HP A3100 v2 Switch Series Layer 2 - LAN Switching Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16 v2 EI Switch (JD319B)
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Ethernet interface configuration ·································································································································· 1 Ethernet interface overview ··············································································································································1 Ethernet interface naming conventions ··················································································································1 Configuring a combo interface·······························································································································1 Configuring basic settings of an Ethernet interface·······································································································2 Configuring duplex mode and speed on an Ethernet interface ··········································································2 Setting speed options for auto negotiation on an Ethernet interface··································································3 Configuring flow control on an Ethernet interface································································································4 Configuring link change suppression on an Ethernet interface···········································································4 Configuring loopback testing on an Ethernet interface························································································5...
Page 4
Configuring the MAC Information queue length································································································ 24 MAC Information configuration example ···················································································································· 25 Ethernet link aggregation configuration ···················································································································26 Overview········································································································································································· 26 Basic concepts ······················································································································································· 26 Aggregating links in static mode ························································································································· 29 Aggregating links in dynamic mode ··················································································································· 30 Load-sharing criteria for link aggregation groups ····························································································· 32 Ethernet link aggregation configuration task list·········································································································...
Page 5
Configuring the maximum port rate ···················································································································· 66 Configuring ports as edge ports ·························································································································· 67 Configuring path costs of ports···························································································································· 67 Configuring port priority······································································································································· 70 Configuring the link type of ports ························································································································ 70 Configuring the mode a port uses to recognize/send MSTP packets ····························································· 71 Enabling the output of port state transition information ····················································································...
Page 6
Configuring a voice VLAN··········································································································································117 Configuration prerequisites ································································································································117 Configuring QoS priority settings for voice traffic on an interface································································118 Configuring a port to operate in automatic voice VLAN assignment mode ·················································118 Configuring a port to operate in manual voice VLAN assignment mode ·····················································119 Displaying and maintaining voice VLAN ··················································································································120 Voice VLAN configuration examples ·························································································································120 Automatic voice VLAN mode configuration example ·····················································································120...
Page 7
Displaying and maintaining LLDP·······························································································································176 LLDP configuration examples ······································································································································177 Basic LLDP configuration example ·····················································································································177 CDP-compatible LLDP configuration example (available only on the A3100 v2 EI)····································179 Support and other resources ·································································································································· 182 Contacting HP ······························································································································································182 Subscription service ············································································································································182 Related information······················································································································································182 Documents ····························································································································································182 Websites·······························································································································································182 Conventions ··································································································································································183...
Ethernet interface configuration Ethernet interface overview Ethernet interface naming conventions The Ethernet interfaces on the A3100 v2 Switch Series are named in the format of interface-type A/B/C, where the following definitions apply: A Specifies the ID of a switch. The value can only be 1. •...
To do… Use the command… Remarks Optional Activate the copper combo port or combo enable { copper | fiber } By default, the copper combo port fiber combo port is active. Configuring basic settings of an Ethernet interface Configuring duplex mode and speed on an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: Full-duplex mode (full).
To do… Use the command… Remarks Optional By default, an Ethernet interface is in Shut down the Ethernet interface shutdown the up state. To bring up an Ethernet interface, use the undo shutdown command. Setting speed options for auto negotiation on an Ethernet interface Speed auto negotiation enables an Ethernet interface to negotiate with its peer for the highest speed supported that both ends support by default.
NOTE: Among the auto-negotiation-capable Layer 2 ports, the FE copper ports support only the 10 and 100 • keywords, the GE copper ports support all keywords, and the GE fiber ports support only the 100 and 1000 keywords. The speed and speed auto commands supersede each other, and whichever is configured last takes •...
Configuring link-down event suppression Follow these steps to enable an Ethernet interface to suppress link-down events: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Set a link-down event suppression link-delay delay-time Link-down event suppression is interval...
Ethernet interface, insert a loopback plug into the interface. During external loopback testing, the interface sends a certain number of test packets, which are looped over the plug and back to the interface. If the interface fails to receive any test packet, the hardware of the interface is faulty. Figure 3 External loopback testing Follow these steps to enable Ethernet interface loopback testing: To do…...
To do… Use the command… Remarks Enter system view system-view — Create a port group and enter port port-group manual Required group view port-group-name Assign Ethernet interfaces to the group-member interface-list Required port group Configuring traffic storm protection A traffic storm occurs when a large amount of broadcast, multicast, or unknown unicast packets congest a network.
Page 15
To do… Use the command… Remarks Optional Set a multicast suppression multicast-suppression { ratio | pps By default, all multicast traffic is threshold max-pps | kbps max-bps } allowed to pass through an interface. Optional Set a unicast suppression unicast-suppression { ratio | pps By default, all unknown unicast threshold max-pps | kbps max-bps }...
To do… Use the command… Remarks Optional By default, the interface sends Enable the interface to send storm traps when monitored traffic storm-constrain enable trap control threshold event traps exceeds the upper threshold or drops below the lower threshold from the upper threshold. Optional By default, the interface outputs log Enable the interface to log storm...
To do… Use the command… Remarks Enter system view system-view — Optional Configure jumbo frame support jumboframe enable By default, an Ethernet interface accepts jumbo frames (up to 2048 bytes). Enabling loopback detection on an Ethernet interface Enabling single-port loopback detection on an Ethernet Interface If an interface receives a packet that it sent, a loop occurs.
To do… Use the command… Remarks or port group To configure loopback detection view on one interface, enter Ethernet interface view. Enter port port-group manual group view port-group-name To configure loopback detection on a group of Ethernet interfaces, enter port group view. Required Enable loopback detection on the loopback-detection enable...
You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of cables, a copper Ethernet interface can operate in one of the following Medium Dependent Interface (MDI) modes: • Across mode Normal mode •...
To do… Use the command… Remarks interface interface-type Enter Ethernet interface view — interface-number Test the cable connected to the virtual-cable-test Required Ethernet interface Displaying and maintaining an Ethernet interface To do… Use the command… Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface or Available in any view...
Loopback and null interface configuration Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link-layer protocols of a loopback interface are always up unless the •...
To do… Use the command… Remarks Restore the default settings for the default Optional interface NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration information, see the Guide Null interface...
Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface loopback [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]...
MAC address table configuration Overview Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the switch first looks up the MAC address of the frame in the MAC address table for a match.
Blackhole entries, which are manually configured and never age out. Blackhole entries are • configured for filtering out frames with specific destination MAC addresses. For example, to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry.
To do… Use the command… Remarks Enter system view system-view — Configure static or mac-address { dynamic | static } Required dynamic MAC mac-address interface interface-type address table Use either command. interface-number vlan vlan-id Configure MAC entries Make sure that you address table Configure have created the VLAN...
NOTE: When MAC address learning is disabled, the obtained MAC addresses remain valid until they age out • For more information about port groups, see the chapter “Ethernet interface configuration.” • Disabling MAC address learning on a VLAN (available only on the A3100 v2 EI) You can disable MAC address learning on a per-VLAN basis.
To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type Use either command. interface view interface-number Enter Layer 2 The configuration made in Layer 2 Ethernet Ethernet interface view takes effect interface view on the current interface only.
Page 29
Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface ethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port Ethernet 1/0/1.
MAC Information configuration Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.
To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Enable MAC Information on the mac-address information enable interface { added | deleted } Disabled by default. NOTE: To enable MAC Information on an Ethernet interface, enable MAC Information globally first.
MAC Information configuration example Network requirements Host A is connected to a remote server (Server) through Device. • Enable MAC Information on Ethernet 1/0/1 on Device. Device sends MAC address changes in • Syslog messages to Host B through Ethernet 1/0/3. Host B analyzes and displays the Syslog messages.
Ethernet link aggregation configuration Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an “aggregate link”. Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...
Page 34
Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of this operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port might affect its aggregation state.
LACP functions The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described in Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port LACP priority, port number, and operational key. Each member port in a LACP-enabled aggregation group exchanges the preceding Basic LACP functions information with its peer.
Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust Aggregation is stable. Peers do the aggregation state according Static Disabled not affect the aggregation state of to that of the peer ports.
Figure 6 Set the aggregation state of a member port in a static aggregation group NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two • configurations on any member port. • If a static aggregation group has reached the limit on Selected ports, any port that joins the group is placed in the Unselected state to avoid traffic interruption on the current Selected ports.
Page 38
The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.
Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...
Table 6 Features incompatible with Layer 2 aggregation groups Feature Reference MAC authentication MAC authentication configuration in the Security Configuration Guide Port security Port security configuration in the Security Configuration Guide IP source guard IP source guard configuration in the Security Configuration Guide 802.1X 802.1X configuration in the Security Configuration Guide NOTE:...
NOTE: To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Follow these steps to configure a Layer 2 dynamic aggregation group: To do...
NOTE: Most configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes, such as describing the purpose of the interface.
This minimum threshold setting affects the aggregation state of both aggregation member ports and the aggregate interface in the following ways: • When the number of member ports eligible for being selected is smaller than the minimum threshold, all member ports change to the Unselected state and the link of the aggregate interface goes down.
To do... Use the command... Remarks Enter system view system-view — interface bridge-aggregation Enter aggregate interface view — interface-number Restore the default settings for the default Required aggregate interface Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load-sharing criteria.
Displaying and maintaining Ethernet link aggregation To do... Use the command... Remarks display interface bridge-aggregation [ brief [ down ] ] [ | { begin | exclude | include } Display information for an regular-expression ] aggregate interface or multiple Available in any view display interface bridge-aggregation aggregate interfaces...
Page 46
Configure a Layer 2 static link aggregation group on Device A and Device B, respectively. Enable • VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end. •...
NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait... Done. Configuring Ethernet1/0/1... Done. Configuring Ethernet1/0/2... Done. Configuring Ethernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria.
Page 48
Device A and Device B are connected through their respective Layer 2 Ethernet interfaces Ethernet • 1/0/1 through Ethernet 1/0/3. • Configure a Layer 2 dynamic link aggregation group on Device A and Device B, respectively. Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.
Page 49
[DeviceA-Ethernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. NOTE: This configuration automatically propagates to all the member ports in link aggregation group 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...
VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called “isolated ports.”...
Displaying and maintaining isolation groups To do… Use the command… Remarks display port-isolate group [ | Display information about the isolation group { begin | exclude | include } Available in any view regular-expression ] Port isolation configuration example Network requirements As shown in Figure Hosts A, B, and C are connected to port Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 of...
Page 52
<Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/3...
MSTP configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy. The recent versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).
Hello time: Configuration BPDU transmission interval. • • Forward delay: Delay that STP bridges use to transition port state. Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The root bridge is not permanent, but can change along with changes of the network topology.
Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree. How STP works NOTE: The spanning tree calculation process described in the following sections is a simplified process for...
Page 56
Table 9 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: • If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and keeps the configuration BPDU this port generated.
Page 57
Table 10 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1...
Page 58
Configuration BPDU on Device Comparison process ports after comparison • Device B compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port B1 is the optimum, and selects Port B1 as the root port with the configuration BPDU unchanged.
Page 59
Configuration BPDU on Device Comparison process ports after comparison • Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of Port C2 is the optimum, and...
If the configuration BPDU received on a designated port has a lower priority than the configuration • BPDU of the local port, the port immediately sends its own configuration BPDU in response. • If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded because of timeout.
Introduction to MSTP Why MSTP Limitations of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before it transits to the forwarding state, even if it is a port on a point-to-point link or an edge port.
Basic concepts in MSTP Figure 14 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1...
Page 63
MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • MSTP-enabled Same region name • Same VLAN-to-instance mapping configuration •...
Page 64
Common root bridge The common root bridge is the root bridge of the CIST. Figure 14, for example, the common root bridge is a device in MST region 1. Roles of ports A port can play different roles in different MSTIs. As shown in Figure 16, an MST region comprises Device A, Device B, Device C, and Device D.
Port states In MSTP, a port can be in one of the following states: • Forwarding: The port receives and sends BPDUs, obtains MAC addresses, and forwards user traffic. Learning: The port receives and sends BPDUs, obtains MAC addresses, but does not forward user •...
Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold •...
Page 67
Task Remarks Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the MSTP feature Required Configuring an MST region Required Configuring the work mode of an MSTP device Optional Configuring the timeout factor Optional...
Configuring MSTP Configuring an MST region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration —...
Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.
Configuring the work mode of an MSTP device MSTP and RSTP are mutually compatible and can recognize each other’s protocol packets. However, STP cannot recognize MSTP packets. For hybrid networking with legacy STP devices, and for full interoperability with RSTP-enabled devices, MSTP supports the following work modes: STP-compatible mode, RSTP mode, and MSTP mode.
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a switch receives this configuration BPDU, it decrements the hop count by 1, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches 0, it is discarded by the device that received it.
Page 72
Max age ƒ 2 × (hello time + 1 second) HP does not recommend you to manually set the timers. Instead, you can use the stp bridge-diameter command to set the network diameter, and let the network automatically adjust the three timers according to the network size.
By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes unstable. HP recommends that you use the default setting.
Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When a network topology change occurs, an edge port will not cause a temporary loop.
Page 75
Follow these steps to specify a standard for the device to use when it calculates the default path cost: To do... Use the command... Remarks Enter system view system-view — Optional Specify a standard for the device stp pathcost-standard By default, the device calculates to use when it calculates the default { dot1d-1998 | dot1t | legacy } the default path cost for ports...
Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing 3 selected ports Aggregate interface containing 4 selected ports NOTE: When calculating path cost for an aggregate interface, IEEE 802.1d-1998 does not take into account the number of selected ports in its aggregation group as IEEE 802.1t does.
Configuring port priority The priority of a port is an important factor in determining whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority will be elected as the root port.
If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. HP recommends that you use the default setting, and let MSTP detect the link status automatically.
NOTE: MSTP provides the MSTP packet format incompatibility guard function. In MSTP mode, if a port is • configured to recognize/send MSTP packets in a mode other than auto, and if it receives a packet in a format different from the specified type, the port becomes a designated port and remains in the discarding state to prevent the occurrence of a loop.
NOTE: In system view, you can use the stp enable or undo stp enable command to enable or disable STP • globally. You can use the undo stp enable command to disable the MSTP feature for certain ports so that they will •...
Page 81
To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated • ports. HP recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.
As shown in Figure • Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region. Enable Digest Snooping on the ports of Device A and Device B that connect Device C, so that the •...
Page 83
For MSTP, the root port of the downstream device sends an agreement packet only after it receives • an agreement packet from the upstream device. • For RSTP, the downstream device sends an agreement packet regardless of whether an agreement packet from the upstream device is received.
Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, • assigning them to the same region. Configuring the No Agreement Check function To make the No Agreement Check feature take effect, enable it on the root port. Follow these steps to configure No Agreement Check: To do...
Page 85
Figure 21 TC snooping application scenario In the network, Device A transparently transmits the received STP BPDUs and does not participate in STP calculations. When a topology change occurs to the customer networks, Device A might need a long time to learn the correct MAC address table entries and ARP entries, affecting forwarding of service traffic.
Configuring protection functions An MSTP-enabled device supports the following protection functions: BPDU guard • Root guard • Loop guard • TC-BPDU guard • • BPDU drop Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.
Page 87
receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected to this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.
Page 88
6 by default. period after it receives the first TC-BPDU NOTE: HP does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.
Displaying and maintaining MSTP To do... Use the command... Remarks Display information about abnormally display stp abnormal-port [ | { begin | Available in any view blocked ports exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports Available in any view instance-id ] ] [ | { begin | exclude |...
Page 90
Figure 22 Network diagram for MSTP configuration Configuration procedure Configure VLANs and VLAN member ports (details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 91
[DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.
Page 92
[DeviceD] stp enable Verify the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port Role...
Page 93
Figure 23 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link...
BPDU tunneling configuration (available only on the A3100 v2 EI) Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.
NOTE: Depending on the switch models, HP devices support BPDU tunneling for the following protocols: Cisco Discovery Protocol (CDP) • HW Group Management Protocol (HGMP) • Link Aggregation Control Protocol (LACP) • Per VLAN Spanning Tree (PVST) • Spanning tree protocol (STP) •...
Figure 25 Network diagram for BPDU tunneling implementation As shown in Figure 25, the upper part is the service provider network (ISP network), and the lower part represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2.
Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the • current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for HGMP, or STP on a port, disable the protocol on the port.
To do… Use the command… Remarks Optional Configure the destination multicast bpdu-tunnel tunnel-dmac MAC address for BPDUs mac-address 0x010F-E200-0003 by default. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network. BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements...
[PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port access vlan 2 # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-Ethernet1/0/1] undo stp enable [PE1-Ethernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2>...
Page 100
# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure Ethernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port link-type trunk [PE1-Ethernet1/0/1] port trunk permit vlan all # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.
VLAN configuration Introduction to VLAN VLAN overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.
The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure Figure 29 Format of a traditional Ethernet frame...
Policy • • Other criteria NOTE: The A3100 v2 EI Switch Series supports port-based VLAN, MAC-based VLAN, and protocol-based • VLAN. The A3100 v2 SI Switch Series supports port-based VLAN and MAC-based VLAN. • The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings.
VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from that of the VLAN.
Page 105
VLAN, see the chapter “Voice VLAN configuration.” • HP recommends that you set the same PVID for the local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the •...
Assigning an access port to a VLAN You can assign an access port to a VLAN in VLAN view, interface view (including Ethernet interface view and Layer 2 aggregate interface view), or port group view. Follow these steps to assign one or multiple access ports to a VLAN in VLAN view: To do…...
Assigning a trunk port to a VLAN A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a trunk port to one or multiple VLANs: To do…...
Assigning a hybrid port to a VLAN A hybrid port can carry multiple VLANs. You can assign it to a VLAN in interface view (including Ethernet interface view, Layer 2 aggregate interface view) or port group view. Follow these steps to assign a hybrid port to one or multiple VLANs: To do…...
Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A, and access the enterprise network through different • devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices.
Verification Host A and Host C and ping each other successfully, but they both fail to ping Host B. Host B and Host D and ping each other successfully, but they both fail to ping Host A. Determine whether the configuration is successful by displaying relevant VLAN information. # Display information about VLANs 100 and 200 on Device A: [DeviceA-Ethernet1/0/3] display vlan 100 VLAN ID: 100...
When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is • permitted by the port, or otherwise drops the frame. Approach 2: Dynamic MAC-based VLAN You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access.
NOTE: After enabling MAC-based VLAN on the switch, you must configure related authentication settings on the Security access authentication server. For more information about 802.1X authentication, see the Configuration Guide Follow these steps to configure dynamic MAC-based VLAN: To do... Use the command...
Page 114
[DeviceA-Ethernet1/0/1] port link-type hybrid [DeviceA-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-Ethernet1/0/1] mac-vlan enable [DeviceA-Ethernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port Ethernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type trunk [DeviceA-Ethernet1/0/2] port trunk permit vlan 100 200...
Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration (available only on the A3100 v2 EI) Introduction to protocol-based VLAN NOTE:...
Page 116
To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode Create a protocol template for the { ethernetii etype etype-id | llc Required VLAN { dsap dsap-id [ ssap ssap-id ] |...
CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when you are configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively.
Page 118
Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configure Device. # Create VLAN 100, and assign port Ethernet 1/0/1 1 to VLAN 100. <Device>...
Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts and the server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.
Page 120
To do... Use the command… Remarks Display all interfaces with display mac-vlan interface [ | { begin | Available in any view MAC-based VLAN enabled exclude | include } regular-expression ] Display protocol information and display protocol-vlan vlan { vlan-id [ to protocol indexes of the specified vlan-id ] | all } [ | { begin | exclude | include } Available in any view...
Voice VLAN configuration (available only on the A3100 v2 EI) Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality.
Voice VLAN assignment modes A port can be assigned to a voice VLAN in one of the following modes: In automatic mode, the system matches the source MAC address carried in the untagged packets • sent when an IP phone is powered on against the device’s OUI addresses. If the system finds a match, it automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence.
Page 123
Table 15 Required configurations on ports of different link types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Automatic Access — Manual Configure the PVID of the port, which cannot be Automatic the voice VLAN, and assign the port to its PVID.
MAC addresses checking. TIP: HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, ensure that the voice VLAN security mode is disabled.
If the configuration order is reversed, your priority configuration will fail. For more information, see “Configuring QoS priority settings for voice traffic on an interface.” • Configure the voice VLAN assignment mode. For more information, see “Configuring a port to operate in automatic voice VLAN assignment mode”...
To do... Use the command... Remarks Optional 1440 minutes by default. The voice VLAN aging time Set the voice VLAN aging time voice vlan aging minutes configuration is only applicable on ports in automatic voice VLAN assignment mode. Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default.
To do... Use the command... Remarks interface interface-type Enter interface view — interface-number Configure the port to operate in Required manual voice VLAN assignment undo voice vlan mode auto Disabled by default mode Required Assign the port (access, trunk, or For how to assign a port to a After you assign an access port to hybrid) in manual voice VLAN...
Page 128
The MAC address of IP phone B is 001 1-2200-0001. The phone connects to a downstream device • named PC B whose MAC address is 0022-2200-0002 and to Ethernet 1/0/2 on Device A. • Device A uses voice VLAN 2 to transmit voice packets for IP phone A, and uses voice VLAN 3 to transmit voice packets for IP phone B.
Page 130
Figure 37 Network diagram for manual voice VLAN assignment mode configuration Device A Device B Internet Eth1/0/1 Eth1/0/1 VLAN 2 0755-2002 010-1001 OUI: 0011-2200-0000 Mask: ffff-ff00-0000 Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA>...
Page 131
# Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 8 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...
GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
Page 133
A GARP participant sends Join messages when it must register its attributes (including manually configured attributes) with other participants, and when it receives Join messages from other participants. The types of Join messages are JoinEmpty and JoinIn. • A GARP participant sends a JoinEmpty message to declare an attribute not registered on it. A GARP participant sends a JoinIn message to declare an attribute registered on it.
Page 134
A GARP participant starts a Leave timer when it receives a Leave message for an attribute value. If the GARP participant receives no Join message for the attribute value before the timer expires, it deregisters the attribute value. LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts.
Field Description Value Consists of an attribute length, an attribute event, and an attribute –– Attribute value Length of an attribute, inclusive of 2 to 255 (in bytes) Attribute length the attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event •...
Task Remarks Required Configuring GVRP functions Optional Configuring GARP timers NOTE: GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on • the current interface only. GVRP configuration made in port group view takes effect on all the member ports in the group.
NOTE: For more information about the port link-type trunk and port trunk permit vlan all commands, see the • chapter “VLAN configuration commands.” In an MSTP network, GVRP can run on only the CIST. Blocked ports on the CIST cannot receive or send •...
Table 19 Dependencies of GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer setting Join No less than two times the Hold timer setting Less than half of the leave timer setting Leave Greater than two times the Join timer setting Less than the LeaveAll timer setting...
Page 139
Figure 40 Network diagram for GVRP normal registration mode configuration Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port Ethernet 1/0/1.
# Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface ethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3 According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP.
[DeviceB-Ethernet1/0/1] gvrp [DeviceB-Ethernet1/0/1] gvrp registration fixed [DeviceB-Ethernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to display the local VLAN information that GVRP maintains on ports. For example: # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device A.
Page 142
# Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to forbidden on the port. [DeviceA-Ethernet1/0/1] gvrp [DeviceA-Ethernet1/0/1] gvrp registration forbidden [DeviceA-Ethernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally.
QinQ configuration NOTE: inner VLANs” Throughout this document, customer network VLANs (CVLANs), also called “ , refer to the VLANs that a customer uses on the private network; service provider network VLANs (SVLANs), also outer VLANs called “ ”, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
Figure 43 Typical QinQ application scenario Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 43, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20.
The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes.
The switch determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries a VLAN tag with TPID value 0x8100, but the configured TPID value is 0x9100, the switch considers that the frame does not carry any VLAN tag. The systems of different vendors might set the TPID of the outer VLAN tag of QinQ frames to different values.
NOTE: QinQ requires configurations only on the service provider network. • QinQ configurations made in Ethernet interface view take effect on the current interface only. Those • made in Layer 2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group.
To do... Use the command... Remarks Enter Ethernet or Layer 2 interface interface-type Enter interface aggregate interface-number Required view or port interface view Use either command. group view Enter port port-group manual group view port-group-name Required Enter QinQ view and configure the By default, the SVLAN tag to be qinq vid vlan-id SVLAN tag for the port to add...
To do... Use the command... Remarks Return to system view quit — Create a QoS policy and enter qos policy policy-name Required QoS policy view Associate the traffic class with the classifier classifier-name behavior Required traffic behavior defined earlier behavior-name Return to system view quit —...
Page 150
Make configuration to satisfy the following requirements: • Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1 and Customer A2 through VLAN 10 of the service provider network. Frames of VLAN 250 through VLAN 350 can be exchanged between Customer B1 and Customer •...
Page 151
[ProviderA-Ethernet1/0/2] qinq enable [ProviderA-Ethernet1/0/2] quit Configure Ethernet 1/0/3 • # Configure Ethernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface ethernet 1/0/3 [ProviderA-Ethernet1/0/3] port link-type trunk [ProviderA-Ethernet1/0/3] port trunk permit vlan 10 50 # Set the TPID value in the outer tag to 0x8200.
Port-based selective QinQ configuration example (available only on the A3100 v2 EI) Network requirements As shown in Figure Provider A and Provider B are edge switches on the service provider network and are connected • through trunk ports. They belong to SVLAN 1000 and SVLAN 2000, respectively. •...
Page 153
# Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-Ethernet1/0/1] qinq vid 1000 [ProviderA-Ethernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-Ethernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-Ethernet1/0/1] qinq vid 2000 [ProviderA-Ethernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-Ethernet1/0/1-vid-2000] quit [ProviderA-Ethernet1/0/1] quit Configure Ethernet 1/0/2 •...
[ProviderB-Ethernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-Ethernet1/0/3] quit [ProviderA] qinq ethernet-type 8200 Configure third-party devices. Configure the third-party devices between Provider A and Provider B as follows: configure the port that connects Ethernet 1/0/3 of Provider A and the port that connects Ethernet 1/0/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.
Page 155
Figure 48 Network diagram Configuration procedure NOTE: Be sure that you have configured the devices in the service provider network to allow QinQ packets to pass through. Configure Provider A . # Enter system view. <ProviderA> system-view Configure Ethernet 1/0/1. •...
Page 156
# Create a class A20 to match frames of VLAN 20 of Customer A. [ProviderA] traffic classifier A20 [ProviderA-classifier-A20] if-match customer-vlan-id 20 [ProviderA-classifier-A20] quit # Create a traffic behavior P2000 and configure the action of tagging frames with the outer VLAN tag 2000 for the traffic behavior.
Page 157
# To enable interoperability with the third-party switches in the public network, set the TPID of the service provider network VLAN tags to 0x8200. The port then tags the received frames with the outer VLAN tag whose TPID is 0x8200. [ProviderB-Ethernet1/0/1] quit [ProviderB] qinq ethernet-type 8200 Configure Ethernet 1/0/2.
VLAN mapping configuration (available only on the A3100 v2 EI) VLAN mapping overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. The A3100 v2 EI Switch Series provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN •...
to the same VLAN by customer, so the uplink device can obtain traffic statistics for different customers based on VLANs. Figure 50 Application scenario of many-to-one VLAN mapping Concepts and terms Figure 51 shows a simplified network to help explain the concepts and terms that you might encounter when you work with VLAN mapping.
Service provider VLANs (SVLANs)—VLANs assigned for transmitting traffic across the service • provider network. NOTE: ACL and QoS Configuration Guide For more information about QoS policies, see the One-to-one VLAN mapping implementation This section describes how one-to-one VLAN mapping is implemented on the A3100 v2 EI. Implementing one-to-one VLAN mapping with a global QoS policy Implement one-to-one VLAN mapping on the customer-side port through the following configurations, as shown in...
Figure 53 One-to-one VLAN mapping implementation with port QoS policies Many-to-one VLAN mapping implementation Implement many-to-one VLAN mapping through the following configurations, as shown in Figure • Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs to one SVLAN ID.
Page 162
Task Description Required Configuring an uplink policy Create CVLAN-to-SVLAN mappings. Required Configuring the customer-side port Configure settings required for one-to-one VLAN mapping. Required Configuring the network-side port Configure VLAN settings required for normal communication. Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do...
To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required Assign the port to CVLANs and port trunk permit vlan { vlan-id-list By default, a trunk port belongs to SVLANs | all }...
Page 164
Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do... Use the command... Remarks Enter system view system-view —...
To do... Use the command... Remarks Associate the class with the behavior to map the SVLAN to the classifier tcl-name behavior behavior-name Required CVLAN Configuring the customer-side port Follow these steps to configure the customer-side port: To do... Use the command... Remarks Enter system view system-view...
Page 166
Task Description Required Configuring an uplink policy Configures an uplink policy for the customer-side port. Required Configuring the customer-side port Configures VLAN and other settings required for many-to-one VLAN mapping. Required Configuring the network-side port Configures VLAN and other settings required for many-to-one VLAN mapping.
To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan { vlan-id-list Assign the port to CVLANs By default, a trunk port belongs to | all } VLAN 1 only.
Page 168
Figure 55 Network diagram for one-to-one VLAN mapping configuration Configuration procedure NOTE: In this example, one-to-one VLAN mappings are configured with a global QoS policy. # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policy p1 to transmit one service of one customer in a unique SVLAN, and globally...
Page 170
Figure 56 Network diagram for many-to-one VLAN mapping configuration Configuration procedure # Create the CVLANs and SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 6 [SwitchA] vlan 101 to 102 # Configure uplink policies p1 and p2 to transmit all services of one customer in a unique SVLAN. [SwitchA] traffic classifier c1 operator or [SwitchA-classifier-c1] if-match customer-vlan-id 1 to 3 [SwitchA-classifier-c1] traffic classifier c2 operator or...
Page 171
# Configure customer-side port Ethernet 1/0/2 as a trunk port, assign the port to CVLANs 4 through 6 and SVLAN 102, and apply uplink policy p2 to the incoming traffic of the port. [SwitchA] interface ethernet 1/0/2 [SwitchA-Ethernet1/0/2] port link-type trunk [SwitchA-Ethernet1/0/2] port trunk permit vlan 4 5 6 102 [SwitchA-Ethernet1/0/2] qos apply policy p2 inbound [SwitchA-Ethernet1/0/2] quit...
LLDP configuration Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 173
Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.
Page 174
An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time To Live TLV, and End of LLDPDU TLV. Other TLVs are optional. TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself.
Page 175
NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.
Type Description Allows a network device or terminal device to advertise power supply Extended Power-via-MDI capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version Firmware Revision Allows a terminal device to advertise its firmware version Software Revision Allows a terminal device to advertise its software version...
This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at 1-second intervals, to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDPDU transmit interval resumes. Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU.
To do… Use the command… Remarks Enter system view system-view — Required Enable LLDP globally lldp enable By default, LLDP is globally enabled. Enter Layer 2 Ethernet interface interface-type Enter Ethernet interface view interface-number Required interface view or port group Use either command.
Enabling LLDP polling With LLDP polling enabled, a device searches for local configuration changes periodically. Upon detecting a configuration change, the device sends LLDPDUs to inform the neighboring devices of the change. Follow these steps to enable LLDP polling: To do… Use the command…...
Follow these steps to configure a management address to be advertised and its encoding format on one or a group of ports: To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Enter interface interface-type Ethernet interface Ethernet interface-number Required...
To do… Use the command… Remarks Set the number of LLDPDUs sent Optional each time fast LLDPDU transmission lldp fast-count count 3 by default is triggered NOTE: To ensure that the LLDP neighbors can receive LLDPDUs to update information about the current device before it ages out, configure both the LLDPDU transmit interval and delay to be less than the TTL.
If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device. As a result, a requesting Cisco IP phone sends voice traffic without any tag to your device, and, as a result, your device cannot differentiate the voice traffic from other types of traffic.
Configuring LLDP trapping LLDP trapping notifies the network management system (NMS) of events such as newly-detected neighboring devices and link malfunctions. To prevent excessive LLDP traps from being sent when the topology is unstable, you can set a minimum trap sending interval for LLDP. Follow these steps to configure LLDP trapping: To do…...
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 60, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to Ethernet 1/0/1 and Ethernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
[SwitchB-Ethernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...
LLDP neighbor information last changed time: 0 days,0 hours,5 minutes,20 seconds Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [Ethernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag...
Page 187
Figure 61 Network diagram for CDP-compatible LLDP configuration Configuration procedure Configure a voice VLAN on Switch A # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of Ethernet 1/0/1 and Ethernet 1/0/2 to trunk and enable voice VLAN on them. [SwitchA] interface ethernet 1/0/1 [SwitchA-Ethernet1/0/1] port link-type trunk [SwitchA-Ethernet1/0/1] voice vlan 2 enable...
Page 188
Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[Ethernet1/0/2]: CDP neighbor index : 2 Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full As the sample output shows, Switch A has discovered the IP phones connected to Ethernet 1/0/1 and...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 191
Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
LLDP configuration task list,170 Configuring the TPID value in VLAN tags,142 Loopback interface,14 Configuring VLAN mapping,154 Contacting HP,182 MAC address table configuration example,21 Conventions,183 MAC Information configuration example,25 MAC-based VLAN configuration,103 Displaying and maintaining an Ethernet interface,13 MSTP configuration...
Page 193
Overview,23 QinQ configuration examples,142 Overview,17 QinQ configuration task list,139 Performing basic LLDP configuration,170 Related information,182 Port isolation configuration example,44 Port-based VLAN configuration,97 VLAN mapping configuration examples,160 Protocol-based VLAN configuration (available only on VLAN mapping overview,151 the A3100 v2 EI),108 Voice VLAN configuration examples,120...