HP A5120 EI Switch Series
Layer 2 - LAN Switching
Abstract
This document describes the software features for the HP A Series products and guides you through the
software configuration procedures. These configuration guides also provide configuration examples to
help you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers, and
network administrators working with the HP A Series products.
Part number: 5998-1791
Software version: Release 2208
Document version: 5W100-20110530

Advertising

   Summary of Contents for HP A5120 EI Series

  • Page 1: Configuration Guide

    Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...

  • Page 3: Table Of Contents

    Contents Ethernet interface configuration ····································································································································· 1 Ethernet interface naming conventions ··························································································································· 1 Configuring basic settings of an Ethernet interface ······································································································· 1 Configuring a combo interface ······························································································································· 1 Configuring basic settings of an Ethernet interface ······························································································ 2 Setting speed options for auto negotiation on an Ethernet interface ·································································· 3 Configuring generic flow control on an Ethernet interface ··················································································...

  • Page 4: Table Of Contents

    Configuring the interval for sending Syslog or trap messages········································································· 27 Configuring the MAC Information queue length································································································ 27 MAC Information configuration example ···················································································································· 28 Ethernet link aggregation configuration ······················································································································ 29 Overview········································································································································································· 29 Basic concepts ······················································································································································· 29 Aggregating links in static mode ························································································································· 32 Aggregating links in dynamic mode ···················································································································...

  • Page 5: Table Of Contents

    Configuring timers of MSTP ································································································································· 72 Configuring the timeout factor ····························································································································· 73 Configuring the maximum port rate ···················································································································· 74 Configuring ports as edge ports ·························································································································· 74 Configuring path costs of ports ···························································································································· 75 Configuring port priority ······································································································································· 77 Configuring the link type of ports ························································································································ 78 Configuring the mode a port uses to recognize/send MSTP packets ·····························································...

  • Page 6: Table Of Contents

    Isolate-user-VLAN configuration ································································································································ 125 Overview······································································································································································· 125 Configuring isolate-user-VLAN ···································································································································· 125 Configuring an isolate-user-VLAN ····················································································································· 126 Configuring secondary VLANs ·························································································································· 127 Associating secondary VLANs with an isolate-user-VLAN ·············································································· 128 Displaying and maintaining isolate-user-VLAN ········································································································· 128 Isolate-user-VLAN configuration example ·················································································································· 129 Voice VLAN configuration ········································································································································· 132 Overview·······································································································································································...

  • Page 7: Table Of Contents

    LLDP configuration examples ······································································································································ 180 Basic LLDP configuration example ····················································································································· 180 CDP-compatible LLDP configuration example ··································································································· 183 Support and other resources ····································································································································· 185 Contacting HP ······························································································································································ 185 Subscription service ············································································································································ 185 Related information ······················································································································································ 185 Documents ···························································································································································· 185 Websites ······························································································································································ 185 Conventions ··································································································································································...

  • Page 8: Ethernet Interface Configuration

    HP A5120 EI Switch Series Installation Guide. For more information about the expansion cards, see the  The HP A5120-24G EI Switch(JE066A) and the HP A5120-48G EI Switch(JE067A) do not support IRF. Configuring basic settings of an Ethernet interface Configuring a combo interface...

  • Page 9: Configuring Basic Settings Of An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Optional By default, of the two ports that Activate the current interface undo shutdown compose a combo interface, the one with a smaller port ID is active.

  • Page 10: Setting Speed Options For Auto Negotiation On An Ethernet Interface

    To do… Use the command… Remarks Optional The optical port of an SFP port does not support the 10 and 100 Set the interface speed speed { 10 | 100 | 1000 | auto } keywords. By default, the auto option is enabled.

  • Page 11: Configuring Generic Flow Control On An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Set speed options for auto speed auto [ 10 | 100 | 1000 ] * Optional negotiation NOTE:  This function is only available for Gigabit Layer-2 copper (electrical) Ethernet interfaces that support speed auto negotiation.

  • Page 12: Configuring Link Change Suppression On An Ethernet Interface

    Configuring link change suppression on an Ethernet interface An Ethernet interface has two physical link states: up and down. Each time the physical link of an interface goes up or comes down, the physical layer reports the change to the upper layers, and the upper layers handle the change, resulting in increased overhead.

  • Page 13: Configuring Loopback Testing On An Ethernet Interface

    NOTE: The link-delay mode up command and the link-delay command supersedes each other, and whichever is configured last takes effect. Configuring loopback testing on an Ethernet interface You can perform loopback testing on an Ethernet interface to determine whether the interface functions properly.

  • Page 14: Configuring A Port Group

    NOTE:  On an interface that is physically down, you can only perform internal loopback testing. On an interface administratively shut down, you can perform neither internal nor external loopback testing.  The speed, duplex, mdi, and shutdown commands are not available during loopback testing. ...

  • Page 15

    Configuring storm suppression on an Ethernet interface You can use the following guidelines to set one suppression threshold for broadcast, multicast, and unknown unicast traffic separately on an Ethernet interface. Set the threshold as a percentage of the interface transmission capability. ...

  • Page 16: Setting The Statistics Polling Interval

    For management purposes, you can configure the interface to send threshold event traps and log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold. When the traffic exceeds its higher threshold, the interface does either of the following, depending on your configuration: Blocks the particular type of traffic, while forwarding other types of traffic.

  • Page 17: Enabling The Auto Power-down Function On An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Optional Set the statistics polling interval on flow-interval interval The default interface statistics the Ethernet interface polling interval is 300 seconds. To display the interface statistics collected in the last polling interval, use the display interface command.

  • Page 18: Enabling Single-port Loopback Detection On An Ethernet Interface

    To do… Use the command… Remarks or port group To configure jumbo frame support on one view Ethernet interface, enter Ethernet interface view. Enter port group view To configure jumbo frame support on a group of Ethernet interfaces, enter port group view.

  • Page 19: Enabling Multi-port Loopback Detection

    To do… Use the command… Remarks Enter Ethernet interface interface-type interface- Use either command. interface view number Enter To configure loopback detection Ethernet on one interface, enter Ethernet interface interface view. Enter port group port-group manual port-group- view or port To configure loopback detection view name...

  • Page 20: Setting The Mdi Mode Of An Ethernet Interface

    interface that receives the looped packets) is the looped interface. Multi-port loops might also cause broadcast storms. Figure 5 Network diagram for multi-port loopback detection Switch A Port 1 Port 2 Loop The multi-port loopback detection function detects loops among interfaces on your switch. You can use the loopback-detection action command to configure the protective action to take on looped interfaces—...

  • Page 21: Enabling Bridging On An Ethernet Interface

    A copper Ethernet interface uses an RJ-45 connector, which comprises eight pins, each of which plays a dedicated role. For example, pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. The pin role varies by the MDI modes as follows: ...

  • Page 22: Displaying And Maintaining An Ethernet Interface

    NOTE:  Optical interfaces do not support this feature.  If the link of an Ethernet interface is up, testing its cable connection will cause the link to come down and then go You can test the cable connection of an Ethernet interface for a short or open circuit. The device displays cable test results within five seconds.

  • Page 23

    To do… Use the command… Remarks Display information about the display loopback-detection [ | { begin | Available in any view loopback function exclude | include } regular-expression ] display storm-constrain [ broadcast | Display information about storm multicast | unicast ] [ interface interface-type Available in any view control on interfaces interface-number ] [ | { begin | exclude |...

  • Page 24: Loopback And Null Interface Configuration

    Loopback and null interface configuration Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits.  The physical layer state and link-layer protocols of a loopback interface are always up unless the loopback interface is manually shut down.

  • Page 25: Null Interface

    NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration information, see the Guide Null interface Introduction to null interface A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to forward data packets or configure an IP address or link-layer protocol on it.

  • Page 26

    To do… Use the command… Remarks display interface null [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information Available in any view about the null interface display interface null 0 [ brief ] [ | { begin | exclude | include } regular-expression ] Clear the statistics on a reset counters interface [ loopback [ interface-number...

  • Page 27: Mac Address Table Configuration

    MAC address table configuration Overview Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the switch first looks up the MAC address of the frame in the MAC address table for a match.

  • Page 28: Mac Address Table-based Frame Forwarding

     Dynamic entries, which can be manually added or dynamically obtained and might age out.  Blackhole entries, which are manually configured and never age out. Blackhole entries are configured for filtering out frames with specific destination MAC addresses. For example, to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole destination MAC address entry.

  • Page 29: Disabling Mac Address Learning

    To do… Use the command… Remarks Enter system view system-view — Configure static or mac-address { dynamic | static } mac- Required dynamic MAC address interface interface-type address table Use either command. interface-number vlan vlan-id Configure MAC entries Make sure that you address table Configure have created the VLAN...

  • Page 30: Configuring The Aging Timer For Dynamic Mac Address Entries

    To do… Use the command… Remarks Enter system view system-view — Optional Enable global MAC address undo mac-address mac-learning learning disable Enabled by default. Required Enter Layer 2 Ethernet interface Use either command. interface interface-type interface- view or Layer 2 The configuration made in Layer number Enter...

  • Page 31: Configuring The Mac Learning Limit On Ports

    Configuring the MAC learning limit on ports As the MAC address table is growing, the forwarding performance of your device might degrade. To prevent the MAC address table from getting so large that the forwarding performance degrades, you can limit the number of MAC addresses that a port can obtain. Follow these steps to configure the MAC learning limit on a Layer 2 Ethernet interface or all ports in a port group: To do…...

  • Page 32: Mac Address Table Configuration Example

    MAC address table configuration example Network requirements The MAC address of one host is 000f-e235-dc71 and belongs to VLAN 1. It is connected to  GigabitEthernet 1/0/1 of the device. To prevent MAC address spoofing, add a static entry into the MAC address table of the device for the host.

  • Page 33: Mac Information Configuration

    MAC Information configuration Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.

  • Page 34: Configuring Mac Information Mode

    To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type interface- — view number Required Enable MAC Information on the mac-address information enable { interface added | deleted } Disabled by default. NOTE: To enable MAC Information on an Ethernet interface, enable MAC Information globally first.

  • Page 35: Mac Information Configuration Example

    MAC Information configuration example Network requirements Host A is connected to a remote server (Server) through Device.   Enable MAC Information on GigabitEthernet 1/0/1 on Device. Device sends MAC address changes in Syslog messages to Host B through GigabitEthernet 1/0/3. Host B analyzes and displays the Syslog messages.

  • Page 36: Ethernet Link Aggregation Configuration

    Ethernet link aggregation configuration Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an ―aggregate link‖. Link aggregation delivers the following benefits:  Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 37

    Unselected: An Unselected port cannot forward user traffic.  Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of this operational key.

  • Page 38

    LACP The IEEE 802.3ad Link Aggregation Control Protocol (LACP) enables dynamic aggregation of physical links. It uses link aggregation control protocol data units (LACPDUs) for exchanging aggregation information between LACP-enabled devices. LACP functions The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described in Table Table 3 Basic and extended LACP functions Category...

  • Page 39: Aggregating Links In Static Mode

    Marker protocol During a session, if member ports are added to or removed from a dynamic link aggregation group, service traffic must be redistributed among all the new member ports of the link aggregation group. The Marker protocol can be employed to quickly redistribute service traffic within link aggregation groups and ensure the orderly transmission of data frames.

  • Page 40

    Selecting a reference port The system selects a reference port from the member ports that are:  Are in the up state and have Have the same class-two configurations as the aggregate interface.  The candidate ports are sorted by duplex and speed in this order: full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low speed.

  • Page 41: Aggregating Links In Dynamic Mode

    NOTE:  To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port.  If a static aggregation group has reached the limit on Selected ports, any port that joins the group is placed in the Unselected state to avoid traffic interruption on the current Selected ports.

  • Page 42

    Figure 9 Setting the state of a member port in a dynamic aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class 2 configurations same as the reference port? Port attribute/class 2 configurations of the peer port same as the peer port of the...

  • Page 43: Load-sharing Criteria For Link Aggregation Groups

    Load-sharing criteria for link aggregation groups In a link aggregation group, traffic can be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one of the following criteria or any combination of them for load sharing: MAC addresses ...

  • Page 44: Configuring A Static Aggregation Group

    NOTE: To achieve better load sharing results for data traffic among the member ports of a link aggregation group, assign ports of the same type (such as all 100 Mbps ports or all GE ports and so on) to the link aggregation group.

  • Page 45: Configuring An Aggregate Interface

    To do... Use the command... Remarks Optional By default, the system LACP priority is 32768. Set the system LACP priority lacp system-priority system-priority Changing the system LACP priority might affect the aggregation state of the ports in a dynamic aggregation group. Required When you create a Layer 2 Create a Layer 2 aggregate...

  • Page 46: Configuring The Description Of An Aggregate Interface

    Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface. Follow these steps to configure the description of an aggregate interface: To do... Use the command...

  • Page 47: Configuring Load Sharing For Link Aggregation Groups

    To do... Use the command... Remarks Enter Layer 2 aggregate interface interface bridge-aggregation — view interface-number Required Shut down the aggregate shutdown By default, aggregate interface interfaces are up. Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load-sharing criteria.

  • Page 48: Enabling Local-first Load Sharing For Link Aggregation

    Any two or all three of these elements – ingress port number, source MAC address, and destination  MAC address Configuring group-specific load-sharing criteria Follow these steps to configure load-sharing criteria for a link aggregation group: To do… Use the command… Remarks Enter system view system-view...

  • Page 49: Enabling Link-aggregation Traffic Redirection

    Figure 10 Local-first link-aggregation load sharing The egress port for a traffic flow is an aggregate interface that has member ports on different IRF member switches Local-first load sharing mechanism enabled? Any member ports on the ingress switch? Packets are load shared only Packets are load shared across the member ports on across all member ports...

  • Page 50: Displaying And Maintaining Ethernet Link Aggregation

    CAUTION:  Link-aggregation traffic redirection applies only to dynamic link aggregation groups.  To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the aggregate link.  To prevent packet loss that might occur at a reboot, disable both MSTP and link-aggregation traffic redirection. ...

  • Page 51: Layer 2 Static Aggregation Configuration Example

    NOTE: In an aggregation group, only ports that have the same port attributes and class-two configurations (see ‖Configuration classes‖) as the reference port (see ―Reference port‖) can operate as Selected ports. You must ensure that all member ports have the same port attributes and class-two configurations as the reference port.

  • Page 52

    [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit...

  • Page 53: Layer 2 Dynamic Aggregation Configuration Example

    The output shows that link aggregation group 1 is a load-shared Layer 2 static aggregation group, and it contains three Selected ports. # Display the global link-aggregation load-sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses.

  • Page 54

    [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-aggregation 1, and configure the link aggregation mode as dynamic. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1 one at a time.

  • Page 55: Layer 2 Aggregation Load Sharing Configuration Example

    Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load-shared Layer 2 dynamic aggregation group, and it contains three Selected ports. # Display the global link-aggregation load-sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address...

  • Page 56

    [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 1/0/6 to VLAN 20. <DeviceA> system-view [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the load sharing criterion for the link aggregation group as the source MAC addresses of packets.

  • Page 57

    # Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLANs [DeviceA] interface bridge-aggregation 2 [DeviceA-Bridge-Aggregation2] port link-type trunk [DeviceA-Bridge-Aggregation2] port trunk permit vlan 20 Please wait... Done. Configuring GigabitEthernet1/0/3... Done. Configuring GigabitEthernet1/0/4... Done. [DeviceA-Bridge-Aggregation2] quit Configure Device B Configure Device B as you configure Device A.

  • Page 58: Port Isolation Configuration

    VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called ―isolated ports.‖...

  • Page 59: Displaying And Maintaining Isolation Groups

    Displaying and maintaining isolation groups To do… Use the command… Remarks display port-isolate group [ | { Display information about the isolation group begin | exclude | include } Available in any view regular-expression ] Port isolation configuration example Network requirements As shown in Figure Hosts A, B, and C are connected to port GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and...

  • Page 60

    [Device-GigabitEthernet1/0/3] port-isolate enable # Display information about the isolation group. <Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...

  • Page 61: Mstp Configuration

    MSTP configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy. The recent versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).

  • Page 62: Basic Concepts In Stp

    Max age: Maximum age of the configuration BPDU stored on the switch.  Hello time: Configuration BPDU transmission interval.  Forward delay: Delay that STP bridges use to transition port state.  Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The root bridge is not permanent, but can change along with changes of the network topology.

  • Page 63: How Stp Works

    Figure 15 A schematic diagram of designated bridges and designated ports Device A Port A1 Port A2 Device B Device C Port B1 Port C1 Port B2 Port C2 Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree.

  • Page 64

    Step Description Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports.  The root bridge ID is replaced with that of the configuration BPDU of the root port. ...

  • Page 65

    Figure 16 provides an example of how the STP algorithm works. Figure 16 Network diagram for the STP algorithm Device A Priority = 0 Port A1 Port A2 Port B1 Port C1 Port B2 Port C2 Path cost = 4 Device B Device C Priority = 1...

  • Page 66

    Table 11 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison  Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU, and discards the received one.

  • Page 67

    Configuration BPDU on Device Comparison process ports after comparison  Device C compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port C1 is the optimum, and selects Port C1 as the root port with the configuration BPDU unchanged.

  • Page 68

    Figure 17 Topology of the final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link The BPDU forwarding mechanism in STP STP forwards configuration BPDUs following these guidelines:  Upon network initiation, every switch regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.

  • Page 69: Introduction To Rstp

    Introduction to RSTP Developed based on the 802.1w standard of IEEE, RSTP is an optimized version of STP. It achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster under certain conditions than STP. NOTE: ...

  • Page 70: Basic Concepts In Mstp

    Basic concepts in MSTP Figure 18 Basic concepts in MSTP VLAN 1 à MSTI 1 VLAN 1 à MSTI 1 VLAN 2 à MSTI 2 VLAN 2 à MSTI 2 Other VLANs à MSTI 0 Other VLANs à MSTI 0 MST region 1 MST region 4 MST region 2...

  • Page 71

    MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: MSTP-enabled  Same region name  Same VLAN-to-instance mapping configuration ...

  • Page 72

    Common root bridge The common root bridge is the root bridge of the CIST. Figure 18, for example, the common root bridge is a device in MST region 1. Roles of ports A port can play different roles in different MSTIs. As shown in Figure 20, an MST region comprises Device A, Device B, Device C, and Device D.

  • Page 73: How Mstp Works

    Port states In MSTP, a port can be in one of the following states:  Forwarding: The port receives and sends BPDUs, obtains MAC addresses, and forwards user traffic. Learning: The port receives and sends BPDUs, obtains MAC addresses, but does not forward user ...

  • Page 74: Implementation Of Mstp On Devices

    Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold ...

  • Page 75

    Task Remarks Enabling the output of port state transition information Optional Enabling the MSTP feature Required Configuring an MST region Required Configuring the work mode of an MSTP device Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring ports as edge ports Optional...

  • Page 76: Configuring Mstp

    Configuring MSTP Configuring an MST region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration —...

  • Page 77: Configuring The Work Mode Of An Mstp Device

    Note the following rules: A device has independent roles in different MSTIs. It can act as the root bridge or a secondary root  bridge of one MSTI and the root bridge or a secondary root bridge of another MSTI. However, one device cannot be the root bridge and a secondary root bridge in the same MSTI at the same time.

  • Page 78: Configuring The Priority Of A Device

    In RSTP mode, all ports of the device send RSTP BPDUs. If the device detects that it is connected to a  legacy STP device, the port that connects to the legacy STP device will automatically migrate to STP- compatible mode. In MSTP mode, all ports of the device send MSTP BPDUs.

  • Page 79: Configuring The Network Diameter Of A Switched Network

    Follow these steps to configure the maximum number of hops of an MST region: To do... Use the command... Remarks Enter system view system-view — Required Configure the maximum hops of stp max-hops hops the MST region 20 by default. Configuring the network diameter of a switched network Any two terminal devices in a switched network are connected through a specific path composed of a series of devices.

  • Page 80: Configuring The Timeout Factor

    If the forward delay is too short, temporary redundant paths might occur. If the forward delay is too long, network convergence might take a long time. HP recommends that you use the default setting.

  • Page 81: Configuring The Maximum Port Rate

    By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes unstable. HP recommends that you use the default setting. Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 82: Configuring Path Costs Of Ports

    To do... Use the command... Remarks Enter Ethernet interface interface interface-type view or Layer 2 aggregate Enter interface interface-number Required interface view view or port Use either command. group view port-group manual port- Enter port group view group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.

  • Page 83

    Table 13 shows the mappings between the link speed and the path cost. Table 13 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE 802.1d- IEEE 802.1t Private standard 1998 — 65535 200,000,000 200,000 Single Port 2,000,000...

  • Page 84: Configuring Port Priority

    Path cost Link speed Port type IEEE 802.1d- IEEE 802.1t Private standard 1998 Aggregate interface containing 4 selected ports NOTE: When calculating path cost for an aggregate interface, IEEE 802.1d-1998 does not take into account the number of selected ports in its aggregation group as IEEE 802.1t does. The calculation formula of IEEE 802.1t is: Path cost = 200,000,000/link speed (in 100 kbps), where link speed is the sum of the link speed values of the selected ports in the aggregation group.

  • Page 85: Configuring The Link Type Of Ports

    On an MSTP-enabled device, a port can have different priorities in different MSTIs, and the same port can play different roles in different MSTIs, so that data of different VLANs can be propagated along different physical paths, implementing per-VLAN load balancing. You can set port priority values based on the actual networking requirements.

  • Page 86: Configuring The Mode A Port Uses To Recognize/send Mstp Packets

    If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. HP recommends that you use the default setting, and let MSTP detect the link status automatically.

  • Page 87: Enabling The Output Of Port State Transition Information

    Enabling the output of port state transition information A large-scale, MSTP-enabled network can have many MSTIs, and ports might frequently transition from one state to another. In this situation, you can enable devices to output the port state transition information of all MSTIs or the specified MSTI in order to monitor the port states in real time. Make this configuration separately on the root bridge and on the leaf nodes.

  • Page 88: Configuring Digest Snooping

    If a port on a device that is running MSTP (or RSTP) connects to a device that is running STP, this port automatically migrates to the STP-compatible mode. However, it will not be able to automatically migrate back to the MSTP (or RSTP) mode, but will remain working in the STP-compatible mode under the following circumstances: ...

  • Page 89

    To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated ports. HP recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.

  • Page 90: Configuring No Agreement Check

    Figure 21 Digest Snooping configuration MST region Device C (Root bridge) Root port GE1/0/1 GE1/0/2 Designated port Blocked port Normal link GE1/0/1 GE1/0/1 Blocked link GE1/0/2 GE1/0/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A.

  • Page 91

    Figure 22 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.

  • Page 92: Configuring Protection Functions

    To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface view or Layer 2 interface interface-type Enter interface aggregate interface interface-number Required or port group view Use either command. view port-group manual port-group- Enter port group view name Required Enable No Agreement Check...

  • Page 93

    Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets these ports as non-edge ports and starts a new spanning tree calculation process.

  • Page 94

    To do... Use the command... Remarks port-group manual port- Enter port group view group-name Required Enable the root guard function for the port(s) stp root-protection Disabled by default. NOTE: Among loop guard, root guard and edge port settings, only one function (whichever is configured the earliest) can at a time take effect on a port.

  • Page 95: Displaying And Maintaining Mstp

    6 by default. period after it receives the first TC-BPDU NOTE: HP does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 96: Mstp Configuration Example

    To do... Use the command... Remarks Display information about ports blocked display stp down-port [ | { begin | Available in any by STP protection functions exclude | include } regular-expression ] view Display the historical information of port display stp [ instance instance-id ] history Available in any role calculation for the specified MSTI or [ slot slot-number ] [ | { begin | exclude...

  • Page 97

    Figure 25 Network diagram for MSTP configuration MST region Device A Device B Permit: all VLAN GE1/0/3 GE1/0/3 Permit: VLAN 10, 20 Permit: VLAN 20, 30 GE1/0/3 GE1/0/3 Permit: VLAN 20, 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports (details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D.

  • Page 98

    [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.

  • Page 99

    # Enable MSTP globally. [DeviceD] stp enable Verify the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port...

  • Page 100

    Figure 26 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link...

  • Page 101: Bpdu Tunneling Configuration

    BPDU tunneling configuration Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network. Background Customers usually use dedicated lines in a service provider network to build their own Layer 2 networks. As a result, often a customer network consists of parts located at different sides of the service provider network.

  • Page 102: Bpdu Tunneling Implementation

    NOTE: Depending on the switch models, HP devices support BPDU tunneling for the following protocols:  Cisco Discovery Protocol (CDP)  Device Link Detection Protocol (DLDP)  Ethernet Operation, Administration and Maintenance (EOAM)  GARP VLAN Registration Protocol (GVRP) ...

  • Page 103: Configuring Bpdu Tunneling

    Figure 28 Network diagram for BPDU tunneling implementation PE 1 PE 2 ISP network BPDU tunnel CE 1 CE 2 User A network 1 User A network 2 As shown in Figure 28, the upper part is the service provider network (ISP network), and the lower part represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2.

  • Page 104: Enabling Bpdu Tunneling

    Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE:  Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the current port. Settings made in port group view take effect on all ports in the port group. ...

  • Page 105: Bpdu Tunneling Configuration Examples

    To do… Use the command… Remarks Enter system view system-view — Optional Configure the destination bpdu-tunnel tunnel-dmac mac- multicast MAC address for BPDUs address 0x010F-E200-0003 by default. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.

  • Page 106: Bpdu Tunneling For Pvst Configuration Example

    [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port access vlan 2 # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.

  • Page 107

    Configuration procedure Configure PE 1. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.

  • Page 108: Vlan Configuration

    VLAN configuration Introduction to VLAN VLAN overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.

  • Page 109: Types Of Vlans

    The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure Figure 32 Format of a traditional Ethernet frame...

  • Page 110: Configuring Basic Vlan Settings

    Other criteria  NOTE:  The A5120 EI Switch Series supports port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings. ...

  • Page 111: Configuring Basic Settings Of A Vlan Interface

    Configuring basic settings of a VLAN interface For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform layer 3 forwarding. You use VLAN interfaces to achieve this. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices.

  • Page 112

    VLAN, see the chapter ―Voice VLAN configuration.‖  HP recommends that you set the same PVID for the local and remote ports.  Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.

  • Page 113: Assigning An Access Port To A Vlan

    Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame Send the frame if its VLAN is carried on the port. The frame is sent with the VLAN tag Hybrid removed or intact depending on your configuration via the port hybrid vlan command.

  • Page 114: Assigning A Trunk Port To A Vlan

    To do… Use the command… Remarks Optional Assign the current access port(s) to a port access vlan vlan-id By default, all access ports VLAN belong to VLAN 1. NOTE:  Before you assign an access port to a VLAN, create the VLAN. ...

  • Page 115: Assigning A Hybrid Port To A Vlan

    NOTE:  To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first.  After configuring the PVID for a trunk port, you must use the port trunk permit vlan command to configure the trunk port to allow packets from the PVID to pass through, so that the egress port can forward packets from the PVID.

  • Page 116: Port-based Vlan Configuration Example

    NOTE:  To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first.  After you use the port link-type { access | hybrid | trunk } command to change the link type of an interface, the loopback detection action configured on the interface by using the loopback-detection action command will Layer be restored to the default.

  • Page 117: Mac-based Vlan Configuration

    [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit # Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200, to enable GigabitEthernet 1/0/3 to forward traffic of VLANs 100 and 200 to Device B. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-type trunk [DeviceA-GigabitEthernet1/0/3] port trunk permit vlan 100 200 Please wait...

  • Page 118

    Approach 1: Static MAC-based VLAN assignment Static MAC-based VLAN assignment applies to networks containing a small number of VLAN users. In such a network, you can create a MAC address-to-VLAN map containing multiple MAC address-to-VLAN entries on a port, enable the MAC-based VLAN feature on the port, and assign the port to MAC-based VLANs.

  • Page 119: Configuring Mac-based Vlan

    Figure 35 Flowchart for processing an untagged frame in dynamic MAC-based VLAN assignment The port receives an untagged frame The port uses the source MAC address of the packet to search the MAC address- to-VLAN mapping table A match is found? Exactly matched? The port is assigned to...

  • Page 120

    NOTE:  MAC-based VLANs are available only on hybrid ports.  The MAC-based VLAN feature is mainly configured on the downlink ports of the user access devices. Do not enable this function together with link aggregation.  After associating MAC addresses with a VLAN, if you specify the 802.1p priority value corresponding to the specified MAC addresses, you must use the qos trust dot1p command in interface view to configure the interface to use the 802.1p priority in incoming packets for priority mapping.

  • Page 121

    NOTE:  With dynamic MAC-based VLAN assignment enabled, packets are delivered to the CPU for processing. The packet processing mode has the highest priority and overrides the configuration of MAC learning limit and disabling of MAC address learning. When dynamic MAC-based VLAN assignment is enabled, do not configure the MAC learning limit or disable MAC address learning.

  • Page 122: Mac-based Vlan Configuration Example

    NOTE: After enabling MAC-based VLAN on the switch, you must configure related authentication settings on Security the access authentication server. For more information about access authentication, see the Configuration Guide Follow these steps to configure dynamic MAC-based VLAN: To do... Use the command...

  • Page 123

    Figure 36 Network diagram for MAC-based VLAN configuration VLAN 100 VLAN 200 Server1 Server2 IP: 1.1.1.1/24 IP: 1.1.2.1/24 GE1/0/14 GE1/0/13 GE1/0/4 GE1/0/3 Device B GE1/0/2 GE1/0/2 Device C Device A GE1/0/1 GE1/0/1 VLAN 100 VLAN 200 Laptop1 Laptop2 IP: 1.1.1.2/24 IP: 1.1.2.2/24 MAC: 000d-88f8-4e71 MAC: 0014-222c-aa69...

  • Page 124

    [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-GigabitEthernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 125: Protocol-based Vlan Configuration

    Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration Introduction to protocol-based VLAN NOTE: Protocol-based VLAN configuration applies only to hybrid ports.

  • Page 126

    To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { Create a protocol template for the ethernetii etype etype-id | llc { Required VLAN dsap dsap-id [ ssap ssap-id ] |...

  • Page 127: Protocol-based Vlan Configuration Example

    CAUTION:  dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively. ...

  • Page 128

    Configuration procedure Configure Device. # Create VLAN 100, and assign port GigabitEthernet 1/0/1 1 to VLAN 100. <Device> system-view [Device] vlan 100 [Device-vlan100] description protocol VLAN for IPv4 [Device-vlan100] port gigabitethernet 1/0/11 [Device-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200. [Device] vlan 200 [Device-vlan200] description protocol VLAN for IPv6 [Device-vlan200] port gigabitethernet 1/0/12...

  • Page 129: Ip Subnet-based Vlan Configuration

    Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts and the server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to determine whether the configurations have become valid.

  • Page 130

    NOTE: This feature is applicable only on hybrid ports. Follow these steps to configure an IP subnet-based VLAN: To do… Use the command… Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Required The IP network segment or IP Associate an IP subnet with the ip-subnet-vlan [ ip-subnet-index address to be associated with a...

  • Page 131: Displaying And Maintaining Vlan

    Displaying and maintaining VLAN To do... Use the command… Remarks display vlan [ vlan-id1 [ to vlan-id2 ] | all | Display VLAN information dynamic | reserved | static ] [ | { begin | Available in any view exclude | include } regular-expression ] display interface vlan-interface [ vlan- Display VLAN interface interface-id ] [ | { begin | exclude | include...

  • Page 132: Isolate-user-vlan Configuration

    Isolate-user-VLAN configuration Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be ...

  • Page 133: Configuring An Isolate-user-vlan

    Configure the secondary VLANs. Assign non-trunk ports to each secondary VLAN and configure these ports as downstream ports.  To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3,  configure VLAN interfaces for the secondary VLANs. Do not configure IP addresses for the secondary VLAN interfaces.

  • Page 134: Configuring Secondary Vlans

    To do... Use the command Remarks  This configuration is required when users in the isolate-user- VLAN need to communicate with other networks at Layer 3.  This configuration is optional when users in the isolate-user- Configure an IP address for the ip address ip-address { mask | VLAN do not need to isolate-user-VLAN interface...

  • Page 135: Associating Secondary Vlans With An Isolate-user-vlan

    To do… Use the command… Remarks  This configuration is required when users in the isolate-user- VLAN need to communicate with other networks at Layer  This configuration is optional Create a secondary VLAN interface interface vlan-interface vlan- when users in the isolate-user- and enter secondary VLAN interface interface-id VLAN do not need to...

  • Page 136: Isolate-user-vlan Configuration Example

    Isolate-user-VLAN configuration example Network requirements As shown in Figure  Connect Device A to downstream devices Device B and Device C.  Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign GigabitEthernet 1/0/2 to VLAN 2 and GigabitEthernet 1/0/1 to VLAN 3.

  • Page 137

    [DeviceB-GigabitEthernet1/0/1] port access vlan 3 [DeviceB-GigabitEthernet1/0/1] port isolate-user-vlan host [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-GigabitEthernet1/0/2] port isolate-user-vlan host [DeviceB-GigabitEthernet1/0/2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C.

  • Page 138

    Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003...

  • Page 139: Voice Vlan Configuration

    Voice VLAN configuration Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality. NOTE: Common voice devices include IP phones and integrated access devices (IADs).

  • Page 140

    In automatic mode, the system matches the source MAC address carried in the untagged packets  sent when an IP phone is powered on against the device’s OUI addresses. If the system finds a match, it automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence.

  • Page 141

    Table 15 Required configurations on ports of different link types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Automatic Access — Manual Configure the PVID of the port, which cannot be Automatic the voice VLAN, and assign the port to its PVID.

  • Page 142: Security Mode And Normal Mode Of Voice Vlans

    MAC addresses checking. TIP: HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, ensure that the voice VLAN security mode is disabled.

  • Page 143: Configuring A Voice Vlan

    Voice VLAN Packet type Packet processing mode mode Packets that carry the voice VLAN tag Packets that carry other Forwarded or dropped depending on whether the port tags allows packets of these VLANs to pass through. Configuring a voice VLAN Configuration prerequisites Before you configure a voice VLAN, complete the following tasks: Create a VLAN...

  • Page 144: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    To do... Use the command... Remarks marked for voice VLAN traffic into 6 and 46 respectively. Configure the interface to modify the CoS and DSCP values marked voice vlan qos cos-value dscp- The voice vlan qos command and for incoming traffic of the voice value the voice vlan qos trust command VLAN into specified values...

  • Page 145: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    NOTE: A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. For more information, see the chapter ―VLAN configuration.‖...

  • Page 146: Displaying And Maintaining Voice Vlan

    Displaying and maintaining voice VLAN To do... Use the command... Remarks display voice vlan state [ | { begin | exclude Display the voice VLAN state Available in any view | include } regular-expression ] Display the OUI addresses that display voice vlan oui [ | { begin | exclude Available in any view the system supports...

  • Page 147

    [DeviceA] voice vlan aging 30 # GigabitEthernet 1/0/1 might receive both voice traffic and data traffic at the same time. To ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to work in security mode to transmit only voice packets.

  • Page 148: Manual Voice Vlan Assignment Mode Configuration Example

    Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP -------------------------------------------------------------------- GigabitEthernet1/0/1 AUTO GigabitEthernet1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure 43 Create VLAN 2 and configure it as a voice VLAN that permits only voice traffic to pass through. ...

  • Page 149

    [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 2 untagged # Enable voice VLAN on GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] voice vlan 2 enable Verification # Display the OUI addresses, OUI address masks, and description strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000...

  • Page 150: Gvrp Configuration

    GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.

  • Page 151

    Join messages A GARP participant sends Join messages when it must register its attributes (including manually configured attributes) with other participants, and when it receives Join messages from other participants. The types of Join messages are JoinEmpty and JoinIn.  A GARP participant sends a JoinEmpty message to declare an attribute not registered on it.

  • Page 152

    Leave timer A GARP participant starts a Leave timer when it receives a Leave message for an attribute value. If the GARP participant receives no Join message for the attribute value before the timer expires, it deregisters the attribute value. LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts.

  • Page 153: Gvrp

    Field Description Value 0x01 for GVRP, which indicates Attribute type Defined by the GARP application the VLAN ID attribute Attribute list Contains one or multiple attributes –– Consists of an attribute length, an Attribute –– attribute event, and an attribute value Length of an attribute, inclusive of Attribute length...

  • Page 154: Protocols And Standards

    Protocols and standards  IEEE 802.1Q, Virtual Bridged Local Area Networks GVRP configuration task list Complete these tasks to configure GVRP: Task Remarks Configuring GVRP functions Required Configuring GARP timers Optional NOTE:  GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on the current interface only.

  • Page 155: Configuring Garp Timers

    To do… Use the command… Remarks Required Enable GVRP on the ports gvrp Disabled by default. Optional Configure the GVRP registration mode on the gvrp registration { fixed | ports forbidden | normal } normal by default. NOTE:  For more information about the port link-type trunk and port trunk permit vlan all commands, see the chapter ―VLAN configuration commands.‖...

  • Page 156: Displaying And Maintaining Gvrp

    To do… Use the command… Remarks Optional Configure the Leave timer garp timer leave timer-value 60 centiseconds by default As shown in Table 19, the value ranges for GARP timers are dependent on one another; use the following guidelines to configure GARP timers: If you want to set a value beyond the value range for a timer, you can change the value range by ...

  • Page 157: Gvrp Configuration Examples

    To do… Use the command… Remarks reset garp statistics [ interface interface- Clear the GARP statistics on ports Available in user view list ] GVRP configuration examples GVRP normal registration mode configuration example Network requirements As shown in Figure  Device A and Device B are connected through their GigabitEthernet 1/0/1 ports.

  • Page 158: Gvrp Fixed Registration Mode Configuration Example

    # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to display the local VLAN information that GVRP maintains on ports.

  • Page 159: Gvrp Forbidden Registration Mode Configuration Example

    # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration mode to fixed on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration fixed [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally.

  • Page 160

    Enable GVRP and configure the forbidden registration mode on ports to prevent the registration and  deregistration of all VLANs but VLAN 1 between the two devices. Figure 48 Network diagram for GVRP forbidden registration mode configuration GE1/0/1 GE1/0/1 Device A Device B Configuration procedure Configure Device A.

  • Page 161

    Following VLANs exist in GVRP local database: 1(default) According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 2 on the local device and dynamic VLAN information of VLAN 3 on Device B are not.

  • Page 162: Qinq Configuration

    QinQ configuration NOTE: inner VLANs‖ Throughout this document, customer network VLANs (CVLANs), also called ― , refer to the VLANs that a customer uses on the private network; service provider network VLANs (SVLANs), also outer VLANs called ― ‖, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 163: Qinq Frame Structure

    Figure 49 Typical QinQ application scenario Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 49, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20.

  • Page 164: Implementations Of Qinq

    The minimum size of a QinQ packet is 1508 bytes, which comprises two four-byte VLAN tags and one 1500-byte standard Ethernet frame. Implementations of QinQ HP provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its PVID, regardless of whether they have been tagged or not.

  • Page 165

    The switch determines whether a received frame carries a SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries a SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100, and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the switch considers that the frame carries only the SVLAN tag but not the CVLAN tag.

  • Page 166: Configuring Basic Qinq

    Task Remarks QinQ Configuring an inner-outer VLAN 802.1p priority Optional mapping Configuring the TPID value in VLAN tags Optional NOTE:  QinQ requires configurations only on the service provider network.  QinQ configurations made in Ethernet interface view take effect on the current interface only. Those made in Layer 2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group.

  • Page 167: Configuring Selective Qinq

    To do... Use the command... Remarks Enter port group port-group manual port-group-name view Required Configure VLAN transparent By default, VLAN transparent qinq transparent-vlan vlan-list transmission on the ports transmission is not configured. NOTE: When you are configuring transparent transmission for a VLAN, you must configure all the switches on the transmission path to permit packets of this VLAN to pass through.

  • Page 168: Configuring An Inner-outer Vlan 802.1p Priority Mapping

    Configuring an inner-outer VLAN 802.1p priority mapping Through QoS policies, the A5120 EI switches achieve the following inner-outer VLAN 802.1p priority mapping modes:  Marking the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags.

  • Page 169: Configuring The Tpid Value In Vlan Tags

    To do... Use the command... Remarks view of the  Settings made in Layer 2 customer Ethernet interface view take network-side effect only on the current port. Enter port group port-group manual port-group- port  Settings made in port group view name view take effect on all ports in...

  • Page 170

    Frames of VLAN 250 through VLAN 350 can be exchanged between Customer B1 and Customer  B2 through VLAN 50 of the service provider network. Figure 52 Network diagram for Basic QinQ configuration Customer B1 Customer A1 VLAN 200~299 VLAN 250~350 Provider A Provider B GE1/0/1...

  • Page 171: Selective Qinq Configuration Example

    [ProviderA] interface gigabitethernet 1/0/3 [ProviderA-GigabitEthernet1/0/3] port link-type trunk [ProviderA-GigabitEthernet1/0/3] port trunk permit vlan 10 50 # Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type 8200 Configure Provider B. Configure GigabitEthernet 1/0/1  # Configure VLAN 50 as the PVID of GigabitEthernet 1/0/1. <ProviderB>...

  • Page 172

    Customer A, Customer B and Customer C are edge devices on the customer network.  Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B.  Make configuration to achieve the following: VLAN 10 frames of Customer A and Customer B can be forwarded to each other across SVLAN ...

  • Page 173

    [ProviderA-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2  # Configure GigabitEthernet 1/0/2 as a hybrid port to permit frames of VLAN 1000 to pass through, and configure GigabitEthernet 1/0/2 to send packets of VLAN 1000 with tag removed. [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 1000 untagged # Tag CVLAN 10 frames with SVLAN 1000.

  • Page 174

    Configure the third-party devices between Provider A and Provider B as follows: configure the port that connects GigabitEthernet 1/0/3 of Provider A and the port that connects GigabitEthernet 1/0/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.

  • Page 175: Lldp Configuration

    LLDP configuration Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.

  • Page 176

    Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to 0x0180- Destination MAC address C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.

  • Page 177

    Figure 56 LLDPDU encapsulation format Chassis ID TLV Port ID TLV Time To Live TLV Optional TLV Optional TLV End of LLDPDU TLV An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time To Live TLV, and End of LLDPDU TLV.

  • Page 178

    NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 179: How Lldp Works

    Table 26 LLDP-MED TLVs Type Description Allows a network device to advertise the LLDP-MED TLVs that it LLDP-MED Capabilities supports Allows a network device or terminal device to advertise the VLAN ID Network Policy of the specific port, the VLAN type, and the Layer 2 priorities for specific applications Allows a network device or terminal device to advertise power Extended Power-via-MDI...

  • Page 180

    overwhelming the network during times of frequent changes to local device information, an interval is introduced between two successive LLDPDUs. This interval is shortened to 1 second in either of the following cases:  A new neighbor is discovered, in other words, a new LLDPDU is received and carries device information new to the local device.

  • Page 181: Performing Basic Lldp Configuration

    Performing basic LLDP configuration Enabling LLDP To make LLDP take effect on certain ports, you must enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do… Use the command… Remarks Enter system view system-view —...

  • Page 182: Setting The Lldp Re-initialization Delay

    Setting the LLDP re-initialization delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent changes to the LLDP operating mode on a port. Follow these steps to set the LLDP re-initialization delay for ports: To do…...

  • Page 183: Configuring The Management Address And Its Encoding Format

    To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | port- description | system-capability | system- Optional description | system-name } | dot1-tlv { all | port-vlan-id | protocol-vlan-id [ vlan-id ] | By default, all types of vlan-name [ vlan-id ] } | dot3-tlv { all | link- LLDP TLVs except the Configure the advertisable TLVs...

  • Page 184: Setting Other Lldp Parameters

    Setting other LLDP parameters The Time To Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs, which determines how long information about the local device can be saved on a neighbor device.

  • Page 185: Configuring Cdp Compatibility

    To do… Use the command… Remarks Enter Layer 2 interface interface-type interface- Enter Ethernet Ethernet interface number Required interface view view or port group Use either command. Enter port group view port-group manual port-group-name view Required Set the encapsulation format for lldp encapsulation snap Ethernet II encapsulation LLDPDUs to SNAP...

  • Page 186: Configuring Lldp Trapping

    To do… Use the command… Remarks Enter system view system-view — Required Enable CDP compatibility globally lldp compliance cdp Disabled by default. Enter Layer 2 Enter interface interface-type interface-number Ethernet interface Ethernet Required view interface Use either command. view or port Enter port group port-group manual port-group-name group view...

  • Page 187: Displaying And Maintaining Lldp

    Displaying and maintaining LLDP To do… Use the command… Remarks Display the global LLDP display lldp local-information [ global | information or the information interface interface-type interface-number ] [ | Available in any view contained in the LLDP TLVs to be { begin | exclude | include } regular- sent through a port expression ]...

  • Page 188

    <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2...

  • Page 189

    Number of received unknown TLV : 0 Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 3 As the sample output shows, GigabitEthernet 1/0/1 of Switch A connects to an MED device, and GigabitEthernet 1/0/2 of Switch A connects to a non-MED device.

  • Page 190: Cdp-compatible Lldp Configuration Example

    Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect to any neighboring devices. CDP-compatible LLDP configuration example Network requirements As shown in Figure...

  • Page 191

    # Enable LLDP. (You can skip this step because LLDP is enabled on ports by default.) Configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status txrx [SwitchA-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx...

  • Page 192: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. ...

  • Page 193: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 194

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 195: Index

    Index A B C D E G H I L M O P Q S T V W Configuring a protocol-based VLAN,1 18 Configuring a static aggregation group,37 Aggregating links in dynamic mode,34 Configuring an inner-outer VLAN 802.1p priority Aggregating links in static mode,32 mapping,161 Assigning a hybrid port to a...

  • Page 196

    Configuring the interval for sending Syslog or trap GVRP fixed registration mode configuration messages,27 example,151 Configuring the link type of ports,78 GVRP forbidden registration mode configuration example,152 Configuring the MAC Information queue length,27 GVRP normal registration mode configuration Configuring the MAC learning limit on ports,24 example,150 Configuring the management address and its encoding...

  • Page 197

    Protocol packets of STP,54 Protocol-based VLAN configuration example,120 Protocols and standards,147 Protocols and standards,67 Protocols and standards,158 Protocols and standards,173 QinQ frame structure,156 Security mode and normal mode of voice VLANs,135 Selective QinQ Configuration Example,164 Setting an encapsulation format for LLDPDUs,177 Setting other LLDP parameters,177...

Comments to this Manuals

Symbols: 0
Latest comments: