HP A5830 Switch Series
Layer 2 - LAN Switching
Abstract
This document describes the software features for the HP A Series products and guides you through the
software configuration procedures. These configuration guides also provide configuration examples to
help you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers, and
network administrators working with the HP A Series products.
Part number: 5998-2062
Software version: Release 1109
Document version: 6W100-20110715

Advertising

   Summary of Contents for HP A5830

  • Page 1: Configuration Guide

    Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...

  • Page 3: Table Of Contents

    Contents Configuring the Ethernet interface ································································································································· 1 Naming the Ethernet interfaces ······································································································································· 1 Understanding the general configuration ······················································································································· 1 Configuring the management Ethernet interface ·································································································· 1 Configuring a combo interface ······························································································································· 2 Configuring basic settings of an Ethernet interface ······························································································ 2 Shutting down an Ethernet interface ······················································································································...

  • Page 4: Table Of Contents

    Configuring Ethernet link-aggregation························································································································· 26 Basic concepts ······················································································································································· 26 Using aggregating links in static mode ·············································································································· 29 Using aggregating links in dynamic mode········································································································· 30 Using load-sharing criteria for link-aggregation groups ··················································································· 32 Using the Ethernet link-aggregation configuration task list ························································································ 32 Configuring an aggregation group ·····························································································································...

  • Page 5: Table Of Contents

    Configuring the port link type ······························································································································ 73 Configuring port mode used to recognize/send MSTP packets ······································································ 73 Enabling port state transition information output ······························································································· 74 Enabling the spanning tree feature ····················································································································· 75 Performing mCheck ··············································································································································· 76 Configuring the VLAN Ignore feature ················································································································· 76 Configuring Digest Snooping ······························································································································...

  • Page 6: Table Of Contents

    Displaying isolate-user-VLAN ······································································································································ 131 Setting an example isolate-user-VLAN configuration ······························································································· 131 Configuring GVRP ······················································································································································ 134 Using GVRP·························································································································································· 137 GVRP registration modes ···································································································································· 137 Protocols and standards ····································································································································· 137 Configuration task list ·················································································································································· 137 Configuring GVRP functions ······································································································································· 138 Configuring GARP timers ············································································································································ 139 Displaying and maintaining GVRP·····························································································································...

  • Page 7: Table Of Contents

    Configuring a service loopback group ······················································································································ 205 Displaying service loopback groups ·························································································································· 206 Service loopback group configuration ······················································································································ 206 Support and other resources ····································································································································· 208 Contacting HP ······························································································································································ 208 Subscription service ············································································································································ 208 Related information ······················································································································································ 208 Documents ···························································································································································· 208 Websites ······························································································································································...

  • Page 8: Configuring The Ethernet Interface

    Configuring the Ethernet interface Naming the Ethernet interfaces The GE and 10-GE interfaces on the A5830 switches are named in the format of interface-type A/B/C, where the following definitions apply: A represents the ID of the switch in an IRF fabric. If the switch is not assigned to any IRF fabric, A ...

  • Page 9: Configuring A Combo Interface

    Configuring a combo interface A combo interface is a logical interface that comprises one optical (fiber) port and one electrical (copper) port. The two ports share one forwarding interface, so they cannot work simultaneously. When you enable one port, the other is disabled automatically. The fiber combo port and cooper combo port are Layer 2 Ethernet interfaces.

  • Page 10: Shutting Down An Ethernet Interface

    Step… Command… Remarks interface interface-type interface- Enter Ethernet interface view. — number Optional By default, the description of an interface is in the format of Set the interface description. description text interface-name Interface For example, GigabitEthernet1/0/1 Interface Optional By default, the duplex mode is auto for Ethernet interfaces Set the duplex mode of the The half parameter is not...

  • Page 11: Configuring Link-down Event Suppression On An Ethernet Interface

    Step… Command… Remarks Use any command  Enter Ethernet interface view: Enter Ethernet To shut down an Ethernet interface, interface interface-type interface-number interface view or enter Ethernet interface  Enter port group view: port group view. To shut down all Ethernet interfaces in port-group manual port-group-name a port group, enter port group view Shut down the...

  • Page 12: Configuring The Link Mode Of An Ethernet Interface

    On an interface that is physically down, only perform internal loopback testing. On an interface that is shut down administratively, perform neither internal nor external loopback testing. The speed, duplex, mdi, and shutdown commands are not available during loopback testing. During loopback testing, the Ethernet interface operates in full duplex mode.

  • Page 13: Configuring A Layer 2 Ethernet Interface

    Step… Command… Remarks Required By default, the switch allows jumbo frames within Configure jumbo jumboframe enable [ value ] 9216 bytes to pass through Ethernet interfaces frame support. If you set the value parameter multiple times, the latest configuration takes effect Configuring a Layer 2 Ethernet interface Using the layer 2 Ethernet interface configuration task list Complete these tasks to configure an Ethernet interface operating in bridge mode:...

  • Page 14: Enabling Ethernet Interface Auto Power-down Function

    Step… Command… Remarks Enter system view system-view — Create a manual port port-group manual port- group and enter manual Required group-name port group view Assign Ethernet interfaces group-member interface- Required to the manual port group list Required By default, the switch allows jumbo frames Configure jumbo frame jumboframe enable [ within 9216 bytes to pass through Ethernet...

  • Page 15: Setting Storm Suppression

    Figure 1 Speed auto negotiation application scenario IP network GE1/0/4 Switch A Server 1 Server 2 Server 3 As shown in Figure 1, all ports on Switch A are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate will exceed the capability of port GigabitEthernet 1/0/4, the port providing access to the Internet for the servers.

  • Page 16: Setting The Statistics Polling Interval

    Step… Command… Remarks Use either command  Enter Ethernet interface view: To configure storm suppression on an Ethernet interface, enter interface interface-type interface- Enter Ethernet interface Ethernet interface view number view or port group view To configure storm suppression  Enter port group view: on a group of Ethernet port-group manual port-group-name...

  • Page 17

    Table 1 Actions to take upon detection of a loop condition Actions Port type No protective action is configured A protective action is configured  Place the receiving interface in controlled  Perform the configured protective mode. The interface does not receive or send action.

  • Page 18: Setting An Ethernet Interface Mdi Mode

    Step… Command… Remarks Optional By default, a looped interface does not receive or send packets Set the protective With the shutdown parameter specified, action to take on loopback-detection action { no- the switch shuts down the looped ports the interface when learning | semi-block | shutdown } and set their physical state to Loop down a loop is detected...

  • Page 19: Testing An Ethernet Interface Cable Connection

    To set the MDI mode of an Ethernet interface: Step… Command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Optional Set the MDI mode of the By default, a copper Ethernet mdi { across | auto | normal } Ethernet interface interface operates in auto mode to negotiate pin roles with its peer...

  • Page 20: Displaying And Maintaining An Ethernet Interface

    Displaying and maintaining an Ethernet interface Task… Command… Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface Available in information any view display interface interface-type interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display counters { inbound | outbound } interface [ Display traffic statistics for the...

  • Page 21: Configuring The Loopback And Null Interface

    Configuring the loopback and null interface A loopback interface is a software-only virtual interface. It delivers the following benefits.  The physical layer state and link-layer protocols of a loopback interface are always up unless the loopback interface is shut down manually. ...

  • Page 22: Configuring The Null Interface

    configure settings such as IP addresses and IP routes on loopback interfaces. For more information, see Layer 3—IP Services Configuration Guide and Layer 3—IP Routing Configuration Guide. Configuring the null interface A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to forward data packets, and you cannot configure an IP address or link-layer protocol on it.

  • Page 23

    Task… Command… Remarks Clear the statistics on the reset counters interface [ null [ 0 ] ] Available in user view null interface...

  • Page 24: Configuring The Mac Address Table

    Configuring the MAC address table An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for a match.

  • Page 25: Forwarding A Mac Address Table-based Frame

    to block all packets destined for a specific user for security concerns, configure the MAC address of this user as a blackhole MAC address entry. To adapt to network changes and prevent inactive entries from occupying table space, an aging mechanism is adopted for dynamic MAC address entries.

  • Page 26: Disabling Mac Address Learning

    Adding or modifying a static or dynamic MAC address table entry on an interface To add or modify a static or dynamic MAC address table entry in interface view: Step… Command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type interface- interface view or Layer 2 —...

  • Page 27: Configuring The Aging Timer For Dynamic Mac Address Entries

    Step… Command… Remarks Disable MAC address learning on Required the interface or all mac-address mac-learning disable Enabled by default ports in the port group Disabling MAC address learning on a VLAN To disable MAC address learning on a per-VLAN basis: Step…...

  • Page 28: Configuring The Mac Learning Limit On Ports

    Step… Command… Remarks Optional Configure the aging mac-address timer { timer for dynamic aging seconds | no- 300 seconds by default MAC address entries aging } The no-aging parameter disables the aging timer Configuring the MAC learning limit on ports The device’s forwarding performance can degrade as the MAC address table grows.

  • Page 29

     The MAC address of Host A is 000f-e235-dc71 and belongs to VLAN 1. It is connected to GigabitEthernet 1/0/1 of the device. To prevent MAC address spoofing, add a static entry for the host in the MAC address table of the device. The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1.

  • Page 30: Configuring Mac Information

    Configuring MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses. With the MAC Information function, Layer 2 Ethernet ports send Syslog or trap messages to the monitor end in the network when they obtain or delete MAC addresses.

  • Page 31: Configuring The Interval For Sending Syslog Or Trap Messages

    Step… Command… Remarks Enter system view system-view — Optional Configure MAC Information mac-address information mode { mode syslog | trap } trap by default Configuring the interval for sending Syslog or trap messages To prevent Syslog or trap messages from being sent too frequently, set the interval for sending Syslog or trap messages.

  • Page 32: Configuration Procedure

    Figure 3 Network diagram for MAC Information configuration Device GE1/0/1 GE1/0/2 GE1/0/3 Host A Server 192.168.1.1/24 192.168.1.3/24 Host B 192.168.1.2/24 Configuration procedure Configure Device to send Syslog messages to Host B. For more information, see Network Management and Monitoring Configuration Guide. Enable MAC Information.

  • Page 33: Configuring Ethernet Link-aggregation

    Configuring Ethernet link-aggregation Ethernet link-aggregation, or simply link-aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link. Link-aggregation delivers the following benefits:  Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 34

    Operational key When aggregating ports, the system assigns each port an operational key automatically based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port can affect its aggregation state.

  • Page 35

    Implemented by extending the LACPDU with new Type/Length/Value (TLV) fields. This is Extended LACP how the LACP MAD mechanism of the IRF feature is implemented. The A5830 Switch functions Series can participate in LACP MAD as either an IRF member switch or an intermediate device.

  • Page 36: Using Aggregating Links In Static Mode

    Link-aggregation modes Link-aggregation has the following modes: dynamic and static. Dynamic link-aggregation uses LACP and static link-aggregation does not. Table 5 compares the two aggregation modes. Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode...

  • Page 37: Using Aggregating Links In Dynamic Mode

    Setting the aggregation state of each member port After selecting the reference port, the static aggregation group sets the aggregation state of each member port. Figure 5 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction?

  • Page 38

    The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.

  • Page 39: Using Load-sharing Criteria For Link-aggregation Groups

    To make sure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. In a dynamic aggregation group, when the aggregation state of a local port changes, the aggregation state of the peer port changes. A port that joins a dynamic aggregation group after the Selected port limit has been reached is placed in the Selected state if it is more eligible for being selected than a current member port.

  • Page 40: Configuring A Layer 2 Static Aggregation Group

    CAUTION: Removing an aggregate interface also removes the corresponding aggregation group. At the same time, all member ports leave the aggregation group. If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For more information about reflector ports, see Network Management and Monitoring Configuration Guide.

  • Page 41: Configuring A Layer 2 Dynamic Aggregation Group

    Step... Command... Remarks Optional By default, the aggregation priority of a port is Assign the port an link-aggregation port- 32,768 aggregation priority priority port-priority Changing the aggregation priority of a port can affect the aggregation state of the ports in the static aggregation group Configuring a Layer 2 dynamic aggregation group To guarantee a successful dynamic aggregation, be sure that the peer ports of the ports aggregated at...

  • Page 42: Configuring An Aggregate Interface

    Step... Command... Remarks Set the LACP Optional timeout interval on the port to the short lacp period short By default, the LACP timeout interval on a port is the timeout interval (1 long timeout interval (30 seconds) second) Configuring an aggregate interface Most of the configurations that can be performed on Layer 2 or Layer 3 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces.

  • Page 43: Shutting Down An Aggregate Interface

    Shutting down an aggregate interface Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways: When an aggregate interface is shut down, all Selected ports in the corresponding aggregation ...

  • Page 44

    Configuring the global link-aggregation load-sharing criteria To configure the global link-aggregation load-sharing criteria: Step... Command... Remarks Enter system view system-view — Required Configure the link-aggregation load-sharing By default, Layer 2 packets are load-shared global link- mode { { destination-ip | based on the source/destination MAC aggregation destination-mac | destination-port...

  • Page 45: Enabling Local-first Load Sharing For Link-aggregation

    Enabling local-first load sharing for link-aggregation Use the local-first load sharing mechanism in a cross-card or cross-switch link-aggregation scenario to distribute traffic preferentially across member ports on the ingress switch rather than all member ports. When you aggregate ports on different member switches in an IRF fabric, use local-first load sharing to reduce traffic on IRF links, as shown in Figure 7.

  • Page 46: Displaying And Maintaining Ethernet Link-aggregation

    Step... Command... Remarks Enter system view system-view — Optional Enable link-aggregation traffic link-aggregation lacp traffic- redirection redirect-notification enable Disabled by default Displaying and maintaining Ethernet link- aggregation Task... Command... Remarks display interface bridge-aggregation [ brief [ down ] ] [ | { begin | exclude | include } Display information for an regular-expression ] Available in any...

  • Page 47: Setting An Example Layer 2 Static Aggregation Configuration

    Setting an example Layer 2 static aggregation configuration Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces  GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3. Configure a Layer 2 static aggregation group on Device A and Device B, respectively. Enable VLAN ...

  • Page 48

    [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...

  • Page 49: Setting An Example Layer 2 Dynamic Aggregation Configuration

    Setting an example Layer 2 dynamic aggregation configuration Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces  GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3. Configure a Layer 2 dynamic aggregation group on Device A and Device B. Then enable VLAN 10 ...

  • Page 50

    [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

  • Page 51: Configuring Port Isolation

    VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called ―isolated ports.‖...

  • Page 52: Using A Port Isolation Configuration

    Using a port isolation configuration Network requirements As shown in Figure  Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device. Device is connected to the Internet through GigabitEthernet 1/0/4. ...

  • Page 53: Configuring The Spanning Tree

    Configuring the spanning tree Networks often have redundant links as backups in case of failures, but loops are a very serious problem. STP, a Layer 2 management protocol, eliminates loops in a LAN's data link layer by putting redundant links in a standby state that still allows for link redundancy. Devices that run STP detect loops by exchanging information with one another, and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure.

  • Page 54: Performing The Calculation Process Of The Stp Algorithm

    Upon initialization of a network, each device generates and periodically sends configuration BPDUs with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs, and the other devices forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.

  • Page 55

    The STP algorithm uses the following calculation process: Initial state Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge ID. Root bridge selection Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own device ID as the root bridge ID.

  • Page 56

     The configuration BPDU with the lowest root bridge ID has the highest priority.  If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority.

  • Page 57

    Table 11 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison  Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU, and discards the received one.

  • Page 58

    Configuration BPDU on Device Comparison process ports after comparison  Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is  superior to its existing configuration BPDU {2, 0, 2, Port C1}, Port C1: {0, 0, 0, Port and updates its configuration BPDU.

  • Page 59

    Figure 13 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link This example shows a simplified spanning tree calculation process. The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: Upon network initiation, every device regards itself as the root bridge, generates configuration ...

  • Page 60: Using Rstp

    The device sends hello packets at the hello time interval to the neighboring devices to make sure that the paths are fault-free. Max age  The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded.

  • Page 61: Mstp Features

    MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it provides a better load sharing mechanism for redundant links by allowing data flows of different VLANs to be forwarded along separate paths. MSTP provides the following features: MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance ...

  • Page 62

    Figure 15 Network diagram and topology of MST region 3 To MST region 4 MST region 3 Device A Device B MSTI 1 MSTI 2 域根 MSTI Device C Device D MSTI 0 VLAN 1 à MSTI 1 VLAN 2&3 à MSTI 2 MST域3中各MSTI的拓扑...

  • Page 63

    An IST is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 14, MSTI 0 is the IST in MST region 3. CIST The CIST is a single spanning tree that connects all devices in a switched network.

  • Page 64

    MSTP calculation involves the following port roles:  Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. Designated port—Forwards data to the downstream network segment or device.  Alternate port—The backup port for a root port or master port. When the root port or master port is ...

  • Page 65: Using Mstp

    Using MSTP MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees are calculated. Each spanning tree is an MSTI. Among these MSTIs, MSTI 0 is the IST. Like STP, MSTP uses configuration BPDUs to calculate spanning trees.

  • Page 66: Configuration Task Lists

    Configuration task lists Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP) and plan the device roles (the root bridge or leaf node). STP configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work...

  • Page 67

    RSTP configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work in RSTP mode Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network diameter of a switched network Optional Configuring spanning tree timers Optional...

  • Page 68

    PVST configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work in PVST mode Configuring the root bridge or a secondary Optional root bridge Configuring the device priority Optional Configuring the network diameter of a Optional switched network Configure...

  • Page 69

    MSTP configuration task list Task Remarks Optional Setting the spanning tree mode By default, the device works in MSTP mode Configuring an MST region Required Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the maximum hops of an MST region Optional Configuring the network diameter of a switched network...

  • Page 70

    PVST mode—The device sends PVST BPDUs through all ports and maintains a spanning tree for  each VLAN. The A5830 Switch Series supports up to 128 VLANs in PVST mode. The maximum number of VLANs (assume that the number is n) for which PVST can maintain instances varies by device model.

  • Page 71: Configuring An Mst Region

     In STP-compatible or RSTP mode, do not specify any MSTI or VLAN. Otherwise, the spanning tree configuration is ineffective. In MSTP mode, if you specify an MSTI, the spanning tree configuration is effective for the specified  MSTI. If you specify a VLAN list, the spanning tree configuration is ineffective. If you do not specify any MSTI or VLAN, the spanning tree configuration is effective for the CIST.

  • Page 72: Configuring The Root Bridge Or A Secondary Root Bridge

    you change the spanning tree mode back. To prevent loss of mappings, do not manually configure VLAN- to-instance mappings in PVST mode. Configuring the root bridge or a secondary root bridge Have MSTP determine the root bridge of a spanning tree through MSTP calculation, or specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.

  • Page 73: Configuring The Device Priority

    Configure the current device as the root bridge by setting the device priority to 0. For the device priority configuration, see ―Configuring the device priority.‖ Configuring the device priority CAUTION:  You cannot change the priority of a device while it is configured as the root bridge or as a secondary root bridge.

  • Page 74: Configuring The Network Diameter Of A Switched Network

    Max age  2 × (hello time + 1 second)  HP recommends not setting the spanning tree timers manually. Instead, specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter. If the...

  • Page 75: Configuring The Timeout Factor

    If the forward delay timer is too long, network convergence can take a long time. HP recommends you use the default setting. An appropriate hello time setting enables the device to quickly detect link failures on the network without using excessive network resources.

  • Page 76: Configuring The Maximum Port Rate

    By setting an appropriate maximum port rate, limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. HP recommends you use the default setting. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 77: Configuring Port Path Costs

    Step... Command... Remarks Enter Enter Layer 2 Ethernet interface interface- interface interface view or Layer 2 type interface-number Required view or aggregate interface view port Use either command port-group manual group Enter port group view port-group-name view Required Configure the current ports as edge stp edged-port All ports are non-edge ports by ports...

  • Page 78

    Table 13 Mappings between the link speed and the path cost Path cost Link speed Port type Private IEEE 802.1d-1998 IEEE 802.1t standard — 65,535 200,000,000 200,000 Single port 2,000,000 2000 Aggregate interface containing 2 Selected 1,000,000 1800 ports Aggregate interface 10 Mbps containing 3 Selected 666,666...

  • Page 79: Configuring Port Priority

    Configuring re-calculated port path cost When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition. To configure the re-calculated path cost of ports: Step... Command... Remarks Enter system view system-view —...

  • Page 80: Configuring The Port Link Type

    Configure the link type as point-to-point for a Layer 2 aggregate interface or a port that works in full duplex mode. HP recommends you use the default setting and let the device to automatically detect the port link type.

  • Page 81: Enabling Port State Transition Information Output

     dot1s—802.1s-compliant standard format  legacy—Compatible format By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.

  • Page 82: Enabling The Spanning Tree Feature

    Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. Enabling the spanning tree feature (in STP/RSTP/MSPT mode) In STP/RSTP/MSTP mode, make sure that the spanning tree feature is enabled globally and on the desired ports.

  • Page 83: Performing Mcheck

    Step... Command... Remarks Enter Enter Layer 2 Ethernet interface interface-type interface interface view or Layer 2 interface-number Required view or aggregate interface view port Use either command group port-group manual port- Enter port group view view group-name Optional Enable the spanning tree feature for stp enable By default, the spanning tree the port or group of ports...

  • Page 84

    Figure 17 VLAN connectivity blocked by MSTP Root bridge VLAN 1 Port A1 Port B1 Port A2 Port B2 VLAN 2 Device A Device B Root port Designated port Blocked port Normal link Blocked link As shown in Figure  Port A1 on Device A allows the traffic of VLAN 1 to pass through, and Port A2 allows the traffic of VLAN 2 to pass through.

  • Page 85: Configuring Digest Snooping

    To enable communication between an HP device and a third-party device, enable the Digest Snooping feature on the port that connects the HP device to the third-party device in the same MST region. Before you enable Digest Snooping, make sure that associated devices of different vendors are connected and run spanning tree protocols.

  • Page 86

    NOTE:  With Digest Snooping enabled, VLAN-to-instance mappings must be the same on associated ports, because in- the-same-region verification does not require comparison of configuration digest.  With global Digest Snooping enabled, you cannot use the undo stp region-configuration command to modify VLAN-to-instance mappings or to remove the current region configuration.

  • Page 87: Configuring No Agreement Check

    Figure 19 Digest Snooping configuration MST region Device C (Root bridge) Root port GE1/0/1 GE1/0/2 Designated port Blocked port Normal link GE1/0/1 GE1/0/1 Blocked link GE1/0/2 GE1/0/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A.

  • Page 88

    Figure 20 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.

  • Page 89: Configuring Protection Functions

    Step... Command... Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type Enter interface view or Layer 2 interface-number Required interface or aggregate interface view port group Use either command port-group manual port- view Enter port group view group-name Required Enable No Agreement Check...

  • Page 90

    Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process.

  • Page 91

    Disabled by default Enabling TC-BPDU guard HP recommends that you not disable this feature. When a switch receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), the switch flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing.

  • Page 92: Displaying And Maintaining The Spanning Tree

    To enable TC-BPDU guard: Step... Command... Remarks Enter system view system-view — Optional Enable the TC-BPDU guard function stp tc-protection enable Enabled by default Configure the maximum number of Optional stp tc-protection threshold forwarding address entry flushes that the number 6 by default device can perform every 10 seconds Enabling BPDU drop...

  • Page 93: Spanning Tree Configuration Examples

    Task... Command... Remarks display stp [ instance instance-id | vlan Display the statistics of TC/TCN BPDUs vlan-id ] tc [ slot slot-number ] [ | { begin sent and received by all ports in the Available in any view | exclude | include } regular-expression specified MSTI or all MSTIs display stp [ instance instance-id | vlan Display the spanning tree status and...

  • Page 94

    Figure 23 Network diagram for MSTP configuration MST region Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports (details not shown). Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B;...

  • Page 95

    [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.

  • Page 96

    [DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp enable Verify the configurations use the display stp brief command to view brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port...

  • Page 97: Setting The Pvst Configuration

    Figure 24 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link Setting the PVST configuration Network requirements As shown in Figure Device A and Device B work at the distribution layer.

  • Page 98

    Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B; VLAN 10, VLAN 20, and VLAN 40 on Device C; and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.

  • Page 99

    VLAN Port Role STP State Protection GigabitEthernet1/0/1 DESI DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief VLAN Port...

  • Page 100

    Figure 26 Spanning trees mapped to different VLANs Spanning tree mapped to VLAN 10 Spanning tree mapped to VLAN 20 Spanning tree mapped to VLAN 30 Spanning tree mapped to VLAN 40 Root device Normal link Blocked link...

  • Page 101: Configuring Bpdu Tunneling

    The encapsulated Layer 2 protocol packet (called BPDU) is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols:  DLDP ...

  • Page 102: Implementing Bpdu Tunneling

     LLDP  PAGP  PVST   UDLD  Implementing BPDU tunneling NOTE:  This document uses the term in a broad sense. It includes STP, RSTP, and MSTP.  STP calculates the topology of a network by transmitting BPDUs among devices in the network. For more information, see “Spanning tree configuration.”...

  • Page 103

    The upper section of Figure 28 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.

  • Page 104: Configuring Destination Multicast Mac Address For Bpdus

    Step... Command... Remarks Enter system view system-view — Enter Layer 2 Enter interface interface-type interface- Ethernet interface Ethernet number Required view interface Use either command view or port Enter port group port-group manual port-group-name group view view bpdu-tunnel dot1q { cdp | dldp | Required Enable BPDU tunneling for a eoam | gvrp | hgmp | lacp | lldp |...

  • Page 105

     All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2. All ports that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through. MSTP is enabled on User A’s network. ...

  • Page 106: Setting Bpdu Tunneling For The Pvst Configuration

    Setting BPDU tunneling for the PVST configuration Network requirements As shown in Figure CE 1 and CE 2 are edge devices on the geographically dispersed network of User A. PE 1 and PE  2 are edge devices on the service provider network. All ports that connect service provider devices and customer devices and those that interconnect ...

  • Page 107

    [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/2, and then enable BPDU tunneling for STP and PVST on it. [PE2-GigabitEthernet1/0/2] undo stp enable [PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp [PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q pvst...

  • Page 108: Configuring Vlan

    Configuring VLAN Ethernet is a network technology based on the CSMA/CD mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, VLAN was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2. A VLAN is a bridging domain, and contains all broadcast traffic within it.

  • Page 109: Implementing The Vlan Types

    Figure 32 Traditional Ethernet frame format DA&SA Type Data IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure Figure 33 Position and format of VLAN tag VLAN Tag DA&SA TPID Priority CFI VLAN ID Type The fields of a VLAN tag are tag protocol identifier (TPID), priority, CFI, and VLAN ID.

  • Page 110: Protocols And Standards

    When the switch is determining which VLAN a packet that passes through the port should be assigned to, it looks up the VLANs in the default order of MAC-based VLAN, IP-based VLAN, protocol-based VLAN, and port-based VLAN. Protocols and standards IEEE 802.1Q, IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area ...

  • Page 111: Configuring Vlan Interface Basic Settings

    Configuring VLAN interface basic settings For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform Layer 3 forwarding. You use VLAN interfaces to achieve this. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices.

  • Page 112

    Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 34 Network diagram for VLAN interface configuration Switch A GE1/0/1 GE1/0/2 Vlan-Int5 Vlan-Int10 192.168.0.10/24 192.168.1.20/24 PC B PC A 192.168.0.1/24 192.168.1.1/24 VLAN 5 VLAN 10 Configuration procedure...

  • Page 113: Configuring Port-based Vlan

    Vlan-interface5 192.168.0.10 Vlan-inte... Vlan-interface10 192.168.1.20 Vlan-inte... Configuring port-based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type Configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: An access port belongs to only one VLAN and sends traffic untagged.

  • Page 114: Pvid

    PVID setting on the port. HP recommends setting the same PVID ID for local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.

  • Page 115: Assigning A Vlan Access Port

    Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame  Receives the frame if its VLAN ID is the same as the PVID Tags the frame with the Removes the VLAN tag and Access PVID tag ...

  • Page 116: Assigning A Vlan Trunk Port

    Step… Command… Remarks Required. Enter Layer 2 interface interface- Ethernet type interface- Use any command: interface view number  The configuration made in Layer 2 Ethernet interface view only applies to the port.  The configuration made in port group view Enter applies to all ports in the port group.

  • Page 117: Assigning A Vlan Hybrid Port

    Step… Command… Remarks applies to all ports in the port group.  The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. If the system fails to apply the configuration to the aggregate Enter port port-group manual interface, it stops applying the...

  • Page 118

    To assign a hybrid port to one or multiple VLANs: Step… Command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required. interface view interface-number Use any command:  Enter Layer 2 interface bridge- The configuration made in Ethernet aggregate aggregation interface- interface view only applies to the port.

  • Page 119

    Figure 36 Network diagram for port-based VLAN configuration GE1/0/3 GE1/0/3 Device A Device B GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1 Host A Host B Host C Host D VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure Configure Device A. # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100. <DeviceA>...

  • Page 120: Configuring Mac-based Vlan

    GigabitEthernet1/0/1 [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: GigabitEthernet1/0/3 Untagged Ports: GigabitEthernet1/0/2 Configuring MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.

  • Page 121

    address-to-VLAN entries, and enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflows: When the port receives a frame, the port first determines whether the frame is tagged. If the frame is tagged, the port reports the source MAC address of the frame. If the frame is not tagged, the port selects a VLAN for the frame by tagging the untagged frame with the PVID tag and obtaining the tag, and then reports the source MAC address of the frame.

  • Page 122: Dynamic Mac-based Vlan

    When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed. If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic MAC- based VLAN assignment applies.

  • Page 123

    Step... Command... Remarks mac-vlan mac-address mac- Associate a specific MAC address [ mask mac-mask ] Required address with a VLAN vlan vlan-id [ priority priority Enter Ethernet interface interface-type Use either command: Enter interface view interface-number interface  The configuration made in Ethernet view or interface view only applies to the port port...

  • Page 124

    Step... Command... Remarks Disable the PVID of the Optional port from forwarding By default, when a port receives a packets with unknown packet with an unknown source source MAC addresses port pvid disable MAC address that does not match to that do not match any any MAC address-to-VLAN entry, it MAC address-to-VLAN...

  • Page 125

    Figure 38 Network diagram for MAC-based VLAN configuration VLAN 100 VLAN 200 Server1 Server2 IP: 1.1.1.1/24 IP: 1.1.2.1/24 GE1/0/14 GE1/0/13 GE1/0/4 GE1/0/3 Device B GE1/0/2 GE1/0/2 Device C Device A GE1/0/1 GE1/0/1 VLAN 100 VLAN 200 Laptop1 Laptop2 IP: 1.1.1.2/24 IP: 1.1.2.2/24 MAC: 000d-88f8-4e71 MAC: 0014-222c-aa69...

  • Page 126

    # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1. Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable the MAC-based VLAN feature on it. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait...

  • Page 127: Configuring Protocol-based Vlan

    -------------------------------------------------------- 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count:2 Configuring protocol-based VLAN Use the protocol-based VLAN feature to assign packets to VLANs by their application type. The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol type and encapsulation format.

  • Page 128

    Step… Command… Remarks Required. Enter Layer 2 interface interface-type Use any command: Ethernet interface-number  The configuration made in Ethernet interface view interface view only applies to the port.  The configuration made in port group view applies to all ports in the port group.

  • Page 129

    Figure 39 Network diagram for protocol-based VLAN configuration VLAN 100 VLAN 200 IPv4 Server IPv6 Server GE1/0/11 GE1/0/12 GE1/0/1 GE1/0/2 Device L2 Switch A L2 Switch B IPv4 Host A IPv6 Host A IPv4 Host B IPv6 Host B VLAN 100 VLAN 200 VLAN 100 VLAN 200...

  • Page 130

    # Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. # Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.

  • Page 131: Configuring Ip Subnet-based Vlan

    ipv4 ipv6 Interface: GigabitEthernet 1/0/2 VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Configuring IP subnet-based VLAN In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.

  • Page 132: Setting The Ip Subnet-based Vlan Configuration

    Step… Command… Remarks Required. Configure the hybrid ports to port hybrid vlan vlan-id-list By default, a hybrid port allows only permit the specified IP subnet- { tagged | untagged } packets from VLAN 1 to pass through based VLANs to pass through untagged.

  • Page 133

    Configuration procedure # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200. [DeviceC] vlan 200 [DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0 [DeviceC-vlan200] quit # Configure interface GigabitEthernet 1/0/1 1 to permit packets of VLAN 100 to pass through.

  • Page 134: Displaying And Maintaining Vlan

    ======================================================= 192.168.5.0 255.255.255.0 192.168.50.0 255.255.255.0 Displaying and maintaining VLAN Task... Command… Remarks display vlan [ vlan-id1 [ to vlan-id2 ] | all | Available in any Display VLAN information dynamic | reserved | static ] [ | { begin | exclude view | include } regular-expression ] display interface [ vlan-interface ] [ brief [ down ] ]...

  • Page 135: Configuring Isolate-user-vlan

    Configuring isolate-user-VLAN An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: Isolate-user-VLANs are used mainly for upstream data exchange. An isolate-user-VLAN can be ...

  • Page 136

    To enable Layer 3 communication among secondary VLANs associated with the same isolate-  user-VLAN, you must enable local proxy ARP on the upstream device (for example, Switch A in Figure 41). Associate the isolate-user-VLAN with the specified secondary VLANs. Step...

  • Page 137: Configuring Secondary Vlans

    Configuring secondary VLANs You cannot configure the member port of a service loopback group as the upstream or downstream port of an isolate-user-VLAN. For more information about the service loopback group, see ―Setting a service loopback group configuration.‖ Step… Command… Remarks Enter system view system-view...

  • Page 138: Associating Secondary Vlans With An Isolate-user-vlan

    Associating secondary VLANs with an isolate-user-VLAN Step… Command… Remarks Enter system view system-view — Associate the specified secondary isolate-user-vlan isolate-user-vlan-id secondary VLANs with the specified isolate- Required secondary-vlan-id [ to secondary-vlan-id ] user-VLAN Displaying isolate-user-VLAN Task... Command... Remarks Display the mapping between an isolate- display isolate-user-vlan [ isolate-user- Available in any user-VLAN and its secondary VLANs and...

  • Page 139

    Configure Device B. # Configure the isolate-user-VLAN. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] isolate-user-vlan enable [DeviceB-vlan5] quit # Configure the secondary VLANs. [DeviceB] vlan 2 to 3 # Configure the uplink port GigabitEthernet 1/0/5 to operate in promiscuous mode in VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port isolate-user-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit...

  • Page 140

    [DeviceC-GigabitEthernet1/0/4] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceC] isolate-user-vlan 6 secondary 3 to 4 Verification # Display the isolate-user-VLAN configuration on Device B. [DeviceB] display isolate-user-vlan Isolate-user-VLAN VLAN ID : 5 Secondary VLAN ID : 2-3 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured...

  • Page 141: Configuring Gvrp

    Configuring GVRP GARP provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GVRP is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.

  • Page 142

    The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. See Table for their dependencies. HP's implementation of GARP uses the following timers to control GARP message transmission: Hold timer The Hold timer sets the delay that a GARP participant waits before sending a Join or Leave message.

  • Page 143

    A device can send LeaveAll messages at the interval set by its LeaveAll timer or the LeaveAll timer of another device on the network, whichever is smaller. This is because each time a device on the network receives a LeaveAll message, it resets its LeaveAll timer. GARP PDU format Figure 44 GARP PDU format Ethernet frame...

  • Page 144: Using Gvrp

    Field Description Value  0x00: LeaveAll event  0x01: JoinEmpty event  0x02: JoinIn event Attribute event Event that the attribute describes  0x03: LeaveEmpty event  0x04: LeaveIn event  0x05: Empty event VLAN ID for GVRP If the value of the attribute event field is Attribute value Attribute value 0x00 (LeaveAll event), the attribute value...

  • Page 145: Configuring Gvrp Functions

    Task Remarks Configuring GARP timers Optional GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on the current interface only. GVRP configuration made in port group view takes effect on all member ports in the group. GVRP configuration made on a member port in an aggregation group only takes effect after the port is removed from the aggregation group.

  • Page 146: Configuring Garp Timers

    Step… Command… Remarks Required Enable GVRP on the ports gvrp Disabled by default Optional Configure the GVRP registration mode on gvrp registration { fixed the port | forbidden | normal } normal by default Configuring GARP timers As shown in Table 15, the value ranges for GARP timers are dependent on one another;...

  • Page 147: Displaying And Maintaining Gvrp

    Step… Command… Remarks Optional garp timer leave timer- Configure the Leave timer value 60 centiseconds by default Displaying and maintaining GVRP Task… Command… Remarks Display statistics about GARP on display garp statistics [ interface interface-list ] [ | { Available in ports begin | exclude | include } regular-expression ] any view...

  • Page 148

    Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1.

  • Page 149: Setting The Gvrp Fixed Registration Mode Configuration

    According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP. Setting the GVRP fixed registration mode configuration Network requirements As shown in Figure...

  • Page 150: Setting The Gvrp Forbidden Registration Mode Configuration

    # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to view the local VLAN information that GVRP maintains on ports. For example: # Display the local VLAN information that GVRP maintains on port GigabitEthernet 1/0/1 of Device A. [DeviceA] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default), 2...

  • Page 151

    [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all...

  • Page 152: Configuring Qinq

    Configuring QinQ CVLANs, also called inner VLANs, see the VLANs that a customer uses on the private network. SVLANs, also called outer VLANs, see the VLANs that a service provider uses to carry VLAN tagged traffic for customers. QinQ is a flexible, easy-to-implement Layer 2 VPN technology based on IEEE 802.1Q. QinQ enables the edge device on a service provider network to insert an outer VLAN tag in the Ethernet frames from customer networks, so that the Ethernet frames travel across the service provider network (public network) with double VLAN tags.

  • Page 153: Frame Structure

    1500-byte standard Ethernet frame. Implementing QinQ HP provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its port VLAN ID (PVID) tag, regardless of whether they have been tagged or not.

  • Page 154: Modifying The Tpid In A Vlan Tag

    Modify the inner VLAN ID.  Besides being able to separate the service provider network from the customer networks, selective QinQ provides abundant service features and enables more flexible networking. Modifying the TPID in a VLAN tag A VLAN tag uses the TPID field to identify the protocol type of the tag. The default value of this field, as defined in IEEE 802.1Q, is 0x8100.

  • Page 155

    Protocol type Value Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Protocols and standards IEEE 802.1Q: IEEE standard for local and metropolitan area networks: Virtual Bridged Local Area Networks Configuration task list QinQ requires configurations only on the service provider network. QinQ configurations made in Ethernet interface view take effect on the interface only. Those made in Layer 2 aggregate interface view take effect on the aggregate interface and all member ports in the aggregation group.

  • Page 156: Configuring Vlan Transparent Transmission

    Basic QinQ can only tag received frames with the PVID tag of the receiving port. Selective QinQ allows adding different outer VLAN tags based on different inner VLAN tags. The A5830 Switch Series achieves the selective QinQ feature through QoS policies. To enable the switch to tag tagged packets based on inner VLAN tags, follow these steps: Configure a class to match packets with certain tags.

  • Page 157: Configuring An Inner-outer Vlan 802.1p Priority Mapping

    Configuring an inner-outer VLAN 802.1p priority mapping Through QoS policies, the A5830 Switch Series marks the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: To mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: Step...

  • Page 158: Configuring Cvlan Id Substitution

    Step... Command... Remarks Required Create a class and enter class traffic classifier classifier-name [ operator By default, the operator of view { and | or } ] a class is AND  Match the specified inner VLAN IDs: if-match customer-vlan-id vlan-id-list Required Configure a match criterion ...

  • Page 159: Configuring The Tpid Value In Vlan Tags

    Step... Command... Remarks Configure a match criterion to match if-match customer-vlan-id vlan-id-list Required the specified inner VLAN IDs Configure a match criterion to match if-match service-vlan-id vlan-id Required the specified outer VLAN IDs Return to system view quit — Create a traffic behavior and enter traffic behavior behavior-name Required traffic behavior view...

  • Page 160: Qinq Configuration Examples

    QinQ configuration examples Setting basic QinQ configuration Network requirements As shown in Figure  The two branches of Company A, Site 1 and Site 2, are connected through the service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90.

  • Page 161

    # Configure VLAN 100 as the PVID for the port. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2.  # Configure GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 162: Setting The Vlan Transparent Transmission Configuration

    Configure GigabitEthernet 1/0/3.  # Configure GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] port link-type trunk [PE2-GigabitEthernet1/0/3] port trunk permit vlan 100 # Configure VLAN 100 as the PVID for the port. [PE2-GigabitEthernet1/0/3] port trunk pvid vlan 100 # Enable basic QinQ on the port.

  • Page 163

    Configure GigabitEthernet 1/0/1.  # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50. <PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan 10 to 50 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable # Configure the port to transparently transmit frames from VLANs 10 through 50.

  • Page 164: Setting Simple Selective Qinq Configuration

    Setting simple selective QinQ configuration Network requirements As shown in Figure The two branches of a company, Site 1 and Site 2, are connected through the service provider  network and use CVLAN 10 and CVLAN 20 to transmit voice traffic and data traffic separately. ...

  • Page 165

    # Create traffic behavior P100 and add the action of inserting outer VLAN tag 100. [PE1] traffic behavior P100 [PE1-behavior-P100] nest top-most vlan-id 100 [PE1-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200.

  • Page 166: Setting The Comprehensive Selective Qinq Configuration

    [PE2] traffic behavior P100 [PE2-behavior-P100] nest top-most vlan-id 100 [PE2-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200. [PE2] traffic classifier A20 [PE2-classifier-A20] if-match customer-vlan-id 20 [PE2-classifier-A20] quit [PE2] traffic behavior P200...

  • Page 167

    Configure the edge and third-party devices to allow the voice traffic and data traffic to be  transmitted between the two companies via SVLAN 100 SVLAN 200 separately. Figure 54 Network diagram for comprehensive selective QinQ configuration PE 1 PE 2 GE1/0/2 GE1/0/2 VLANs 100, 200...

  • Page 168

    [PE1] traffic behavior P200 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200 [PE1-qospolicy-qinq] quit # Enable basic QinQ on the port.

  • Page 169

    [PE1-GigabitEthernet1/0/2] qos apply policy sqinq outbound # Set the TPID value in the outer tag to 0x8200. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit Configure PE 2. Configure GigabitEthernet 1/0/1.  # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.

  • Page 170

    # Create class A100 and configure the class to match frames with CVLAN 30 and SVLAN 100. [PE2] traffic classifier A100 [PE2-classifier-A100] if-match customer-vlan-id 30 [PE2-classifier-A100] if-match service-vlan-id 100 [PE2-classifier-A100] quit # Configure traffic behavior T100 to mark matching packets with CVLAN 10. [PE2] traffic behavior T100 [PE2-behavior-T100] remark customer-vlan-id 10 [PE2-behavior-T100] quit...

  • Page 171: Configuring Vlan Mapping

    Configuring VLAN mapping VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping:  One-to-one VLAN mapping—Replaces one VLAN tag with another. use one-to-one VLAN mapping to sub-classify traffic from a particular VLAN for granular QoS control.

  • Page 172: Demonstrating One-to-two And Two-to-two Vlan Mapping

    Figure 55 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 VoIP VLAN 3 - > VLAN 301 Wiring - closet switch VLAN 1 VLAN 1 - >...

  • Page 173: Mapping Concepts And Terms

    Figure 56 Application scenario of one-to-two and two-to-two VLAN mapping One-to-two VLAN One-to-two VLAN Two-to-two VLAN mapping mapping mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...

  • Page 174: Implementing Vlan Mapping

    Figure 57 Basic concepts of VLAN mapping Network-side port Customer-side port Uplink traffic Downlink traffic Uplink traffic—Traffic transmitted from the customer network to the service provider network.  Downlink traffic—Traffic transmitted from the service provider network to the customer network. ...

  • Page 175

    Figure 58 One-to-one VLAN mapping implementation Inbound uplink policy CVLAN Data SVLAN Data Customer SP network Network CVLAN Data SVLAN Data Outbound downlink policy Network-side port Customer-side port Uplink traffic Downlink traffic Many-to-one VLAN mapping Implement many-to-one VLAN mapping through the following configurations, as shown in Figure Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs ...

  • Page 176

    Figure 60 One-to-two VLAN mapping Inbound uplink policy CVLAN Data SVLAN CVLAN Data Customer SP network Network CVLAN Data SVLAN CVLAN Data Hybrid port, an untagged member of SVLANs Network-side port Customer-side port Uplink traffic Downlink traffic Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a...

  • Page 177: Configuring One-to-one Vlan Mapping

    Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 55) to isolate traffic by both user and traffic type. Perform these tasks to configure one-to-one VLAN mapping: Task Description Configuring an uplink policy Creates CVLAN-to-SVLAN mappings (required) Configuring a downlink policy Creates SVLAN-to-CVLAN mappings (required) Configuring the customer-side port...

  • Page 178

    Step... Command... Remarks Return to system view quit Create a traffic behavior and traffic behavior behavior-name enter traffic behavior view Required Configure a CVLAN marking Repeat these steps to configure a remark customer-vlan-id vlan-id action behavior for each CVLAN Return to system view quit Create a QoS policy and qos policy policy-name...

  • Page 179: Configuring Many-to-one Vlan Mapping

    Configuring many-to-one VLAN mapping CAUTION: Before changing VLAN mappings on a port, clear all DHCP snooping entries by using the reset dhcp- Layer 3—IP Services Command Reference snooping command (see Perform many-to-one VLAN mapping on campus switches (see Figure 55) to transmit the same type of traffic from different users in one VLAN.

  • Page 180

    Step... Command... Remarks Required Enable ARP detection arp detection enable Disabled by default Configuring an uplink policy To configure an uplink policy to map a group of CVLANs to one SVLAN: Step... Command... Remarks Enter system view system-view — Create a class and enter class traffic classifier tcl-name operator view Required...

  • Page 181: Configuring One-to-two Vlan Mapping

    Step... Command... Remarks Set the port as a DHCP Required snooping trusted port and dhcp-snooping trust no- disable the port to record IP- By default, all ports are DHCP snooping user-binding to-MAC bindings for DHCP untrusted ports clients Required Enable customer-side QinQ qinq enable downlink By default, customer-side QinQ is disabled on all ports...

  • Page 182

    Task Description Configures VLAN and other settings required for one-to-two Configuring the network-side port VLAN mapping (required) Configuration prerequisites Create VLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy To configure an uplink policy to insert an SVLAN to VLAN tagged packets: Step...

  • Page 183: Configuring Two-to-two Vlan Mapping

    Step... Command... Remarks Apply the uplink policy qos apply policy policy- Required to the incoming traffic name inbound Configuring the network-side port To configure the network-side port: Step... Command... Remarks Enter system view system-view — Enter Ethernet interface interface interface-type —...

  • Page 184

    To configure an uplink policy for the customer-side port: Step... Command... Remarks Enter system view system-view — Create a class and enter traffic classifier tcl-name [ operator class view and ] Required Specify a foreign CVLAN if-match customer-vlan-id vlan-id Repeat these steps to create one as a match criterion class for each foreign CVLAN and Specify a foreign SVLAN...

  • Page 185

    Step... Command... Remarks Create a QoS policy and enter qos policy policy-name Required QoS policy view Required Associate the class with the classifier tcl-name behavior Repeat this step to create behavior behavior-name other class-behavior associations Configuring a downlink policy for the customer-side port The downlink policy on the customer-side port replaces local SVLAN and CVLAN pairs with foreign SVLAN and CVLAN pairs.

  • Page 186

    Step... Command... Remarks interface interface-type interface- Enter Ethernet interface view — number Required Configure the port as a trunk port link-type trunk The default link type of an port Ethernet port is access Required Assign the port to the local port trunk permit vlan { vlan-id-list By default, a trunk port is in only SVLANs...

  • Page 187: Setting Vlan Mapping Configurations

    Setting VLAN mapping configurations Setting one-to-one and many-to-one VLAN mapping configuration Network requirements As shown in Figure  Each home is offered PC, VoD, and VoIP services, connects to a wiring-closet switch through the home gateway, and obtains the IP address through DHCP. ...

  • Page 188: Configuring Switch A

    Figure 62 Network diagram for one-to-one and many-to-one VLAN mapping configuration DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 GE1/0/1 GE1/0/3 Wiring-closet Switch A VLAN 1 GE1/0/2...

  • Page 189

    [SwitchA-classifier-c2] if-match customer-vlan-id 2 [SwitchA-classifier-c2] traffic classifier c3 [SwitchA-classifier-c3] if-match customer-vlan-id 3 [SwitchA-classifier-c3] quit [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202...

  • Page 190

    [SwitchA] qos policy p11 [SwitchA-policy-p11] classifier c11 behavior b11 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Assign customer-side port GigabitEthernet 1/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301, and enable basic QinQ, and apply uplink policy p1 to the incoming traffic and downlink policy p1 1 to...

  • Page 191

    [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203...

  • Page 192

    [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1 [SwitchC-policy-p1] classifier c1 behavior b1 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c2 behavior b2 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c3 behavior b3 mode dot1q-tag-manipulation [SwitchC-policy-p1] quit [SwitchC] qos policy p2 [SwitchC-policy-p2] classifier c4 behavior b1 mode dot1q-tag-manipulation...

  • Page 193: Setting One-to-two And Two-to-two Vlan Mapping Configuration

    <SwitchD> system-view [SwitchD] dhcp-snooping # Assign port GigabitEthernet 1/0/1 to SVLANs 501 to 503. [SwitchD] interface gigabitethernet 1/0/1 [SwitchD-GigabitEthernet1/0/1] port link-type trunk [SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 501 502 503 Setting one-to-two and two-to-two VLAN mapping configuration Network requirements As shown in Figure Two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively.

  • Page 194

    # Configure customer-side port GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 100 as an untagged member, so the port forwards VLAN 100 traffic with the VLAN tag removed. On the port, enable basic QinQ, and apply uplink policy test to the incoming traffic. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type hybrid [PE1-GigabitEthernet1/0/1] port hybrid vlan 100 untagged...

  • Page 195

    [PE3-behavior-down_downlink] remark service-vlan-id 100 [PE3-behavior-down_downlink] quit [PE3] qos policy down_downlink [PE3-qospolicy-down_downlink] classifier down_downlink behavior down_downlink [PE3-qospolicy-down_downlink] quit # Configure an uplink policy up_uplink for network-side port GigabitEthernet 1/0/2 to substitute CVLAN 30 for the CVLAN ID of the outgoing traffic tagged with CVLAN 10 and SVLAN 200. [PE3] traffic classifier up_uplink [PE3-classifier-up_uplink] if-match customer-vlan-id 10 [PE3-classifier-up_uplink] if-match service-vlan-id 200...

  • Page 196

    [PE4] interface gigabitethernet 1/0/1 [PE4-GigabitEthernet1/0/1] port link-type trunk [PE4-GigabitEthernet1/0/1] port trunk permit vlan 200 # Configure port GigabitEthernet 1/0/2 as a hybrid port, and assign it to VLAN 200 as un untagged member, so the port forwards VLAN 200 traffic with the VLAN tag removed. Enable basic QinQ, and apply uplink policy test to the incoming traffic on the port.

  • Page 197: Configuring Lldp

    Configuring LLDP In a heterogeneous network, a standard configuration exchange platform makes sure that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the LLDP in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.

  • Page 198: Tlv Overview

    Table 17 Fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to 0x0180- Destination MAC address C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.

  • Page 199

    Specifies the management address, and the interface number Management Address and OID associated with the address IEEE 802.1 organizationally specific TLVs HP devices support only receiving protocol identity TLVs.  Layer 3 Ethernet ports do not support IEEE 802.1 organizationally specific TLVs. ...

  • Page 200

    IEEE 802.3 organizationally specific TLVs The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. Table 21 IEEE 802.3 organizationally specific TLVs...

  • Page 201: Operating Modes Of Lldp

    Type Description Manufacturer Name Allows a terminal device to advertise its vendor name Model Name Allows a terminal device to advertise its model name Allows a terminal device to advertise its asset ID Asset ID The typical case is that the user specifies the asset ID for the endpoint to facilitate directory management and asset tracking Allows a network device to advertise the appropriate location Location Identification...

  • Page 202

    value in the Time to Live TLV carried in the LLDPDU. If the TTL value is zero, the information ages out immediately. Protocols and standards IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery  ANSI/TIA- 1 057, Link Layer Discovery Protocol for Media Endpoint Devices ...

  • Page 203: Setting The Lldp Operating Mode

    Step… Command… Remarks view or port port-group manual Enter port group view group port-group-name view Optional Enable LLDP lldp enable By default, LLDP is enabled on a port Setting the LLDP operating mode LLDP can operate in one of the following modes. TxRx mode—A port in this mode sends and receives LLDPDUs.

  • Page 204: Configuring Advertisable Tlvs

    Step… Command… Remarks Enter system view system-view — Enter Enter Layer 2/Layer 3 interface interface-type interface- Ethernet Ethernet interface view number Required interface Use either command view or port Enter port group view port-group manual port-group-name group view Required Enable LLDP polling and set the lldp check-change-interval interval polling interval Disabled by default...

  • Page 205: Setting Other Lldp Parameters

    By default, management addresses are encoded in numeric format. If a neighbor encoded its management address in character string format, you must configure the encoding format of the management address as string on the connecting port to guarantee normal communication with the neighbor.

  • Page 206: Setting An Lldpdu Encapsulation Format 0

     Set the LLDPDU transmit interval to be no less than four times the LLDPDU transmit delay.  If the LLDPDU transmit delay is greater than the LLDPDU transmit interval, the device uses the LLDPDUs transmit delay as the transmit interval. To change the TTL multiplier: Step…...

  • Page 207: Displaying And Maintaining Lldp

    LLDP traps are sent periodically, and the interval is configurable. To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmit interval for LLDP. To configure LLDP trapping: Step… Command… Remarks Enter system view system-view —...

  • Page 208: Configuration Examples

    Configuration examples Basic LLDP configuration example Network requirements As shown in Figure 67, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.

  • Page 209

    [SwitchB-GigabitEthernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...

  • Page 210

    Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors Number of MED neighbors Number of sent optional TLV Number of received unknown TLV...

  • Page 211: Configuring A Service Loopback Group

    Configuring a service loopback group To increase traffic redirecting throughput, bundle multiple Ethernet ports of a device together, to increase bandwidth and implement load sharing. The ports that act as a logical link form a service loopback group. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port.

  • Page 212

    Figure 68 Set the state of each member port in a service loopback group Set the state of a member port Speed, duplex mode, and hardware attributes same as the reference port? More candidate ports than Port number low enough allowed max.

  • Page 213: Displaying Service Loopback Groups

    Step… Command… Remarks Required Assign the Ethernet By default, a port does not belong to interface to the port service-loopback group any service loopback group specified service number Perform this command on different ports loopback group to assign multiple ports to a service loopback group Displaying service loopback groups Task…...

  • Page 214

    [DeviceA-Tunnel1] service-loopback-group 1...

  • Page 215: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. ...

  • Page 216: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 217

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 218: Index

    Index 802.1 organizationally specific TLV, 191, 192 configuring link-aggregation group, 32 802.1d spanning tree configuration, 46, 63, 86 configuring link-aggregation load-sharing, 36 802.1p (QinQ), 150 configuring local-first load-sharing, 38 802.1q configuring static link-aggregation group, 33 basic QinQ configuration, 148, 153 enabling aggregate interface link state trap, 35 comprehensive selective QinQ configuration, 159 enabling link-aggregation traffic redirection, 38...

  • Page 219

    configuring MST region maximum hops, 66 BPDU tunneling, 94, 96, 97 configuring protection functions, 82 BPDU tunneling destination multicast MAC address, configuring tunneling for PVST, 99 BPDU tunneling for PVST configuration, 99 configuring tunneling for STP, 97 BPDU tunneling for STP configuration, 97 enabling drop, 85 comprehensive selective QinQ, 159 enabling guard, 83...

  • Page 220

    GARP timers, 139 VLAN tag TPID value (QinQ), 152 configuring GVRP functions, 138 VLAN transparent transmission, 149, 155 configuring LLDP trapping, 199 contacting HP, 208 configuring management address TLVs, 197 creating MAC address table entry, 17 configuring No Agreement Check, 80...

  • Page 221

    configuring port path costs, 70 disabling MAC address learning, 19 configuring protection functions, 82 displaying configuring root bridge, 65 Ethernet interface, 13 configuring VLAN interface, 104 Ethernet link-aggregation, 39 enabling BPDU drop, 85 GVRP, 140 enabling BPDU guard, 83 isolate-user-VLAN, 131 enabling loop guard, 84 isolation groups, 44 enabling root guard, 83...

  • Page 222

    Digest Snooping feature, 78 configuring MAC address table entry, 18 LLDP, 195 configuring management address TLVs, 197 LLDP polling, 196 configuring static link-aggregation group, 33 loop guard, 84 configuring VLAN tag TPID value (QinQ), 152 loopback detection (Layer 2), 9 configuring VLAN transparent transmission, 149, MAC Information, 23 creating MAC address table entry, 17...

  • Page 223

    management address TLVs, 194 VLAN configuration, 101 manually configuring MAC address entries, 17 VLAN fundamentals, 101 modifying VLAN tag TPID (QinQ), 147 VLAN interface basic configuration, 104 MSTP basic concepts, 54 VLAN interface configuration, 104 MSTP features, 54 VLAN type implementation, 102 port-based VLAN configuration, 106, 1 1 1 Ethernet interface primary isolate-user-VLAN configuration, 128...

  • Page 224

    format manually configuring MAC address entries, 17 GARP PDU, 136 QinQ configuration, 145 management address TLV, 197 QinQ implementation, 146 setting LLDPDU encapsulation format, 199 QinQ operation, 145 forwarding QinQ structure, 146 BPDU configuration (STP), 52 selective QinQ configuration, 149 MAC address table-based frame, 18 setting LLDP parameters, 198 frame...

  • Page 225

    configuring link-aggregation group, 32 subscription service, 208 configuring link-aggregation load-sharing, 36 support contact information, 208 configuring local-first load-sharing, 38 symbols used, 209 configuring static link-aggregation group, 33 websites, 208 displaying port isolation group, 44 hybrid port (VLAN), 1 10 enabling Layer 2 loopback detection, 9 icons, 209 enabling link-aggregation traffic redirection, 38 ID substitution (QinQ), 151...

  • Page 226

    setting MDI mode (Layer 2), 1 1 configuring VLAN tag TPID value (QinQ), 152 setting MTU (Layer 3), 12 CVLAN. See CVLAN setting statistics polling interval (Layer 2), 9 CVLAN ID substitution configuration (QinQ), 151 setting storm suppression (Layer 2), 8 CVLAN-SVLAN 802.1p priority...

  • Page 227

    configuring aggregate interface, 35 port isolation configuration, 44 configuring aggregate interface description, 35 port isolation group configuration, 44 configuring dynamic link-aggregation group, 34 port-based VLAN configuration, 106, 1 1 1 configuring Ethernet interface, 6 primary isolate-user-VLAN configuration, 128 configuring link-aggregation group, 32 protocol-based VLAN configuration, 120, 121 configuring link-aggregation load-sharing, 36 restoring aggregate interface default settings, 36...

  • Page 228

    VLAN interface configuration, 104 using load-sharing criteria, 32 VLAN type implementation, 102 LLDP Layer 3 (MTU interface), 12 basic configuration, 195, 201 learning (MAC address), 17, 19, 21 configuration, 190, 201 Leave (GARP message type), 134 configuring trapping, 199 Leave timer (GARP), 135 displaying, 200 LeaveAll (GARP message type), 134 enabling, 195...

  • Page 229

    configuring local-first, 38 forwarding frame, 18 criteria for link-aggregation groups, 36 manually configuring entries, 17 using criteria for link-aggregation group, 32 setting configuration, 21 local-first load-sharing, 38 using entry, 17 loop guard, 82, 84 MAC address-based VLAN, 102 loopback MAC Information configuring testing on Ethernet interface, 4 configuration, 23, 24 displaying interface, 15...

  • Page 230

    customer-side port configuration, 173 setting LLDP, 196 implementation, 168 spanning tree, 63 network-side port configuration, 174 using Ethernet link dynamic aggregation, 30 uplink policy configuration, 173 using Ethernet link static aggregation, 29 mapping using load-sharing criteria, 32 concepts and terms (VLAN), 166 modifying VLAN tag TPID (QinQ), 147 VLAN implementation, 167 VLAN mapping configuration, 164, 169, 180, 186...

  • Page 231

    setting configuration, 86 configuring protection functions, 82 using, 58 configuring spanning tree timeout factor, 68 MTU (Layer 3 Ethernet interface), 12 configuring spanning tree timers, 67 naming Ethernet interface, 1 configuring static MAC-based VLAN, 1 15 network configuring switched network diameter, 67 802.1 organizationally specific TLVs, 192 configuring VLAN Ignore feature, 76, 77 802.3 organizationally specific TLVs, 193...

  • Page 232

    LLDPDU, 190 using MSTP, 53, 58 LLDPDU format, 190 using PVST, 53 LLDPDU receipt, 194 using RSTP, 53 LLDPDU TLV, 191 using STP protocol packets, 46 LLDPDU transmission, 194 VLAN mapping configuration, 164, 169, 180, 186 LLDP-MED TLV, 193 VLAN-to-instance mapping table (MSTP), 55 management address TLVs, 194 network management modifying VLAN tag TPID (QinQ), 147...

  • Page 233

    Layer 2 port isolation configuration, 44 setting PVST configuration, 90 Layer 2 port isolation group configuration, 44 simple selective QinQ configuration, 157 Layer 2 static aggregation configuration, 40 spanning tree configuration, 46, 63, 86 LLDP configuration, 190, 201 SVLAN tagging policy configuration (QinQ), 149 LLDP operating modes, 194 using GVRP, 137 LLDPDU, 190...

  • Page 234

    uplink policy configuration, 175 configuring link type, 73 operational key, 27 configuring link-aggregation group, 32 outer VLAN. See SVLAN configuring link-aggregation load-sharing, 36 outputting port state information, 74 configuring local-first load-sharing, 38 packet configuring MAC address port learning limit, 21 configuring BPDU tunneling, 94, 96, 97 configuring MAC address table entry, 18 configuring BPDU tunneling destination multicast...

  • Page 235

    link-aggregation member, 26 assigning port to group, 44 MAC address learning, 17 configuration, 44 MAC address table configuration, 17, 18 group configuration, 44 MAC Information configuration, 23, 24 spanning tree configuration, 46, 63, 86 manually configuring MAC address entries, 17 using configuration, 45 member state (link-aggregation), 30, 31 port-based VLAN, 102...

  • Page 236

    configuring aggregate interface description, 32, configuring dynamic MAC-based VLAN assignment, 1 16 configuring aging timer for dynamic MAC address configuring edge port, 69 entries, 20 configuring Ethernet interface basic settings, 2 configuring an aggregate interface, 35 configuring Ethernet link-aggregation, 39 configuring an aggregation group, 32 configuring GARP timers, 139 configuring an isolation group, 44...

  • Page 237

    configuring MST region, 64 configuring two-to-two VLAN mapping, 176 configuring MST region maximum hops, 66 configuring VLAN, 101 configuring MSTP port packet recognition mode, configuring VLAN Ignore feature, 76, 77 configuring VLAN interface, 104 configuring network-side port (many-to-one VLAN configuring VLAN mapping, 169 mapping), 174 configuring VLAN tag TPID value, 152 configuring network-side port (one-to-one VLAN...

  • Page 238

    enabling DHCP snooping, 172 setting basic QinQ configuration, 153 enabling link state traps for aggregate interface, setting BPDU tunneling for PVST configuration, 99 setting comprehensive selective QinQ enabling link-aggregation traffic redirection, 38 configuration, 159 enabling LLDP, 195 setting GVRP configuration, 140 enabling LLDP polling, 196 setting GVRP fixed registration mode configuration, enabling...

  • Page 239

    setting VLAN transparent transmission configuring VLAN tag TPID value, 152 configuration, 155 configuring VLAN transparent transmission, 149, shutting down an aggregate interface, 36 shutting down Ethernet interface, 3 CVLAN ID substitution configuration, 151 specifying calculation standard for default path CVLAN-SVLAN 802.1p priority mapping...

  • Page 240

    designated port, 53 configuration, 46, 63, 86 edge port, 53 configuring BPDU tunneling for PVST, 99 enabling spanning tree feature, 75 configuring BPDU tunneling for STP, 97 performing mCheck, 76 configuring device priority (MST), 66 root port, 53 configuring Digest Snooping, 78 Rx mode (LLDP), 194, 196 configuring edge port, 69 secondary root bridge, 65...

  • Page 241

    MSTI, 55, 58 setting storm suppression, 8 MSTP basic concepts, 54 SVLAN MSTP features, 54 basic QinQ configuration, 148, 153 MSTP region, 55 comprehensive selective QinQ configuration, 159 path cost, 47 configuring VLAN tag TPID value (QinQ), 152 performing mCheck, 76 configuring VLAN transparent transmission, 149, regional root bridge, 56 CVLAN-SVLAN...

  • Page 242

    comprehensive selective QinQ configuration, 159 configuring static MAC-based VLAN, 1 15 configuring advertisable TLVs, 197 configuring switched network diameter, 67 configuring aggregate interface, 35 configuring VLAN Ignore feature, 76, 77 configuring aggregate interface description, 35 configuring VLAN tag TPID value (QinQ), 152 configuring aging timer for dynamic MAC address configuring VLAN transparent transmission, 149, entries, 20...

  • Page 243

    Layer 2 port isolation configuration, 44 QinQ implementation, 146 Layer 2 port isolation group configuration, 44 QinQ operation, 145 Layer 2 static aggregation configuration, 40 regional root bridge, 56 LLDP configuration, 190, 201 restoring aggregate interface default settings, 36 LLDP operating modes, 194 root bridge, 46 LLDPDU, 190 root port, 47...

  • Page 244

    VLAN configuration, 101 enabling link-aggregation traffic redirection, 38 VLAN fundamentals, 101 VLAN mapping configuration, 164, 169, 180, 186 VLAN interface basic configuration, 104 VLAN mapping implementation, 167 VLAN interface configuration, 104 transition information output, 74 VLAN mapping configuration, 164, 169, 180, 186 transmission VLAN mapping implementation, 167 LLDPDUs, 194...

  • Page 245

    configuring MAC address port learning limit, 21 basic QinQ configuration, 148, 153 configuring MAC address table entry, 18 CIST, 56, 58 creating MAC address table entry, 17 comprehensive selective QinQ configuration, 159 disabling MAC address learning, 19 configuration, 101 enabling MAC Information, 23 configuring basic interface settings, 104 forwarding MAC address table-based frame, 18 configuring basic settings, 103...

  • Page 246

    GARP PDU fields, 136 one-to-one mapping configuration, 170 GARP PDU format, 136 one-to-two mapping configuration, 174 GARP timers, 135 one-to-two mapping implementation, 168 GVRP configuration, 134, 140 outer VLAN. See SVLAN GVRP registration modes, 137, 140, 142, 143 port link type, 106 implementing MSTP on device, 58 PVID, 107 implementing types, 102...

Comments to this Manuals

Symbols: 0
Latest comments: