HP 6600 Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. HP ProCurve Series 6600
  6. Configuration manual

HP 6600 Configuration Manual

Hide thumbs Also See for 6600:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
HP 6600/HSR6600 Routers
Layer 2 - LAN Switching

Configuration Guide

Part number: 5998-1501
Software version: A6602-CMW520-R3103
A6600-CMW520-R3102-RPE
A6600-CMW520-R3102-RSE
HSR6602_MCP-CMW520-R3102
Document version: 6PW103-20130628

Advertisement

Table of Contents
loading

Related Manuals for HP 6600

Summary of Contents for HP 6600

  • Page 1: Configuration Guide

    HP 6600/HSR6600 Routers Layer 2 - LAN Switching Configuration Guide Part number: 5998-1501 Software version: A6602-CMW520-R3103 A6600-CMW520-R3102-RPE A6600-CMW520-R3102-RSE HSR6602_MCP-CMW520-R3102 Document version: 6PW103-20130628...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring the MAC address table ·························································································································· 1   Overview ············································································································································································ 1   How a MAC address table entry is created ·········································································································· 1   Types of MAC address table entries ······················································································································ 2   Configuring static, dynamic, and blackhole MAC address table entries ··································································· 2  ...
  • Page 4 Shutting down an aggregate interface ··············································································································· 25   Restoring the default settings for an aggregate interface ················································································· 25   Configuring load-sharing criteria for link aggregation groups ················································································· 26   Configuring the global link-aggregation load sharing criteria ········································································· 26   Configuring load-sharing criteria for an aggregation group ··········································································· 26  ...
  • Page 5 Configuration restrictions and guidelines ··········································································································· 63   Configuration procedure ······································································································································ 63   Configuring path costs of ports ···································································································································· 63   Specifying a standard for the device to use when it calculates the default path cost ··································· 63   Configuring path costs of ports ···························································································································· 65  ...
  • Page 6 VLAN types ···························································································································································· 90   Protocols and standards ······································································································································· 90   Configuring basic VLAN settings·································································································································· 90   Configuration restrictions and guidelines ··········································································································· 90   Configuration procedure ······································································································································ 90   Configuring basic settings of a VLAN interface ········································································································· 91   Configuration procedure ······································································································································ 91  ...
  • Page 7 GVRP ····································································································································································· 133   Protocols and standards ····································································································································· 133   GVRP configuration task list ········································································································································ 133   Configuring basic GVRP functions ····························································································································· 134   Configuration prerequisites ································································································································ 134   Configuration restrictions and guidelines ········································································································· 134   Configuration procedure ···································································································································· 134  ...
  • Page 8 Configuration procedure ···································································································································· 166   Ambiguous Dot1q termination configuration example ···························································································· 167   Network requirements ········································································································································· 167   Configuration procedure ···································································································································· 168   Configuration example for Dot1q termination supporting PPPoE server ································································ 169   Network requirements ········································································································································· 169   Configuration procedure ···································································································································· 169  ...
  • Page 9   Basic LLDP configuration example ······························································································································ 218   CDP-compatible LLDP configuration example ··········································································································· 221   Support and other resources ·································································································································· 223   Contacting HP ······························································································································································ 223   Subscription service ············································································································································ 223   Related information ······················································································································································ 223   Documents ···························································································································································· 223  ...

  • Page 10: Configuring The Mac Address Table

    Configuring the MAC address table This book covers only the unicast MAC address table. For information about configuring static multicast MAC address table entries, see IP Multicast Configuration Guide. For information about MAC address table configuration in VPLS, see MPLS Configuration Guide. The MAC address table configuration tasks can be performed in any order.

  • Page 11: Types Of Mac Address Table Entries

    Manually configuring MAC address entries With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate frames. For example, when a hacker sends frames with a forged source MAC address to a port different from the one to which the real MAC address is connected, the device creates an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker instead.

  • Page 12: Adding Or Modifying A Static Or Dynamic Mac Address Table Entry In Interface View

    Adding or modifying a static or dynamic MAC address table entry in interface view Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number By default, no MAC address entry is mac-address { dynamic | configured.

  • Page 13: Disabling Mac Address Learning On Ports

    Disabling MAC address learning on ports You can disable MAC address learning on a single port, or on all ports in a port group. To disable MAC address learning on an interface or a port group: Step Command Remarks Enter system view. system-view Use either command.

  • Page 14: Configuring The Mac Learning Limit On Ports

    Step Command Remarks Optional. Configure the aging timer for dynamic mac-address timer { aging The default aging timer for .dynamic MAC address MAC address seconds | no-aging } entries is 300 seconds. entries. The no-aging keyword disables the aging timer. You can reduce floods on a stable network by disabling the aging timer to prevent dynamic entries from unnecessarily aging out.

  • Page 15: Mac Address Table Configuration Example

    Task Command Remarks Display MAC address display mac-address statistics [ | { begin | exclude | Available in any statistics. include } regular-expression ] view. MAC address table configuration example Network requirements As shown in Figure The MAC address of Host A is 000f-e235-dc71 and belongs to VLAN 1. It is connected to •...
  • Page 16 000f-e235-dc71 Config static GigabitEthernet4/0/1 NOAGED 1 mac address(es) found # Display information about the destination blackhole MAC address table. [Router] display mac-address blackhole MAC ADDR VLAN ID STATE PORT INDEX AGING STATE 000f-e235-abcd Blackhole NOAGED 1 mac address(es) found # View the aging time of dynamic MAC address entries. [Router] display mac-address aging-time Mac address aging time: 500s...

  • Page 17: Configuring Mac Information

    Configuring MAC Information NOTE: The MAC Information feature is available on only SAP modules that are operating in bridge mode. The MAC Information feature can generate syslog messages or SNMP traps when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network for suspicious users.

  • Page 18: Configuring Mac Information Mode

    Configuring MAC Information mode Step Command Remarks Enter system view. system-view Optional. Configure MAC Information mac-address information mode mode. { syslog | trap } The default setting is trap. Configuring the interval for sending syslog or trap messages To prevent syslog or trap messages from being sent too frequently, change the interval for sending syslog or trap messages.

  • Page 19: Configuration Procedure

    Figure 2 Network diagram Router GE4/0/1 GE4/0/2 GE4/0/3 Host A Server 192.168.1.1/24 192.168.1.3/24 Host B 192.168.1.2/24 Configuration procedure Configure Router to send syslog messages to Host B (see Network Management and Monitoring Configuration Guide). Enable MAC Information. # Enable MAC Information globally. <Router>...

  • Page 20: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Layer 2 aggregation groups are supported only on SAP modules operating in bridge mode. Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link called an "aggregate link." Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link.

  • Page 21: Operational Key

    You can assign Layer 2 Ethernet interfaces only to a Layer 2 aggregation group, and Layer 3 Ethernet interfaces only to a Layer 3 aggregation group. Aggregation states of member ports in an aggregation group A member port in an aggregation group can be in either of the following aggregation states: Selected—A Selected port can forward user traffic.
  • Page 22 Reference port When setting the aggregation state of the ports in an aggregation group, the system automatically picks a member port as the reference port. A Selected port must have the same port attributes and class-two configurations as the reference port. For information about how a reference port is chosen in a static link aggregation group, see "Choosing a reference port"...

  • Page 23: Aggregating Links In Static Mode

    Table 3 LACP priorities Type Description Used by two peer devices (or systems) to determine which one is superior in link aggregation. System LACP priority In dynamic link aggregation, the system with higher system LACP priority sets the Selected state of member ports on its side first, and then the system with lower priority sets the port state accordingly.

  • Page 24: Aggregating Links In Dynamic Mode

    Figure 4 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class 2 configurations same as the reference port? Port number as low as to set More candidate ports than max.
  • Page 25 Figure 5 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports to the same as their peer ports. A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group.

  • Page 26: Load-Sharing Criteria For Link Aggregation Groups

    Load-sharing criteria for link aggregation groups In a link aggregation group, traffic can be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one or any combination of the following criteria for load sharing: Source/Destination MAC addresses •...

  • Page 27: Configuring An Aggregation Group

    Configuring an aggregation group You can choose to create a Layer 2 or Layer 3 link aggregation group depending on the ports to be aggregated: • To aggregate Layer 2 Ethernet interfaces, create a Layer 2 link aggregation group. To aggregate Layer 3 Ethernet interfaces, create a Layer 3 link aggregation group. •...

  • Page 28: Configuring A Layer 3 Static Aggregation Group

    Step Command Remarks Enter system view. system-view When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same.

  • Page 29: Configuring A Layer 2 Dynamic Aggregation Group

    Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. When the number of ports eligible for becoming Selected ports Assign the port an link-aggregation port-priority exceeds the maximum number of aggregation priority. port-priority Selected ports allowed in a static aggregation group, changing the aggregation priority of a port might affect the aggregation state...

  • Page 30: Configuring A Layer 3 Dynamic Aggregation Group

    Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. When the number of ports eligible for Selected ports exceeds the Assign the port an link-aggregation port-priority maximum number of Selected ports aggregation priority. port-priority allowed in a dynamic aggregation group, changing the aggregation priority of a port might affect the aggregation state of the ports in...

  • Page 31: Configuring An Aggregate Interface

    Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. When the number of ports eligible for becoming Selected ports Assign the port an link-aggregation port-priority exceeds the maximum number of aggregation priority. port-priority Selected ports allowed in a dynamic aggregation group, changing the aggregation priority of a port might affect the...

  • Page 32: Configuring The Mtu Of A Layer 3 Aggregate Interface Or Subinterface

    Configuring the MTU of a Layer 3 aggregate interface or subinterface IMPORTANT: To guarantee data transmission, make sure the MTU of a Layer 3 aggregate interface is not greater than the maximum MTU of its member ports. The MTU of an interface affects IP packets fragmentation and reassembly on the interface. To change the MTU of a Layer 3 aggregate interface or subinterface: Step Command...

  • Page 33: Enabling Link State Traps For An Aggregate Interface

    Step Command Remarks By default, traffic on a Layer 3 aggregate interface whose member ports are located on the same card is processed and forwarded by Specify a card to process the card that houses the member ports, and and forward traffic for the service slot slot-number traffic on a Layer 3 aggregate interface whose interface.

  • Page 34: Shutting Down An Aggregate Interface

    Step Command Remarks Set the expected bandwidth bandwidth bandwidth-value for the aggregate interface. Shutting down an aggregate interface Shutting down or bringing up an aggregate interface affects the aggregation state and link state of aggregated member ports in the following ways: When an aggregate interface is shut down, all Selected member ports become unselected and •...

  • Page 35: Configuring Load-Sharing Criteria For Link Aggregation Groups

    Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared in a link aggregation group by configuring load-sharing criteria. The criteria can be source MAC address, destination MAC address, source IP address, or destination IP address carried in packets, or combination of source and destination MAC addresses or of source and destination IP addresses.

  • Page 36: Displaying And Maintaining Ethernet Link Aggregation

    Displaying and maintaining Ethernet link aggregation Task Command Remarks display interface [ bridge-aggregation | route-aggregation ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any aggregate interfaces. view.

  • Page 37: Layer 2 Static Aggregation Configuration Example

    Layer 2 static aggregation configuration example Network requirements Configure a Layer 2 static aggregation group on Router A and Router B (in Figure 6). Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.

  • Page 38: Layer 2 Dynamic Aggregation Configuration Example

    [RouterA-GigabitEthernet4/0/3] port link-aggregation group 1 [RouterA-GigabitEthernet4/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [RouterA] interface bridge-aggregation 1 [RouterA-Bridge-Aggregation1] port link-type trunk [RouterA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...
  • Page 39 Enable traffic to be load-shared across aggregation group member ports based on source and destination MAC addresses. Figure 7 Network diagram Configuration procedure Configure Router A: # Create VLAN 10, and assign the port GigabitEthernet 4/0/4 to VLAN 10. <RouterA> system-view [RouterA] vlan 10 [RouterA-vlan10] port GigabitEthernet 4/0/4 [RouterA-vlan10] quit...

  • Page 40: Layer 2 Aggregation Load Sharing Configuration Example

    [RouterA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait... Done. Configuring GigabitEthernet4/0/1... Done. Configuring GigabitEthernet4/0/2... Done. Configuring GigabitEthernet4/0/3... Done. [RouterA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria. [RouterA] link-aggregation load-sharing mode source-mac destination-mac Configure Router B in the same way Router A is configured.
  • Page 41 Figure 8 Network diagram Configuration procedure Configure Router A: # Create VLAN 10, and assign the port GigabitEthernet 4/0/5 to VLAN 10. <RouterA> system-view [RouterA] vlan 10 [RouterA-vlan10] port GigabitEthernet 4/0/5 [RouterA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 4/0/6 to VLAN 20. <RouterA>...
  • Page 42 [RouterA-Bridge-Aggregation1] quit # Create Layer 2 aggregate interface Bridge-Aggregation 2, and configure the load sharing criterion for the link aggregation group as the destination MAC addresses of packets. [RouterA] interface bridge-aggregation 2 [RouterA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [RouterA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 4/0/3 and GigabitEthernet 4/0/4 to link aggregation group 2. [RouterA] interface GigabitEthernet 4/0/3 [RouterA-GigabitEthernet4/0/3] port link-aggregation group 2 [RouterA-GigabitEthernet4/0/3] quit...

  • Page 43: Layer 3 Static Aggregation Configuration Example

    destination-mac address The output shows that the load sharing criterion for link aggregation group 1 is the source MAC addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets. Layer 3 static aggregation configuration example Network requirements As shown in Figure...

  • Page 44: Layer 3 Dynamic Aggregation Configuration Example

    [RouterA] display link-aggregation summary Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports...

  • Page 45: Layer 3 Aggregation Load Sharing Configuration Example

    # Assign Layer 3 Ethernet interfaces GigabitEthernet 4/0/1 through GigabitEthernet 4/0/3 to aggregation group 1. [RouterA] interface GigabitEthernet 4/0/1 [RouterA-GigabitEthernet4/0/1] port link-aggregation group 1 [RouterA-GigabitEthernet4/0/1] quit [RouterA] interface GigabitEthernet 4/0/2 [RouterA-GigabitEthernet4/0/2] port link-aggregation group 1 [RouterA-GigabitEthernet4/0/2] quit [RouterA] interface GigabitEthernet 4/0/3 [RouterA-GigabitEthernet4/0/3] port link-aggregation group 1 [RouterA-GigabitEthernet4/0/3] quit # Configure Router A to use the source and destination IP addresses of packets as the global...
  • Page 46 Figure 11 Network diagram 192.168.1.1/24 192.168.1.2/24 RAGG1 RAGG1 GE4/0/1 GE4/0/1 Link aggregation 1 GE4/0/2 GE4/0/2 Link aggregation 2 GE4/0/3 GE4/0/3 GE4/0/4 GE4/0/4 RAGG2 RAGG2 Router A Router B 192.168.2.1/24 192.168.2.2/24 Configuration procedure Configure Router A: # Create Layer 3 aggregate interface Route-Aggregation 1, configure it to perform load sharing based on source IP address, and configure an IP address and subnet mask for the aggregate interface.
  • Page 47 BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- RAGG1 none Shar RAGG2 none...

  • Page 48: Configuring Port Isolation

    Configuring port isolation The port isolation feature is supported on SAP cards that are operating in bridge mode. Overview Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. The device supports only one isolation group that is created automatically by the system as isolation group 1.

  • Page 49: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure 12, GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, GigabitEthernet 3/0/3, and GigabitEthernet 3/0/4 are in the same VLAN. Configure the router to provide Internet access for LAN users Host A, Host B, and Host C, and isolate them from one another at Layer 2.

  • Page 50: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols This feature is supported on SAP modules that are operating in bridge mode. As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy.

  • Page 51: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. There is only one root bridge in the entire network. The entire network contains only one root bridge. All the other bridges in the network are called "leaf nodes." The root bridge is not permanent, but can change when the network topology changes.

  • Page 52: Stp Algorithm

    Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree. STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only.
  • Page 53 Table 8 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU that the port generated.
  • Page 54 Table 9 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1...
  • Page 55 Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its • existing configuration BPDU {2, 0, 2, Port C1}, and updates its Port C1: {0, 0, 0, Port configuration BPDU.
  • Page 56 Figure 15 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.

  • Page 57: Rstp

    RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP. A newly elected RSTP root port rapidly enters the forwarding state if the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data.

  • Page 58: Mst Region

    Figure 16 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...
  • Page 59 Same VLAN-to-instance mapping configuration. • • Same MSTP revision level. Physically linked together. • Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure 16, the switched network comprises MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.
  • Page 60 Port roles A port can play different roles in different MSTIs. As shown in Figure 18, an MST region comprises Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge.

  • Page 61: How Mstp Works

    Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user • traffic. Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user • traffic. Learning is an intermediate port state. Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward •...

  • Page 62: Protocols And Standards

    Root bridge hold • • Root bridge backup Root guard • BPDU guard • • Loop guard TC-BPDU guard • Support for hot swapping of interface cards and active/standby changeover • Protocols and standards IEEE 802.1d, Media Access Control (MAC) Bridges •...

  • Page 63: Stp Configuration Task List

    STP configuration task list Task Remarks Required. Setting the spanning tree mode Configure the device to operate in STP mode. Configuring the root bridge or a secondary root Optional. bridge Configuring the device priority Optional. Configuring the network diameter of a switched Optional.

  • Page 64: Mstp Configuration Task List

    Task Remarks Configuring the root bridge or a secondary root Optional. bridge Configuring the device priority Optional. Configuring the network diameter of a switched Optional. network Configuring spanning tree timers Optional. Configuring the timeout factor Optional. Configuring the maximum port rate Optional.
  • Page 65 Task Remarks Configuring an MST region Required. Configuring the root bridge or a secondary root Optional. bridge Configuring the device priority Optional. Configuring the maximum hops of an MST region Optional. Configuring the network diameter of a switched Optional. network Configuring spanning tree timers Optional.

  • Page 66: Setting The Spanning Tree Mode

    Setting the spanning tree mode The spanning tree modes include the following: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. RSTP mode—All ports of the device send RSTP BPDUs. When an RSTP port receives STP BPDUs from •...

  • Page 67: Configuring The Root Bridge Or A Secondary Root Bridge

    Step Command Remarks Display the MST region configurations that are not check region-configuration Optional. activated yet. Activate MST region active region-configuration configuration manually. Display the activated display stp region-configuration [ | Optional. configuration information of { begin | exclude | include } Available in any view.

  • Page 68: Configuring The Current Device As A Secondary Root Bridge Of A Specific Spanning Tree

    Step Command Remarks • In STP/RSTP mode: Use one of the commands. Configure the current stp root primary device as the root By default, a device does not • In MSTP mode: bridge. function as the root bridge. stp [ instance instance-id ] root primary Configuring the current device as a secondary root bridge of a specific spanning tree To configure the current device as a secondary root bridge of a specific spanning tree:...

  • Page 69: Configuring The Network Diameter Of A Switched Network

    Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by 1 and uses the new hop count in BPDUs that it propagates. When the hop count of a BPDU reaches 0, it is discarded by the device that received it.

  • Page 70: Configuration Guidelines

    If the forward delay timer is too long, network convergence might take a long time. HP recommends you to use the default setting. An appropriate hello time setting enables the device to promptly detect link failures on the network •...

  • Page 71: Configuring The Maximum Port Rate

    BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. HP recommends you to use the default setting. To configure the maximum rate of a port or a group of ports:...

  • Page 72: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines If BPDU guard is disabled, a port set as an edge port will become a non-edge port again if it • receives a BPDU from another port. To restore the edge port, re-enable it. • If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard for it.
  • Page 73 Table 12 shows a comparison between link speeds and path costs for each of these standards. Table 12 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 65535 200,000,000 200,000 Single port...

  • Page 74: Configuring Path Costs Of Ports

    Step Command Remarks Enter system view. system-view Specify a standard for the Optional. device to use when it stp pathcost-standard The default standard used by the calculates the default path { dot1d-1998 | dot1t | legacy } device is legacy. costs of its ports.

  • Page 75: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. HP recommends you to use the default setting and let the device to automatically detect the port link type.

  • Page 76: Configuring The Mode A Port Uses To Recognize And Send Mstp Packets

    Configuring the mode a port uses to recognize and send MSTP packets A port can receive and send MSTP packets in the following formats: • dot1s—802.1s-compliant standard format legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.

  • Page 77: Enabling The Spanning Tree Feature

    Step Command Remarks • In STP/RSTP mode: Use one of the stp port-log instance 0 commands. Enable outputting port state transition information. • In MSTP mode: By default, this feature is stp port-log instance { instance-id | all } disabled. Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect.

  • Page 78: Performing Mcheck Globally

    To enable communication between an HP device and a third-party device, enable the digest snooping feature on the port that connects the HP device to the third-party device in the same MST region. Configuration prerequisites Before you enable digest snooping, make sure that associated devices of different vendors are connected...

  • Page 79: Configuration Restrictions And Guidelines

    Configuration procedure You can enable digest snooping only on an HP device that is connected to a third-party device which uses its private key to calculate the configuration digest.

  • Page 80: Configuring No Agreement Check

    Figure 19 Network diagram Configuration procedure # Enable digest snooping on GigabitEthernet 4/0/1 of Router A and enable global digest snooping on Router A. <RouterA> system-view [RouterA] interface GigabitEthernet 4/0/1 [RouterA-GigabitEthernet4/0/1] stp config-digest-snooping [RouterA-GigabitEthernet4/0/1] quit [RouterA] stp config-digest-snooping # Enable digest snooping on GigabitEthernet 4/0/1 of Router B and enable global digest snooping on Router B.

  • Page 81: Configuration Prerequisites

    Figure 20 Rapid state transition of an MSTP designated port Figure 21 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device.

  • Page 82: No Agreement Check Configuration Example

    To configure No Agreement Check: Step Command Remarks Enter system view. system-view • Enter Ethernet interface view or Layer 2 aggregate interface view: Enter interface or port interface interface-type interface-number Use one of the commands. group view. • Enter port group view: port-group manual port-group-name Enable No Agreement By default, No Agreement...

  • Page 83: Enabling Bpdu Guard

    Enabling BPDU guard For access layer devices, access ports can directly connect to user terminals (such as PCs) or file servers. Access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process.

  • Page 84: Enabling Loop Guard

    Step Command Remarks • Enter Ethernet interface view or Layer 2 aggregate interface view: Enter interface view or port interface interface-type interface-number Use one of the commands. group view. • Enter port group view: port-group manual port-group-name Enable the root guard By default, root guard is stp root-protection function for the ports.

  • Page 85: Displaying And Maintaining The Spanning Tree

    (10 seconds). For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries. HP recommends not disabling this feature. To enable TC-BPDU guard: Step...

  • Page 86: Mstp Configuration Example

    MSTP configuration example Network requirements As shown in Figure All devices on the network are in the same MST region. Router A and Router B work at the • distribution layer. Router C and Router D work at the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: •...
  • Page 87 [RouterA-mst-region] instance 1 vlan 10 [RouterA-mst-region] instance 3 vlan 30 [RouterA-mst-region] instance 4 vlan 40 [RouterA-mst-region] revision-level 0 # Activate MST region configuration. [RouterA-mst-region] active region-configuration [RouterA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [RouterA] stp instance 1 root primary # Enable the spanning tree feature globally.
  • Page 88 [RouterC] stp enable Configure Router D: # Enter MST region view, and configure the MST region name as example. Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. Configure the revision level of the MST region as 0.
  • Page 89 GigabitEthernet4/0/2 ROOT FORWARDING NONE GigabitEthernet4/0/3 DESI FORWARDING NONE GigabitEthernet4/0/1 ROOT FORWARDING NONE GigabitEthernet4/0/2 ALTE DISCARDING NONE GigabitEthernet4/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Router D. [RouterD] display stp brief MSTID Port Role STP State Protection GigabitEthernet4/0/1 ROOT FORWARDING NONE...

  • Page 90: Configuring Bpdu Tunneling

    PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols:...

  • Page 91: Bpdu Tunneling Implementation

    • • DLDP EOAM • GVRP • • HGMP LACP • LLDP • PAGP • PVST • • UDLD • • BPDU tunneling implementation The BPDU tunneling implementations for different protocols are all similar. This section uses the Spanning Tree Protocol (STP) to describe how to implement BPDU tunneling. This document uses the term STP in a broad sense.

  • Page 92: Configuration Prerequisites

    Figure 26 BPDU tunneling implementation The upper section of Figure 26 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.

  • Page 93: Enabling Bpdu Tunneling

    Enabling BPDU tunneling Configuration guidelines You can enable BPDU tunneling for different protocols in different views. Settings made in Layer 2 • Ethernet interface view or Layer 2 aggregate interface view take effect only on the current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable •...

  • Page 94: Configuring Destination Multicast Mac Address For Bpdus

    Configuring destination multicast MAC address for BPDUs By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003. You can change it to 0x0100-0CCD-CDD0, 0x0100-0CCD-CDD1, or 0x0100-0CCD-CDD2. To configure destination multicast MAC address for BPDUs: Step Command Remarks Enter system view. system-view Optional.

  • Page 95: Configuration Procedure

    Configuration procedure Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 3/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface GigabitEthernet 3/0/1 [PE1-GigabitEthernet3/0/1] port access vlan 2 # Disable STP on GigabitEthernet 3/0/1, and then enable BPDU tunneling for STP on it.

  • Page 96: Configuration Procedure

    Figure 28 Network diagram Configuration procedure Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 3/0/1 as a trunk port and assign it to all VLANs. [PE1] interface GigabitEthernet 3/0/1 [PE1-GigabitEthernet3/0/1] port link-type trunk [PE1-GigabitEthernet3/0/1] port trunk permit vlan all...

  • Page 97: Configuring Vlans

    Configuring VLANs The VLAN feature is supported on SAP modules that are operating in bridge mode. Overview Ethernet is a shared-media network based on the CSMA/CD mechanism. A LAN built by using Ethernet is both a collision domain and a broadcast domain. In a LAN with plenty of hosts, the LAN might be full of collisions and broadcasts.

  • Page 98: Vlan Frame Encapsulation

    VLAN frame encapsulation In order that a network device can identify frames of different VLANs, a VLAN tag field is inserted into the data link layer encapsulation. The format of VLAN-tagged frames is defined in IEEE 802.1Q issued in 1999. As shown in Figure 30, in the header of a traditional Ethernet data frame, the field after the destination...

  • Page 99: Vlan Types

    VLAN types You can implement VLANs based on the following criteria: • Port MAC address • Protocol • IP subnet • Policy • • Other criteria This chapter covers port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings.

  • Page 100: Configuring Basic Settings Of A Vlan Interface

    Step Command Remarks Enter VLAN view. vlan vlan-id Required only when you create VLANs in bulk. Optional. Configure a name for The default name is VLAN vlan-id, which is the ID of name text the VLAN. the VLAN. For example, the name of VLAN 100 is VLAN 0100 by default.

  • Page 101: Vlan Interface Configuration Example

    Step Command Remarks Optional. By default, a VLAN interface is not Cancel the action of manually shut down. The VLAN interface manually shutting down the undo shutdown is up if one or more ports in the VLAN is VLAN interface. up, and goes down if all ports in the VLAN go down.

  • Page 102: Configuring Port-Based Vlans

    Configure the default gateway of PC A as 192.168.0.10. Configure the default gateway of PC B as 192.168.1.20. Verifying the configuration The PCs can ping each other. Display brief information about Layer 3 interfaces on Router to verify the configuration. <Router>...
  • Page 103 VLAN, see "Configuring a voice VLAN." • HP recommends that you set the same PVID for local and remote ports. Make sure a port permits the traffic from its PVID to pass through. Otherwise, when the port receives •...

  • Page 104: Assigning An Access Port To A Vlan

    Actions Access Trunk Hybrid • Receives the frame if its VLAN ID is the • same as the PVID. Receives the frame if its VLAN is permitted on the port. Incoming tagged frame • • Drops the frame if its Drops the frame if its VLAN is not permitted on the port.

  • Page 105: Assigning A Trunk Port To A Vlan

    Step Command Remarks Use one of the commands. • The configuration made in Layer 2 Ethernet interface view applies only to the • Enter Layer 2 Ethernet port. interface view: • The configuration made in port group interface interface-type view applies to all ports in the port group. interface-number •...

  • Page 106: Assigning A Hybrid Port To A Vlan

    Step Command Remarks Configure the link type of port link-type trunk By default, all ports are access ports. the ports as trunk. Assign the trunk ports to port trunk permit vlan By default, a trunk port carries only VLAN 1. the specified VLANs.

  • Page 107: Port-Based Vlan Configuration Example

    After you configure the PVID for a hybrid port, you must use the port hybrid vlan command to configure the hybrid port to allow packets from the PVID to pass through. Port-based VLAN configuration example Network requirements As shown in Figure 34, Host A and Host C belong to Department A, and access the enterprise network through different devices.

  • Page 108: Configuring Mac-Based Vlans

    Verifying the configuration Host A and Host C can ping each other successfully, but they both fail to ping Host B. Host B and Host D can ping each other successfully, but they both fail to ping Host A. Determine whether the configuration is successful by displaying relevant VLAN information. # Display information about VLANs 100 and 200 on Router A.
  • Page 109 the source MAC address and each mask. If the result of an AND operation matches the corresponding MAC address, the device tags the frame with the corresponding VLAN ID. If the fuzzy match fails, the device performs an exact match. In the exact match, the device searches the MAC address-to-VLAN entries whose masks are all-Fs.

  • Page 110: Configuration Restrictions And Guidelines

    Figure 35 Flowchart for processing a frame in dynamic MAC-based VLAN assignment When you configure dynamic MAC-based VLAN assignment, follow these guidelines: • When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed.

  • Page 111: Configuration Procedure

    MAC-based VLANs are available only on hybrid ports. • • Do not configure a super VLAN as the VLAN of a MAC address-to-VLAN entry. The MAC-based VLAN feature is mainly configured on downlink ports of user access devices. Do • not enable this function together with link aggregation.

  • Page 112: Mac-Based Vlan Configuration Example

    Step Command Remarks Use one of the commands. • Enter interface view: • The configuration made in interface interface-type Ethernet interface view applies interface-number Enter interface view or port only to the port. group view. • Enter port group view: •...
  • Page 113 Figure 36 Network diagram Configuration considerations • Create VLANs 100 and 200. Configure the uplink ports of Router A and Router C as trunk ports, and assign them to VLANs 100 • and 200. • Configure the downlink ports of Router B as trunk ports, and assign them to VLANs 100 and 200. Assign the uplink ports of Router B to VLANs 100 and 200.
  • Page 114 Please wait... Done. [RouterA-GigabitEthernet4/0/1] mac-vlan enable [RouterA-GigabitEthernet4/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 4/0/2 as a trunk port, and assign it to VLANs 100 and 200. [RouterA] interface GigabitEthernet 4/0/2 [RouterA-GigabitEthernet4/0/2] port link-type trunk [RouterA-GigabitEthernet4/0/2] port trunk permit vlan 100 200 [RouterA-GigabitEthernet4/0/2] quit...

  • Page 115: Configuring Protocol-Based Vlans

    MAC-based VLAN is usually configured on downlink ports of access layer devices, and cannot be • configured together with the link aggregation function. Configuring protocol-based VLANs Introduction to protocol-based VLAN The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol type and encapsulation format.

  • Page 116: Protocol-Based Vlan Configuration Example

    Step Command Remarks Exit VLAN view. quit • Enter Ethernet interface Use one of the commands. view: • The configuration made in Ethernet interface interface-type Enter interface view or port interface view applies only to the port. interface-number group view. •...
  • Page 117 Configuration considerations Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configure Router: # Create VLAN 100, and assign port GigabitEthernet 4/0/11 to VLAN 100. <Router>...

  • Page 118: Configuring Ip Subnet-Based Vlans

    Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same network segment (192.168.100.0/24, for example), and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be on the same network segment (2001::1/64, for example). Verifying the configuration The hosts and server in VLAN 100 can ping one another successfully.

  • Page 119: Configuration Procedure

    Configuration procedure This feature is applicable only on hybrid ports. To configure an IP subnet-based VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id The IP subnet or IP address to be Associate an IP subnet with ip-subnet-vlan [ ip-subnet-index ] associated with a VLAN cannot be a the VLAN.
  • Page 120 Configure Router to transmit packets over separate VLANs based on their source IP addresses. Figure 38 Network diagram Device A Device B VLAN 100 VLAN 200 GE4/0/11 GE4/0/12 Router GE4/0/1 192.168.5.0/24 192.168.50.0/24 Office Configuration considerations Create VLANs 100 and 200. •...

  • Page 121: Displaying And Maintaining Vlan

    [Router] interface GigabitEthernet 4/0/12 [Router-GigabitEthernet4/0/12] port link-type hybrid [Router-GigabitEthernet4/0/12] port hybrid vlan 200 tagged Please wait... Done. [Router-GigabitEthernet4/0/12] quit # Associate interface GigabitEthernet 4/0/1 with IP subnet-based VLANs 100 and 200. [Router] interface GigabitEthernet 4/0/1 [Router-GigabitEthernet4/0/1] port link-type hybrid [Router-GigabitEthernet4/0/1] port hybrid vlan 100 200 untagged Please wait...
  • Page 122 Task Command Remarks display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display VLAN interface Available in any view. information. display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ] Display hybrid ports or trunk ports display port { hybrid | trunk } [ | { begin |...

  • Page 123: Configuring Super Vlans

    Configuring super VLANs The super VLAN feature is supported on SAP modules that are operating in bridge mode. Super VLAN, also called "VLAN aggregation," was introduced to save IP address space. A super VLAN is associated with multiple sub-VLANs. You can create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface.

  • Page 124: Configuring A Vlan Interface For The Super Vlan

    You can configure DHCP, Layer 3 multicast, dynamic routing, and NAT for the VLAN interface of a • super VLAN. However, only DHCP takes effect. HP recommends not configuring VRRP for the VLAN interface of a super VLAN, because it affects • network performance. For more information about VRRP, see High Availability Configuration Guide.

  • Page 125: Displaying And Maintaining Super Vlan

    Step Command Remarks Use one of the commands. By default, local proxy ARP and local proxy ND are disabled. • Enable local proxy ARP: For more information about local Enable local proxy ARP. local-proxy-arp enable proxy ARP and proxy ND functions, see Layer 3—IP Services Enable local proxy ND.
  • Page 126 <Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] quit [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0 # Enable local proxy ARP. [Sysname-Vlan-interface10] local-proxy-arp enable [Sysname-Vlan-interface10] quit # Create VLAN 2, and assign GigabitEthernet 4/0/1 and GigabitEthernet 4/0/2 to it. [Sysname] vlan 2 [Sysname-vlan2] port GigabitEthernet 4/0/1 GigabitEthernet 4/0/2 [Sysname-vlan2] quit # Create VLAN 3, and assign GigabitEthernet 4/0/3 and GigabitEthernet 4/0/4 to it.
  • Page 127 It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: GigabitEthernet4/0/1 GigabitEthernet4/0/2 VLAN ID: 3 VLAN Type: static It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0003...

  • Page 128: Configuring A Voice Vlan

    Configuring a voice VLAN The voice VLAN feature is supported on SAP modules that are operating in bridge mode. Overview A voice VLAN is configured for voice traffic. After assigning ports that connect to voice devices to a voice VLAN, the system automatically configures QoS parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality.
  • Page 129 automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence. You can configure a voice VLAN aging time on the device. The system will remove a port from the voice VLAN if no packets are received from the port during the aging time. The system automatically assigns ports to, or removes ports from, a voice VLAN.

  • Page 130: Security Mode And Normal Mode Of Voice Vlans

    Table 14 Required configurations on ports of different link types for them to support tagged voice traffic Voice VLAN assignment mode Port link type Configuration requirements supported for tagged voice traffic Access In automatic mode, the PVID of the port cannot be the voice VLAN.

  • Page 131: Configuration Prerequisites

    HP recommends not transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, make sure the voice VLAN security mode is disabled.

  • Page 132: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Configure the QoS priority settings for voice traffic on an interface before you enable voice VLAN on the interface. If the configuration order is reversed, your priority trust setting will fail. To configure QoS priority settings for voice traffic: Step Command Remarks Enter system view.

  • Page 133: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Step Command Remarks Optional. Enable the voice VLAN voice vlan security enable By default, the voice VLAN security security mode. mode is enabled. Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. For address.

  • Page 134: Displaying And Maintaining Voice Vlan

    Step Command Remarks Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address. oui-mask [ description text ] For default OUI addresses of different vendors, see Table Enter Layer 2 Ethernet interface interface-type interface view.
  • Page 135 The MAC address of IP phone B is 001 1-2200-0001. The phone connects to a downstream device • named PC B whose MAC address is 0022-2200-0002, and to GigabitEthernet 4/0/2 on Router A. Router A uses voice VLAN 2 to transmit voice packets for IP phone A and uses voice VLAN 3 to •...

  • Page 136: Manual Voice Vlan Assignment Mode Configuration Example

    [RouterA-GigabitEthernet4/0/1] voice vlan mode auto # Configure VLAN 2 as the voice VLAN for GigabitEthernet 4/0/1. [RouterA-GigabitEthernet4/0/1] voice vlan 2 enable [RouterA-GigabitEthernet4/0/1] quit # Configure GigabitEthernet 4/0/2. [RouterA] interface GigabitEthernet 4/0/2 [RouterA-GigabitEthernet4/0/2] port link-type hybrid [RouterA-GigabitEthernet4/0/2] voice vlan mode auto [RouterA-GigabitEthernet4/0/2] voice vlan 3 enable Verifying the configuration # Display OUI addresses, OUI address masks, and description strings.
  • Page 137 Figure 43 Network diagram Configuration procedure # (Optional.) Configure the voice VLAN to operate in security mode. A voice VLAN operates in security mode by default. <RouterA> system-view [RouterA] voice vlan security enable # Add a recognizable OUI address 001 1-2200-0000. [RouterA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Create VLAN 2.
  • Page 138 # Display the states of voice VLANs. <RouterA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE -------------------------------------------------------...

  • Page 139: Configuring Gvrp

    Configuring GVRP GVRP is supported on SAP modules that are operating in bridge mode. The Generic Attribute Registration Protocol (GARP) provides a generic framework for routers in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes.
  • Page 140 Join messages • A GARP participant sends Join messages when it wishes to declare its attribute values or receives Join messages from other GARP participants. Join messages include the following categories: JoinEmpty—A GARP participant sends JoinEmpty messages to declare attribute values that it has not registered.
  • Page 141 GARP PDU format As shown in Figure 45, GARP PDUs are encapsulated in IEEE 802.3 Ethernet frames. Figure 45 GARP PDU format Ethernet frame Length DSAP SSAP Ctrl GARP PDU Protocol ID Message 1 Message n End mark Attribute type Attribute list Attribute 1 Attribute n...

  • Page 142: Gvrp

    Field Description Value VLAN ID for GVRP. If the value of the Attribute event field is Attribute value Attribute value. 0x00 (LeaveAll event), the Attribute value field is invalid. The destination MAC addresses of GARP messages are multicast MAC addresses, and vary with GARP applications.

  • Page 143: Configuring Basic Gvrp Functions

    Complete these tasks to configure GVRP: Task Remarks Configuring basic GVRP functions Required Configuring the GARP timers Optional Configuring basic GVRP functions Configuration prerequisites Before enabling GVRP on a port, you must enable GVRP globally. In addition, you can configure GVRP only on trunk ports, and you must assign the involved trunk ports to all dynamic VLANs.

  • Page 144: Configuring The Garp Timers

    Step Command Remarks The default setting is access. For more information Configure the link type of the port link-type trunk about the port link-type ports as trunk. trunk command, see Layer 2—LAN Switching Command Reference. By default, a trunk port is assigned to VLAN 1 only.

  • Page 145: Configuration Procedure

    On a GARP-enabled network, each port maintains its own Hold, Join, and Leave timers, but only • one LeaveAll timer is maintained on each router. This LeaveAll timer applies to all ports on the router. • The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. Table 18 for their dependencies.

  • Page 146: Gvrp Configuration Examples

    Task Command Remarks display garp timer [ interface interface-list ] [ | Display GARP timers on ports. Available in any view. { begin | exclude | include } regular-expression ] Display the local VLAN display gvrp local-vlan interface interface-type information that GVRP interface-number [ | { begin | exclude | include } Available in any view.

  • Page 147: Gvrp Fixed Registration Mode Configuration Example

    [RouterA-GigabitEthernet3/0/1] gvrp [RouterA-GigabitEthernet3/0/1] quit # Create VLAN 2 (a static VLAN). [RouterA] vlan 2 [RouterA-vlan2] quit Configure Router B: # Enable GVRP globally. <RouterB> system-view [RouterB] gvrp # Configure port GigabitEthernet 3/0/1 as a trunk port, and assign it to all VLANs. [RouterB] interface GigabitEthernet 3/0/1 [RouterB-GigabitEthernet3/0/1] port link-type trunk [RouterB-GigabitEthernet3/0/1] port trunk permit vlan all...
  • Page 148 Figure 47 Network diagram Configuration procedure Configure Router A: # Enable GVRP globally. <RouterA> system-view [RouterA] gvrp # Configure port GigabitEthernet 3/0/1 as a trunk port, and assign it to all VLANs. [RouterA] interface GigabitEthernet 3/0/1 [RouterA-GigabitEthernet3/0/1] port link-type trunk [RouterA-GigabitEthernet3/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 3/0/1 and set the GVRP registration mode to fixed on the port.

  • Page 149: Gvrp Forbidden Registration Mode Configuration Example

    1(default), 2 The output shows that information about VLAN 1 and static VLAN information about VLAN 2 on the local router are registered through GVRP, but dynamic VLAN information about VLAN 3 on Router B is not. # Display the local VLAN information maintained by GVRP on port GigabitEthernet 3/0/1 of Router B.
  • Page 150 # Configure port GigabitEthernet 3/0/1 as a trunk port, and assign it to all VLANs. [RouterB] interface GigabitEthernet 3/0/1 [RouterB-GigabitEthernet3/0/1] port link-type trunk [RouterB-GigabitEthernet3/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 3/0/1, and set the GVRP registration mode to forbidden on the port.

  • Page 151: Configuring Qinq

    Configuring QinQ QinQ is supported on SAP modules that are operating in bridge mode. Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 152: Qinq Frame Structure

    Figure 49 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10 CE 3 CE 4 Customer Customer network B network A VLAN 3 VLAN 4 IP network PE 1 PE 2 VLAN 3 VLAN 4 Public network Customer Customer network A...

  • Page 153: Implementations Of Qinq

    The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes. For more information about interface MTU configuration, see Interface Configuration Guide.

  • Page 154: Protocols And Standards

    The device determines whether a received frame carries an SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries an SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100, and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the device considers that the frame carries only the SVLAN tag but not the CVLAN tag.

  • Page 155: Configuring Basic Qinq

    Do not configure QinQ on a reflector port. For more information about reflector ports, see Network • Management and Monitoring Configuration Guide. Complete the follows tasks to configure QinQ: Task Remarks Enabling basic QinQ Required. Configuring basic QinQ Configuring VLAN transparent Optional.

  • Page 156: Configuring Selective Qinq

    Basic QinQ tags all frames with the PVID. Selective QinQ can add different outer VLAN tags based on inner VLAN tags. The 6600 and HSR6600 series routers implement selective QinQ through a QoS policy. You can configure a class to match packets with the specified inner VLAN tags, configure a outer VLAN tagging behavior, associate the class with the behavior in a QoS policy, and then apply the QoS policy to the port connecting to users.

  • Page 157: Configuring An Inner-Outer Vlan 802.1P Priority Mapping

    Configuring an inner-outer VLAN 802.1p priority mapping The 6600 and HSR6600 series routers can set the 802.1p priority in the outer VLAN tag according to the inner 802.1p priority or the inner VLAN tag. To configure an inner-outer VLAN 802.1p priority mapping:...

  • Page 158: Configuring Inner Vlan Id Substitution

    Step Command Remarks Return to system view. quit Create a behavior and enter traffic behavior behavior-name behavior view. Configure the behavior to set the 802.1p priority in the outer remark dot1p 8021p VLAN tags. Return to system view. quit Create a QoS policy and qos policy policy-name enter QoS policy view.

  • Page 159: Configuring The Tpid Value In Vlan Tags

    Step Command Remarks Create a QoS policy and enter qos policy policy-name QoS policy view. Associate the class with the classifier classifier-name behavior behavior in the QoS policy. behavior-name Return to system view. quit • Enter Layer 2 Ethernet interface view: interface interface-type Enter the view of interfaces...

  • Page 160: Qinq Configuration Examples

    Step Command Remarks • Enter Layer 2 Ethernet or Layer 2 aggregate interface view: Enter interface interface interface-type view or port Use one of the commands. interface-number group view. • Enter port group view: port-group manual port-group-name Optional. Use one of the commands. Set the TPID By default, the TPID used by a port in the value in the...
  • Page 161 Figure 52 Network diagram VLANs 30 to 90 VLANs 10 to 70 CE 3 CE 4 Site 3 Site 2 Company B Company A GE4/0/3 GE4/0/3 GE4/0/2 VLANs 100 and 200 GE4/0/2 PE 1 PE 2 TPID = 0x8200 GE4/0/1 GE4/0/1 Public network Company A...
  • Page 162 Configure GigabitEthernet 4/0/3: # Configure GigabitEthernet 4/0/3 as a trunk port and assign it to VLAN 200 and VLANs 30 through 90. [PE1] interface GigabitEthernet 4/0/3 [PE1-GigabitEthernet4/0/3] port link-type trunk [PE1-GigabitEthernet4/0/3] port trunk permit vlan 200 30 to 90 # Configure VLAN 200 as the PVID for the port. [PE1-GigabitEthernet4/0/3] port trunk pvid vlan 200 # Enable basic QinQ on the port.

  • Page 163: Selective Qinq Configuration Example

    On third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that connects to PE 2 to allow tagged frames of VLAN 100 and VLAN 200 to pass through. (Details not shown.) Selective QinQ configuration example Network requirements As shown in...
  • Page 164 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. <PEA> system-view [PEA] interface gigabitethernet 2/0/1 [PEA-GigabitEthernet2/0/1] port link-type hybrid [PEA-GigabitEthernet2/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of GigabitEthernet 2/0/1, and enable basic QinQ on GigabitEthernet 2/0/1.
  • Page 165 [PEA-GigabitEthernet2/0/2] quit Configuration on GigabitEthernet 2/0/3: # Configure the port as a trunk port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through. [PEA] interface gigabitethernet 2/0/3 [PEA-GigabitEthernet2/0/3] port link-type trunk [PEA-GigabitEthernet2/0/3] port trunk permit vlan 1000 2000 3000 # To enable interoperability with the third-party devices in the public network, set the TPID of the service provider network VLAN tags to 0x8200.

  • Page 166: Vlan Transparent Transmission Configuration Example

    VLAN transparent transmission configuration example Network requirements As shown in Figure The two branches of a company, Site 1 and Site 2, are connected through the service provider • network and use VLANs 10 through 50. PE 1 and PE 2 are edge devices on the service provider network and are connected through •...
  • Page 167 [PE1] interface GigabitEthernet 4/0/2 [PE1-GigabitEthernet4/0/2] port link-type trunk [PE1-GigabitEthernet4/0/2] port trunk permit vlan 10 to 50 # Set the TPID value in the outer VLAN tag to 0x8200 on the port. [PE1-GigabitEthernet4/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet4/0/2] quit Configure PE 2: Configure GigabitEthernet 4/0/1: # Configure GigabitEthernet 4/0/1 as a trunk port and assign it to VLANs 10 through 50.

  • Page 168: Configuring Vlan Termination

    Configuring VLAN termination In this chapter, for a packet that carries two or more layers of VLAN tags, the outermost layer of VLAN tags is called "Layer 1 VLAN tag," and the second outermost layer of VLAN tags is called "Layer 2 VLAN tag."...

  • Page 169: Vlan Termination Configuration Task List

    Figure 55 VLAN termination for inter-VLAN communication (through Layer 3 Ethernet subinterfaces) LAN-WAN communication Most packets sent out of LANs carry VLAN tags, but some WAN protocols such as ATM, Frame Relay, and PPP cannot recognize VLAN-tagged packets. Therefore, before sending VLAN-tagged packets to a WAN, the sending port must locally record VLAN information and remove VLAN tags from the packets.

  • Page 170: Configuring Dot1Q Termination

    A main interface cannot terminate VLAN-tagged packets, but you can create subinterfaces for it to • terminate VLAN-tagged packets. A subinterface can send and receive only VLAN-tagged packets. • Layer 3 Ethernet subinterfaces can terminate packets whose outermost VLAN IDs match the •...

  • Page 171: Configuring Ambiguous Dot1Q Termination

    Step Command Remarks • Enter Layer 3 Ethernet subinterface view: interface interface-type interface-number.subnumber Enter interface view. Use one of the commands. • Enter Layer 3 aggregate subinterface view: interface route-aggregation interface-number.subnumber Enable Dot1q termination on the subinterface, and configure the subinterface to By default, Dot1q termination terminate the VLAN-tagged vlan-type dot1q vid vlan-id...

  • Page 172: Configuring Unambiguous Qinq Termination

    Ambiguous QinQ termination—Terminates packets whose Layer 1 VLAN IDs match the specified • VLAN ID and Layer 2 VLAN IDs are in the specified range and does not allow any other VLAN-tagged packets to pass through the subinterface. When the subinterface receives a packet, it removes the two layers of VLAN tags of the packet.

  • Page 173: Enabling A Vlan Termination-Enabled Interface To Transmit Broadcasts And Multicasts

    Step Command Remarks • Enter Layer 3 Ethernet subinterface view: interface interface-type interface-number.subnumber Enter interface view. Use one of the commands. • Enter Layer 3 aggregate subinterface view: interface route-aggregation interface-number.subnumber Enable QinQ termination on the subinterface, and configure the subinterface By default, QinQ to terminate the vlan-type dot1q vid vlan-id second-dot1q...

  • Page 174: Unambiguous Dot1Q Termination Configuration Example

    value, and sets the TPID values in the other VLAN tags to 0x8100 if the packet carries two or more layers of VLAN tags. To set the TPID value for VLAN-tagged packets: Step Command Remarks Enter system view system-view • Enter Layer 3 Ethernet interface view: interface interface-type Use one of the commands.

  • Page 175: Configuration Procedure

    Figure 57 Network diagram Configuration procedure IMPORTANT: The vlan-type dot1q vid command is mandatory for devices that support it, because an Ethernet subinterface can be activated and transmit packets only after it is associated with VLANs. Configure Host A, Host B, Host C, and Host D: Configure Host A's IP address as 1.1.1.1/8, and gateway IP address as 1.0.0.1/8.

  • Page 176: Ambiguous Dot1Q Termination Configuration Example

    # Create GigabitEthernet 4/0/1.10, GigabitEthernet 4/0/1.20, GigabitEthernet 4/0/2.10, and GigabitEthernet 4/0/2.20, and then assign IP addresses to them. Configure GigabitEthernet 4/0/1.10 and GigabitEthernet 4/0/2.10 to terminate packets tagged with VLAN 10, and configure GigabitEthernet 4/0/1.20 and GigabitEthernet 4/0/2.20 to terminate packets tagged with VLAN 20.

  • Page 177: Configuration Procedure

    Figure 58 Network diagram Configuration procedure Configure Host A, Host B, and Host C: Configure the IP addresses of Host A, Host B, and Host C as 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24, respectively. Configure the gateway IP address as 1.1.1.1 1/24 for the hosts. Configure Layer 2 Switch A: # Assign Ethernet 1/1 to VLAN 11.

  • Page 178: Configuration Example For Dot1Q Termination Supporting Pppoe Server

    <Router> system-view [Router] interface GigabitEthernet 4/0/1.10 [Router-GigabitEthernet4/0/1.10] ip address 1.1.1.11 255.255.255.0 # Enable Dot1q termination on GigabitEthernet 4/0/1.10, and configure the subinterface to terminate VLAN-tagged packets whose Layer 1 VLAN ID is in the range of 11, 12, or 13. [Router-GigabitEthernet4/0/1.10] vlan-type dot1q vid 11 to 13 [Router-GigabitEthernet4/0/1.10] quit # Configure an IP address for GigabitEthernet4/0/2.

  • Page 179: Unambiguous Qinq Termination Configuration Example

    Configure related PPPoE settings on GigabitEthernet 4/0/1.10. For more information about the PPPoE configuration, see Layer 2—WAN Configuration Guide. Unambiguous QinQ termination configuration example Network requirements As shown in Figure 60, Host A connects to Layer 2 Switch A and belongs to VLAN 1 1. Host B connects to Layer 2 Switch C, which supports only single VLAN-tagged packets.

  • Page 180: Ambiguous Qinq Termination Configuration Example

    [L2_SwitchA-Ethernet1/1] port link-type hybrid [L2_SwitchA-Ethernet1/1] port hybrid vlan 11 tagged [L2_SwitchA-Ethernet1/1] port hybrid vlan 100 untagged Configure Layer 2 Switch B: # Configure Ethernet 1/2 as a trunk port, and assign the port to VLAN 11 and VLAN 100. <L2_SwitchB> system-view [L2_SwitchB] interface ethernet 1/2 [L2_SwitchB-Ethernet1/2] port link-type trunk [L2_SwitchB-Ethernet1/2] port trunk permit vlan 11 100...

  • Page 181: Configuration Procedure

    Figure 61 Network diagram Configuration procedure Configure Host A, Host B, and Host C: Configure the IP addresses of Host A, Host B, and Host C as 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24, respectively. Configure the gateway address as 1.1.1.1 1/24 for the hosts. Configure Layer 2 Switch A: # Assign Ethernet 1/1 to VLAN 11.

  • Page 182: Configuration Example For Qinq Termination Supporting Pppoe Server

    Configure L2 Switch B: # Configure Ethernet 1/2 as a trunk port, and assign the port to VLANs 11 through 13 and VLAN 100. <L2_SwitchB> system-view [L2_SwitchB] interface ethernet 1/2 [L2_SwitchB-Ethernet1/2] port link-type trunk [L2_SwitchB-Ethernet1/2] port trunk permit vlan 11 to 13 100 # Enable basic QinQ on Ethernet 1/2, and configure the port to add outer VLAN tag 100 to packets tagged with VLANs 11 through 13.

  • Page 183: Configuration Procedure

    Figure 62 Network diagram Configuration procedure Configure VLANs and QinQ termination. For the configuration procedure, see "Ambiguous QinQ termination configuration example." Configure related PPPoE settings on GigabitEthernet 4/0/1.10. For more information about the PPPoE configuration, see Layer 2—WAN Configuration Guide. Configuration example for QinQ termination supporting DHCP relay Network requirements...

  • Page 184: Configuration Procedure

    Figure 63 Network diagram Configuration procedure Configure DHCP relay agent Provider A: # Enable DHCP service. <ProviderA> system-view [ProviderA] dhcp enable # Create the DHCP server group. [ProviderA] dhcp relay server-group 1 ip 10.2.1.1 # Create a Layer 3 Ethernet subinterface GigabitEthernet 4/0/1.100. [ProviderA] interface GigabitEthernet 4/0/1.100 # Configure subinterface GigabitEthernet 4/0/1.100 to terminate packets whose Layer 2 VLAN ID is 10 or 20.
  • Page 185 [ProviderA-GigabitEthernet4/0/1.100] quit # Assign an IP address to the interface connecting to the DHCP server. [ProviderA] interface serial 2/1/1 [ProviderA-Serial2/1/1] ip address 10.1.1.1 24 Configure DHCP server Provider B: # Assign an IP address to the DHCP server. <ProviderB> system-view [ProviderB] interface serial 2/1/1 [ProviderB-Serial2/1/1] ip address 10.2.1.1 24 [ProviderB-Serial2/1/1] quit...
  • Page 186 # Configure Ethernet 1/1 as a trunk port and assign it to VLAN 20. [SwitchB] interface ethernet 1/1 [SwitchB-Ethernet1/1] port link-type trunk [SwitchB-Ethernet1/1] port trunk permit vlan 20 Configure Switch C: # Add Ethernet 1/2 to VLAN 10. <SwitchC> system-view [SwitchC] vlan 10 [SwitchC-vlan10] port ethernet 1/2 [SwitchC-vlan10] quit...

  • Page 187: Configuring Vlan Mapping

    VLAN mapping is supported on SAP modules that are operating in bridge mode. Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN •...

  • Page 188: Application Scenario Of One-To-Two And Two-To-Two Vlan Mapping

    Figure 64 Application scenario of one-to-one and many-to-one VLAN mapping To further sub-classify each type of traffic by customer, perform one-to-one VLAN mapping on the building devices, assigning a separate VLAN for each type of traffic from each customer. The required total number of VLANs in the network can be very large.

  • Page 189: Concepts And Terms

    Figure 65 Application scenario of one-to-two and two-to-two VLAN mapping One-to-two VLAN One-to-two VLAN Two-to-two VLAN mapping mapping mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...

  • Page 190: Vlan Mapping Implementations

    Figure 66 Basic concepts of VLAN mapping Network-side port Customer-side port Uplink traffic Downlink traffic These basic concepts include: Uplink traffic—Traffic transmitted from the customer network to the service provider network. • • Downlink traffic—Traffic transmitted from the service provider network to the customer network. Network-side port—A port connected to or closer to the service provider network.
  • Page 191 Figure 67 One-to-one VLAN mapping implementation Many-to-one VLAN mapping Implement many-to-one VLAN mapping through the following configurations, as shown in Figure Apply an uplink policy to incoming traffic on the customer-side port to map different CVLAN IDs to • one SVLAN ID. When a packet arrives, the switch replaces its CVLAN tag with the matching SVLAN tag.

  • Page 192: Vlan Mapping Configuration Tasks

    Figure 69 One-to-two VLAN mapping Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a • new SVLAN, and apply an outbound policy on the network-side port to replace the CVLAN with a new CVLAN.

  • Page 193: Configuring One-To-One Vlan Mapping

    Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on building devices (see Figure 64) to isolate traffic by both user and traffic type. Complete the following tasks to configure one-to-one VLAN mapping: Task Remarks Configuring an uplink policy Creates CVLAN-to-SVLAN mappings (required). Configuring a downlink policy Creates SVLAN-to-CVLAN mappings (required).

  • Page 194: Configuring A Downlink Policy

    Configuring a downlink policy To configure a downlink policy to map SVLANs back to CVLANs: Step Command Remarks Enter system view. system-view Create a class and enter class view: traffic classifier tcl-name [ operator { and | or } ] Repeat this step to Configure one class for an Configure an SVLAN as the match...

  • Page 195: Configuring The Network-Side Port

    Step Command Remarks Use one of the commands. • As a trunk port: By default: port trunk permit vlan { vlan-list | • A trunk port is assigned to Assign the port to all all } only VLAN 1. CVLANs. •...

  • Page 196: Configuration Prerequisites

    Complete the following tasks to configure many-to-one VLAN mapping: Task Remarks Enabling DHCP snooping Enables DHCP snooping globally (required). Enabling ARP detection in SVLANs Enables ARP detection in all SVLANs (required). Configuring an uplink policy Configures an uplink policy for the customer-side port (required). Configures VLAN and other settings required for many-to-one Configuring the customer-side port VLAN mapping (required).

  • Page 197: Configuring An Uplink Policy

    Configuring an uplink policy To configure an uplink policy to map a group of CVLANs to one SVLAN: Step Command Remarks Enter system view. system-view Create a class and enter class view: traffic classifier tcl-name operator or Configure multiple Configure one class for a Repeat this step to configure one CVLANs as match criteria: group of CVLANs.

  • Page 198: Configuring The Network-Side Port

    Step Command Remarks • Configure the port as a trunk port: Use one of the commands. port link-type trunk Configure the link type of The default link type of an Ethernet the port. • Configure the port as a hybrid port: port is access.

  • Page 199: Configuring One-To-Two Vlan Mapping

    Configuring one-to-two VLAN mapping Perform one-to-two VLAN mapping on the edge devices from which customer traffic enters SP networks, on PE 1 and PE 4 in Figure 65 for example. One-to-two VLAN mapping enables the edge devices to insert an outer VLAN tag to each incoming packet. Complete the following tasks to configure one-to-two VLAN mapping: Task Remarks...

  • Page 200: Configuring The Customer-Side Port

    Step Command Remarks Repeat this step to create Associate the class with classifier tcl-name behavior behavior-name class-behavior associations the behavior. mode dot1q-tag-manipulation for other CVLANs. Configuring the customer-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number...

  • Page 201: Configuring Two-To-Two Vlan Mapping

    Step Command Remarks By default: • As a trunk port: • A trunk port is assigned to only port trunk permit vlan { vlan-list | all } Assign the port to VLAN 1. all SVLANs. • As a hybrid port: •...

  • Page 202: Configuring An Uplink Policy For The Network-Side Port

    Step Command Remarks Create a class and enter class view: traffic classifier tcl-name [ operator and ] Specify a foreign CVLAN as a match Configure one criterion: Repeat this step to create one class class for a foreign if-match customer-vlan-id vlan-id for each foreign CVLAN and CVLAN and Specify a foreign SVLAN as a match...

  • Page 203: Configuring A Downlink Policy For The Customer-Side Port

    Step Command Remarks Create a traffic behavior and enter traffic behavior view: Configure one traffic behavior behavior-name CVLAN marking Repeat this step to configure one Configure a CVLAN marking action action for a local CVLAN marking action for each to replace the foreign CVLAN ID with SVLAN and local SVLAN and foreign CVLAN a local CVLAN ID:...

  • Page 204: Configuring The Customer-Side Port

    Step Command Remarks Create a QoS policy and enter qos policy policy-name QoS policy view. Associate the class Repeat this step to create other classifier tcl-name behavior behavior-name with the behavior. class-behavior associations. Configuring the customer-side port Step Command Remarks Enter system view.

  • Page 205: Vlan Mapping Configuration Examples

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Ethernet port group view: port-group manual port-group-name • Configure the port as a trunk port: port link-type trunk Configure the link type of The default link type of an Ethernet the port.
  • Page 206 Figure 71 Network diagram Configuration procedure Configure Router A: # Create the CVLANs and the SVLANs. <RouterA> system-view [RouterA] vlan 2 to 3 [RouterA] vlan 101 to 102 [RouterA] vlan 201 to 202 [RouterA] vlan 301 to 302 # Configure uplink policies p1 and p2 to enable one SVLAN to transmit one service for one customer.
  • Page 207 [RouterA-classifier-c1] traffic classifier c2 [RouterA-classifier-c2] if-match customer-vlan-id 2 [RouterA-classifier-c2] traffic classifier c3 [RouterA-classifier-c3] if-match customer-vlan-id 3 [RouterA-classifier-c3] quit [RouterA] traffic behavior b1 [RouterA-behavior-b1] remark service-vlan-id 101 [RouterA-behavior-b1] traffic behavior b2 [RouterA-behavior-b2] remark service-vlan-id 201 [RouterA-behavior-b2] traffic behavior b3 [RouterA-behavior-b3] remark service-vlan-id 301 [RouterA-behavior-b3] traffic behavior b4 [RouterA-behavior-b4] remark service-vlan-id 102 [RouterA-behavior-b4] traffic behavior b5...
  • Page 208 [RouterA-behavior-b33] quit [RouterA] qos policy p11 [RouterA-policy-p11] classifier c11 behavior b11 [RouterA-policy-p11] classifier c22 behavior b22 [RouterA-policy-p11] classifier c33 behavior b33 [RouterA-policy-p11] quit [RouterA] qos policy p22 [RouterA-policy-p22] classifier c44 behavior b11 [RouterA-policy-p22] classifier c55 behavior b22 [RouterA-policy-p22] classifier c66 behavior b33 [RouterA-policy-p22] quit # Assign customer-side port GigabitEthernet 4/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301.
  • Page 209 [RouterC-vlan301] arp detection enable [RouterC-vlan301] vlan 102 [RouterC-vlan102] arp detection enable [RouterC-vlan102] vlan 202 [RouterC-vlan202] arp detection enable [RouterC-vlan202] vlan 302 [RouterC-vlan302] arp detection enable [RouterC-vlan302] vlan 103 [RouterC-vlan103] arp detection enable [RouterC-vlan103] vlan 203 [RouterC-vlan203] arp detection enable [RouterC-vlan203] vlan 303 [RouterC-vlan303] arp detection enable [RouterC-vlan303] vlan 104 [RouterC-vlan104] arp detection enable...
  • Page 210 [RouterC] qos policy p1 [RouterC-policy-p1] classifier c1 behavior b1 mode dot1q-tag-manipulation [RouterC-policy-p1] classifier c2 behavior b2 mode dot1q-tag-manipulation [RouterC-policy-p1] classifier c3 behavior b3 mode dot1q-tag-manipulation [RouterC-policy-p1] quit [RouterC] qos policy p2 [RouterC-policy-p2] classifier c4 behavior b1 mode dot1q-tag-manipulation [RouterC-policy-p2] classifier c5 behavior b2 mode dot1q-tag-manipulation [RouterC-policy-p2] classifier c6 behavior b3 mode dot1q-tag-manipulation [RouterC-policy-p2] quit # Assign customer-side port GigabitEthernet 4/0/1 to CVLANs 101, 201, 301, 102, 202, 302,...

  • Page 211: One-To-Two And Two-To-Two Vlan Mapping Configuration Example

    One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure 72, two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively. The two sites use different VPN access services from different service providers, SP 1 and SP 2.
  • Page 212 [PE1-GigabitEthernet4/0/1] quit # Configure network-side port GigabitEthernet 4/0/2 as a trunk port, and assign it to VLAN 100. [PE1] interface GigabitEthernet 4/0/2 [PE1-GigabitEthernet4/0/2] port link-type trunk [PE1-GigabitEthernet4/0/2] port trunk permit vlan 100 Configure PE 2: # Configure port GigabitEthernet 4/0/1 as a trunk port, and assign it to VLAN 100. <PE2>...
  • Page 213 [PE3-classifier-up_uplink] if-match customer-vlan-id 10 [PE3-classifier-up_uplink] if-match service-vlan-id 200 [PE3-classifier-up_uplink] quit [PE3] traffic behavior up_uplink [PE3-behavior-up_uplink] remark customer-vlan-id 30 [PE3-behavior-up_uplink] quit [PE3] qos policy up_uplink [PE3-qospolicy-up_uplink] classifier up_uplink behavior up_uplink [PE3-qospolicy-up_uplink] quit # Configure customer-side port GigabitEthernet 4/0/1 as a trunk port, assign it to VLAN 200, and apply uplink policy down_uplink to incoming traffic and downlink policy down_downlink to outgoing traffic on the port.
  • Page 214 [PE4-GigabitEthernet4/0/2] qinq enable [PE4-GigabitEthernet4/0/2] qos apply policy test inbound...

  • Page 215: Configuring Lldp

    Configuring LLDP Overview In a heterogeneous network, having a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration information for the sake of interoperability and management. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 216 Field Description Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame. LLDPDU encapsulated in SNAP Figure 74 LLDPDU encapsulated in SNAP Table 21 Fields in a SNAP-encapsulated LLDPDU Field Description MAC address to which the LLDPDU is advertised. It is fixed at Destination MAC address 0x0180-C200-000E, a multicast MAC address.
  • Page 217 Basic management TLVs • • Organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs LLDP-MED (media endpoint discovery) TLVs • Basic management TLVs are essential to device management. Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management, and they are defined by standardization or other organizations and are optional to LLDPDUs.
  • Page 218 NOTE: The power stateful control TLV is defined in IEEE P802.3at D1.0. Later versions no longer support this TLV. HP devices send this type of TLV only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for VoIP, such as basic configuration, network policy configuration, and address and directory management.

  • Page 219: Work Mechanism

    Type Description Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name. Model Name Allows a terminal device to advertise its model name. Allows a terminal device to advertise its asset ID. The typical case is Asset ID that the user specifies the asset ID for the endpoint to assist directory management and asset tracking.

  • Page 220: Protocols And Standards

    Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the TTL value in the Time to Live TLV carried in the LLDPDU.

  • Page 221: Setting The Lldp Operating Mode

    Step Command Remarks Enter system view. system-view Enable LLDP globally. lldp enable LLDP is globally disabled. • Enter Layer 2/Layer 3 Ethernet interface view: Enter Ethernet interface interface interface-type interface-number Use either command. view or port group view. • Enter port group view: port-group manual port-group-name Optional.

  • Page 222: Enabling Lldp Polling

    Step Command Remarks Optional. Set the LLDP re-initialization lldp timer reinit-delay delay delay. The default setting is 2 seconds. Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. On detecting a configuration change, the device sends LLDPDUs to inform neighboring devices of the change. To enable LLDP polling: Step Command...

  • Page 223: Configuring The Management Address And Its Encoding Format

    Step Command Remarks Optional. lldp tlv-enable { basic-tlv { all | port-description | system-capability | By default, all types of system-description | system-name } | LLDP TLVs, except the IEEE Configure the advertisable dot3-tlv { all | link-aggregation | mac-physic 802.1 organizationally TLVs in Layer 3 Ethernet | max-frame-size | power } | med-tlv { all |...

  • Page 224: Setting Other Lldp Parameters

    Step Command Remarks Optional. Configure the encoding lldp management-address-format By default, the management format of the management string address is encapsulated in numeric address as a character string. format. Setting other LLDP parameters The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.

  • Page 225: Configuring Cdp Compatibility

    Ethernet II encapsulation—An LLDP port sends LLDPDUs in Ethernet II frames and processes only • incoming, Ethernet II encapsulated LLDPDUs. SNAP encapsulation—An LLDP port sends LLDPDUs in SNAP frames and processes only incoming, • SNAP encapsulated LLDPDUs. By default, LLDPDUs are encapsulated in Ethernet II frames. If neighbor devices encapsulate LLDPDUs in SNAP frames, configure the encapsulation format for LLDPDUs as SNAP to guarantee normal communication with neighbors.

  • Page 226: Configuring Cdp Compatibility

    Enable LLDP on the port connecting to an IP phone and configure the port to operate in TxRx mode. • Configuring CDP compatibility CDP-compatible LLDP operates in one of the following modes: TxRx—CDP packets can be transmitted and received. • Disable—CDP packets can be neither transmitted nor received.

  • Page 227: Displaying And Maintaining Lldp

    Step Command Remarks By default, LLDP trapping is Enable LLDP trapping. lldp notification remote-change enable disabled. Return to system view. quit Optional. Set the LLDP trap transmit lldp timer notification-interval interval The default setting is 5 interval. seconds. Displaying and maintaining LLDP Task Command Remarks...
  • Page 228 Figure 76 Network diagram Configuration procedure Configure Router A: # Enable LLDP globally. <RouterA> system-view [RouterA] lldp enable # Enable LLDP on GigabitEthernet 4/0/1 and GigabitEthernet 4/0/2. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx. [RouterA] interface GigabitEthernet 4/0/1 [RouterA-GigabitEthernet4/0/1] lldp enable [RouterA-GigabitEthernet4/0/1] lldp admin-status rx...
  • Page 229 Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet4/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 Port 2 [GigabitEthernet4/0/2]:...

  • Page 230: Cdp-Compatible Lldp Configuration Example

    Polling interval : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet4/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s...
  • Page 231 [Router] interface GigabitEthernet 4/0/2 [Router-GigabitEthernet4/0/2] port link-type trunk [Router-GigabitEthernet4/0/2] voice vlan 2 enable [Router-GigabitEthernet4/0/2] quit Configure CDP-compatible LLDP on Router: # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [Router] lldp enable [Router] lldp compliance cdp # Enable LLDP on GigabitEthernet 4/0/1 and GigabitEthernet 4/0/2.

  • Page 232: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 233: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 234 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 235: Index

    Index A B C D E G L M O P Q R S U V Configuring destination multicast MAC address for BPDUs,85 Ambiguous Dot1q termination configuration Configuring digest snooping,69 example,167 Configuring Dot1q termination,161 Ambiguous QinQ termination configuration Configuring edge ports,62 example,171 Configuring IP subnet-based...
  • Page 236 Configuring the TPID for VLAN-tagged packets,164 Overview,206 Configuring the TPID value in VLAN tags,150 Overview,39 Configuring two-to-two VLAN mapping,192 Overview,1 1 Contacting HP,223 Overview,178 Conventions,224 Overview,1 19 Creating sub-VLANs,1 14 Overview,88 Overview,81 Disabling MAC address learning,3 Displaying and maintaining Ethernet link...

This manual is also suitable for:

Hsr6600

Table of Contents