Page 1: Configuration Guide
HP A3100 v2 Switch Series Layer 2 - LAN Switching Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16 v2 EI Switch (JD319B)
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents Ethernet interface configuration ·································································································································· 1 Ethernet interface overview ··············································································································································1 Ethernet interface naming conventions ··················································································································1 Configuring a combo interface·······························································································································1 Configuring basic settings of an Ethernet interface·······································································································2 Configuring duplex mode and speed on an Ethernet interface ··········································································2 Setting speed options for auto negotiation on an Ethernet interface··································································3 Configuring flow control on an Ethernet interface································································································4 Configuring link change suppression on an Ethernet interface···········································································4 Configuring loopback testing on an Ethernet interface························································································5...
Page 4 Configuring the MAC Information queue length································································································ 24 MAC Information configuration example ···················································································································· 25 Ethernet link aggregation configuration ···················································································································26 Overview········································································································································································· 26 Basic concepts ······················································································································································· 26 Aggregating links in static mode ························································································································· 29 Aggregating links in dynamic mode ··················································································································· 30 Load-sharing criteria for link aggregation groups ····························································································· 32 Ethernet link aggregation configuration task list·········································································································...
Page 5 Configuring the maximum port rate ···················································································································· 66 Configuring ports as edge ports ·························································································································· 67 Configuring path costs of ports···························································································································· 67 Configuring port priority······································································································································· 70 Configuring the link type of ports ························································································································ 70 Configuring the mode a port uses to recognize/send MSTP packets ····························································· 71 Enabling the output of port state transition information ····················································································...
Page 6 Configuring a voice VLAN··········································································································································117 Configuration prerequisites ································································································································117 Configuring QoS priority settings for voice traffic on an interface································································118 Configuring a port to operate in automatic voice VLAN assignment mode ·················································118 Configuring a port to operate in manual voice VLAN assignment mode ·····················································119 Displaying and maintaining voice VLAN ··················································································································120 Voice VLAN configuration examples ·························································································································120 Automatic voice VLAN mode configuration example ·····················································································120...
Page 7 Displaying and maintaining LLDP·······························································································································176 LLDP configuration examples ······································································································································177 Basic LLDP configuration example ·····················································································································177 CDP-compatible LLDP configuration example (available only on the A3100 v2 EI)····································179 Support and other resources ·································································································································· 182 Contacting HP ······························································································································································182 Subscription service ············································································································································182 Related information······················································································································································182 Documents ····························································································································································182 Websites·······························································································································································182 Conventions ··································································································································································183...
Page 8: Ethernet Interface Configuration
Ethernet interface configuration Ethernet interface overview Ethernet interface naming conventions The Ethernet interfaces on the A3100 v2 Switch Series are named in the format of interface-type A/B/C, where the following definitions apply: A Specifies the ID of a switch. The value can only be 1. •...
Page 9: Configuring Basic Settings Of An Ethernet Interface
To do… Use the command… Remarks Optional Activate the copper combo port or combo enable { copper | fiber } By default, the copper combo port fiber combo port is active. Configuring basic settings of an Ethernet interface Configuring duplex mode and speed on an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: Full-duplex mode (full).
Page 10: Setting Speed Options For Auto Negotiation On An Ethernet Interface
To do… Use the command… Remarks Optional By default, an Ethernet interface is in Shut down the Ethernet interface shutdown the up state. To bring up an Ethernet interface, use the undo shutdown command. Setting speed options for auto negotiation on an Ethernet interface Speed auto negotiation enables an Ethernet interface to negotiate with its peer for the highest speed supported that both ends support by default.
Page 11: Configuring Flow Control On An Ethernet Interface
NOTE: Among the auto-negotiation-capable Layer 2 ports, the FE copper ports support only the 10 and 100 • keywords, the GE copper ports support all keywords, and the GE fiber ports support only the 100 and 1000 keywords. The speed and speed auto commands supersede each other, and whichever is configured last takes •...
Page 12: Configuring Loopback Testing On An Ethernet Interface
Configuring link-down event suppression Follow these steps to enable an Ethernet interface to suppress link-down events: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Set a link-down event suppression link-delay delay-time Link-down event suppression is interval...
Page 13: Configuring A Port Group
Ethernet interface, insert a loopback plug into the interface. During external loopback testing, the interface sends a certain number of test packets, which are looped over the plug and back to the interface. If the interface fails to receive any test packet, the hardware of the interface is faulty. Figure 3 External loopback testing Follow these steps to enable Ethernet interface loopback testing: To do…...
Page 14: Configuring Traffic Storm Protection
To do… Use the command… Remarks Enter system view system-view — Create a port group and enter port port-group manual Required group view port-group-name Assign Ethernet interfaces to the group-member interface-list Required port group Configuring traffic storm protection A traffic storm occurs when a large amount of broadcast, multicast, or unknown unicast packets congest a network.
Page 15 To do… Use the command… Remarks Optional Set a multicast suppression multicast-suppression { ratio | pps By default, all multicast traffic is threshold max-pps | kbps max-bps } allowed to pass through an interface. Optional Set a unicast suppression unicast-suppression { ratio | pps By default, all unknown unicast threshold max-pps | kbps max-bps }...
Page 16: Setting The Statistics Polling Interval
To do… Use the command… Remarks Optional By default, the interface sends Enable the interface to send storm traps when monitored traffic storm-constrain enable trap control threshold event traps exceeds the upper threshold or drops below the lower threshold from the upper threshold. Optional By default, the interface outputs log Enable the interface to log storm...
Page 17: Enabling Loopback Detection On An Ethernet Interface
To do… Use the command… Remarks Enter system view system-view — Optional Configure jumbo frame support jumboframe enable By default, an Ethernet interface accepts jumbo frames (up to 2048 bytes). Enabling loopback detection on an Ethernet interface Enabling single-port loopback detection on an Ethernet Interface If an interface receives a packet that it sent, a loop occurs.
Page 18: Setting The Mdi Mode Of An Ethernet Interface
To do… Use the command… Remarks or port group To configure loopback detection view on one interface, enter Ethernet interface view. Enter port port-group manual group view port-group-name To configure loopback detection on a group of Ethernet interfaces, enter port group view. Required Enable loopback detection on the loopback-detection enable...
Page 19: Testing The Cable Connection Of An Ethernet Interface
You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of cables, a copper Ethernet interface can operate in one of the following Medium Dependent Interface (MDI) modes: • Across mode Normal mode •...
Page 20: Displaying And Maintaining An Ethernet Interface
To do… Use the command… Remarks interface interface-type Enter Ethernet interface view — interface-number Test the cable connected to the virtual-cable-test Required Ethernet interface Displaying and maintaining an Ethernet interface To do… Use the command… Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface or Available in any view...
Page 21: Loopback And Null Interface Configuration
Loopback and null interface configuration Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link-layer protocols of a loopback interface are always up unless the •...
Page 22: Null Interface
To do… Use the command… Remarks Restore the default settings for the default Optional interface NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration information, see the Guide Null interface...
Page 23: Displaying And Maintaining Loopback And Null Interfaces
Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface loopback [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]...
Page 24: Mac Address Table Configuration
MAC address table configuration Overview Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the switch first looks up the MAC address of the frame in the MAC address table for a match.
Page 25: Mac Address Table-Based Frame Forwarding
Blackhole entries, which are manually configured and never age out. Blackhole entries are • configured for filtering out frames with specific destination MAC addresses. For example, to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry.
Page 26: Disabling Mac Address Learning
To do… Use the command… Remarks Enter system view system-view — Configure static or mac-address { dynamic | static } Required dynamic MAC mac-address interface interface-type address table Use either command. interface-number vlan vlan-id Configure MAC entries Make sure that you address table Configure have created the VLAN...
Page 27: Configuring The Aging Timer For Dynamic Mac Address Entries
NOTE: When MAC address learning is disabled, the obtained MAC addresses remain valid until they age out • For more information about port groups, see the chapter “Ethernet interface configuration.” • Disabling MAC address learning on a VLAN (available only on the A3100 v2 EI) You can disable MAC address learning on a per-VLAN basis.
Page 28: Displaying And Maintaining Mac Address Tables
To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type Use either command. interface view interface-number Enter Layer 2 The configuration made in Layer 2 Ethernet Ethernet interface view takes effect interface view on the current interface only.
Page 29 Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface ethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port Ethernet 1/0/1.
Page 30: Mac Information Configuration
MAC Information configuration Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.
Page 31: Configuring Mac Information Mode
To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Enable MAC Information on the mac-address information enable interface { added | deleted } Disabled by default. NOTE: To enable MAC Information on an Ethernet interface, enable MAC Information globally first.
Page 32: Mac Information Configuration Example
MAC Information configuration example Network requirements Host A is connected to a remote server (Server) through Device. • Enable MAC Information on Ethernet 1/0/1 on Device. Device sends MAC address changes in • Syslog messages to Host B through Ethernet 1/0/3. Host B analyzes and displays the Syslog messages.
Page 33: Ethernet Link Aggregation Configuration
Ethernet link aggregation configuration Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an “aggregate link”. Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...
Page 34 Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of this operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port might affect its aggregation state.
Page 35: Link Aggregation Modes
LACP functions The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described in Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port LACP priority, port number, and operational key. Each member port in a LACP-enabled aggregation group exchanges the preceding Basic LACP functions information with its peer.
Page 36: Aggregating Links In Static Mode
Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust Aggregation is stable. Peers do the aggregation state according Static Disabled not affect the aggregation state of to that of the peer ports.
Page 37: Aggregating Links In Dynamic Mode
Figure 6 Set the aggregation state of a member port in a static aggregation group NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two • configurations on any member port. • If a static aggregation group has reached the limit on Selected ports, any port that joins the group is placed in the Unselected state to avoid traffic interruption on the current Selected ports.
Page 38 The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.
Page 39: Load-Sharing Criteria For Link Aggregation Groups
Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...
Page 40: Configuring A Static Aggregation Group
Table 6 Features incompatible with Layer 2 aggregation groups Feature Reference MAC authentication MAC authentication configuration in the Security Configuration Guide Port security Port security configuration in the Security Configuration Guide IP source guard IP source guard configuration in the Security Configuration Guide 802.1X 802.1X configuration in the Security Configuration Guide NOTE:...
Page 41: Configuring An Aggregate Interface
NOTE: To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Follow these steps to configure a Layer 2 dynamic aggregation group: To do...
Page 42: Configuring The Description Of An Aggregate Interface
NOTE: Most configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes, such as describing the purpose of the interface.
Page 43: Shutting Down An Aggregate Interface
This minimum threshold setting affects the aggregation state of both aggregation member ports and the aggregate interface in the following ways: • When the number of member ports eligible for being selected is smaller than the minimum threshold, all member ports change to the Unselected state and the link of the aggregate interface goes down.
Page 44: Configuring Load Sharing For Link Aggregation Groups
To do... Use the command... Remarks Enter system view system-view — interface bridge-aggregation Enter aggregate interface view — interface-number Restore the default settings for the default Required aggregate interface Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load-sharing criteria.
Page 45: Displaying And Maintaining Ethernet Link Aggregation
Displaying and maintaining Ethernet link aggregation To do... Use the command... Remarks display interface bridge-aggregation [ brief [ down ] ] [ | { begin | exclude | include } Display information for an regular-expression ] aggregate interface or multiple Available in any view display interface bridge-aggregation aggregate interfaces...
Page 46 Configure a Layer 2 static link aggregation group on Device A and Device B, respectively. Enable • VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end. •...
Page 47: Layer 2 Dynamic Aggregation Configuration Example
NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait... Done. Configuring Ethernet1/0/1... Done. Configuring Ethernet1/0/2... Done. Configuring Ethernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria.
Page 48 Device A and Device B are connected through their respective Layer 2 Ethernet interfaces Ethernet • 1/0/1 through Ethernet 1/0/3. • Configure a Layer 2 dynamic link aggregation group on Device A and Device B, respectively. Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.
Page 49 [DeviceA-Ethernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...
Page 50: Port Isolation Configuration
VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called “isolated ports.”...
Page 51: Displaying And Maintaining Isolation Groups
Displaying and maintaining isolation groups To do… Use the command… Remarks display port-isolate group [ | Display information about the isolation group { begin | exclude | include } Available in any view regular-expression ] Port isolation configuration example Network requirements As shown in Figure Hosts A, B, and C are connected to port Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 of...
Page 52 <Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/3...
Page 53: Mstp Configuration
MSTP configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy. The recent versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).
Page 54: Basic Concepts In Stp
Hello time: Configuration BPDU transmission interval. • • Forward delay: Delay that STP bridges use to transition port state. Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The root bridge is not permanent, but can change along with changes of the network topology.
Page 55: How Stp Works
Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree. How STP works NOTE: The spanning tree calculation process described in the following sections is a simplified process for...
Page 56 Table 9 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: • If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and keeps the configuration BPDU this port generated.
Page 57 Table 10 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1...
Page 58 Configuration BPDU on Device Comparison process ports after comparison • Device B compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port B1 is the optimum, and selects Port B1 as the root port with the configuration BPDU unchanged.
Page 59 Configuration BPDU on Device Comparison process ports after comparison • Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of Port C2 is the optimum, and...
Page 60: Introduction To Rstp
If the configuration BPDU received on a designated port has a lower priority than the configuration • BPDU of the local port, the port immediately sends its own configuration BPDU in response. • If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded because of timeout.
Page 61: Introduction To Mstp
Introduction to MSTP Why MSTP Limitations of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before it transits to the forwarding state, even if it is a port on a point-to-point link or an edge port.
Page 62: Basic Concepts In Mstp
Basic concepts in MSTP Figure 14 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1...
Page 63 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • MSTP-enabled Same region name • Same VLAN-to-instance mapping configuration •...
Page 64 Common root bridge The common root bridge is the root bridge of the CIST. Figure 14, for example, the common root bridge is a device in MST region 1. Roles of ports A port can play different roles in different MSTIs. As shown in Figure 16, an MST region comprises Device A, Device B, Device C, and Device D.
Page 65: How Mstp Works
Port states In MSTP, a port can be in one of the following states: • Forwarding: The port receives and sends BPDUs, obtains MAC addresses, and forwards user traffic. Learning: The port receives and sends BPDUs, obtains MAC addresses, but does not forward user •...
Page 66: Implementation Of Mstp On Devices
Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold •...
Page 67 Task Remarks Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the MSTP feature Required Configuring an MST region Required Configuring the work mode of an MSTP device Optional Configuring the timeout factor Optional...
Page 68: Configuring Mstp
Configuring MSTP Configuring an MST region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration —...
Page 69: Configuring The Root Bridge Or A Secondary Root Bridge
Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.
Page 70: Configuring The Work Mode Of An Mstp Device
Configuring the work mode of an MSTP device MSTP and RSTP are mutually compatible and can recognize each other’s protocol packets. However, STP cannot recognize MSTP packets. For hybrid networking with legacy STP devices, and for full interoperability with RSTP-enabled devices, MSTP supports the following work modes: STP-compatible mode, RSTP mode, and MSTP mode.
Page 71: Configuring The Network Diameter Of A Switched Network
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a switch receives this configuration BPDU, it decrements the hop count by 1, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches 0, it is discarded by the device that received it.
Page 72 Max age ƒ 2 × (hello time + 1 second) HP does not recommend you to manually set the timers. Instead, you can use the stp bridge-diameter command to set the network diameter, and let the network automatically adjust the three timers according to the network size.
Page 73: Configuring The Timeout Factor
By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes unstable. HP recommends that you use the default setting.
Page 74: Configuring Ports As Edge Ports
Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When a network topology change occurs, an edge port will not cause a temporary loop.
Page 75 Follow these steps to specify a standard for the device to use when it calculates the default path cost: To do... Use the command... Remarks Enter system view system-view — Optional Specify a standard for the device stp pathcost-standard By default, the device calculates to use when it calculates the default { dot1d-1998 | dot1t | legacy } the default path cost for ports...
Page 76: Configuration Example
Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing 3 selected ports Aggregate interface containing 4 selected ports NOTE: When calculating path cost for an aggregate interface, IEEE 802.1d-1998 does not take into account the number of selected ports in its aggregation group as IEEE 802.1t does.
Page 77: Configuring Port Priority
Configuring port priority The priority of a port is an important factor in determining whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority will be elected as the root port.
Page 78: Configuring The Mode A Port Uses To Recognize/Send Mstp Packets
If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. HP recommends that you use the default setting, and let MSTP detect the link status automatically.
Page 79: Enabling The Output Of Port State Transition Information
NOTE: MSTP provides the MSTP packet format incompatibility guard function. In MSTP mode, if a port is • configured to recognize/send MSTP packets in a mode other than auto, and if it receives a packet in a format different from the specified type, the port becomes a designated port and remains in the discarding state to prevent the occurrence of a loop.
Page 80: Performing Mcheck
NOTE: In system view, you can use the stp enable or undo stp enable command to enable or disable STP • globally. You can use the undo stp enable command to disable the MSTP feature for certain ports so that they will •...
Page 81 To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated • ports. HP recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.
Page 82: Configuring No Agreement Check
As shown in Figure • Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region. Enable Digest Snooping on the ports of Device A and Device B that connect Device C, so that the •...
Page 83 For MSTP, the root port of the downstream device sends an agreement packet only after it receives • an agreement packet from the upstream device. • For RSTP, the downstream device sends an agreement packet regardless of whether an agreement packet from the upstream device is received.
Page 84: Configuring Tc Snooping
Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, • assigning them to the same region. Configuring the No Agreement Check function To make the No Agreement Check feature take effect, enable it on the root port. Follow these steps to configure No Agreement Check: To do...
Page 85 Figure 21 TC snooping application scenario In the network, Device A transparently transmits the received STP BPDUs and does not participate in STP calculations. When a topology change occurs to the customer networks, Device A might need a long time to learn the correct MAC address table entries and ARP entries, affecting forwarding of service traffic.
Page 86: Configuring Protection Functions
Configuring protection functions An MSTP-enabled device supports the following protection functions: BPDU guard • Root guard • Loop guard • TC-BPDU guard • • BPDU drop Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.
Page 87 receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected to this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.
Page 88 6 by default. period after it receives the first TC-BPDU NOTE: HP does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.
Page 89: Displaying And Maintaining Mstp
Displaying and maintaining MSTP To do... Use the command... Remarks Display information about abnormally display stp abnormal-port [ | { begin | Available in any view blocked ports exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports Available in any view instance-id ] ] [ | { begin | exclude |...
Page 90 Figure 22 Network diagram for MSTP configuration Configuration procedure Configure VLANs and VLAN member ports (details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 91 [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.
Page 92 [DeviceD] stp enable Verify the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port Role...
Page 93 Figure 23 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link...
Page 94: Bpdu Tunneling Configuration (Available Only On The A3100 V2
BPDU tunneling configuration (available only on the A3100 v2 EI) Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.
Page 95: Bpdu Tunneling Implementation
NOTE: Depending on the switch models, HP devices support BPDU tunneling for the following protocols: Cisco Discovery Protocol (CDP) • HW Group Management Protocol (HGMP) • Link Aggregation Control Protocol (LACP) • Per VLAN Spanning Tree (PVST) • Spanning tree protocol (STP) •...
Page 96: Configuring Bpdu Tunneling
Figure 25 Network diagram for BPDU tunneling implementation As shown in Figure 25, the upper part is the service provider network (ISP network), and the lower part represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2.
Page 97: Enabling Bpdu Tunneling
Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the • current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for HGMP, or STP on a port, disable the protocol on the port.
Page 98: Bpdu Tunneling Configuration Examples
To do… Use the command… Remarks Optional Configure the destination multicast bpdu-tunnel tunnel-dmac MAC address for BPDUs mac-address 0x010F-E200-0003 by default. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network. BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements...
Page 99: Bpdu Tunneling For Pvst Configuration Example
[PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port access vlan 2 # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-Ethernet1/0/1] undo stp enable [PE1-Ethernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2>...
Page 100 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure Ethernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port link-type trunk [PE1-Ethernet1/0/1] port trunk permit vlan all # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.
Page 101: Vlan Configuration
VLAN configuration Introduction to VLAN VLAN overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.
Page 102: Types Of Vlans
The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure Figure 29 Format of a traditional Ethernet frame...
Page 103: Configuring Basic Vlan Settings
Policy • • Other criteria NOTE: The A3100 v2 EI Switch Series supports port-based VLAN, MAC-based VLAN, and protocol-based • VLAN. The A3100 v2 SI Switch Series supports port-based VLAN and MAC-based VLAN. • The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings.
Page 104: Port-Based Vlan Configuration
VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from that of the VLAN.
Page 105 VLAN, see the chapter “Voice VLAN configuration.” • HP recommends that you set the same PVID for the local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the •...
Page 106: Assigning An Access Port To A Vlan
Assigning an access port to a VLAN You can assign an access port to a VLAN in VLAN view, interface view (including Ethernet interface view and Layer 2 aggregate interface view), or port group view. Follow these steps to assign one or multiple access ports to a VLAN in VLAN view: To do…...
Page 107: Assigning A Trunk Port To A Vlan
Assigning a trunk port to a VLAN A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a trunk port to one or multiple VLANs: To do…...
Page 108: Assigning A Hybrid Port To A Vlan
Assigning a hybrid port to a VLAN A hybrid port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a hybrid port to one or multiple VLANs: To do…...
Page 109: Port-Based Vlan Configuration Example
Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A, and access the enterprise network through different • devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices.
Page 110: Mac-Based Vlan Configuration
Verification Host A and Host C and ping each other successfully, but they both fail to ping Host B. Host B and Host D and ping each other successfully, but they both fail to ping Host A. Determine whether the configuration is successful by displaying relevant VLAN information. # Display information about VLANs 100 and 200 on Device A: [DeviceA-Ethernet1/0/3] display vlan 100 VLAN ID: 100...
Page 111: Configuring Mac-Based Vlan
When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is • permitted by the port, or otherwise drops the frame. Approach 2: Dynamic MAC-based VLAN You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access.
Page 112: Mac-Based Vlan Configuration Example
NOTE: After enabling MAC-based VLAN on the switch, you must configure related authentication settings on the Security access authentication server. For more information about 802.1X authentication, see the Configuration Guide Follow these steps to configure dynamic MAC-based VLAN: To do... Use the command...
Page 113 Figure 32 Network diagram for MAC-based VLAN configuration VLAN 100 VLAN 200 Server1 Server2 IP: 1.1.1.1/24 IP: 1.1.2.1/24 Eth1/0/14 Eth1/0/13 Eth1/0/4 Eth1/0/3 Device B Eth1/0/2 Eth1/0/2 Device C Device A Eth1/0/1 Eth1/0/1 VLAN 100 VLAN 200 Laptop1 Laptop2 IP: 1.1.1.2/24 IP: 1.1.2.2/24 MAC: 000d-88f8-4e71 MAC: 0014-222c-aa69...
Page 114 [DeviceA-Ethernet1/0/1] port link-type hybrid [DeviceA-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-Ethernet1/0/1] mac-vlan enable [DeviceA-Ethernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port Ethernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type trunk [DeviceA-Ethernet1/0/2] port trunk permit vlan 100 200...
Page 115: Protocol-Based Vlan Configuration (Available Only On The A3100 V2
Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration (available only on the A3100 v2 EI) Introduction to protocol-based VLAN NOTE:...
Page 116 To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode Create a protocol template for the { ethernetii etype etype-id | llc Required VLAN { dsap dsap-id [ ssap ssap-id ] |...
Page 117: Protocol-Based Vlan Configuration Example
CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when you are configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively.
Page 118 Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configure Device. # Create VLAN 100, and assign port Ethernet 1/0/1 1 to VLAN 100. <Device>...
Page 119: Displaying And Maintaining Vlan
Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts and the server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.
Page 120 To do... Use the command… Remarks Display all interfaces with display mac-vlan interface [ | { begin | Available in any view MAC-based VLAN enabled exclude | include } regular-expression ] Display protocol information and display protocol-vlan vlan { vlan-id [ to protocol indexes of the specified vlan-id ] | all } [ | { begin | exclude | include } Available in any view...
Page 121: Voice Vlan Configuration (Available Only On The A3100 V2 Ei)
Voice VLAN configuration (available only on the A3100 v2 EI) Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality.
Page 122: Voice Vlan Assignment Modes
Voice VLAN assignment modes A port can be assigned to a voice VLAN in one of the following modes: In automatic mode, the system matches the source MAC address carried in the untagged packets • sent when an IP phone is powered on against the device’s OUI addresses. If the system finds a match, it automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence.
Page 123 Table 15 Required configurations on ports of different link types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Automatic Access — Manual Configure the PVID of the port, which cannot be Automatic the voice VLAN, and assign the port to its PVID.
Page 124: Security Mode And Normal Mode Of Voice Vlans
MAC addresses checking. TIP: HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, ensure that the voice VLAN security mode is disabled.
Page 125: Configuring Qos Priority Settings For Voice Traffic On An Interface
If the configuration order is reversed, your priority configuration will fail. For more information, see “Configuring QoS priority settings for voice traffic on an interface.” • Configure the voice VLAN assignment mode. For more information, see “Configuring a port to operate in automatic voice VLAN assignment mode”...
Page 126: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode
To do... Use the command... Remarks Optional 1440 minutes by default. The voice VLAN aging time Set the voice VLAN aging time voice vlan aging minutes configuration is only applicable on ports in automatic voice VLAN assignment mode. Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default.
Page 127: Displaying And Maintaining Voice Vlan
To do... Use the command... Remarks interface interface-type Enter interface view — interface-number Configure the port to operate in Required manual voice VLAN assignment undo voice vlan mode auto Disabled by default mode Required Assign the port (access, trunk, or For how to assign a port to a After you assign an access port to hybrid) in manual voice VLAN...
Page 128 The MAC address of IP phone B is 001 1-2200-0001. The phone connects to a downstream device • named PC B whose MAC address is 0022-2200-0002 and to Ethernet 1/0/2 on Device A. • Device A uses voice VLAN 2 to transmit voice packets for IP phone A, and uses voice VLAN 3 to transmit voice packets for IP phone B.
Page 129: Manual Voice Vlan Assignment Mode Configuration Example
[DeviceA-Ethernet1/0/1] voice vlan 2 enable [DeviceA-Ethernet1/0/1] quit # Configure Ethernet 1/0/2. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type hybrid [DeviceA-Ethernet1/0/2] voice vlan mode auto [DeviceA-Ethernet1/0/2] voice vlan 3 enable Verification # Display the OUI addresses, OUI address masks, and description strings. <DeviceA>...
Page 130 Figure 37 Network diagram for manual voice VLAN assignment mode configuration Device A Device B Internet Eth1/0/1 Eth1/0/1 VLAN 2 0755-2002 010-1001 OUI: 0011-2200-0000 Mask: ffff-ff00-0000 Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA>...
Page 131 # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 8 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...
Page 132: Gvrp Configuration
GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
Page 133 A GARP participant sends Join messages when it must register its attributes (including manually configured attributes) with other participants, and when it receives Join messages from other participants. The types of Join messages are JoinEmpty and JoinIn. • A GARP participant sends a JoinEmpty message to declare an attribute not registered on it. A GARP participant sends a JoinIn message to declare an attribute registered on it.
Page 134 A GARP participant starts a Leave timer when it receives a Leave message for an attribute value. If the GARP participant receives no Join message for the attribute value before the timer expires, it deregisters the attribute value. LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts.
Page 135: Gvrp
Field Description Value Consists of an attribute length, an attribute event, and an attribute –– Attribute value Length of an attribute, inclusive of 2 to 255 (in bytes) Attribute length the attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event •...
Page 136: Configuring Gvrp Functions
Task Remarks Required Configuring GVRP functions Optional Configuring GARP timers NOTE: GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on • the current interface only. GVRP configuration made in port group view takes effect on all the member ports in the group.
Page 137: Configuring Garp Timers
NOTE: For more information about the port link-type trunk and port trunk permit vlan all commands, see the • chapter “VLAN configuration commands.” In an MSTP network, GVRP can run on only the CIST. Blocked ports on the CIST cannot receive or send •...
Page 138: Displaying And Maintaining Gvrp
Table 19 Dependencies of GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer setting Join No less than two times the Hold timer setting Less than half of the leave timer setting Leave Greater than two times the Join timer setting Less than the LeaveAll timer setting...
Page 139 Figure 40 Network diagram for GVRP normal registration mode configuration Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port Ethernet 1/0/1.
Page 140: Gvrp Fixed Registration Mode Configuration Example
# Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface ethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3 According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP.
Page 141: Gvrp Forbidden Registration Mode Configuration Example
[DeviceB-Ethernet1/0/1] gvrp [DeviceB-Ethernet1/0/1] gvrp registration fixed [DeviceB-Ethernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to display the local VLAN information that GVRP maintains on ports. For example: # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device A.
Page 142 # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to forbidden on the port. [DeviceA-Ethernet1/0/1] gvrp [DeviceA-Ethernet1/0/1] gvrp registration forbidden [DeviceA-Ethernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally.
Page 143: Qinq Configuration
QinQ configuration NOTE: inner VLANs” Throughout this document, customer network VLANs (CVLANs), also called “ , refer to the VLANs that a customer uses on the private network; service provider network VLANs (SVLANs), also outer VLANs called “ ”, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
Page 144: Qinq Frame Structure
Figure 43 Typical QinQ application scenario Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 43, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20.
Page 145: Implementations Of Qinq
The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes.
Page 146: Protocols And Standards
The switch determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries a VLAN tag with TPID value 0x8100, but the configured TPID value is 0x9100, the switch considers that the frame does not carry any VLAN tag. The systems of different vendors might set the TPID of the outer VLAN tag of QinQ frames to different values.
Page 147: Enabling Basic Qinq
NOTE: QinQ requires configurations only on the service provider network. • QinQ configurations made in Ethernet interface view take effect on the current interface only. Those • made in Layer 2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group.
Page 148: Configuring An Outer Vlan Tagging Policy In The Qos Policy-Based Approach
To do... Use the command... Remarks Enter Ethernet or Layer 2 interface interface-type Enter interface aggregate interface-number Required view or port interface view Use either command. group view Enter port port-group manual group view port-group-name Required Enter QinQ view and configure the By default, the SVLAN tag to be qinq vid vlan-id SVLAN tag for the port to add...
Page 149: Configuring The Tpid Value In Vlan Tags
To do... Use the command... Remarks Return to system view quit — Create a QoS policy and enter qos policy policy-name Required QoS policy view Associate the traffic class with the classifier classifier-name behavior Required traffic behavior defined earlier behavior-name Return to system view quit —...
Page 150 Make configuration to satisfy the following requirements: • Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1 and Customer A2 through VLAN 10 of the service provider network. Frames of VLAN 250 through VLAN 350 can be exchanged between Customer B1 and Customer •...
Page 151 [ProviderA-Ethernet1/0/2] qinq enable [ProviderA-Ethernet1/0/2] quit Configure Ethernet 1/0/3 • # Configure Ethernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface ethernet 1/0/3 [ProviderA-Ethernet1/0/3] port link-type trunk [ProviderA-Ethernet1/0/3] port trunk permit vlan 10 50 # Set the TPID value in the outer tag to 0x8200.
Page 152: Port-Based Selective Qinq Configuration Example (Available Only On The A3100 V2
Port-based selective QinQ configuration example (available only on the A3100 v2 EI) Network requirements As shown in Figure Provider A and Provider B are edge switches on the service provider network and are connected • through trunk ports. They belong to SVLAN 1000 and SVLAN 2000, respectively. •...
Page 153 # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-Ethernet1/0/1] qinq vid 1000 [ProviderA-Ethernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-Ethernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-Ethernet1/0/1] qinq vid 2000 [ProviderA-Ethernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-Ethernet1/0/1-vid-2000] quit [ProviderA-Ethernet1/0/1] quit Configure Ethernet 1/0/2 •...
Page 154: Qos Policy-Based Selective Qinq Configuration Example (Available Only On The A3100 V2
[ProviderB-Ethernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-Ethernet1/0/3] quit [ProviderA] qinq ethernet-type 8200 Configure third-party devices. Configure the third-party devices between Provider A and Provider B as follows: configure the port that connects Ethernet 1/0/3 of Provider A and the port that connects Ethernet 1/0/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.
Page 155 Figure 48 Network diagram Configuration procedure NOTE: Be sure that you have configured the devices in the service provider network to allow QinQ packets to pass through. Configure Provider A . # Enter system view. <ProviderA> system-view Configure Ethernet 1/0/1. •...
Page 156 # Create a class A20 to match frames of VLAN 20 of Customer A. [ProviderA] traffic classifier A20 [ProviderA-classifier-A20] if-match customer-vlan-id 20 [ProviderA-classifier-A20] quit # Create a traffic behavior P2000 and configure the action of tagging frames with the outer VLAN tag 2000 for the traffic behavior.
Page 157 # To enable interoperability with the third-party switches in the public network, set the TPID of the service provider network VLAN tags to 0x8200. The port then tags the received frames with the outer VLAN tag whose TPID is 0x8200. [ProviderB-Ethernet1/0/1] quit [ProviderB] qinq ethernet-type 8200 Configure Ethernet 1/0/2.
Page 158: Vlan Mapping Configuration (Available Only On The A3100 V2 Ei)
VLAN mapping configuration (available only on the A3100 v2 EI) VLAN mapping overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. The A3100 v2 EI Switch Series provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN •...
Page 159: Concepts And Terms
to the same VLAN by customer, so the uplink device can obtain traffic statistics for different customers based on VLANs. Figure 50 Application scenario of many-to-one VLAN mapping Concepts and terms Figure 51 shows a simplified network to help explain the concepts and terms that you might encounter when you work with VLAN mapping.
Page 160: One-To-One Vlan Mapping Implementation
Service provider VLANs (SVLANs)—VLANs assigned for transmitting traffic across the service • provider network. NOTE: ACL and QoS Configuration Guide For more information about QoS policies, see the One-to-one VLAN mapping implementation This section describes how one-to-one VLAN mapping is implemented on the A3100 v2 EI. Implementing one-to-one VLAN mapping with a global QoS policy Implement one-to-one VLAN mapping on the customer-side port through the following configurations, as shown in...
Page 161: Many-To-One Vlan Mapping Implementation
Figure 53 One-to-one VLAN mapping implementation with port QoS policies Many-to-one VLAN mapping implementation Implement many-to-one VLAN mapping through the following configurations, as shown in Figure • Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs to one SVLAN ID.
Page 162 Task Description Required Configuring an uplink policy Create CVLAN-to-SVLAN mappings. Required Configuring the customer-side port Configure settings required for one-to-one VLAN mapping. Required Configuring the network-side port Configure VLAN settings required for normal communication. Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do...
Page 163: Configuring One-To-One Vlan Mapping With Port Qos Policies
To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required Assign the port to CVLANs and port trunk permit vlan { vlan-id-list By default, a trunk port belongs to SVLANs | all }...
Page 164 Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do... Use the command... Remarks Enter system view system-view —...
Page 165: Configuring Many-To-One Vlan Mapping
To do... Use the command... Remarks Associate the class with the behavior to map the SVLAN to the classifier tcl-name behavior behavior-name Required CVLAN Configuring the customer-side port Follow these steps to configure the customer-side port: To do... Use the command... Remarks Enter system view system-view...
Page 166 Task Description Required Configuring an uplink policy Configures an uplink policy for the customer-side port. Required Configuring the customer-side port Configures VLAN and other settings required for many-to-one VLAN mapping. Required Configuring the network-side port Configures VLAN and other settings required for many-to-one VLAN mapping.
Page 167: Vlan Mapping Configuration Examples
To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan { vlan-id-list Assign the port to CVLANs By default, a trunk port belongs to | all } VLAN 1 only.
Page 168 Figure 55 Network diagram for one-to-one VLAN mapping configuration Configuration procedure NOTE: In this example, one-to-one VLAN mappings are configured with a global QoS policy. # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policy p1 to transmit one service of one customer in a unique SVLAN, and globally...
Page 169: Many-To-One Vlan Mapping Configuration Example
[SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202 [SwitchA-behavior-b5] traffic behavior b6 [SwitchA-behavior-b6] remark service-vlan-id 302 [SwitchA-behavior-b6] quit [SwitchA] qos policy p1 [SwitchA-policy-p1] classifier c1 behavior b1 [SwitchA-policy-p1] classifier c2 behavior b2 [SwitchA-policy-p1] classifier c3 behavior b3 [SwitchA-policy-p1] classifier c4 behavior b4...
Page 170 Figure 56 Network diagram for many-to-one VLAN mapping configuration Configuration procedure # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 # Configure uplink policies p1 and p2 to transmit all services of one customer in a unique SVLAN. [SwitchA] traffic classifier c1 operator or [SwitchA-classifier-c1] if-match customer-vlan-id 1 to 3 [SwitchA-classifier-c1] traffic classifier c2 operator or...
Page 171 # Configure customer-side port Ethernet 1/0/2 as a trunk port, assign the port to CVLANs 4 through 6 and SVLAN 102, and apply uplink policy p2 to the incoming traffic of the port. [SwitchA] interface ethernet 1/0/2 [SwitchA-Ethernet1/0/2] port link-type trunk [SwitchA-Ethernet1/0/2] port trunk permit vlan 4 5 6 102 [SwitchA-Ethernet1/0/2] qos apply policy p2 inbound [SwitchA-Ethernet1/0/2] quit...
Page 172: Lldp Configuration
LLDP configuration Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 173 Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.
Page 174 An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time To Live TLV, and End of LLDPDU TLV. Other TLVs are optional. TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself.
Page 175 NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.
Page 176: How Lldp Works
Type Description Allows a network device or terminal device to advertise power supply Extended Power-via-MDI capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version Firmware Revision Allows a terminal device to advertise its firmware version Software Revision Allows a terminal device to advertise its software version...
Page 177: Protocols And Standards
This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at 1-second intervals, to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDPDU transmit interval resumes. Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU.
Page 178: Setting The Lldp Operating Mode
To do… Use the command… Remarks Enter system view system-view — Required Enable LLDP globally lldp enable By default, LLDP is globally enabled. Enter Layer 2 Ethernet interface interface-type Enter Ethernet interface view interface-number Required interface view or port group Use either command.
Page 179: Enabling Lldp Polling
Enabling LLDP polling With LLDP polling enabled, a device searches for local configuration changes periodically. Upon detecting a configuration change, the device sends LLDPDUs to inform the neighboring devices of the change. Follow these steps to enable LLDP polling: To do… Use the command…...
Page 180: Setting Other Lldp Parameters
Follow these steps to configure a management address to be advertised and its encoding format on one or a group of ports: To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Enter interface interface-type Ethernet interface Ethernet interface-number Required...
Page 181: Setting An Encapsulation Format For Lldpdus
To do… Use the command… Remarks Set the number of LLDPDUs sent Optional each time fast LLDPDU transmission lldp fast-count count 3 by default is triggered NOTE: To ensure that the LLDP neighbors can receive LLDPDUs to update information about the current device before it ages out, configure both the LLDPDU transmit interval and delay to be less than the TTL.
Page 182: Configuration Prerequisites
If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device. As a result, a requesting Cisco IP phone sends voice traffic without any tag to your device, and, as a result, your device cannot differentiate the voice traffic from other types of traffic.
Page 183: Configuring Lldp Trapping
Configuring LLDP trapping LLDP trapping notifies the network management system (NMS) of events such as newly-detected neighboring devices and link malfunctions. To prevent excessive LLDP traps from being sent when the topology is unstable, you can set a minimum trap sending interval for LLDP. Follow these steps to configure LLDP trapping: To do…...
Page 184: Lldp Configuration Examples
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 60, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to Ethernet 1/0/1 and Ethernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
Page 185: Verify The Configuration
[SwitchB-Ethernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...
Page 186: Cdp-Compatible Lldp Configuration Example (Available Only On The A3100 V2
LLDP neighbor information last changed time: 0 days,0 hours,5 minutes,20 seconds Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [Ethernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag...
Page 187 Figure 61 Network diagram for CDP-compatible LLDP configuration Configuration procedure Configure a voice VLAN on Switch A # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of Ethernet 1/0/1 and Ethernet 1/0/2 to trunk and enable voice VLAN on them. [SwitchA] interface ethernet 1/0/1 [SwitchA-Ethernet1/0/1] port link-type trunk [SwitchA-Ethernet1/0/1] voice vlan 2 enable...
Page 188 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[Ethernet1/0/2]: CDP neighbor index : 2 Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full As the sample output shows, Switch A has discovered the IP phones connected to Ethernet 1/0/1 and...
Page 189: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 190: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 191 Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 192: Index
LLDP configuration task list,170 Configuring the TPID value in VLAN tags,142 Loopback interface,14 Configuring VLAN mapping,154 Contacting HP,182 MAC address table configuration example,21 Conventions,183 MAC Information configuration example,25 MAC-based VLAN configuration,103 Displaying and maintaining an Ethernet interface,13 MSTP configuration...
Page 193 Overview,23 QinQ configuration examples,142 Overview,17 QinQ configuration task list,139 Performing basic LLDP configuration,170 Related information,182 Port isolation configuration example,44 Port-based VLAN configuration,97 VLAN mapping configuration examples,160 Protocol-based VLAN configuration (available only on VLAN mapping overview,151 the A3100 v2 EI),108 Voice VLAN configuration examples,120...

This manual is also suitable for:

A3100-8 v2 ei A3100-16 v2 ei A3100-24 v2 ei A3100-8-poe v2 ei A3100-16-poe v2 ei A3100-24-poe v2 ei ... Show all

HP A3100-8 v2 SI Configuration Manual

Quick Links

Configuration Guide

Related Manuals for HP A3100-8 v2 SI

Summary of Contents for HP A3100-8 v2 SI

This manual is also suitable for:

Table of Contents