-description | system-name | • Nearest bridge management-address-tlv agents can [ ip-address ] } | dot1-tlv { all | advertise all types of port-vlan-id | link-aggregation | dcbx | LLDP TLVs (only protocol-vlan-id [ vlan-id ] | vlan-name...

  • Page 241: Configuring The Management Address And Its Encoding Format

    Step Command Remarks By default: • Nearest non-TPMR • lldp agent nearest-nontpmr tlv-enable bridge agents can { basic-tlv { all | advertise only EVB management-address-tlv [ ip-address ] TLVs. | port-description | system-capability | • Nearest customer system-description | system-name } | bridge agents can dot1-tlv { all | evb | port-vlan-id } } advertise basic...

  • Page 242: Setting Other Lldp Parameters

    Step Command Remarks • In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view: By default: lldp [ agent { nearest-customer | • Nearest bridge agents and nearest-nontpmr } ] nearest customer bridge Allow LLDP to advertise the tlv-enable basic-tlv agents can advertise the management address in...

  • Page 243: Setting An Encapsulation Format For Lldp Frames

    Step Command Remarks Set the number of LLDP frames sent each time fast The default setting is 4. lldp fast-count count LLDP frame transmission is triggered. Set the fast LLDP frame The default setting is 1 second. lldp timer fast-interval interval transmission interval.

  • Page 244: Configuring Cdp Compatibility

    Step Command Remarks By default, LLDP PVID Disable LLDP PVID inconsistency check is lldp ignore-pvid-inconsistency inconsistency check. enabled. Configuring CDP compatibility To make your device work with Cisco IP phones, you must enable CDP compatibility. If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device.

  • Page 245: Configuring Dcbx

    Detects configuration errors on peer devices. • Remotely configures the peer device if the peer device accepts the configuration. NOTE: H3C devices support only the remote configuration function. Figure 73 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in...

  • Page 246: Dcbx Configuration Task List

    ETS Configuration. ETS Recommendation. PFC. APP. H3C devices can send these types of DCBX information to a server or storage adapter supporting FCoE. However, H3C devices cannot accept these types of DCBX information. DCBX configuration task list Tasks at a glance (Required.)

  • Page 247: Setting The Dcbx Version

    Setting the DCBX version When you set the DCBX version, follow these restrictions and guidelines: • For DCBX to work correctly, configure the same DCBX version on the local port and peer port. As a best practice, configure the highest version supported on both ends. IEEE Std 802.1Qaz-2011, DCBX Rev 1.01, and DCBX Rev 1.00 are in descending order.
  • Page 248 Step Command Remarks Enter system view. system-view An Ethernet frame header ACL number is in the range of 4000 to 4999. An IPv4 advanced ACL number is in the range of 3000 to Create an Ethernet frame 3999. acl number acl-number [ name header ACL or an IPv4 acl-name ] [ match-order { auto | DCBX Rev 1.00 supports only...

  • Page 249: Configuring Ets Parameters

    Step Command Remarks • (Method 1) To the outgoing traffic of all ports: qos apply policy policy-name global outbound • Configurations made in • (Method 2) To the outgoing system view take effect on all traffic of a Layer 2 Ethernet ports.
  • Page 250 Step Command Remarks Configure the behavior to mark packets with the By default, no local precedence remark local-precedence specified local precedence marking action is configured. local-precedence value. Return to system view. quit Create a QoS policy and By default, no policy exists. qos policy policy-name enter QoS policy view.

  • Page 251: Configuring Pfc Parameters

    Configuring PFC parameters To prevent packets with an 802.1p priority value from being dropped, enable PFC for the 802.1p priority value. This feature reduces the sending rate of packets carrying this priority when network congestion occurs. The device uses PFC parameters to negotiate with the server adapter and to enable PFC for the specified 802.1p priorities on the server adapter.

  • Page 252: Displaying And Maintaining Lldp

    Step Command Remarks Enable LLDP-MED trapping (in Layer 2/Layer By default, LLDP-MED lldp notification med-topology-change 3 Ethernet interface view trapping is disabled. enable or management Ethernet interface view). Return to system view. quit (Optional.) Set the LLDP The default setting is 30 lldp timer notification-interval interval trap transmission interval.
  • Page 253 Figure 74 Network diagram GE1/0/1 GE1/0/2 GE1/0/1 Switch A Switch B Configuration procedure Configure Switch A: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1.
  • Page 254 Bridge mode of LLDP: customer-bridge The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit credit max Hold multiplier...
  • Page 255 Number of received unknown TLV : 3 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...
  • Page 256 Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 5 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s...

  • Page 257: Cdp-Compatible Lldp Configuration Example

    Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 CDP-compatible LLDP configuration example Network requirements As shown in Figure 75, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A are each connected to a Cisco IP phone, which sends tagged voice traffic.

  • Page 258: Dcbx Configuration Example

    # Configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1. [SwitchA-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/1] quit # Enable LLDP on GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] lldp enable # Configure LLDP to operate in TxRx mode on GigabitEthernet 1/0/2.
  • Page 259 Figure 76 Network diagram Configuration procedure Enable LLDP and DCBX TLV advertising: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on interface GigabitEthernet 1/0/1. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx Set the DCBX version to Rev.
  • Page 260 Configure ETS parameters: # Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local precedence 3. (This is the default mapping table. You can modify this configuration as needed.) [SwitchA] qos map-table outbound dot1p-lp [SwitchA-maptbl-out-dot1p-lp] import 3 export 3 [SwitchA-maptbl-out-dot1p-lp] quit # Enable byte-count WRR queuing on interface GigabitEthernet 1/0/1, and configure queue 3 on the interface to use SP queuing.
  • Page 261 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information...
  • Page 262 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 0 Priority Group ID of Priority 3: 1 Priority Group ID of Priority 2: 0 Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0 Priority Group ID of Priority 7: 0 Priority Group ID of Priority 6: 0 Priority Group 0 Percentage: 50...
  • Page 263 Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No...

  • Page 264: Configuring Service Loopback Groups

    Configuring service loopback groups Overview A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...

  • Page 265: Configuring A Service Loopback Group

    Configuring a service loopback group Step Command Remarks Enter system view. system-view By default, no service loopback groups exist. service-loopback group Create a service loopback group-id type In the current software version, group and specify its service { { multicast-tunnel | tunnel } * | the device does not support the type.
  • Page 266 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1 All configurations on the interface will be lost. Continue?[Y/N]:y [DeviceA-GigabitEthernet1/0/3] quit # Create the interface Tunnel 1 and set it to GRE mode. The interface will automatically use service loopback group 1.

  • Page 267: Index

    Index MAC address table SNMP notification, 13 Numerics MAC Information queue length, 17 static source check disable, 13 1 VLAN mappingapplication scenario, 199 advertising 1 VLAN mappingconfiguration, 204, 209 LLDP advertisable TLV, 226 1 VLAN mappingimplementation, 201, 202 LLDP+DCBX TLV advertisement, 233 2 VLAN mappingapplication scenario, 201 voice VLAN CDP advertisement 2 VLAN mappingconfiguration, 207, 214...
  • Page 268 voice VLAN port operation configuration LLDP CDP-compatible configuration, 244 (automatic assignment), 164, 168 voice VLAN information advertisement to IP phones, 159 checking backing up spanning tree No Agreement Check, 90, 92 MST backup port, 69 choosing bandwidth Ethernet link aggregation reference port, 22, 25 Ethernet link aggregate interface (expected Cisco bandwidth), 35...
  • Page 269 LLDP DCBX, 232, 245 spanning tree, 58, 72, 99 LLDP ETS parameter, 236 spanning tree BPDU guard, 94 LLDP group-based WRR queuing, 237 spanning tree BPDU transmission rate, 80 LLDP management address, 228 spanning tree device priority, 77 LLDP management address encoding spanning tree Digest Snooping, 88, 90 format, 228 spanning tree edge port, 81...
  • Page 270 voice VLAN QoS priority setting spanning tree BPDU drop, 97 configuration, 163 spanning tree BPDU guard, 94 cost spanning tree Digest Snooping, 88, 90 spanning tree port path cost calculation spanning tree loop guard, 95 standard, 81 spanning tree No Agreement Check, 90, 92 spanning tree port path cost spanning tree port role restriction, 96 configuration, 81, 84...
  • Page 271 Ethernet link aggregation edge aggregate voice VLAN LLDP, 166 interface, 27 encapsulating Ethernet link aggregation group, 30 LLDP frame encapsulation (Ethernet II), 218 Ethernet link aggregation mode, 22 LLDP frame encapsulation (SNAP), 218 Layer 2 Ethernet link aggregation, 42 LLDP frame encapsulation format, 230 Layer 2 Ethernet link aggregation edge VLAN frame encapsulation, 114 aggregate interface, 46...
  • Page 272 aggregate group Selected ports min/max, 34 traffic redirection, 39 aggregate interface, 20 traffic redirection restrictions, 39 aggregate interface (description), 32 ETS parameter (LLDP), 236 aggregate interface configuration, 32 aggregate interface default settings, 36 FCoE aggregate interface shutdown, 36 LLDP APP parameters, 234 aggregation group, 20 LLDP DCBX configuration, 245 aggregation group restrictions, 28...
  • Page 273 Ethernet link aggregation LACP, 23 Ethernet link aggregate interface shutdown, 36 Ethernet link aggregation load sharing, 37 Ethernet link aggregation edge aggregate interface, 27, 35 Ethernet link aggregation load sharing mode, 27, 37 Layer 2 Ethernet aggregate interface (ignored VLAN), 33 Ethernet link aggregation member port state, 20 Layer 2 Ethernet aggregate interface (VLAN...
  • Page 274 Ethernet link aggregation port isolation group assignment (multiple), 54 configuration, 20, 27, 40 port-based VLAN assignment (access port), 118 Ethernet link aggregation display, 40 port-based VLAN assignment (hybrid port), 120 Ethernet link aggregation dynamic mode, 23 port-based VLAN assignment (trunk port), 119 Ethernet link aggregation edge aggregate port-based VLAN configuration, 117 interface, 27, 35, 46...
  • Page 275 voice VLAN LLDP enable, 166 Ethernet link aggregation group load sharing mode, 37 voice VLAN LLDP enable restrictions, 166 Ethernet link aggregation load sharing, 37, 50 voice VLAN port operation configuration (automatic assignment), 164, 168 Ethernet link aggregation local-first load sharing, 38 voice VLAN port operation configuration (manual assignment), 165, 170...
  • Page 276 agent, 217 LLDP configuration, 217, 223, 239 APP parameter configuration, 234 LLDP parameters, 229 basic concepts, 217 management address configuration, 228 basic configuration, 224, 239 management address encoding format, 228 bridge mode set, 224 management address TLV, 222 CDP compatibility configuration, 231 TLV basic management types, 219 CDP-compatible configuration, 244 TLV LLDP-MED types, 219...
  • Page 277 MAC relay (LLDP agent), 217 MAC-based VLAN configuration, 121, 130 1 VLAN mappingapplication scenario, 199 dynamic assignment, 121, 124 1 VLAN mappingARP detection, 206 dynamic assignment restrictions, 124 1 VLAN mappingconfiguration, 205, 209 server assignment, 123, 125 1 VLAN mappingconfiguration static assignment, 121, 123 restrictions, 205 maintaining...
  • Page 278 LLDP TxRx, 222, 224 MSTI, 68 MAC Information syslog, 16 MSTI calculation, 70 MAC Information trap, 16 port roles, 69 MVRP registration, 176 port states, 69 MVRP registration fixed, 175 protocols and standards, 71 MVRP registration forbidden, 175 regional root, 68 MVRP registration normal, 175 relationships, 66 spanning tree mCheck, 88...
  • Page 279 Layer 3 Ethernet link aggregation QinQ basic configuration, 195 (dynamic), 49 QinQ VLAN tag TPID value, 192 Layer 3 Ethernet link aggregation (static), 48 QinQ VLAN transparent transmission, 191 Layer 3 Ethernet link aggregation edge QinQ VLAN transparent transmission aggregate interface, 52 configuration, 197 Layer 3 Ethernet link aggregation load RSTP network convergence, 65...
  • Page 280 VLAN mapping configuration (1\2), 207, 214 VLAN configuration, 114, 128 VLAN mapping configuration (2\2), 208, 214 VLAN mapping configuration, 199, 204, 209 VLAN mapping configuration (M\1), 205, 209 voice VLAN configuration, 158, 163, 168 VLAN mapping M\1 customer-side port, 206 No Agreement Check (spanning tree), 90, 92 VLAN mapping M\1 implementation, 202 no-learning action (loop detection), 108...
  • Page 281 PFC priority (LLDP), 238 Layer 2 Ethernet link aggregation load sharing, 44 polling Layer 3 aggregate interface configuration (MTU), 34 LLDP enable, 225 Layer 3 Ethernet link aggregation (dynamic), 49 port Layer 3 Ethernet link aggregation (static), 48 Ethernet aggregate interface, 32 Layer 3 Ethernet link aggregation edge aggregate Ethernet aggregate interface (description), 32 interface, 52...
  • Page 282 spanning tree path cost configuration, 81, 84 procedure spanning tree port link type configuration, 85 adding MAC address table blackhole entry, 4 spanning tree port mode configuration, 86 adding MAC address table entry (global), 3 spanning tree port priority configuration, 85 adding MAC address table entry (on interface), 3 spanning tree port role restriction, 96 adding MAC address table multiport unicast...
  • Page 283 configuring Layer 3 Ethernet link aggregation configuring port isolation (multiple isolation group (dynamic), 31 groups), 55 configuring Layer 3 Ethernet link aggregation configuring port-based VLAN, 117, 128 group (static), 29 configuring private VLAN, 143, 146 configuring Layer 3 Ethernet link aggregation configuring private VLAN promiscuous port, 146 load sharing, 50 configuring private VLAN trunk promiscuous...
  • Page 284 configuring super VLAN interface, 138 enabling Ethernet link aggregation traffic redirection, 39 configuring VLAN, 128 enabling LLDP, 224 configuring VLAN basic settings, 115 enabling LLDP polling, 225 configuring VLAN group, 127 enabling LLDP+DCBX TLV advertisement, 233 configuring VLAN interface basics, 116 enabling loop detection (global), 109 configuring VLAN mapping, 204, 209 enabling loop detection (port-specific), 109...
  • Page 285 setting Ethernet link aggregation load sharing MVRP, 175 mode (global), 37 QinQ, 190 setting Ethernet link aggregation load sharing STP protocol packets, 58 mode (group-specific), 38 VLAN, 115 setting Layer 3 aggregate interface (MTU), 34 PVID (port-based VLAN), 117 setting LLDP bridge mode, 224 PVST, 58, See also STP setting LLDP DCBX version, 234 configuration, 73, 103...
  • Page 286 region spanning tree root bridge, 76 MST, 67 spanning tree root bridge (device), 76 MST region configuration, 75 spanning tree root guard, 95 MST region max hops, 77 spanning tree secondary root bridge (device), 77 MST regional root, 68 STP algorithm calculation, 59 registering STP root bridge, 58 MVRP registration fixed mode, 175...
  • Page 287 Ethernet link aggregate group Selected ports displaying, 98 min/max, 34 edge port configuration, 81 Ethernet link aggregate interface (expected feature enable, 87 bandwidth), 35 loop guard enable, 95 Ethernet link aggregation load sharing mode maintaining, 98 (global), 37 mCheck, 88 Ethernet link aggregation load sharing mode mode set, 75 (group-specific), 38...
  • Page 288 MAC address table entry configuration switching (global), 3 spanning tree switched network diameter, 78 MAC address table entry configuration (on synchronizing interface), 3 MAC addresses, 9 MAC-based VLAN static syslog assignment, 121, 123 MAC Information configuration, 16, 17 static MAC address entry MAC Information mode configuration, 16 static source check disable, 13 algorithm calculation, 59...
  • Page 289 LLDP management address encoding loop detection configuration, 107, 109, 111 format, 228 MAC-based configuration, 130 LLDP parameters, 229 MAC-based dynamic assignment, 124 LLDP+DCBX TLV advertisement, 233 MAC-based server assignment, 125 LLDPDU basic management types, 219 MAC-based static assignment, 123 LLDPDU LLDP-MED types, 219 MAC-based VLAN configuration, 121 LLDPDU management address TLV, 222 MAC-based VLAN dynamic assignment, 121...
  • Page 290 voice VLAN port mode, 162 LLDP enable restrictions, 166 voice VLAN port operation configuration port mode, 162 (automatic assignment), 164, 168 port operation configuration (automatic voice VLAN port operation configuration assignment), 164, 168 (manual assignment), 165, 170 port operation configuration (manual voice VLAN port operation configuration assignment), 165, 170 restrictions (automatic assignment), 164...

Table of Contents