HP A3100-8 v2 SI Configuration Manual

A3100 v2 switch series layer 2 - lan switching.
Hide thumbs
HP A3100 v2 Switch Series
Layer 2 - LAN Switching
HP A3100-8 v2 SI Switch (JG221A)
HP A3100-16 v2 SI Switch (JG222A)
HP A3100-24 v2 SI Switch (JG223A)
HP A3100-8 v2 EI Switch (JD318B)
HP A3100-16 v2 EI Switch (JD319B)
HP A3100-24 v2 EI Switch (JD320B)
HP A3100-8-PoE v2 EI Switch (JD311B)
HP A3100-16-PoE v2 EI Switch (JD312B)
HP A3100-24-PoE v2 EI Switch (JD313B)
Part number: 5998-1964
Software version: Release 5103
Document version: 6W100-20110909

Advertising

   Related Manuals for HP A3100-8 v2 SI

   Summary of Contents for HP A3100-8 v2 SI

  • Page 1: Configuration Guide

    HP A3100 v2 Switch Series Layer 2 - LAN Switching Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16 v2 EI Switch (JD319B)

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Ethernet interface configuration ·································································································································· 1 Ethernet interface overview ··············································································································································1 Ethernet interface naming conventions ··················································································································1 Configuring a combo interface·······························································································································1 Configuring basic settings of an Ethernet interface·······································································································2 Configuring duplex mode and speed on an Ethernet interface ··········································································2 Setting speed options for auto negotiation on an Ethernet interface··································································3 Configuring flow control on an Ethernet interface································································································4 Configuring link change suppression on an Ethernet interface···········································································4 Configuring loopback testing on an Ethernet interface························································································5...

  • Page 4: Table Of Contents

    Configuring the MAC Information queue length································································································ 24 MAC Information configuration example ···················································································································· 25 Ethernet link aggregation configuration ···················································································································26 Overview········································································································································································· 26 Basic concepts ······················································································································································· 26 Aggregating links in static mode ························································································································· 29 Aggregating links in dynamic mode ··················································································································· 30 Load-sharing criteria for link aggregation groups ····························································································· 32 Ethernet link aggregation configuration task list·········································································································...

  • Page 5: Table Of Contents

    Configuring the maximum port rate ···················································································································· 66 Configuring ports as edge ports ·························································································································· 67 Configuring path costs of ports···························································································································· 67 Configuring port priority······································································································································· 70 Configuring the link type of ports ························································································································ 70 Configuring the mode a port uses to recognize/send MSTP packets ····························································· 71 Enabling the output of port state transition information ····················································································...

  • Page 6

    Configuring a voice VLAN··········································································································································117 Configuration prerequisites ································································································································117 Configuring QoS priority settings for voice traffic on an interface································································118 Configuring a port to operate in automatic voice VLAN assignment mode ·················································118 Configuring a port to operate in manual voice VLAN assignment mode ·····················································119 Displaying and maintaining voice VLAN ··················································································································120 Voice VLAN configuration examples ·························································································································120 Automatic voice VLAN mode configuration example ·····················································································120...

  • Page 7

    Displaying and maintaining LLDP·······························································································································176 LLDP configuration examples ······································································································································177 Basic LLDP configuration example ·····················································································································177 CDP-compatible LLDP configuration example (available only on the A3100 v2 EI)····································179 Support and other resources ·································································································································· 182 Contacting HP ······························································································································································182 Subscription service ············································································································································182 Related information······················································································································································182 Documents ····························································································································································182 Websites·······························································································································································182 Conventions ··································································································································································183...

  • Page 8: Ethernet Interface Configuration

    Ethernet interface configuration Ethernet interface overview Ethernet interface naming conventions The Ethernet interfaces on the A3100 v2 Switch Series are named in the format of interface-type A/B/C, where the following definitions apply: A Specifies the ID of a switch. The value can only be 1. •...

  • Page 9

    To do… Use the command… Remarks Optional Activate the copper combo port or combo enable { copper | fiber } By default, the copper combo port fiber combo port is active. Configuring basic settings of an Ethernet interface Configuring duplex mode and speed on an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: Full-duplex mode (full).

  • Page 10

    To do… Use the command… Remarks Optional By default, an Ethernet interface is in Shut down the Ethernet interface shutdown the up state. To bring up an Ethernet interface, use the undo shutdown command. Setting speed options for auto negotiation on an Ethernet interface Speed auto negotiation enables an Ethernet interface to negotiate with its peer for the highest speed supported that both ends support by default.

  • Page 11: Configuring Flow Control On An Ethernet Interface

    NOTE: Among the auto-negotiation-capable Layer 2 ports, the FE copper ports support only the 10 and 100 • keywords, the GE copper ports support all keywords, and the GE fiber ports support only the 100 and 1000 keywords. The speed and speed auto commands supersede each other, and whichever is configured last takes •...

  • Page 12: Configuring Loopback Testing On An Ethernet Interface

    Configuring link-down event suppression Follow these steps to enable an Ethernet interface to suppress link-down events: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Set a link-down event suppression link-delay delay-time Link-down event suppression is interval...

  • Page 13: Configuring A Port Group

    Ethernet interface, insert a loopback plug into the interface. During external loopback testing, the interface sends a certain number of test packets, which are looped over the plug and back to the interface. If the interface fails to receive any test packet, the hardware of the interface is faulty. Figure 3 External loopback testing Follow these steps to enable Ethernet interface loopback testing: To do…...

  • Page 14

    To do… Use the command… Remarks Enter system view system-view — Create a port group and enter port port-group manual Required group view port-group-name Assign Ethernet interfaces to the group-member interface-list Required port group Configuring traffic storm protection A traffic storm occurs when a large amount of broadcast, multicast, or unknown unicast packets congest a network.

  • Page 15

    To do… Use the command… Remarks Optional Set a multicast suppression multicast-suppression { ratio | pps By default, all multicast traffic is threshold max-pps | kbps max-bps } allowed to pass through an interface. Optional Set a unicast suppression unicast-suppression { ratio | pps By default, all unknown unicast threshold max-pps | kbps max-bps }...

  • Page 16

    To do… Use the command… Remarks Optional By default, the interface sends Enable the interface to send storm traps when monitored traffic storm-constrain enable trap control threshold event traps exceeds the upper threshold or drops below the lower threshold from the upper threshold. Optional By default, the interface outputs log Enable the interface to log storm...

  • Page 17: Enabling Loopback Detection On An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — Optional Configure jumbo frame support jumboframe enable By default, an Ethernet interface accepts jumbo frames (up to 2048 bytes). Enabling loopback detection on an Ethernet interface Enabling single-port loopback detection on an Ethernet Interface If an interface receives a packet that it sent, a loop occurs.

  • Page 18: Setting The Mdi Mode Of An Ethernet Interface

    To do… Use the command… Remarks or port group To configure loopback detection view on one interface, enter Ethernet interface view. Enter port port-group manual group view port-group-name To configure loopback detection on a group of Ethernet interfaces, enter port group view. Required Enable loopback detection on the loopback-detection enable...

  • Page 19: Testing The Cable Connection Of An Ethernet Interface

    You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of cables, a copper Ethernet interface can operate in one of the following Medium Dependent Interface (MDI) modes: • Across mode Normal mode •...

  • Page 20: Displaying And Maintaining An Ethernet Interface

    To do… Use the command… Remarks interface interface-type Enter Ethernet interface view — interface-number Test the cable connected to the virtual-cable-test Required Ethernet interface Displaying and maintaining an Ethernet interface To do… Use the command… Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface or Available in any view...

  • Page 21: Loopback Interface

    Loopback and null interface configuration Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link-layer protocols of a loopback interface are always up unless the •...

  • Page 22: Null Interface

    To do… Use the command… Remarks Restore the default settings for the default Optional interface NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration information, see the Guide Null interface...

  • Page 23: Displaying And Maintaining Loopback And Null Interfaces

    Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface loopback [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]...

  • Page 24: Overview

    MAC address table configuration Overview Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the switch first looks up the MAC address of the frame in the MAC address table for a match.

  • Page 25: Mac Address Table-based Frame Forwarding

    Blackhole entries, which are manually configured and never age out. Blackhole entries are • configured for filtering out frames with specific destination MAC addresses. For example, to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry.

  • Page 26: Disabling Mac Address Learning

    To do… Use the command… Remarks Enter system view system-view — Configure static or mac-address { dynamic | static } Required dynamic MAC mac-address interface interface-type address table Use either command. interface-number vlan vlan-id Configure MAC entries Make sure that you address table Configure have created the VLAN...

  • Page 27: Configuring The Aging Timer For Dynamic Mac Address Entries

    NOTE: When MAC address learning is disabled, the obtained MAC addresses remain valid until they age out • For more information about port groups, see the chapter “Ethernet interface configuration.” • Disabling MAC address learning on a VLAN (available only on the A3100 v2 EI) You can disable MAC address learning on a per-VLAN basis.

  • Page 28: Displaying And Maintaining Mac Address Tables

    To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type Use either command. interface view interface-number Enter Layer 2 The configuration made in Layer 2 Ethernet Ethernet interface view takes effect interface view on the current interface only.

  • Page 29

    Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface ethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port Ethernet 1/0/1.

  • Page 30

    MAC Information configuration Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.

  • Page 31: Configuring Mac Information Mode

    To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Enable MAC Information on the mac-address information enable interface { added | deleted } Disabled by default. NOTE: To enable MAC Information on an Ethernet interface, enable MAC Information globally first.

  • Page 32: Mac Information Configuration Example

    MAC Information configuration example Network requirements Host A is connected to a remote server (Server) through Device. • Enable MAC Information on Ethernet 1/0/1 on Device. Device sends MAC address changes in • Syslog messages to Host B through Ethernet 1/0/3. Host B analyzes and displays the Syslog messages.

  • Page 33

    Ethernet link aggregation configuration Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an “aggregate link”. Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...

  • Page 34

    Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of this operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port might affect its aggregation state.

  • Page 35: Link Aggregation Modes

    LACP functions The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described in Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port LACP priority, port number, and operational key. Each member port in a LACP-enabled aggregation group exchanges the preceding Basic LACP functions information with its peer.

  • Page 36: Aggregating Links In Static Mode

    Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust Aggregation is stable. Peers do the aggregation state according Static Disabled not affect the aggregation state of to that of the peer ports.

  • Page 37: Aggregating Links In Dynamic Mode

    Figure 6 Set the aggregation state of a member port in a static aggregation group NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two • configurations on any member port. • If a static aggregation group has reached the limit on Selected ports, any port that joins the group is placed in the Unselected state to avoid traffic interruption on the current Selected ports.

  • Page 38

    The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.

  • Page 39: Load-sharing Criteria For Link Aggregation Groups

    Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...

  • Page 40: Configuring A Static Aggregation Group

    Table 6 Features incompatible with Layer 2 aggregation groups Feature Reference MAC authentication MAC authentication configuration in the Security Configuration Guide Port security Port security configuration in the Security Configuration Guide IP source guard IP source guard configuration in the Security Configuration Guide 802.1X 802.1X configuration in the Security Configuration Guide NOTE:...

  • Page 41: Configuring An Aggregate Interface

    NOTE: To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Follow these steps to configure a Layer 2 dynamic aggregation group: To do...

  • Page 42: Configuring The Description Of An Aggregate Interface

    NOTE: Most configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes, such as describing the purpose of the interface.

  • Page 43: Shutting Down An Aggregate Interface

    This minimum threshold setting affects the aggregation state of both aggregation member ports and the aggregate interface in the following ways: • When the number of member ports eligible for being selected is smaller than the minimum threshold, all member ports change to the Unselected state and the link of the aggregate interface goes down.

  • Page 44: Configuring Load Sharing For Link Aggregation Groups

    To do... Use the command... Remarks Enter system view system-view — interface bridge-aggregation Enter aggregate interface view — interface-number Restore the default settings for the default Required aggregate interface Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load-sharing criteria.

  • Page 45: Displaying And Maintaining Ethernet Link Aggregation

    Displaying and maintaining Ethernet link aggregation To do... Use the command... Remarks display interface bridge-aggregation [ brief [ down ] ] [ | { begin | exclude | include } Display information for an regular-expression ] aggregate interface or multiple Available in any view display interface bridge-aggregation aggregate interfaces...

  • Page 46

    Configure a Layer 2 static link aggregation group on Device A and Device B, respectively. Enable • VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end. •...

  • Page 47: Layer 2 Dynamic Aggregation Configuration Example

    NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait... Done. Configuring Ethernet1/0/1... Done. Configuring Ethernet1/0/2... Done. Configuring Ethernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria.

  • Page 48

    Device A and Device B are connected through their respective Layer 2 Ethernet interfaces Ethernet • 1/0/1 through Ethernet 1/0/3. • Configure a Layer 2 dynamic link aggregation group on Device A and Device B, respectively. Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.

  • Page 49

    [DeviceA-Ethernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...

  • Page 50: Introduction To Port Isolation

    VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called “isolated ports.”...

  • Page 51: Displaying And Maintaining Isolation Groups

    Displaying and maintaining isolation groups To do… Use the command… Remarks display port-isolate group [ | Display information about the isolation group { begin | exclude | include } Available in any view regular-expression ] Port isolation configuration example Network requirements As shown in Figure Hosts A, B, and C are connected to port Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 of...

  • Page 52

    <Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/3...

  • Page 53: Introduction To Stp

    MSTP configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy. The recent versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).

  • Page 54: Basic Concepts In Stp

    Hello time: Configuration BPDU transmission interval. • • Forward delay: Delay that STP bridges use to transition port state. Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The root bridge is not permanent, but can change along with changes of the network topology.

  • Page 55: How Stp Works

    Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree. How STP works NOTE: The spanning tree calculation process described in the following sections is a simplified process for...

  • Page 56

    Table 9 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: • If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and keeps the configuration BPDU this port generated.

  • Page 57

    Table 10 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1...

  • Page 58

    Configuration BPDU on Device Comparison process ports after comparison • Device B compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port B1 is the optimum, and selects Port B1 as the root port with the configuration BPDU unchanged.

  • Page 59

    Configuration BPDU on Device Comparison process ports after comparison • Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of Port C2 is the optimum, and...

  • Page 60: Introduction To Rstp

    If the configuration BPDU received on a designated port has a lower priority than the configuration • BPDU of the local port, the port immediately sends its own configuration BPDU in response. • If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded because of timeout.

  • Page 61: Introduction To Mstp

    Introduction to MSTP Why MSTP Limitations of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before it transits to the forwarding state, even if it is a port on a point-to-point link or an edge port.

  • Page 62: Basic Concepts In Mstp

    Basic concepts in MSTP Figure 14 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1...

  • Page 63

    MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • MSTP-enabled Same region name • Same VLAN-to-instance mapping configuration •...

  • Page 64

    Common root bridge The common root bridge is the root bridge of the CIST. Figure 14, for example, the common root bridge is a device in MST region 1. Roles of ports A port can play different roles in different MSTIs. As shown in Figure 16, an MST region comprises Device A, Device B, Device C, and Device D.

  • Page 65: How Mstp Works

    Port states In MSTP, a port can be in one of the following states: • Forwarding: The port receives and sends BPDUs, obtains MAC addresses, and forwards user traffic. Learning: The port receives and sends BPDUs, obtains MAC addresses, but does not forward user •...

  • Page 66: Implementation Of Mstp On Devices

    Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold •...

  • Page 67

    Task Remarks Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the MSTP feature Required Configuring an MST region Required Configuring the work mode of an MSTP device Optional Configuring the timeout factor Optional...

  • Page 68: Configuring Mstp

    Configuring MSTP Configuring an MST region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration —...

  • Page 69: Configuring The Root Bridge Or A Secondary Root Bridge

    Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.

  • Page 70: Configuring The Work Mode Of An Mstp Device

    Configuring the work mode of an MSTP device MSTP and RSTP are mutually compatible and can recognize each other’s protocol packets. However, STP cannot recognize MSTP packets. For hybrid networking with legacy STP devices, and for full interoperability with RSTP-enabled devices, MSTP supports the following work modes: STP-compatible mode, RSTP mode, and MSTP mode.

  • Page 71: Configuring The Network Diameter Of A Switched Network

    Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a switch receives this configuration BPDU, it decrements the hop count by 1, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches 0, it is discarded by the device that received it.

  • Page 72

    Max age ƒ 2 × (hello time + 1 second) HP does not recommend you to manually set the timers. Instead, you can use the stp bridge-diameter command to set the network diameter, and let the network automatically adjust the three timers according to the network size.

  • Page 73: Configuring The Timeout Factor

    By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes unstable. HP recommends that you use the default setting.

  • Page 74: Configuring Ports As Edge Ports

    Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When a network topology change occurs, an edge port will not cause a temporary loop.

  • Page 75

    Follow these steps to specify a standard for the device to use when it calculates the default path cost: To do... Use the command... Remarks Enter system view system-view — Optional Specify a standard for the device stp pathcost-standard By default, the device calculates to use when it calculates the default { dot1d-1998 | dot1t | legacy } the default path cost for ports...

  • Page 76: Configuration Example

    Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing 3 selected ports Aggregate interface containing 4 selected ports NOTE: When calculating path cost for an aggregate interface, IEEE 802.1d-1998 does not take into account the number of selected ports in its aggregation group as IEEE 802.1t does.

  • Page 77: Configuring Port Priority

    Configuring port priority The priority of a port is an important factor in determining whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority will be elected as the root port.

  • Page 78: Configuring The Mode A Port Uses To Recognize/send Mstp Packets

    If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. HP recommends that you use the default setting, and let MSTP detect the link status automatically.

  • Page 79: Enabling The Output Of Port State Transition Information

    NOTE: MSTP provides the MSTP packet format incompatibility guard function. In MSTP mode, if a port is • configured to recognize/send MSTP packets in a mode other than auto, and if it receives a packet in a format different from the specified type, the port becomes a designated port and remains in the discarding state to prevent the occurrence of a loop.

  • Page 80: Performing Mcheck

    NOTE: In system view, you can use the stp enable or undo stp enable command to enable or disable STP • globally. You can use the undo stp enable command to disable the MSTP feature for certain ports so that they will •...

  • Page 81

    To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated • ports. HP recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.

  • Page 82: Configuring No Agreement Check

    As shown in Figure • Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region. Enable Digest Snooping on the ports of Device A and Device B that connect Device C, so that the •...

  • Page 83

    For MSTP, the root port of the downstream device sends an agreement packet only after it receives • an agreement packet from the upstream device. • For RSTP, the downstream device sends an agreement packet regardless of whether an agreement packet from the upstream device is received.

  • Page 84: Configuring Tc Snooping

    Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, • assigning them to the same region. Configuring the No Agreement Check function To make the No Agreement Check feature take effect, enable it on the root port. Follow these steps to configure No Agreement Check: To do...

  • Page 85

    Figure 21 TC snooping application scenario In the network, Device A transparently transmits the received STP BPDUs and does not participate in STP calculations. When a topology change occurs to the customer networks, Device A might need a long time to learn the correct MAC address table entries and ARP entries, affecting forwarding of service traffic.

  • Page 86: Configuring Protection Functions

    Configuring protection functions An MSTP-enabled device supports the following protection functions: BPDU guard • Root guard • Loop guard • TC-BPDU guard • • BPDU drop Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.

  • Page 87

    receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected to this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.

  • Page 88

    6 by default. period after it receives the first TC-BPDU NOTE: HP does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 89: Displaying And Maintaining Mstp

    Displaying and maintaining MSTP To do... Use the command... Remarks Display information about abnormally display stp abnormal-port [ | { begin | Available in any view blocked ports exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports Available in any view instance-id ] ] [ | { begin | exclude |...

  • Page 90

    Figure 22 Network diagram for MSTP configuration Configuration procedure Configure VLANs and VLAN member ports (details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.

  • Page 91

    [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.

  • Page 92

    [DeviceD] stp enable Verify the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port Role...

  • Page 93

    Figure 23 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link...

  • Page 94: Introduction To Bpdu Tunneling

    BPDU tunneling configuration (available only on the A3100 v2 EI) Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.

  • Page 95: Bpdu Tunneling Implementation

    NOTE: Depending on the switch models, HP devices support BPDU tunneling for the following protocols: Cisco Discovery Protocol (CDP) • HW Group Management Protocol (HGMP) • Link Aggregation Control Protocol (LACP) • Per VLAN Spanning Tree (PVST) • Spanning tree protocol (STP) •...

  • Page 96: Configuring Bpdu Tunneling

    Figure 25 Network diagram for BPDU tunneling implementation As shown in Figure 25, the upper part is the service provider network (ISP network), and the lower part represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2.

  • Page 97: Enabling Bpdu Tunneling

    Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the • current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for HGMP, or STP on a port, disable the protocol on the port.

  • Page 98: Bpdu Tunneling Configuration Examples

    To do… Use the command… Remarks Optional Configure the destination multicast bpdu-tunnel tunnel-dmac MAC address for BPDUs mac-address 0x010F-E200-0003 by default. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network. BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements...

  • Page 99: Bpdu Tunneling For Pvst Configuration Example

    [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port access vlan 2 # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-Ethernet1/0/1] undo stp enable [PE1-Ethernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2>...

  • Page 100

    # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure Ethernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port link-type trunk [PE1-Ethernet1/0/1] port trunk permit vlan all # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.

  • Page 101: Introduction To Vlan

    VLAN configuration Introduction to VLAN VLAN overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.

  • Page 102: Types Of Vlans

    The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure Figure 29 Format of a traditional Ethernet frame...

  • Page 103: Configuring Basic Vlan Settings

    Policy • • Other criteria NOTE: The A3100 v2 EI Switch Series supports port-based VLAN, MAC-based VLAN, and protocol-based • VLAN. The A3100 v2 SI Switch Series supports port-based VLAN and MAC-based VLAN. • The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings.

  • Page 104: Port-based Vlan Configuration

    VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from that of the VLAN.

  • Page 105

    VLAN, see the chapter “Voice VLAN configuration.” • HP recommends that you set the same PVID for the local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the •...

  • Page 106: Assigning An Access Port To A Vlan

    Assigning an access port to a VLAN You can assign an access port to a VLAN in VLAN view, interface view (including Ethernet interface view and Layer 2 aggregate interface view), or port group view. Follow these steps to assign one or multiple access ports to a VLAN in VLAN view: To do…...

  • Page 107: Assigning A Trunk Port To A Vlan

    Assigning a trunk port to a VLAN A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a trunk port to one or multiple VLANs: To do…...

  • Page 108: Assigning A Hybrid Port To A Vlan

    Assigning a hybrid port to a VLAN A hybrid port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a hybrid port to one or multiple VLANs: To do…...

  • Page 109

    Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A, and access the enterprise network through different • devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices.

  • Page 110

    Verification Host A and Host C and ping each other successfully, but they both fail to ping Host B. Host B and Host D and ping each other successfully, but they both fail to ping Host A. Determine whether the configuration is successful by displaying relevant VLAN information. # Display information about VLANs 100 and 200 on Device A: [DeviceA-Ethernet1/0/3] display vlan 100 VLAN ID: 100...

  • Page 111

    When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is • permitted by the port, or otherwise drops the frame. Approach 2: Dynamic MAC-based VLAN You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access.

  • Page 112

    NOTE: After enabling MAC-based VLAN on the switch, you must configure related authentication settings on the Security access authentication server. For more information about 802.1X authentication, see the Configuration Guide Follow these steps to configure dynamic MAC-based VLAN: To do... Use the command...

  • Page 113

    Figure 32 Network diagram for MAC-based VLAN configuration VLAN 100 VLAN 200 Server1 Server2 IP: 1.1.1.1/24 IP: 1.1.2.1/24 Eth1/0/14 Eth1/0/13 Eth1/0/4 Eth1/0/3 Device B Eth1/0/2 Eth1/0/2 Device C Device A Eth1/0/1 Eth1/0/1 VLAN 100 VLAN 200 Laptop1 Laptop2 IP: 1.1.1.2/24 IP: 1.1.2.2/24 MAC: 000d-88f8-4e71 MAC: 0014-222c-aa69...

  • Page 114

    [DeviceA-Ethernet1/0/1] port link-type hybrid [DeviceA-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-Ethernet1/0/1] mac-vlan enable [DeviceA-Ethernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port Ethernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type trunk [DeviceA-Ethernet1/0/2] port trunk permit vlan 100 200...

  • Page 115

    Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration (available only on the A3100 v2 EI) Introduction to protocol-based VLAN NOTE:...

  • Page 116

    To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode Create a protocol template for the { ethernetii etype etype-id | llc Required VLAN { dsap dsap-id [ ssap ssap-id ] |...

  • Page 117

    CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when you are configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively.

  • Page 118

    Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configure Device. # Create VLAN 100, and assign port Ethernet 1/0/1 1 to VLAN 100. <Device>...

  • Page 119: Displaying And Maintaining Vlan

    Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts and the server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.

  • Page 120

    To do... Use the command… Remarks Display all interfaces with display mac-vlan interface [ | { begin | Available in any view MAC-based VLAN enabled exclude | include } regular-expression ] Display protocol information and display protocol-vlan vlan { vlan-id [ to protocol indexes of the specified vlan-id ] | all } [ | { begin | exclude | include } Available in any view...

  • Page 121: Voice Vlan Configuration (available Only On The A3100 V2 Ei)

    Voice VLAN configuration (available only on the A3100 v2 EI) Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality.

  • Page 122: Voice Vlan Assignment Modes

    Voice VLAN assignment modes A port can be assigned to a voice VLAN in one of the following modes: In automatic mode, the system matches the source MAC address carried in the untagged packets • sent when an IP phone is powered on against the device’s OUI addresses. If the system finds a match, it automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence.

  • Page 123

    Table 15 Required configurations on ports of different link types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Automatic Access — Manual Configure the PVID of the port, which cannot be Automatic the voice VLAN, and assign the port to its PVID.

  • Page 124: Security Mode And Normal Mode Of Voice Vlans, Configuring A Voice Vlan

    MAC addresses checking. TIP: HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, ensure that the voice VLAN security mode is disabled.

  • Page 125

    If the configuration order is reversed, your priority configuration will fail. For more information, see “Configuring QoS priority settings for voice traffic on an interface.” • Configure the voice VLAN assignment mode. For more information, see “Configuring a port to operate in automatic voice VLAN assignment mode”...

  • Page 126

    To do... Use the command... Remarks Optional 1440 minutes by default. The voice VLAN aging time Set the voice VLAN aging time voice vlan aging minutes configuration is only applicable on ports in automatic voice VLAN assignment mode. Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default.

  • Page 127: Displaying And Maintaining Voice Vlan, Voice Vlan Configuration Examples

    To do... Use the command... Remarks interface interface-type Enter interface view — interface-number Configure the port to operate in Required manual voice VLAN assignment undo voice vlan mode auto Disabled by default mode Required Assign the port (access, trunk, or For how to assign a port to a After you assign an access port to hybrid) in manual voice VLAN...

  • Page 128

    The MAC address of IP phone B is 001 1-2200-0001. The phone connects to a downstream device • named PC B whose MAC address is 0022-2200-0002 and to Ethernet 1/0/2 on Device A. • Device A uses voice VLAN 2 to transmit voice packets for IP phone A, and uses voice VLAN 3 to transmit voice packets for IP phone B.

  • Page 129: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-Ethernet1/0/1] voice vlan 2 enable [DeviceA-Ethernet1/0/1] quit # Configure Ethernet 1/0/2. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type hybrid [DeviceA-Ethernet1/0/2] voice vlan mode auto [DeviceA-Ethernet1/0/2] voice vlan 3 enable Verification # Display the OUI addresses, OUI address masks, and description strings. <DeviceA>...

  • Page 130

    Figure 37 Network diagram for manual voice VLAN assignment mode configuration Device A Device B Internet Eth1/0/1 Eth1/0/1 VLAN 2 0755-2002 010-1001 OUI: 0011-2200-0000 Mask: ffff-ff00-0000 Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA>...

  • Page 131

    # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 8 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...

  • Page 132: Gvrp Configuration, Introduction To Gvrp

    GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.

  • Page 133

    A GARP participant sends Join messages when it must register its attributes (including manually configured attributes) with other participants, and when it receives Join messages from other participants. The types of Join messages are JoinEmpty and JoinIn. • A GARP participant sends a JoinEmpty message to declare an attribute not registered on it. A GARP participant sends a JoinIn message to declare an attribute registered on it.

  • Page 134

    A GARP participant starts a Leave timer when it receives a Leave message for an attribute value. If the GARP participant receives no Join message for the attribute value before the timer expires, it deregisters the attribute value. LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts.

  • Page 135

    Field Description Value Consists of an attribute length, an attribute event, and an attribute –– Attribute value Length of an attribute, inclusive of 2 to 255 (in bytes) Attribute length the attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event •...

  • Page 136: Configuring Gvrp Functions

    Task Remarks Required Configuring GVRP functions Optional Configuring GARP timers NOTE: GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on • the current interface only. GVRP configuration made in port group view takes effect on all the member ports in the group.

  • Page 137: Configuring Garp Timers

    NOTE: For more information about the port link-type trunk and port trunk permit vlan all commands, see the • chapter “VLAN configuration commands.” In an MSTP network, GVRP can run on only the CIST. Blocked ports on the CIST cannot receive or send •...

  • Page 138: Displaying And Maintaining Gvrp, Gvrp Configuration Examples

    Table 19 Dependencies of GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer setting Join No less than two times the Hold timer setting Less than half of the leave timer setting Leave Greater than two times the Join timer setting Less than the LeaveAll timer setting...

  • Page 139

    Figure 40 Network diagram for GVRP normal registration mode configuration Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port Ethernet 1/0/1.

  • Page 140

    # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface ethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3 According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP.

  • Page 141

    [DeviceB-Ethernet1/0/1] gvrp [DeviceB-Ethernet1/0/1] gvrp registration fixed [DeviceB-Ethernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to display the local VLAN information that GVRP maintains on ports. For example: # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device A.

  • Page 142

    # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to forbidden on the port. [DeviceA-Ethernet1/0/1] gvrp [DeviceA-Ethernet1/0/1] gvrp registration forbidden [DeviceA-Ethernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally.

  • Page 143: Qinq Configuration, Introduction To Qinq, How Qinq Works

    QinQ configuration NOTE: inner VLANs” Throughout this document, customer network VLANs (CVLANs), also called “ , refer to the VLANs that a customer uses on the private network; service provider network VLANs (SVLANs), also outer VLANs called “ ”, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 144: Qinq Frame Structure

    Figure 43 Typical QinQ application scenario Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 43, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20.

  • Page 145: Implementations Of Qinq, Modifying The Tpid In A Vlan Tag

    The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes.

  • Page 146

    The switch determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries a VLAN tag with TPID value 0x8100, but the configured TPID value is 0x9100, the switch considers that the frame does not carry any VLAN tag. The systems of different vendors might set the TPID of the outer VLAN tag of QinQ frames to different values.

  • Page 147

    NOTE: QinQ requires configurations only on the service provider network. • QinQ configurations made in Ethernet interface view take effect on the current interface only. Those • made in Layer 2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group.

  • Page 148

    To do... Use the command... Remarks Enter Ethernet or Layer 2 interface interface-type Enter interface aggregate interface-number Required view or port interface view Use either command. group view Enter port port-group manual group view port-group-name Required Enter QinQ view and configure the By default, the SVLAN tag to be qinq vid vlan-id SVLAN tag for the port to add...

  • Page 149: Configuring The Tpid Value In Vlan Tags, Qinq Configuration Examples, Basic Qinq Configuration Example

    To do... Use the command... Remarks Return to system view quit — Create a QoS policy and enter qos policy policy-name Required QoS policy view Associate the traffic class with the classifier classifier-name behavior Required traffic behavior defined earlier behavior-name Return to system view quit —...

  • Page 150

    Make configuration to satisfy the following requirements: • Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1 and Customer A2 through VLAN 10 of the service provider network. Frames of VLAN 250 through VLAN 350 can be exchanged between Customer B1 and Customer •...

  • Page 151

    [ProviderA-Ethernet1/0/2] qinq enable [ProviderA-Ethernet1/0/2] quit Configure Ethernet 1/0/3 • # Configure Ethernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface ethernet 1/0/3 [ProviderA-Ethernet1/0/3] port link-type trunk [ProviderA-Ethernet1/0/3] port trunk permit vlan 10 50 # Set the TPID value in the outer tag to 0x8200.

  • Page 152

    Port-based selective QinQ configuration example (available only on the A3100 v2 EI) Network requirements As shown in Figure Provider A and Provider B are edge switches on the service provider network and are connected • through trunk ports. They belong to SVLAN 1000 and SVLAN 2000, respectively. •...

  • Page 153

    # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-Ethernet1/0/1] qinq vid 1000 [ProviderA-Ethernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-Ethernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-Ethernet1/0/1] qinq vid 2000 [ProviderA-Ethernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-Ethernet1/0/1-vid-2000] quit [ProviderA-Ethernet1/0/1] quit Configure Ethernet 1/0/2 •...

  • Page 154

    [ProviderB-Ethernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-Ethernet1/0/3] quit [ProviderA] qinq ethernet-type 8200 Configure third-party devices. Configure the third-party devices between Provider A and Provider B as follows: configure the port that connects Ethernet 1/0/3 of Provider A and the port that connects Ethernet 1/0/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.

  • Page 155

    Figure 48 Network diagram Configuration procedure NOTE: Be sure that you have configured the devices in the service provider network to allow QinQ packets to pass through. Configure Provider A . # Enter system view. <ProviderA> system-view Configure Ethernet 1/0/1. •...

  • Page 156

    # Create a class A20 to match frames of VLAN 20 of Customer A. [ProviderA] traffic classifier A20 [ProviderA-classifier-A20] if-match customer-vlan-id 20 [ProviderA-classifier-A20] quit # Create a traffic behavior P2000 and configure the action of tagging frames with the outer VLAN tag 2000 for the traffic behavior.

  • Page 157

    # To enable interoperability with the third-party switches in the public network, set the TPID of the service provider network VLAN tags to 0x8200. The port then tags the received frames with the outer VLAN tag whose TPID is 0x8200. [ProviderB-Ethernet1/0/1] quit [ProviderB] qinq ethernet-type 8200 Configure Ethernet 1/0/2.

  • Page 158: Vlan Mapping Overview

    VLAN mapping configuration (available only on the A3100 v2 EI) VLAN mapping overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. The A3100 v2 EI Switch Series provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN •...

  • Page 159

    to the same VLAN by customer, so the uplink device can obtain traffic statistics for different customers based on VLANs. Figure 50 Application scenario of many-to-one VLAN mapping Concepts and terms Figure 51 shows a simplified network to help explain the concepts and terms that you might encounter when you work with VLAN mapping.

  • Page 160

    Service provider VLANs (SVLANs)—VLANs assigned for transmitting traffic across the service • provider network. NOTE: ACL and QoS Configuration Guide For more information about QoS policies, see the One-to-one VLAN mapping implementation This section describes how one-to-one VLAN mapping is implemented on the A3100 v2 EI. Implementing one-to-one VLAN mapping with a global QoS policy Implement one-to-one VLAN mapping on the customer-side port through the following configurations, as shown in...

  • Page 161: Configuring Vlan Mapping

    Figure 53 One-to-one VLAN mapping implementation with port QoS policies Many-to-one VLAN mapping implementation Implement many-to-one VLAN mapping through the following configurations, as shown in Figure • Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs to one SVLAN ID.

  • Page 162

    Task Description Required Configuring an uplink policy Create CVLAN-to-SVLAN mappings. Required Configuring the customer-side port Configure settings required for one-to-one VLAN mapping. Required Configuring the network-side port Configure VLAN settings required for normal communication. Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do...

  • Page 163

    To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required Assign the port to CVLANs and port trunk permit vlan { vlan-id-list By default, a trunk port belongs to SVLANs | all }...

  • Page 164

    Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do... Use the command... Remarks Enter system view system-view —...

  • Page 165

    To do... Use the command... Remarks Associate the class with the behavior to map the SVLAN to the classifier tcl-name behavior behavior-name Required CVLAN Configuring the customer-side port Follow these steps to configure the customer-side port: To do... Use the command... Remarks Enter system view system-view...

  • Page 166

    Task Description Required Configuring an uplink policy Configures an uplink policy for the customer-side port. Required Configuring the customer-side port Configures VLAN and other settings required for many-to-one VLAN mapping. Required Configuring the network-side port Configures VLAN and other settings required for many-to-one VLAN mapping.

  • Page 167: Vlan Mapping Configuration Examples

    To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan { vlan-id-list Assign the port to CVLANs By default, a trunk port belongs to | all } VLAN 1 only.

  • Page 168

    Figure 55 Network diagram for one-to-one VLAN mapping configuration Configuration procedure NOTE: In this example, one-to-one VLAN mappings are configured with a global QoS policy. # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policy p1 to transmit one service of one customer in a unique SVLAN, and globally...

  • Page 169

    [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202 [SwitchA-behavior-b5] traffic behavior b6 [SwitchA-behavior-b6] remark service-vlan-id 302 [SwitchA-behavior-b6] quit [SwitchA] qos policy p1 [SwitchA-policy-p1] classifier c1 behavior b1 [SwitchA-policy-p1] classifier c2 behavior b2 [SwitchA-policy-p1] classifier c3 behavior b3 [SwitchA-policy-p1] classifier c4 behavior b4...

  • Page 170

    Figure 56 Network diagram for many-to-one VLAN mapping configuration Configuration procedure # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 # Configure uplink policies p1 and p2 to transmit all services of one customer in a unique SVLAN. [SwitchA] traffic classifier c1 operator or [SwitchA-classifier-c1] if-match customer-vlan-id 1 to 3 [SwitchA-classifier-c1] traffic classifier c2 operator or...

  • Page 171

    # Configure customer-side port Ethernet 1/0/2 as a trunk port, assign the port to CVLANs 4 through 6 and SVLAN 102, and apply uplink policy p2 to the incoming traffic of the port. [SwitchA] interface ethernet 1/0/2 [SwitchA-Ethernet1/0/2] port link-type trunk [SwitchA-Ethernet1/0/2] port trunk permit vlan 4 5 6 102 [SwitchA-Ethernet1/0/2] qos apply policy p2 inbound [SwitchA-Ethernet1/0/2] quit...

  • Page 172: Lldp Configuration, Basic Concepts

    LLDP configuration Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.

  • Page 173

    Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.

  • Page 174

    An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time To Live TLV, and End of LLDPDU TLV. Other TLVs are optional. TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself.

  • Page 175

    NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 176: How Lldp Works

    Type Description Allows a network device or terminal device to advertise power supply Extended Power-via-MDI capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version Firmware Revision Allows a terminal device to advertise its firmware version Software Revision Allows a terminal device to advertise its software version...

  • Page 177: Lldp Configuration Task List, Performing Basic Lldp Configuration, Enabling Lldp

    This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at 1-second intervals, to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDPDU transmit interval resumes. Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU.

  • Page 178

    To do… Use the command… Remarks Enter system view system-view — Required Enable LLDP globally lldp enable By default, LLDP is globally enabled. Enter Layer 2 Ethernet interface interface-type Enter Ethernet interface view interface-number Required interface view or port group Use either command.

  • Page 179: Enabling Lldp Polling, Configuring The Management Address And Its Encoding Format

    Enabling LLDP polling With LLDP polling enabled, a device searches for local configuration changes periodically. Upon detecting a configuration change, the device sends LLDPDUs to inform the neighboring devices of the change. Follow these steps to enable LLDP polling: To do… Use the command…...

  • Page 180: Setting Other Lldp Parameters

    Follow these steps to configure a management address to be advertised and its encoding format on one or a group of ports: To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Enter interface interface-type Ethernet interface Ethernet interface-number Required...

  • Page 181: Setting An Encapsulation Format For Lldpdus

    To do… Use the command… Remarks Set the number of LLDPDUs sent Optional each time fast LLDPDU transmission lldp fast-count count 3 by default is triggered NOTE: To ensure that the LLDP neighbors can receive LLDPDUs to update information about the current device before it ages out, configure both the LLDPDU transmit interval and delay to be less than the TTL.

  • Page 182: Configuring Cdp Compatibility

    If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device. As a result, a requesting Cisco IP phone sends voice traffic without any tag to your device, and, as a result, your device cannot differentiate the voice traffic from other types of traffic.

  • Page 183: Configuring Lldp Trapping, Displaying And Maintaining Lldp

    Configuring LLDP trapping LLDP trapping notifies the network management system (NMS) of events such as newly-detected neighboring devices and link malfunctions. To prevent excessive LLDP traps from being sent when the topology is unstable, you can set a minimum trap sending interval for LLDP. Follow these steps to configure LLDP trapping: To do…...

  • Page 184: Lldp Configuration Examples, Basic Lldp Configuration Example

    LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 60, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to Ethernet 1/0/1 and Ethernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.

  • Page 185: Verify The Configuration

    [SwitchB-Ethernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...

  • Page 186

    LLDP neighbor information last changed time: 0 days,0 hours,5 minutes,20 seconds Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [Ethernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag...

  • Page 187

    Figure 61 Network diagram for CDP-compatible LLDP configuration Configuration procedure Configure a voice VLAN on Switch A # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of Ethernet 1/0/1 and Ethernet 1/0/2 to trunk and enable voice VLAN on them. [SwitchA] interface ethernet 1/0/1 [SwitchA-Ethernet1/0/1] port link-type trunk [SwitchA-Ethernet1/0/1] voice vlan 2 enable...

  • Page 188

    Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[Ethernet1/0/2]: CDP neighbor index : 2 Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full As the sample output shows, Switch A has discovered the IP phones connected to Ethernet 1/0/1 and...

  • Page 189: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 190: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 191

    Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 192

    LLDP configuration task list,170 Configuring the TPID value in VLAN tags,142 Loopback interface,14 Configuring VLAN mapping,154 Contacting HP,182 MAC address table configuration example,21 Conventions,183 MAC Information configuration example,25 MAC-based VLAN configuration,103 Displaying and maintaining an Ethernet interface,13 MSTP configuration...

  • Page 193

    Overview,23 QinQ configuration examples,142 Overview,17 QinQ configuration task list,139 Performing basic LLDP configuration,170 Related information,182 Port isolation configuration example,44 Port-based VLAN configuration,97 VLAN mapping configuration examples,160 Protocol-based VLAN configuration (available only on VLAN mapping overview,151 the A3100 v2 EI),108 Voice VLAN configuration examples,120...

Comments to this Manuals

Symbols: 0
Latest comments: